Network Share (SMB Protocol)
Mediaflux data collections can be accessed as a network share via the SMB (Server Message Block) protocol.
You can connect to the Mediaflux server using SMB through macOS Finder ("conect to server"), Windows File Explorer ("map network drive") or GNOME FIles ("connect to server") on Linux, etc. and use your favourite file management tool to explore your collection and upload, download, delete, manage or rename files and folders, just as if it were a local directory. You can also open files directly, for example in Microsoft Office or other local applications.
Please note that the SMB protocol (in general, not just with Mediaflux):
- Is not encrypted over the network.
- Is not allowed outside of the University network except via the University VPN.
Note that Microsoft Office applications have an issue when used with SMB/Mediaflux. When you edit a file, the Office applications copy the file, edit it, remove the original and move the new file into its place. This process causes Mediaflux to lose earlier versions of the file (however, all copies will get replicated in near real time to our Disaster Recovery server). If you wish to retain the version history of your Microsoft Office files, one workaround is to copy the file to your local machine, edit it there, and then overwrite the file in Mediaflux with your modified version.
Fileshare path format
Regardless of the operating system you are using, you need to specify the file-share (your data collection) that you want to access (map/mount). For the University of Melbourne Mediaflux service, the file-share name is the same as your project ID (projects IDs are of the form proj-<name>-<CID>). The project is your collection is your file-share.
The full file-share path combines the Mediaflux server name and the name of your file share (project). For example:
Windows
Use backslashes in the path.
Mapping your Mediaflux project as network drive with Windows Explorer:
\\mediaflux.researchsoftware.unimelb.edu.au\proj-testproject-1128.3.12
macOS
Use forward slashes in the path
Finder (Go -> Connect to Server...)
The username will be domain\username (see screenshots below)smb://mediaflux.researchsoftware.unimelb.edu.au/proj-testproject-1128.3.12
Terminal - using the command-line mount command, the syntax is of the following form (including the domain, e.g. unimelb and user e.g. mfuser )
mount -t smbfs //unimelb\;sclaus@mediaflux.researchsoftware.unimelb.edu.au/proj-testproject-1128.3.12 /Users/mfuser/smb_mount
where the last part is an empty directory you have created on you computer to receive the SMB mount point.
Terminal with a secure identity token. Macos uses the following syntax for connecting to SMB volumes on the CLI:
mount -t smbfs //[domain;]user[:password]@server[/share] path
Note that the semicolon character will be interpreted by the zsh shell, so we need to surround the path with quotes. When using a token, we want the password to be blank, so we specify the : with nothing following it. For example:
- domain: token
- replace <your token code here> with your actual secure identity token
- replace proj-testproject-1128.3.12 with your actual project
- /Users/mfuser/smb_mount with the location of your mount point (where the files on the server will appear). You may need to create this with the mkdir command.
Example:
mount -t smbfs '//token;<your token code here>:@mediaflux.researchsoftware.unimelb.edu.au/proj-testproject-1128.3.12' /Users/mfuser/smb_mount
Linux
Use forward slashes in the path.
Using the smbclient command (similar to an FTP client), the syntax is of the following form (including the domain, e.g. unimelb and user, e.g. mfuser):
smbclient //mediaflux.researchsoftware.unimelb.edu.au/proj-test-project-1128.3.12 -W unimelb -U mfuser
Using GNOME Files (AKA Nautilus): Other Locations -> Enter Server Address...
smb://mediaflux.researchsoftware.unimelb.edu.au/proj-testproject-1128.3.12
This will prompt you for your domain (generally unimelb or student), username and password.
Using the command-line mount command the syntax is of the following form (including the domain, e.g. unimelb and user e.g. mfuser ).
mkdir ~/mnt sudo apt install cifs-utils # provides the cifs mount helper (mount.cifs) sudo mount -t cifs -ouser=mfuser,domain=unimelb,uid=$UID,gid=$(id -g) //mediaflux.researchsoftware.unimelb.edu.au/proj-testproject-1128.3.12 $HOME/mnt
Note: the uid, gid, file_mode and dir_mode options will control the local permissions on the files and directories inside the mount point. In the example above, the uid and gid are set to the user who is running the mount command, but this may not work if you're mounting with one user and need to access the files as another user. See the Users and Groups page on ArchWiki and use the man mount.cifs command on your local machine for more information.
If you wish to use Kerberos authentication from the command line, you will need some additional software:
sudo apt install krb5-user keyutils
Then you can log in using the kinit command, and then pass the cruid to the mount command instead of specifying the username, domain and password.
mkdir ~/mnt kinit mfuser@UNIMELB.EDU.AU sudo mount -t cifs -o cruid=$USER,sec=krb5,uid=$UID,gid=$(id -g) //mediaflux-test.researchsoftware.unimelb.edu.au/proj-test-1247.5.1 $HOME/mnt
If you are using a secure identity token
mkdir ~/mnt sudo apt install cifs-utils # provides the cifs mount helper (mount.cifs) sudo mount -t cifs -ouser=<your token string>,domain=token,password='',uid=$UID,gid=$(id -g) //mediaflux.researchsoftware.unimelb.edu.au/proj-testproject-1128.3.12 $HOME/mnt
Authentication
If your computer is a University MOE (Managed Operating Environment), you won't need to enter your credential when you map the network drive on Windows or connect to the server (macOS). Your computer will supply your credential and log you in automatically because you have already logged in to your computer via the University domain.
For other operating systems, or if you are using a local account (not a University account) you will need to supply your login credential. The SMB user name is a combination of the Domain and Username of the Mediaflux account - note the use of backslashes (\
) in the credential component in the SMB protocol (both Windows and macOS)
University of Melbourne Central (Active Directory) Accounts
Staff: unimelb\<Username> E.g. unimelb\sclaus
Students: student\<Username>. E.g. student\jfrost
Local accounts: <Domain>\<Username> E.g. local\dwho
Authentication protocol
By default, your credentials will be authenticated using the NTLMv2 protocol. If you have trouble logging in, another alternative is to use Kerberos authentication. To do this, use the fully qualified domain instead of the short domain:
- staff use unimelb.edu.au instead of unimelb. e.g. unimelb.edu.au\sclaus
- students use student.unimelb.edu.au instead of student. e.g. student.unimelb.edu.au\jfrost
Connecting after changing your password
If you have recently changed your University of Melbourne password, then it will be important to manually disconnect (and then reconnect) any previously-mounted SMB shares. Otherwise, these drives may continue to authenticate using old/legacy credentials - which can lead to account lockouts (due to repeated unsuccessful connection attempts) in some cases.
Using a secure identity token
If you are connecting with a secure identity token, you would use the following:
- Domain: token
- Username: <your token string>
- Password: <leave blank>
If you cannot leave the password blank, you can enter the token a second time in the password field.
Examples
Windows 10
N.B. On Windows you cannot use two different accounts to mount two different shares from the same server.
For this example, we assume you are logged in to a University of Melbourne Windows 10 MOE with your University Credential.
- Click This PC in the left pane
- From the Computer ribbon, select Map Network Drive
- In the Folder field, fill in the fileshare path, e.g. \\mediaflux.researchsoftware.unimelb.edu.au\proj-demonstration-1128.4.15
- Check the Reconnect at sign-in box to ensure this fileshare will connect the next time you log into your machine
- Click Finish. Your share will now show up in the File Explorer.
- If you needed to use a different account to connect to Mediaflux than the one you're logged in to your computer with, check the box Connect using different credentials and enter your username in the form domain\username and click OK. In the following example, a staff account is used where the domain is called 'unimelb', students should use the 'student' domain. If connecting with a secure identity token, enter token\<your token> in the username field, and leave the password field blank.
Apple macOS Finder
Open the Finder select the Go Menu item Connect to Server...
- Enter the path to your project, e.g. smb://mediaflux.researchsoftware.unimelb.edu.au/proj-demonstration-1128.4.15 and click Connect
- Enter your username in the domain\username form, and your university password and click Connect. If you are using a secure identity token, enter token\<your token> in the Name field and leave the password field blank.
The finder will now have a mounted drive with the contents of your project.
Ubuntu GNOME Files
- Open GNOME Files (AKA Nautilus), and click Other Locations on the left pane.
- In the Connect to Server box, enter your SMB address, e.g. smb://mediaflux.researchsoftware.unimelb.edu.au/proj-demonstration-1128.4.15
- Click Connect
- You will be prompted to authenticate. Enter your University username, domain (usually unimelb or student) and your University password. If you are connecting with a secure identity token, enter the token in the username field, token in the domain field, and the token a second time in the password field. Nautilus will not accept a blank password.
- You will see the network drive attached on the left pane, and the contents of the network drive. You can press the "eject" button to disconnect.
Mounting on Linux using the fstab file
If you want to have your SMB volume mount on startup, you can add it to your /etc/fstab
file. In the below example, you need to determine the uid and gid of your local user account, and update the example username (mfuser) and example password (mfuserpassword) to your university username and password.
# determine your uid and gid: mfuser@ubuntu:~$ id uid=1000(mfuser) gid=1000(mfuser) groups=1000(mfuser),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),118(lpadmin),129(sambashare),137(libvirt) # add entry to your fstab file. Use the values for uid and gid determined above. mfuser@ubuntu:~$ sudo vim /etc/fstab //mediaflux.researchsoftware.unimelb.edu.au/proj-demonstration-1128.4.15 /mnt/proj-demonstration-1128.4.15 cifs credentials=/etc/fstab-creds-proj-demonstration-1128.4.15,uid=1000,gid=1000 0 0 # create a separate credentials file. This allows us to set the permissions so the password is not readable by normal users. mfuser@ubuntu:~$ sudo touch /etc/fstab-creds-proj-demonstration-1128.4.15 mfuser@ubuntu:~$ sudo chmod go-rwx /etc/fstab-creds-proj-demonstration-1128.4.15 mfuser@ubuntu:~$ sudo vim /etc/fstab-creds-proj-demonstration-1128.4.15 username=mfuser password=mfuserpassword domain=unimelb # create the mountpoint and mount mfuser@ubuntu:~$ sudo mkdir /mnt/proj-demonstration-1128.4.15 mfuser@ubuntu:~$ sudo mount /mnt/proj-demonstration-1128.4.15
Transferring data to or from cloud storage using rclone
Rclone is a tool for transferring or syncing files to cloud storage. Over 40 cloud storage products support rclone including S3 object stores, business & consumer file storage services, as well as standard transfer protocols. Rclone has cloud equivalents to the unix commands rsync, cp, mv, mount, ls, ncdu, tree, rm, and cat.
You can transfer data to or from Mediaflux over both the SFTP and SMB protocols. Some endpoints that might be of interest to University users are SharePoint, OneDrive, Google Drive, S3 and CloudStor.
We have a detailed page on rclone with examples transferring data from many cloud storage endpoints.