Thursday 17 November 2022

Autofs with SMB

 "autofs" software for Ubuntu and other Linux systems mounts file systems and network shares on demand and there are a couple key benefits to using autofs compared to fstab and other methods and I've posted before about Autofs and a couple tricks with NFS shares

  • File share does not have to be available on boot so faster boot times and fewer failures after restart
  • File share is unmounted when not in use reducing system resources on client and server side
  • Consistent abstraction of mounts is easier to maintain across systems

Giant caveat that Linux does not segregate permissions once a share is mounted. This is fine for single-user systems and also fine where systems are un-attended (i.e. servers) but really a big problem on multi-user systems that user a and user b can both access share Z once it is mounted and it is as the connected user.


The Ubuntu standard "autofs" package includes an "auto.smb" which dynamically configures the shares in most cases so long as credentials are available and some basic pre-work is done. This should work for generic needs but for file share specific configurations use the auto.misc instead

Required packages to work with SMB shares (i.e. on Windows) and mounting with the stock CIFS driver (i.e. same old driver in Linux).

 

    apt install autofs smbclient cifs-utils

 

The auto.smb file itself doesn't have to be configured, if you look in the file it advises what configuration to add to "auto.master" and how to setup credentials.

 

    # edit /etc/auto.master and add this line

    /cifs  /etc/auto.smb --timeout=300

 

    # create /etc/creds with restricted permissions

    sudo mkdir -m 700 /etc/creds

    # edit a file with the server name like /etc/creds/MYNAS

    username=myuser

    password=reallygoodpassword

 

    # restart autofs

    sudo systemctl restart autofs

 

As any user you should be able to list shares and access contents of any available share the configured user has access to.


    # shows all shares on the server (not hidden ones)

    ls /cifs/MYNAS

    # access files as normal within a share

    ls /cifs/MYNAS/MyShare

 

If file shares or the contents do not appear, check "mount" and system logs for hints what may be wrong. Biggest caveat I had had was that cifs-utils really are required and I'm pretty sure smbutils as well - out of the box autofs with the stock system drivers and packages may have been able to do SMB1 but SMB1 should be disabled on any file servers so yeah, need to get "cifs-utils" package which includes tools to work with the newer SMB2 and SMB3 protocols. 


Posted by at 1 comment:

Tuesday 24 May 2022

Another Round?

 We eventually saw Google change their tack with The Return of the Google Apps Free Accounts. It was pretty unnerving to lose services which had been free for over a decade. Really the services are free anyhow: Email in Gmail, custom domains in Google DNS, cloud storage in Drive, basic web hosting in Sites and Blogger. Why wasn't there are a better migration tool? Google has been eroding the GA free for years and all we really needed was a migration tool to get like 80% migrated to Gmail etc and this push could have been more successful. But then again, how many users signed up for GA a decade ago and are still using it? I know we're free-loaders but really the "free" services are doing for Google what they're supposed to: Get users hooked on Google's suite of services.


</rant>

Dom617b

Posted by at 1 comment:

Sunday 20 March 2022

The Party For Grandfathers' Free Google Apps Is Over

With the end of Google Apps free accounts I've been looking at what services end up where and Google is pretty well covering personal use with maybe a few asterisks particularly around email.

TL;DR 

Setup Email Forwarding in Google Domains by adding up to 100 email aliases.

Send an email from your alias in Gmail

  1. Generate your app password
  2. Add an email alias
  3. Confirm the address
  4. Change the "From" address
  5. Optionally set this address as default sending address once confirmed.

Use Google Sites or Blogger and add custom URLs and they will generate the DNS entries as needed.

<Rant>

Google Domains "is out of Beta" ... Uh what? I've been using Google Domains for a few years already and didn't realise it was a "Beta". It did mean they sent out promo codes to all their existing "beta" customers so we can get 20-30% off their regular price registrations

I took the opportunity to register a test domain to test out some of the changes for when the GA free accounts go away shortly. As far as DNS registration and hosting goes it's a pretty good offering. Not the cheapest, but does include WHOIS privacy, integration with website services, and up to 100 email addresses forwarded for free.

The website services is a handy integration including with free services both on Google Sites and on Blogger (i.e. this site). It automatically creates DNS records when you create custom domain. Maybe it's more intuitive for a lay person than an IT pro because on Blogger you click the option for "custom domain" and type in whatever you want and if it's in a domain under your account it just registers it? I guess? Not clear it doesn't tell you a lot which is maybe point - it's all very easy.

Email I was really struggling with because there seem to be a lot of variables. We're using plain old Gmail account and there's two parts to deal with custom domains: receiving and sending. The receiving side is simple - add an alias in Google Domains (or 100) and you're done. 

Sending is far more complicated which I chalk up to "we can't have nice things". In Gmail you can add an alias with another Gmail account and that setup is pretty easy "mymail1@gmail.com" can be added in your settings as an alias for "mymail2@gmail.com". To use an alias with a custom domain you have to give a mail server and you can use the Gmail SMTP but you need an app password. And you can only use an app password if you have 2FA on your account. And if you don't have 2FA you can use "less secure authentication". But that's a feature apparently getting dropped soon so if we follow all the caveats, it means you have to use 2FA and app passwords. There's Google docs all over the place - the above link in the TLDR I think has the necessary info. 

Compared to how easy it is to do one Gmail address as an alias for another this was a bit mind boggling to go through. I get it - Google wants to sell as many Workspace accounts as they can, and lots of other options just don't work in the 21st century because we ruined the Internet and Email with so much spam. 

Other options to consider 1) use a real mail client like Thunderbird and you should be able to specify your email and this is fine if you do this already or only infrequently care about sending as your custom email address 2) use own mail servers heck even Synology has apps to run mail services but still its pretty rubbish to deal with backups, certificates, spam blacklisting, etc. 3) pony up for Workspace which if this is work related its pretty cheap - but that's a bit silly for personal use (even Zoho and others). 

</Rant> 

If you made it this far you're either brave for reading that rant or clever for skipping it :) 

Ciao
Dom617b

Posted by at 1 comment:
Subscribe to: Posts (Atom)

Popular Posts

  • Processing Deferred Messages in Postfix
    For anyone who's had to cleanup some mail problems with Postfix configuration (or more often with other things, like anti-spam, tied in ...
  • Cache in Openfire
    In the course of troubleshooting the office Jabber server the other day, I came across some interesting info about the various caches that O...
  • Cron scheduling for first Sunday of the month
    For everyone who uses cron, you are familiar with the job schedule form: min hr day-of-month month day-of-week <command> A problem...