diff --git a/Dockerfile b/Dockerfile
index a2880181..3f6c6388 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ ENV VITE_RESTIC_VERSION=${RESTIC_VERSION} \
 
 RUN apk update --no-cache && \
     apk upgrade --no-cache && \
-    apk add --no-cache davfs2=1.6.1-r2 openssh-client fuse3 sshfs tini nfs-utils cifs-utils util-linux
+    apk add --no-cache davfs2=1.6.1-r2 openssh-client fuse3 sshfs tini
 
 ENTRYPOINT ["/sbin/tini", "-s", "--"]
 
diff --git a/app/server/modules/backends/smb/smb-backend.ts b/app/server/modules/backends/smb/smb-backend.ts
index 661e31a5..a6945907 100644
--- a/app/server/modules/backends/smb/smb-backend.ts
+++ b/app/server/modules/backends/smb/smb-backend.ts
@@ -41,48 +41,37 @@ const mount = async (config: BackendConfig, path: string) => {
 
 		const options = [`port=${config.port}`, `uid=${uid}`, `gid=${gid}`];
 
-		const credentialsDir = await fs.mkdtemp(`${os.tmpdir()}/zerobyte-smb-`);
-		const credentialsPath = `${credentialsDir}/credentials`;
+		if (config.guest) {
+			options.push("user=guest", "pass=");
+		} else {
+			const password = await cryptoUtils.resolveSecret(config.password ?? "");
+			const safePassword = password.replace(/\\/g, "\\\\").replace(/,/g, "\\,");
+
+			options.push(`user=${config.username ?? "user"}`, `pass=${safePassword}`);
+		}
+
+		if (config.domain) {
+			options.push(`domain=${config.domain}`);
+		}
+
+		if (config.vers && config.vers !== "auto") {
+			options.push(`vers=${config.vers}`);
+		}
+
+		if (config.readOnly) {
+			options.push("ro");
+		}
+
+		const args = ["-t", "cifs", "-o", options.join(","), source, path];
+
+		logger.debug(`Mounting SMB volume ${path}...`);
+		logger.info(`Executing mount: mount ${args.join(" ")}`);
 
 		try {
-			const credentialsLines: string[] = [];
-
-			if (config.guest) {
-				credentialsLines.push("username=guest", "password=");
-			} else {
-				const password = await cryptoUtils.resolveSecret(config.password ?? "");
-				credentialsLines.push(`username=${config.username ?? ""}`, `password=${password}`);
-			}
-
-			if (config.domain) {
-				credentialsLines.push(`domain=${config.domain}`);
-			}
-
-			await fs.writeFile(credentialsPath, credentialsLines.join("\n"), { mode: 0o600 });
-			options.push(`credentials=${credentialsPath}`);
-
-			if (config.vers && config.vers !== "auto") {
-				options.push(`vers=${config.vers}`);
-			}
-
-			if (config.readOnly) {
-				options.push("ro");
-			}
-
-			const args = ["-t", "cifs", "-o", options.join(","), source, path];
-
-			logger.debug(`Mounting SMB volume ${path}...`);
-			logger.info(`Executing mount: mount ${args.join(" ")}`);
-
-			try {
-				await executeMount(args);
-			} catch (error) {
-				logger.warn(`Initial SMB mount failed, retrying with -i flag: ${toMessage(error)}`);
-				await executeMount(["-i", ...args]);
-			}
-		} finally {
-			await fs.rm(credentialsPath, { force: true });
-			await fs.rm(credentialsDir, { force: true, recursive: true });
+			await executeMount(args);
+		} catch (error) {
+			logger.error(`SMB mount failed: ${toMessage(error)}`);
+			throw error;
 		}
 
 		logger.info(`SMB volume at ${path} mounted successfully.`);