none
Mounting Azure File Share on Linux

    Question

  • Hello, 

    I'm using a CentOS 6.5 machine which isn't a VM image running inside Azure and I'm trying to mount a file share on it. I installed required samba-clients, cifs-utils as mentioned in the documention. For some unknown reasons I'm getting this when I issue this command  

    sudo  mount -t cifs //*****. file. core. windows. net/testshare mountpoint/ -o vers=3.0,user=*****,password=*********dir_mode=0777,file_mode=0777
    mount error(110): Connection timed out
    Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

    What could be the reason for this?

    I've couple of questions 
    1) Is the file storage end point https:/*****. file. core. windows. net/ that I got from Azure Portal UI publicly accessible? Ping doesn't work perhaps ping maybe disabled on that box.
    2) Should the linux box reside inside Azure VM necessarily?
    3) Only CentOS 7+ is supported?
    4) Or while creating storage account did I miss any configuration that lets me select a public IP to be used? 
    I in fact watched the video in the documentation page and I followed the same exactly, I don't know what is missing. I also verified smbd and nmbd daemons are running. Please let me know if I'm missing anything obvious here. 
    One last question, is it possible for me to use Mac OS X (mavericks) to mount a file share?  I did come across links that said this isn't possible but let me know if there is some workaround. 
    Regards,
    Niranjan


    Friday, January 13, 2017 11:05 AM

Answers

  • Greetings Niranjan,

    Azure Files requires encrypted channel for communications outside of the datacenter, e.g. on premise servers. Linux SMB 3.0 implementation doesn't support encryption at the moment, therefore, the mount request will be rejected. We’re working with the Linux community on this but there is no ETA yet.

    On the other hand, a Linux VM hosted on Azure would be able to establish a connection with Azure Files (assuming the VM and associated storage account under which you create Azure Files are in the same region) since it can use SMB 2.1 which doesn’t enforce encryption.


    Hope this helps!


    Regards.

    Md. Shihab

    **********************************************************************

    Please remember to click "Mark as Answer" on the post that helps you as this can be beneficial to other community members reading the thread. And vote as helpful.

    • Marked as answer by niru_utd Monday, January 16, 2017 11:20 AM
    Monday, January 16, 2017 10:13 AM

All replies

  • Greetings Niranjan,


    Thank you for contacting Microsoft forums. We are pleased to answer your query. My answers are in bold.

    • Is the file storage end point https:/*****. file. core. windows. net/ that I got from Azure Portal UI publicly accessible? Ping doesn't work perhaps ping maybe disabled on that box.

    If port 445 (TCP Outbound) is open and your client supports the SMB 3.0 protocol (e.g., Windows 8 or Windows Server 2012), your file share is available via the Internet

    • Should the Linux box reside inside Azure VM necessarily?

    Yes, that’s correct. It must reside in Azure to be able to connect to Azure File storage. Reason being that for an on premise machine Azure requires SMB version 3.0 encryption whereas Linux SMB client currently doesn’t support encryption.

    • Only CentOS 7+ is supported?

                  No there are other Linux distros supported as well. Here’s a list of recommended Linux distros.

    One last question, is it possible for me to use Mac OS X (mavericks) to mount a file share?  I did come across links that said this isn't possible but let me know if there is some workaround.

    Mounting an Azure file share on Mac OS is not supported. However, you may refer the latest post on this thread for a workaround that might help but please note that we haven’t tested this yet.


    I hope that the reply will assist you in getting your query addressed. In case you require further assistance, please do reply to the thread as we are always available to your queries.


    Regards.

    Md. Shihab

    **********************************************************************

    Please remember to click "Mark as Answer" on the post that helps you as this can be beneficial to other community members reading the thread. And vote as helpful.

    Saturday, January 14, 2017 5:24 AM
  • Hi,

    You should configure the ACL from azure portal in order to open share file port:

    https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-nsg-quickstart-portal

    Connection Ports

    TCP

    139, 445

    UDP

    137, 138

    Saturday, January 14, 2017 3:19 PM
  • Hi Shihab, 

    Thanks for your detailed response. 

    There is no way I could achieve mounting file share on a Linux box that is outside of Azure?

    I've another question 

    Yes, that’s correct. It must reside in Azure to be able to connect to Azure File storage. Reason being that for an on premise machine Azure requires SMB version 3.0 encryption whereas Linux SMB client currently doesn’t support encryption.

    Then how does Linux VM inside Azure achieve this? Because even this is a Linux SMB client right? How encryption is configured for this? Is there a way I could configure/enable encryption for my client too?

    "Mounting an Azure file share on Mac OS is not supported. However, you may"

    I did try this but didn't work for me. There's no mention of which version of Mac OS X this was tried on. 

    Overall to simplify my question I've an on premise linux box and I want to move data from it to Azure File storage, how to achieve this by mounting the file share?

    Regards,
    Niranjan

    Sunday, January 15, 2017 7:20 AM
  • Hi Mark, 

    The link you've shared talks about VM configuration but in my case I'm not using any VM. 

    Regards,
    Niranjan
    Sunday, January 15, 2017 7:21 AM
  • Greetings Niranjan,
    A Linux VM hosted on Azure would work well with Azure Files using SMB 2.1 protocol if the corresponding Storage account and the Azure Linux VM are in the same region.
    For your scenario, you could try 
    using Azure CLI to copy the data from your on-premise Linux machine to Azure File Storage. If you then want to access it you can spin up a Linux VM hosted on Azure.


    I hope that the reply will assist you in getting your query addressed. In case you require further assistance, please do reply to the thread as we are always available to your queries.


    Regards.

    Md. Shihab

    **********************************************************************

    Please remember to click "Mark as Answer" on the post that helps you as this can be beneficial to other community members reading the thread. And vote as helpful.

    • Marked as answer by niru_utd Sunday, January 15, 2017 1:46 PM
    • Unmarked as answer by niru_utd Sunday, January 15, 2017 1:46 PM
    Sunday, January 15, 2017 10:06 AM
  • Hi Shihab, 

    Thanks I understand that very well. Let me elaborate what I'm trying to achieve, I already have an application that writes files to a directory, this underneath uses native FileSystem API. I thought If I'm able to mount Azure File Share on an on-premise machine, I could use this application. 

    Another solution what I've is adding a capability to my application to write to Azure File Storage by using Azure File Storage native API and this requires development effort. Since data is on premise I can't ask users to create a linux VM hosted on Azure to use my application. 

    Now what I don't understand/trying to understand is the difference in configuration of SMB client in Linux VM hosted on Azure and a normal Linux box outside of Azure. Is it not possible to have the same configuration on standalone Linux box? If you could explain this difference that would be great. I mean is not possible to turn on encryption that you previously mentioned?

    Hope you're clear on what I'm seeking.

    Regards,
    Niranjan
    • Edited by niru_utd Sunday, January 15, 2017 2:02 PM
    Sunday, January 15, 2017 2:00 PM
  • Greetings Niranjan,

    Azure Files requires encrypted channel for communications outside of the datacenter, e.g. on premise servers. Linux SMB 3.0 implementation doesn't support encryption at the moment, therefore, the mount request will be rejected. We’re working with the Linux community on this but there is no ETA yet.

    On the other hand, a Linux VM hosted on Azure would be able to establish a connection with Azure Files (assuming the VM and associated storage account under which you create Azure Files are in the same region) since it can use SMB 2.1 which doesn’t enforce encryption.


    Hope this helps!


    Regards.

    Md. Shihab

    **********************************************************************

    Please remember to click "Mark as Answer" on the post that helps you as this can be beneficial to other community members reading the thread. And vote as helpful.

    • Marked as answer by niru_utd Monday, January 16, 2017 11:20 AM
    Monday, January 16, 2017 10:13 AM
  • Hi Shihab, 

    Perfect, this is what I was expecting, so within the same region it uses SMB 2.1 but whereas outside it always enforces SMB 3.0 with encryption but which isn't support by Linux yet. This is the difference I wanted to understand. 

    Thanks for your time and valuable response. Appreciate that. 

    Best Regards,
    Niranjan
    Monday, January 16, 2017 11:22 AM
  • Here is the case for me....

    When I tried with in Azure (My VM is on Azure and My Strorage account is also on the same region) with SMB 3.0, I have been getting mount errors. But when I changed the SMB Version to 2.1, it got succeded.

    Eg: 

    ##Failing Command (with SMB 3.0 version) with in Azure

    sudo mount -t cifs //storageaccountname.file.core.windows.net/shared /mnt/mount -o vers=3.0,username=xxxxxxx,password=xxxxxxxx,dir_mode=0777,file_mode=0777

    >>Result

    mount error(11): Resource temporarily unavailable
    Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

    ###Working Command (with SMB 2.1 version) with in Azure

    sudo mount -t cifs //storageaccountname.file.core.windows.net/shared /mnt/mount -o vers=2.1,username=xxxxxxx,password=xxxxxxxx,dir_mode=0777,file_mode=0777

    Wednesday, September 27, 2017 10:38 AM
  • Yep, that seems to be new at least for CentOS:

    In a CentOS 7(.3) from July 2017, the mount works with both 'vers=2.1' and  'vers=3.0'

    In a current CentOS 7(.4), the mount works only with 'vers=2.1'

    From what I read above, it seems perfectly reasonable to use 2.1 - as the Linux SMB 3.0 support is incomplete. Unfortunately, the "Connect" info from the Azure portal suggests the mount command with the - now non-working - 'vers=3.0'

    Wednesday, October 11, 2017 2:05 PM