Microsoft Distributed File System (DFS) is a technology that allows multiple servers to host a single file share (providing fault tolerance and performance enhancement for multi-site Active Directory topologies). It is typically used in conjunction with a replication technology such as DFS-R (R is for Replication). Though these features have similar names, you don't have to have DFS to use DFS-R and vice versa (A typical use case might be the desire to replicate folders between servers, but not share them, which is accomplished via DFS-R without using a DFS namespace).
Windows clients (Windows XP SP3, Windows Vista, Windows 7, and Windows 8) and servers (Windows Server 2003 SP2, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012) mount shares in a DFS namespace seamlessly, but the same isn't true for Mac OS (earlier than Lion). Linux systems have the capability to mount DFS, but they require some additional configuration above and beyond issuing a 'mount' command. In the modern versions of Linux, Windows file shares are mounted using the kernel Common Internet File System (CIFS) driver.
In order to mount a DFS volume, the following packages need to be available (these may vary per platform, but are consistent on RedHat/CentOS and SUSE):
cifs-utils (specifically mount.cifs and cifs.upcall)
keyutils
Based on testing in RedHat Enterprise Linux, samba is NOT required to mount a CIFS share hosted in a DFS namespace. A small piece of configuration is necessary to mount a DFS share on Linux. The configuration needs to be added to the keyutils configuration file (bolded below in the list of files included with the package),
/bin/keyctl
/etc/request-key.conf
/etc/request-key.d
/sbin/request-key
/usr/share/doc/keyutils-1.4
/usr/share/doc/keyutils-1.4/LICENCE.GPL
/usr/share/doc/keyutils-1.4/README
/usr/share/keyutils
/usr/share/keyutils/request-key-debug.sh
/usr/share/man/man1/keyctl.1.gz
/usr/share/man/man5/request-key.conf.5.gz
/usr/share/man/man8/request-key.8.gz
The following lines need to be added to the end of the /etc/request-key.conf file:
create cifs.spnego * * /usr/sbin/cifs.upcall -c %k
create dns_resolver * * /usr/sbin/cifs.upcall %k
Note that if you have a newer version of cifs-utils, the -c above is not necessary (and is actually a deprecated option). After adding the lines to the request-key.conf file, you should now be able to mount the share:
# mount -t cifs //mydfsdomain.lan/namespaceroot/sharedfolder /mnt -o username=windowsuser
If all goes well, this asks for a password and mounts. Note that mydfsdomain.lan should be your Active Directory name namespaceroot should be the root that you create using DFS Management in MMC. Note that all read/write/modify operations will be performed as the "windowsuser" user in the example above.
No comments:
Post a Comment