[Samba] limiting authentication duration

Doc Dawson doc at dawson.cc
Wed Oct 8 03:21:35 GMT 2003

Question 1: Is there a way to keep an authentication to a Samba share from 
lasting indefinitely?

I am implementing a Linux file server for a network of machines all running 
Windows 98 SE.  (Redhat 9, Samba 2.2.7a, share-level security.)  Once a 
user provides a valid password and connects to a Samba share, Samba allows 
that client machine to access that share indefinitely.
In our office each machine may not be used by the same user every day.  If 
Joe connects to a Samba share on Monday by providing the proper password, 
then Mary uses that client machine on Tuesday, she will have access to the 
share without needing the password.  Is there a way to make Samba ask for 
the password again?

Initially I thought I could just set the deadtime and keepalive options so 
the connection would be terminated if it is not used for a while.  But 
apparently Windows just autoreconnects.
I tried restarting the Samba service but that doesn't work either.
Even "smbcontrol smbd close-share * " doesn't prevent autoreconnection.
In the O'Reilly book "Using Samba" (second edition) the section on 
Share-Level Security mentions a REVALIDATE=YES option which I thought might 
be relevant.  However testparm identifies this as an "unknown 
parameter".  (BTW, revalidate does not appear in the index nor in the 
Configuration Option appendix of the second edition, so I suspect this is a 
deprecated option, although it was not removed from the text.)

Related, but slightly different
Question 2: Is there a way for a user on a Windows client to get Samba to 
ask for a new password?

Suppose I have a share such as:
	path = /var/project1/data
	username = mary, admin
	read only = yes
	write list = admin
If mary connects to the share, then asks me to come assist her and I need 
to write to the share from the Windows machine she is using, how can I 
terminate her authentication so I can connect with my password and get 
write privileges?

I'm new at this, so if any of my terminology is not right please let me 
know so I can get it right next time.

Doc Dawson
Longwood Family Medicine
Longwood, Florida
doc at dawson.cc

More information about the samba mailing list