Home Spaces & CIFS Shares

All users in IITD have a home space allocated to them. Mail folders and user preferences are stored in an user's home space. The home folders are securely maintained on a state-of-the-art NAS and SAN infrastructure at the CSC. The home space quotas are modified from time to time - the current quotas can be checked using the command quota -s in any Linux system in the CSC.

The user home spaces are mounted as the default home folder in all Linux and Windows Desktop machines in the CSC. To access their  home folders remotely all users can ssh to ssh1.iitd.ac.in and all faculty can ssh to ssh2.iitd.ac.in. ssh client is available by default on all versions of Unices, Linux and Mac included. Windows users can download and install a popular ssh client called Putty and a popular scp client called WinScp.

The CSC  home folders are also available as remote CIFS (Windows) shares. These shares can be mounted as local drives or folders on any Windows, Mac or Linux desktops and laptops connected to the IITD LAN. 

Please see below for access procedures in Windows, Linux and Mac.

To be able to mount the home shares, the users will need to sync their passwords in the Microsoft Active directory. Users may do so by changing their Kerberos passwd.

The same home folders are mounted as default login folders on all Linux and Windows desktop machines in the CSC general computing area through NFS and CIFS protocols respectively. The home folders are also mounted using NFS on all CSC Unix servers, including on mailstore.iitd.ac.in, ssh1.iitd.ac.in and ssh2.iitd.ac.in.

These folders are maintained on mixed mode file systems. Files and folders created from Unix using NFS will have Unix style ACLs and those created from CIFS will have Windows style ACLs. Files and folders of both types can exist with the the same directory or folder.

The home folders for users under the LDAP dcs  cas, cbme, ces, chemistry, civil, cse, hss, ird, library, physics, polymers, temp, textile, visitor are available on filer01.iitd.ac.in; and for users under DCs admin, am, bioschool, care, cc, chemical, dbeb, dbst,design, dms, ee, iddc, itmmec, maths, mech, mse, rdat, sire, sopp, uqidar are available on filer02.iitd.ac.in. These folders can be accessed as \\filer01.iitd.ac.in\homes\dc\category\userid and \\filer02.iitd.ac.in\homes\dc\category\userid respectively. The Windows domain for the CIFS shares is ACAD.

For example, if you are a B. Tech. student from Civil Engineering, your home share can be accessed as \\filer01.iitd.ac.in\homes\civil\btech\yourid; and if you are a faculty member from Mathematics, then your home share can be accessed as \\filer02.iitd.ac.in\homes\maths\faculty\yourid.

Current categories in the LDAP are adjunct, btech, diit,doctor, dual, emeritus, exfaculty, exstudents, faculty, head , hod , iitdguest, integrated, irdstaff, mba, mdes, msc, msr, mtech, pgdip, phd, retfaculty, staff, student, vfaculty, visitor. In case you cannot guess your category, you can look it up in your LDAP profile.

We maintain several snapshots of the entire file system on the file system itself. We maintain five hourly snapshots (at 0400, 0800, 1200, 1600 and 2000 hrs), two nightly snapshots at two previous midnights, and three weekly snapshots obtained on last three Sundays. Users can recover their old files in case they get deleted inadvertently. See below for details. Please contact sysadm@cc.iitd.ac.in in case you face difficulties.

Security issues

Mounting the user shares on desktops and laptops will require authentication using the CSC password. The CSC CIFS shares have been configured to use the authentication protocols NTLMv2 (reasonably secure) or Kerberos (very secure). Please see below for configuration methods in Windows, Mac and Linux. In addition, we strongly recommend users to configure CIFS packet signing to prevent against man-in-middle and session hijack attacks.

Mounting shares in Windows

Standalone Windows desktops, laptops and hand-helds which are not part of an Active Directory domain cannot do Kerberos authentication. So, that is that, and the default NTLMv2 is the only option. Windows clients negotiate SMB packet signing by default. In Windows XP, you will need SP2 and may have to enable NTLMv2 by following the procedure outlined here.

Remote CIFS shares can be accessed in Windows though the following steps (there may be slight variations in different Windows versions):

  1. Open any folder on your desktop, or My Computer, and left click the tool menu above.
  2. Choose Map Network Drive....
  3. The Map Network drive Dialog box comes up. Windows automatically chooses an available drive letter for this network drive. Type in \\filer0{1,2}.iitd.ac.in\homes\yourdc\your-category\yourid. The Windows domain is ACAD.
  4. Click on Finish button. Now an authentication dialog box will come up, asking for username and password. Put your IITD id and password in this. Try ACAD\yourid if just yourid doesn't work.
  5. YOU ARE DONE! Your storage server drive will open up...
  6. Open "My Computer" and you can see your new drive at the bottom. Use it just like how you use a regular drive!

On the CSC Windows machines your home folder will be mapped on to Y: by default. Your profile and My Documents folders will also be available on Y: by default. You are requested to keep your Desktop, Application Data and any other folder that is usually found under Windows Profile small and store your files in Y: instead, and periodically clear temporary files like cookies and caches.  In Windows the profile gets loaded on to local temporary folders during login, and a heavy remote profile folder can make the login process slow.

Mounting shares in Mac

  1. Press Command+K and type in cifs://filer{01,02}.iitd.ac.in/homes/dc/your-category/yourid in the dialog box. Press Connect.
  2. In the next screen check Registered User and type in your IITD id and password. The folder will be mounted under /Volumes/.. in case you wish to access it through a shell.

In Tiger, Leopard and Snow Leopard the above procedure defaults to NTLMv2 authentication. If you want the more secure Kerberos authentication instead, you may do the following

  1. Open a shell and type "kinit yourid@ACAD.WINDOWS.IITD.AC.IN" (the capital is important). Type in your password to obtain a Kerberos ticket. You can verify the ticket with klist.
  2. Type"mkdir whatever"to create a mount point in your local home directory.
  3. Type "mount_smbfs //yourid@filer{01,02}.iitd.ac.in/homes/yourdc/yourcategory/yourid whatever" to mount the remote folder on to the folder whatever. You can verify using klist whether you have indeed obtained a Kerberos ticket for the filer as well. It will show up as a ticket for cifs/netapp...
  4. CIFS packet signing appears to be problematic in Mac. If somebody can figure out how to do this and let us know we will be happy to put up the procedure here.

Mounting shares in Linux

Make sure that the packages smbfs and smbclient are installed, and the following three lines are enabled in the global section of /etc/samba/smb.conf

client use spnego = yes

client ntlmv2 auth = yes

client signing = auto

  1. If you use Gnome, then the simplest procedure is to click on"Places" -> "Connect to Server'' -> Select "Windows share" and fill up the details as Domain=ACAD, Share=//filer{01,02}.iitd.ac.in/homes, and type in your login id. Click on "Connect" and you should be done. The CIFS share will be mounted under .gvfs in your home directory.
  2. The above method will default to NTLMv2 authentication. If you wish to connect using the more secure Kerberos, you may do the following:
  3. Install the krb5-user package. Obtain a Kerberos ticket by typing "kinit yourid@ACAD.WINDOWS.IITD.AC.IN" (the capital is important) in a shell, and type "gvfs-mount //filer{01,02}.iitd.ac.in/homes". On some versions of Linux this may ask you to provide your login id, passwd and DOMAIN again - this is a bug and it cannot be helped. The CIFS share should now get mounted under .gvfs in your home directory. You can verify using klist whether you have indeed obtained a Kerberos ticket for the filer as well. It will show up as a ticket for cifs/netapp...
  4. Both the above methods will use CIFS packet signing by default.
  5. Alternatively, you can as root, mount the CIFS shares using ``mount -t cifs //filer{01,02}.iitd.ac.in/homes/yourdc/yourcategory/yourid mountpoint -o username=yourid,sec=krb5i'' or  ``mount -t cifs //filer{01,02}.iitd.ac.in/homes/yourdc/yourcategory/yourid mountpoint -o username=yourid,sec=ntlmv2i''. See ``man mount.cifs'' for details. This may not work directly on some versions of Linux (depends on the distribution and the Kernel version). We trust that Linux users will be able to figure out the issues themselves. In case you do figure out for your favourite version of Linux, please do let us know.

Snapshots

The snapshots of the file system are available on the root folders of the file system. They can be accessed from {ssh1,ssh2}.iitd.ac.in or through any desktop in CSC at /homr/$dc/.snapshot.  They can also be accessed through CIFS at cifs://filer{01,02}.iitd.ac.in/homes under the folder ~snapshot. We maintain five hourly snapshots (at 0400, 0800, 1200, 1600 and 2000 hrs), two nightly snapshots at two previous midnights, and three weekly snapshots obtained on last three Sundays. The snapshots are available as read-only folders and have the same file permissions as the original.