mount.cifs

Connect using the specified username or $USER by default (you will be prompted for a password)

$ mount.cifs -o user=[username] //[server]/[share_name] [mountpoint]

$ mount.cifs -o guest //[server]/[share_name] [mountpoint]

$ mount.cifs -o uid=[user_id|username],gid=[group_id|groupname] //[server]/[share_name] [mountpoint]

mount.cifs //server/share mount_point [-o options]

Examples of options:
user=<username>
pass=<password>
credentials=<path_to_file>
domain=<domain_name>
vers=<SMB_version> (e.g., 1.0, 2.1, 3.0, 3.1.1)

user=
    Specifies the username for authentication against the CIFS/SMB server.

pass=
    Specifies the password for the given username. Using the credentials option is generally more secure.

credentials=
    Provides the path to a file containing username and password, one per line (e.g., username=value
password=value). This is the recommended secure method for supplying credentials.

domain=
    Specifies the NT domain or Active Directory domain the user belongs to, if required by the server.

vers=
    Defines the SMB protocol version to use for the connection. Common values include 1.0, 2.0, 2.1, 3.0, 3.02, 3.1.1. Essential for compatibility with various servers.

rw / ro
    Mounts the share with read-write (rw) or read-only (ro) permissions, respectively. Default is read-write.

uid=
    Sets the numeric User ID (UID) that will own all files and directories on the mounted share on the client side.

gid=
    Sets the numeric Group ID (GID) that will own all files and directories on the mounted share on the client side.

file_mode=
    Sets the default permissions for files on the mounted share (e.g., 0644).

dir_mode=
    Sets the default permissions for directories on the mounted share (e.g., 0755).

_netdev
    Useful in /etc/fstab, this option indicates that the filesystem resides on a device requiring network access, preventing mounting attempts until the network is available.

iocharset=
    Specifies the character set to use for converting filenames, especially important for non-ASCII characters (e.g., utf8).

noperm
    Instructs the client to ignore UNIX permission bits reported by the server, relying solely on client-side UID/GID mapping for access. Use with caution as it can bypass server-side security.

nounix
    Disables CIFS Unix Extensions, which can sometimes be necessary for compatibility with certain servers or network-attached storage (NAS) devices that do not fully support these extensions.

sec=
    Specifies the security mode to use for authentication, such as ntlm, ntlmv2, ntlmssp, or krb5. This determines the authentication protocol.

mount.cifs is a specialized helper program for the mount command, designed to facilitate the mounting of shares using the Common Internet File System (CIFS) protocol, also known as Server Message Block (SMB). This protocol is predominantly used by Microsoft Windows file servers and Samba servers on Unix-like systems. It allows a Linux system to access and interact with remote network shares as if they were local directories, enabling seamless file and directory access.

The command handles the intricacies of CIFS/SMB protocol negotiation, authentication, and permission mapping. It provides a rich set of options for specifying credentials (username, password, domain), managing file and directory permissions on the client side, controlling caching behavior, and selecting specific SMB protocol versions for compatibility. While often invoked implicitly by the generic mount -t cifs ... command, mount.cifs offers direct control and detailed configuration for network share integration.

Security: Never hardcode sensitive passwords directly in scripts or in /etc/fstab. Always use the credentials= option pointing to a file with restrictive permissions (e.g., chmod 600 /path/to/creds_file) for storing credentials.
Permissions: Mapping Windows ACLs to Unix permissions can be complex. Use uid, gid, file_mode, and dir_mode options carefully to achieve desired client-side permissions. The noperm option bypasses server-side permission checks but might pose security risks.
Performance: Network latency and server load can significantly affect mounted share performance. Enabling client-side caching (e.g., through cache=strict) or disabling it (cache=none) might be necessary depending on usage patterns.
SMB Protocol Versions: Different Windows versions and Samba configurations support varying SMB protocol versions. If you experience connection issues, explicitly setting the vers= option might be required to match the server's capabilities.
Network Dependency: For /etc/fstab entries, always include the _netdev option to ensure the network is initialized before attempting to mount the share, preventing boot failures.

To automatically mount a CIFS share at boot, add an entry to your /etc/fstab file. A typical entry looks like this:
//server/share /mnt/mountpoint cifs credentials=/etc/cifs/creds,uid=1000,gid=1000,_netdev 0 0
Ensure the credentials file (e.g., /etc/cifs/creds) has restrictive permissions (chmod 600 /etc/cifs/creds) and contains:
username=<your_username>
password=<your_password>

If mounting fails, check the following:
- Network Connectivity: Can you ping the server? Is the share name correct?
- Credentials: Are the username and password correct? Is the domain specified if required?
- Permissions: Check permissions on the mount point and the credentials file.
- SMB Version: Try explicitly setting vers= (e.g., vers=2.1 or vers=3.0) if you suspect a protocol version mismatch.
- Kernel Log: Use dmesg | tail after an attempt to mount to see kernel-level error messages related to CIFS.

The mount.cifs command is part of the cifs-utils package, which superseded the older smbfs utility for mounting SMB/CIFS shares on Linux. The development of cifs-utils aimed to provide more robust support for modern SMB protocol versions, including SMB2 and SMB3, improved security features like Kerberos authentication, and better integration with the Linux kernel's cifs module. This transition marked a significant improvement in stability, performance, and feature set for accessing Windows and Samba network shares from Linux.

mount(8), umount(8), smbclient(1), fstab(5)