Mounting SMB automatically on a Unix system is not-so-forward, navigating posts from stackoverflow and forums will most likely result in trying out old and deprecated solutions.
Here are my experiences with mounting samba shares:
cifsis the newer implementation for the smb proctocol in the kernel. The older
smbfsis deprecated, without any maintainers and is only available due to backwards compability.
- Credentials for
cifsbasically requires a plaintext file containing
password=which is referenced during mount, which is truly horrifying security wise.
- Creating a file at
chmod 0600permissions is as secure as it gets.
- If you got a better alternative, please reach out.
- Creating a file at
- Kerberos does not look like a sane solution for single-users.
autofsis deprecated and superseeded by the
- Be careful mounting remote locations in
/etc/stab, as they will not work when you are not in your local network. In worst case, it will make your computer panic during boot.
- Follow principle of least privilege, create a seperate user on the smb server with access to only the folders that you are going to mount.
Here is a example of a line I use in
Breakdown of the flags used:
|wait for networking service to start before attempting this mount
|use SMBv3.0 protocol version and above
|establish remote connection to share and mount only when local directory is accessed
|unmount share if the local directory has not been accessed for over x minutes
|enable read-write access on remote share
|default directory permission
|default file permission
|allows access to files with names in non-English languages
|makes the user owner of the mounted share
|makes the group owner of the mounted share
|path to credentials file which contains lines with
password=, can be stored in home dir, recommend permission
600 on file for security.
This requires a credentials file stored in
/root containing your smb credentials
1 2 3 4
Set the permission to
0600 so that only root can access it
To reload entries in
/etc/fstab, run the following command
We don't need to use
mount -a, as systemd will automatically mount the remote folder when you access the local folder, the command will work, but systemd will unmount the folder when the idle-timeout for the share is activated.
You should now be able to see the files from the remote share in the local folder you specified in
/etc/fstab, such as navigating to
/mnt/nas/media in the example above.
The following command will monitor kernel logs, where CIFS errors should be present
Errors here can be a bit cryptic. I found out that error
-13 can be a indicator for a credentials file misconfiguration,.
After making changes to
/etc/fstab or the credentials file, restart the systemd component for remote-fs
If all is well,
dmesg should output the following
1 2 3 4