Skip to content

Mounting CERN DFS file system on linux

CERN uses Microsoft DFS file system for storing users and application data for Windows systems.

This documentation outlines the setup process allowing Linux clients to mount and access CERN DFS file system.

Software installation

As root on your CC7 system run:

# yum  install cifs-utils

Configuration

As root on your system:

Please verify that your host keytab is valid:

# klist -k
it should show output similar to:
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal


10 host/yourhost.cern.ch@CERN.CH 9 host/yourhost.cern.ch@CERN.CH 1 host/yourhost.cern.ch@CERN.CH

(actual output may vary depending on when and how keytab was set)

Create mountpoint:

# mkdir /dfs
Create /etc/cron.d/host-kinit file with following content:
#This cron job will reacquire host credentials every 12 hours
01 /12 *  * root /usr/bin/kinit -k


Note: DFS (cifs) mounting with protocol version 2.0/2.1/3.0 is not functional as of now on CC7, following DFS referrals (links to remote servers) does not work as expected:
# ls /dfs/Departments/IT/Groups/IS/
ls: cannot access /dfs/Departments/IT/Groups/IS/: Function not implemented
we are investigating the problem, please do not use vers=X parameter for now.


Filesystem mount

Please choose one of the following two methods on your system.

Mounting with other filesystems

Edit /etc/rc.local and insert there these lines:

# Mount DFS
/usr/bin/kinit -k
/bin/mount /dfs -o vers=2.1
Edit /etc/fstab and add at the end this line:
//cerndfs.cern.ch/dfs   /dfs            cifs    noauto,nocase,sec=krb5,multiuser,uid=0,gid=0,vers=2.1    0 0
Next, execute:
# /etc/rc.local
On subsequent system reboots DFS will be mounted automatically.

Note: vers=2.1 parameter is needed in order to use SMB version 2 protocol.

Mounting with automounter

Edit /etc/auto.master and add following line:

/dfs/ /etc/auto.dfs
Create /etc/auto.dfs with following content:
#!/bin/sh
[ !/usr/bin/kinit -k 2>&1 >> /dev/null ] && echo " -fstype=cifs,sec=krb5,multiuser,user=0,uid=0,gid=0,vers=2.1 ://cerndfs.cern.ch/dfs/&"
Execute:
# chmod 755 /etc/auto.dfs

To finish the configuration please enable and restart the automounter:

# /sbin/chkconfig --levels 345 autofs on
# /sbin/service autofs restart
Note: The DFS filesystem is automounted: therefore until user accesses it nothing is visible under /dfs/: try ls /dfs/Users or ls /dfs/Applications to see the content.

Note: vers=2.1 parameter is needed in order to use SMB version 2 protocol.

Usage notes

  • This method of accessing DFS requires a valid Kerberos host key - which can be allocated ONLY to systems on CERN network.
  • User access to files requires a valid Kerberos ticket from CERN KDC, please check yours using: klist.
  • Case sensitivity: DFS mount on Linux emulates Windows behaviour Files/Folders are case-sensitive upon creation, but case-insensitive for later access.
  • User ownership and permissions on files/directories are shown as full root user permissions and root ownership:
    ls -l /dfs/
    total 140
    drwxr-xr-x 1 root root   32768 Feb  9 14:41 Applications
    [...]
    
    but actual access permisions are mapped correctly, if you create files these will be created with default Windows permissions in given folder.
  • ...

Note: SMB2 protocol is not compatible with SLC6 and SLC5.