Connecting a desktop Linux system to the sesfs.stanford.edu file server cluster
P. Farrell, last revision September 23, 2013
The School of Earth Sciences File Server cluster provides access to multiple individual and group network file shares organized into several storage pools with different network names. The main network name that applies to most shares is sesfs.stanford.edu, which will be used in these instructions. To connect to shares in the cluster hosted on other network names, such as sacfs.stanford.edu, simply substitute that other name in these instructions in place of sesfs.stanford.edu.
This page provides some basic information for connecting to a file share on sesfs.stanford.edu from a desktop Linux system. Unfortunately, there are so many different Linux distributions and versions that I cannot provide simple instructions. You will have to adapt this information to your own system.
WARNING: I do not recommend any type of "automount" on your Linux system. These all require that your authentication credentials - in this case, your SUNet ID and password - be stored in plain text in a file on the system. Even if you change the permission settings on that file to limit access to the root account, you are still taking a considerable risk that your password will eventually be discovered by hackers. I only recommend "manual" mounting methods that prompt you to enter your password every time.
Connections to sesfs.stanford.edu are made with the Common Internet File System (CIFS) protocol developed by Microsoft for Windows file sharing. It was originally known as the Server Message Block (SMB) protocol, and is still often called that. This protocol is supported in Linux systems by the SAMBA open-source project. So your first pre-requisite is to make sure that the SAMBA packages are installed on your Linux system. If you have an online manual page for the command-line program mount.cifs, you probably have the correct packages installed.
The CIFS protocol has evolved over many years and has included several different mechanisms for authenticating to the file server. The Earth Sciences file servers support only the kerberos and NTLM v2 authentication protocols. Your second pre-requisite is a recent version of the Linux kernel and a recent version of the mount.cifs command-line program to support these authentication methods. How recent? I don't know. At a minimum, your online manual page for mount.cifs must include an option named sec= that has "kerberos" and "ntlmv2" as valid values. Then you just have to try it to see if it works.
Your third pre-requisite is to have root access on your desktop linux system. You need root privilege on your linux system to initiate the connection to the file server, although you will authenticate to the file server with your SUNet ID. Use the sudo command-line program to run the commands on your Linux system as root.
To use the "kerberos" authentication method, you must install the appropriate kerberos packages and configure them for the Stanford network. See the ITS web page on Installing Kerberos on UNIX. In principle, if your kerberos configuration is correct, you can authenticate your SUNet ID to Stanford's kerberos servers and obtain a "ticket" using the command-line program kinit. You can then verify that you have the correct ticket with the command-line program klist. Finally, you would then use the option sec=kerberos on your mount command-line program and would connect directly to sesfs.stanford.edu with no need for any further authentication. I have not tested kerberos authentication from Linux. Let me know if you make it work.
The remainder of this note will give an example using command-line programs to access my personal home share named farrell on sesfs.stanford.edu, with the NTLMv2 authentication protocol. This example has been tested on CentOS version 5.5.
First of all, remember that in Linux, you "mount" an external file system, such as a file share from sesfs.stanford.edu, onto an existing empty directory that you have already created. So you need to make that first. In this example, I make the empty "homeshare" directory in my own home directory:
mkdir ~farrell/homeshare
If you want to make the "mount point" directory at the top level of your file system, for example, at /sesfs/farrell, you will need to use the sudo program to obtain the needed root privilege, for example,
sudo mkdir -p /sesfs/farrell
sudo will prompt you for your local Linux account password.
Once you have created the local "mount point" directory on your Linux system, you are ready to issue the command to connect to the server. Here is a sample command with the recommended options. I recommend using the "--verbose" option to get more debugging information when you are first trying to make a connection. After you have the procedure well-established, you can skip that option. The following command is typed all on one line, although it may be split here for display purposes.
sudo mount -t cifs //sesfs.stanford.edu/sharename /local/mount/dir --verbose
-o sec=ntlmv2,user=yoursunetid,domain=WIN,iocharset=utf8
In this sample, you must substitute the desired sharename for sharename, the "mount point" directory you have created on your local Linux system for /local/mount/dir, and your SUNet ID username for yoursunetid. Getting back to my example, where I want to mount my home share named farrell on the local directory homeshare within my Linux home directory, I would type this command all on one line:
sudo mount -t cifs //sesfs.stanford.edu/farrell ~farrell/homeshare --verbose
-o sec=ntlmv2,user=farrell,domain=WIN,iocharset=utf8
When you are done using the file share from sesfs.stanford.edu, you should unmount it with a command like
sudo umount /local/mount/dir
where /local/mount/dir is the local "mount point" directory in Linux. For example, for my home share case, I would unmount it with the command:
sudo umount ~farrell/homeshare
Once you have successfully mounted a file share from sesfs.stanford.edu onto your Linux workstation, please be aware that some Linux commands do not operate as expected on the file share. Please read the "known problems" section of accessing file shares from sesfs.stanford.edu on the CEES cluster computers for more information.