Sunday, 7 September 2014

Mounting Apple Time Capsule share from Ubuntu 14.04

Older Apple Time Capsule NAS devices don't support NTLMv2: only NTLM.  So when mounting an SMB share from such a device, you need to manually select NTLM as your security mode. Otherwise the CIFS Client fails to mount the share, and reports a permission error.

So, the correct syntax for Ubuntu 14.04 is:-
   sudo mount -t cifs //1.2.3.4/Data -o username=example,password=example,sec=ntlm /mnt/example

where 1.2.3.4 is the IP address of your Time Capsule.

If the CIFS client isn't installed on your Ubuntu box then first you just need to run:- 
    sudo apt-get install cifs-utils

For bonus points you can of course pass the login credentials from a protected file in your home directory rather than passing it on the command line (where it's visible in process listings and bash shell history files).

If you're not sure of the mount point name,  ask first:-
   smbclient -U example -L //1.2.3.4
   Enter example's password: 

... and a list of shares will be shown.  You want the one of type "Disk".

20 comments:

  1. Question, If I reboot, will the share unmount?

    ReplyDelete
    Replies
    1. Hi Pedro. Yes they will unmount. If you want persistence across reboots, you will need to add a new line in /etc/fstab . Just be careful when editing that file! Don't corrupt any existing entries or your system might not boot again. See "man fstab" or https://help.ubuntu.com/community/Fstab

      Delete
    2. @Martin I just ran across this post.. a year later. I realized I did not thank you. Thanks for the info.

      Delete
  2. you rock man, thank you for this entry blog...

    ReplyDelete
  3. Hello Martin, i have try this but i have this error:

    Retrying with upper case share name
    mount error(6): No such device or address
    Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)


    Any idea???

    ReplyDelete
    Replies
    1. Need to see exact syntax to debug that!

      But take care to use quotation marks or backslashes if you have special characters (including spaces) in the share name or the mount point name

      Delete
    2. Hi Anthony... I saw your note. Your commands look fine. Is 192.168.0.17 definitely the Time Capsule? Is "Enable file sharing" definitely ticked in Airport Utility, on the Time Capsule under "Disks" ?

      Delete
    3. Same thing happened to me. I was querying the Samba server via the nmlookup '*' command to extract the IP of the shares; however it seems that nmblookup is not working as expected from quite some time (back in February it was OK).

      Delete
  4. Interesting. I'll re-test from Ubuntu 16.04, first taking any pending updates for the Time Capsule.

    ReplyDelete
  5. I was using Kodi in 14.x with my Airport and Timecapsule, this was working fine. Now in 16.04 I'm not able to make it work, even doing different sort of tricks. Any help would be greatly appreciated.

    ReplyDelete
  6. OK to confirm the IP, this works... (if your time capsule is called "capsule")

    $ nmblookup capsule
    192.168.15.167 capsule<00>

    This works for listing the share points (from 16.04 to Time Capsule)...

    $ smbclient -U example --option='client use spnego = no' -L capsule
    WARNING: The "syslog" option is deprecated
    Enter example's password:
    Domain=[INTERNAL] OS=[Apple Base Station] Server=[CIFS 4.32]

    Sharename Type Comment
    --------- ---- -------
    IPC$ IPC
    Data Disk
    Domain=[INTERNAL] OS=[Apple Base Station] Server=[CIFS 4.32]

    This confirms that the share point name in this case is "Data".

    For actually mounting the share, this works...

    $ mkdir /tmp/mnt
    $ sudo mount //192.168.15.167/Data -o'sec=ntlm' /tmp/mnt
    Password for root@//192.168.15.167/Data: ********

    That seems to work but it needs the IP address not the hostname!

    Hope this helps

    ReplyDelete
  7. Owesome Martin!!!
    This work for me!!!
    Can we do a automount?

    ReplyDelete
  8. Yes you should be able to add an entry to the bottom of /etc/fstab - googling that is left as an exercise for the reader. Only snag is that any login credentials will be readable by anyone who can see /etc/fstab . I don't know if that's world-readable, or needs to be,

    ReplyDelete
  9. Hi Martin. I am trying to connect to my TC from a raspberry pi. When I use:
    sudo mount.cifs //10.0.1.1/Data /home/pi/timecapsule/ -o “user=xxxx,pass=xxxx,sec=ntlm”
    I get:
    Password for root@//10.0.1.1/Data:

    Any help would be appreciated greatly!


    ReplyDelete
  10. Hi, well if you enter the TC password when it prompts you, it will probably let you in!

    But if you want to get in without entering the password at the prompt, you might need single quotes rather than double quotes i.e. -o 'user=xxxx,pass=xxxx,sec=ntlm' - it may depend on whether your password has any characters in it that have special meaning in the Linux shell.

    Hope this helps

    ReplyDelete
  11. I used this:
    //10.0.0.1/TooneTown%20Media /media/airport cifs password=<($MyAirPortPasswd)>,uid=1000,sec=ntlm,user 0 0

    I replaced the password for securities sake
    and it said mount error permission denied

    ReplyDelete
    Replies
    1. OK so firstly /media/airport must exist already. And unless you are root (or you are sure that your user account has read/write/execute permissions on that folder) you might want to use "sudo mount" rather than just "mount" to make sure you don't get permission denied due to filesystem permissions on the local mount point.

      I can't recall whether non-root users can actually mount anything without special admin privileges so certainly try being root or using sudo.

      I'm not sure that you've got the options list correct. I would try sticking more closely to the examples. For one thing you haven't got '-o' before the password= option. I also don't see why you should need to override the UID option - that could cause a permission denied by itself unless you're root.

      As a last resort you might want to lose the space in the share name (TooneTown Media) or at least use the shell to escape it i.e. //10.0.0.1/TooneTown\ Media in case the %20 gets treated as a space by the shell - meaning that the number of parameters is wrong.

      Hope this helps

      Delete
  12. I have happened to find your explanation and tried it. It worked. Thank you very much. In my case, I did not assign username to TM so I just used password.

    ReplyDelete
  13. You said in your post “you can of course pass the login credentials from a protected file in your home directory” what is the syntax of the command to do this and what should the contents of the file look like ?

    ReplyDelete
    Replies
    1. Create an SMB Credentials file, and pass the full pathname to that file as an extra argument to your mount command:
      credentials=/home/yourubuntuusername/.smbcredentials

      This can be combined with using /etc/fstab to make it easier to mount (and optionally do so automatically on each login):-

      https://wiki.ubuntu.com/MountWindowsSharesPermanently#Mount_password_protected_network_folders

      Delete

Spammers: please stop wasting my time. All comments are moderated before publication.