Preface

Before we begin this article let me just get this out of the way. If you’re a Windows/macOS user, then this guide does not apply to you. VeraCrypt can mount files just fine on SMB shares. If you’re a Linux user and can mount VeraCrypt files no problem, then this guide isn’t for you. This guide is for people who are running into issues mounting a VeraCrypt volume file on their SMB NAS, specifically those who use Linux and Gnome’s implementation of virtual filesystems, gvfs. If you don’t think you apply, read on and see if the solution applies for you.

Also, thanks to the original posters over at this GitHub issue thread.

Problem

You’re trying to mount a VeraCrypt container but keep getting this weird message:

veracrypt-error

OK, now what? Well, the problem is, as specified by @idrassi, gvfs only exposes the mounted files to the current Linux user, in this case, your username you are running your session in. Even root can’t access this share, which is quite weird (!) in the Linux world, but I guess there are some reasons behind this implementation. To get around this problem, you need to manually mount the drive:

sudo mount -t cifs //192.168.0.100/example /home/example/example-mount -o user=WINUSER,password=WINPASS

Not very complicated, and you can find this command in the original thread, too. So what gives? Why did you even write this blog post?

Well, this exposes your Windows/CIFS/SMB password to anybody who looks through your computer - since bash and other shells save history. In the case of bash, you can find your history in .bash_history or even history.

The solution? Don’t expose the password. Make a script! That’s pretty hard, though, so I made one that you can use.

Solution

Copy this to mount-smb.sh, give it run permissions (chmod +x mount-smb.sh) and then run it (./mount-smb.sh):

#!/bin/bash

# Ask user for remote server location.
echo "Enter server location with IP and directory."
echo "Example: //192.168.0.101/test"
read -p "Server location: " servloc
echo "Got location: $servloc"

# Ask user for username
read -p "Enter CIFS username: " username
echo "Got username: $username"

# Ask user for password
read -sp "Enter password: " password
echo "Received password, not printing..."

sudo mount -t cifs $servloc /home/example/example-share -o user=$username,password=$password

Remember to rename example to your own username! Once you run the script it should prompt you for three things:

  1. The location of the server (something like //192.168.0.101/test)
  2. Your username (for Windows/CIFS/SMB, NOT your Linux username)
  3. Your password (for Windows/CIFS/SMB, NOT your Linux password)

Once you fill those out, it’ll prompt you for root permissions. Type in your password for the sudo prompt.

Once that’s done, the SMB/CIFS share should be mounted at /home/your-username/your-username-share. Go inside, double-click on the VeraCrypt container and open it. It should work flawlessly.

Cleaning up

You want to unmount the share? It’s a simple command:

sudo unmount /home/example/example-share

Replace example with your username. Now if you’re lazy like me, then just throw it in another script (unmount-smb.sh) and call it a day. Enjoy!