Use Samba or CIFS to access your SDA account from your personal workstation

Important:
Files containing PHI must be encrypted when they are stored (i.e., at rest) and when they are transferred between networked systems (i.e., in transit). Do not use HSI, HTAR, or Samba to transfer data containing PHI unless those data are encrypted already; HSI, HTAR, and Samba do not encrypt data during transit. To ensure that files containing PHI remain encrypted during transit, use SFTP/SCP or the IU Globus Web App. To ensure that files containing PHI are encrypted when they are stored on the SDA, encrypt them before transferring them. For more, see Recommended tools for encrypting data containing HIPAA-regulated PHI.

You can use the Samba protocol to access Indiana University's Scholarly Data Archive (SDA) from a Windows or macOS workstation. Similarly, you can use CIFS to set up access from a Linux workstation. Connecting via Samba/CIFS gives you read-only access to your SDA account and any shared files you have permission to access. An IU VPN connection is required to access the SDA from off campus (i.e., outside the IU network).

Note:
Samba/CIFS connections to the SDA are read-only to prevent potential file corruptions caused by real-time editing on the SDA's tape-based back end. To transfer files to the SDA, use SFTP/SCP, HSI/HTAR, or the IU Globus Web App.

On this page:


Windows

Note:
If your Windows workstation is not joined to the IU ADS domain, you may need to disable LM/NTLMv1 to access the SDA via Samba; see How can I use the local security settings to force NTLMv2?

To use Samba to map a drive to your (personal or group) account or a shared directory on the SDA:

  1. In Windows 10 and 8.x, press Win-e, and then in the left column of the resulting window, right-click Computer or This PC.

    In Windows 7, from the Start menu, right-click Computer.

  2. Select Map Network Drive.
  3. In the "Path" or "Folder" field, enter the path for the SDA account (replace username with the account username or one of the share names listed below in the Accessing a shared directory section):
      \\smb.sdarchive.iu.edu\username
    
  4. Click OK or Finish.
  5. If prompted, enter the account username, prepended with ads\ (e.g., ads\username), and the corresponding passphrase.

The SDA will be mapped as a drive on your workstation, providing read-only access to the files and folders you have permission to access.

Note:
In accordance with standards for access control mandated by the HIPAA Security Rule, you are not permitted to access data containing protected health information (PHI) using a group (or departmental) account. To ensure accountability and maintain appropriate levels of access control, all users must use an individual login for all work involving PHI.

macOS

To use Samba to mount your (personal or group) account or a shared directory on the SDA:

  1. In the Finder, from the Go menu, select Connect to Server.
  2. In the Connect to Server window, in the "Server Address" field, enter the path for the SDA account (replace username with the account username or one of the share names listed below in the Accessing a shared directory section):
      smb://smb.sdarchive.iu.edu/username
    
  3. Click Connect.
  4. If prompted, enter the account username and passphrase, and then click Connect.

The SDA will be mounted on your workstation, providing read-only access to the files and folders you have permission to access.

Note:
In accordance with standards for access control mandated by the HIPAA Security Rule, you are not permitted to access data containing protected health information (PHI) using a group (or departmental) account. To ensure accountability and maintain appropriate levels of access control, all users must use an individual login for all work involving PHI.

Linux

To use CIFS to mount your (personal or group) account or a shared directory on the SDA:

  1. Create an empty mountpoint directory for the SDA account:
    • If you are logged into your workstation as root, on the command line, enter the following, replacing sda_account with the appropriate SDA account username or share name (for share name information, see the Accessing a shared directory section below):
        mkdir /sda_account
      
    • If you are logged into your workstations as a non-root user , on the command line, enter the following, replacing sda_account with the appropriate SDA account username or share name (for share name information, see the Accessing a shared directory section below):
        mkdir ~/sda_account
      
  2. Mount the SDA account. To so, on the command line, enter the following, replacing sda_account and sda_user with the appropriate SDA account username, and local_user with the local username that should be permitted to access the SDA:
      mount.cifs //smb.sdarchive.iu.edu/sda_account /sda -o user=sda_user,uid=local_user,sec=ntlmv2,domain=ads
    

    Alternatively, in the above example:

    • If you are mounting a shared directory:
      • Replace sda_account with the appropriate share name.
      • Replace sda_user with the username of the SDA account that has permission to access the shared directory.
    • If the local username is identical to the SDA account username, you can omit uid=localuserid .
    • To map a group SDA account to a local group username, use gid=local_user instead of uid=local_user.
    • In some cases under Red Hat Enterprise Linux 6 (RHEL 6), the sec=ntmlv2 option does not work ; try sec=ntlmssp instead.
  3. When prompted, enter the appropriate SDA account passphrase.

When you are finished, unmount the SDA account:

  • As root, enter:
      umount.cifs /sda_account
    
  • As a non-root user, enter:
      umount.cifs ~/sda_account
    
Note:
In accordance with standards for access control mandated by the HIPAA Security Rule, you are not permitted to access data containing protected health information (PHI) using a group (or departmental) account. To ensure accountability and maintain appropriate levels of access control, all users must use an individual login for all work involving PHI.

Accessing a shared directory

To access a directory that another user (or group) is sharing with you:

  1. Use one of the following share names to replace sda_account in the above instructions for Windows, macOS, or Linux:
    Share name Description
    hpss-home Maps to the top-level directory in cos1, the class of service (COS) for small files (up to 4 MB)
    hpss-home-medium Maps to the top-level directory in cos2, the COS for medium files (from 4 MB to 64 MB)
    hpss-home-large Maps to the top-level directory in cos3, the COS for large files (from 64 MB to 1 TB)
  2. From the top-level directory, navigate to the SDA account(s) you have permission to access. SDA accounts are stored off the top-level directory based on the first two characters in their usernames; for example, from the top level, to navigate to the account for username owkenobi, on the command line, enter:
      cd o/w/owkenobi
    
Note:
You cannot view files in an account belonging to another user (or group) unless the owner of the account sets permissions that grant you access. For information about setting permissions in shared directories, see At IU, how do I use ACLs to share my SDA data with other users?

This is document auxm in the Knowledge Base.
Last modified on 2018-06-12 15:33:55.

Contact us

For help or to comment, email the UITS Support Center.