Skip to content

Mounting CERN DFS file system on linux

Mounting CERN DFS file system on linux

CERN uses Microsoft DFS file system for storing users and application data for Windows systems.

This documentation outlines the setup process allowing Linux clients to mount and access CERN DFS file system.

While the initial installation of required software is specific to CERN SLC6 Linux distribution, following configuration steps shall be applicable on any modern Linux platform, providing it features cifs-utils version 4.8.1 or newer and kernel version 2.6.38 or newer, or a patched cifs kernel module on older kernels (see the patch discussion here).

Software installation

As root on your fully updated (if in doubt, execute as root: yum update...) SLC6 system run:
# yum  install cifs-utils  kernel-module-cifs-`uname -r`
(As of SLC 6.3 - kernel 2.6.32-279.el6 an additional cifs kernel module is not needed, the in-kernel one works correctly)


As root on your system:

Please verify that your host keytab is valid:

# klist -k
it should show output similar to:
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
  10 host/
   9 host/
   1 host/
(actual output may vary depending on when and how keytab was set)

Edit /etc/request-key.conf and add following lines at the end:

# added for CIFS
create  cifs.spnego    * * /usr/sbin/cifs.upcall %k
create  dns_resolver   * * /usr/sbin/cifs.upcall %k
Create mountpoint:
# mkdir /dfs
Create /etc/cron.d/host-kinit file with following content:
# This cron job will reacquire host credentials every 12 hours
01 */12 * * * root /usr/bin/kinit -k

Filesystem mount

Please choose one of the following two methods on your system.

Mounting with other filesystems

Edit /etc/rc.local and insert there these lines:
# Mount DFS
/usr/bin/kinit -k
/bin/mount /dfs
Edit /etc/fstab and add at the end this line:
//   /dfs            cifs    noauto,nocase,sec=krb5,multiuser,uid=0,gid=0    0 0
Next, execute:
# /etc/rc.local
On subsequent system reboots DFS will be mounted automatically.

Mounting with automounter

Edit /etc/auto.master and add following line:
/dfs/ /etc/auto.dfs
Create /etc/auto.dfs with following content:
[ !`/usr/bin/kinit -k 2>&1 >> /dev/null` ] && echo " -fstype=cifs,sec=krb5,multiuser,user=0,uid=0,gid=0 ://"
# chmod 755 /etc/auto.dfs

To finish the configuration please enable and restart the automounter:

# /sbin/chkconfig --levels 345 autofs on
# /sbin/service autofs restart
Note: The DFS filesystem is automounted: therefore until user accesses it nothing is visible under /dfs/: try ls /dfs/Users or ls /dfs/Applications to see the content.

Usage notes

  • This method of accessing DFS requires a valid Kerberos host key - which can be allocated ONLY to systems on CERN network.
  • User access to files requires a valid Kerberos ticket from CERN KDC, please check yours using: klist.
  • On some DFS mounts sometimes part of DFS hierarchy is not accessible showing: Object is remote error, to make the problem go away please either use ls /dfs/PROBLEMATIC/PATH/ (note trailing slash!) or cd /dfs/PROBLEMATIC/PATH/.(this problem seems to be solved in current SLC6 kernels).
  • Case sensitivity: DFS mount on Linux emulates Windows behaviour Files/Folders are case-sensitive upon creation, but case-insensitive for later access.
  • User ownership and permissions on files/directories are shown as full root user permissions and root ownership:
    ls -l /dfs/
    total 140
    drwxr-xr-x 1 root root   32768 Feb  9 14:41 Applications
    but actual access permisions are mapped correctly, if you create files these will be created with default Windows permissions in given folder.
  • Ownership/access mode changing using chmod/chown will not work on DFS files.
  • Getting/setting ACLs for DFS is not supported with current kernels (do not try cifsacl mount option it is buggy ...)
  • ...