[Samba] Access Windows files with individual user credentials
B Martin
samba-ml1 at martinconsulting.com
Mon Mar 14 23:17:59 UTC 2016
Dear fellow Samba fans,
This seems like a blatantly obvious need, but I'm not finding anything
in the Samba literature addressing it. Maybe my search-fu is just
failing me.
I have a collection of Linux machines with multiple simultaneous users.
The Linux machines are all running Samba 4.1.7, compiled from the source
since my distro (CentOS 6.6) isn't that current. We are operating in a
Windows A/D domain via Winbind, and everything in that area seems to be
working great. Linux can see all the user accounts, knows their group
memberships, etc., and their Windows login passwords work fine on the
Linux boxes.
The Linux users want to access Windows network shares, which I currently
implement using the automounter and a bit of code commonly floating
around the Internet to mount it via smbclient. The problem with this
approach is that smbclient needs login credentials at the time it sets
up the mount. Everyone using that mount is then being treated as if
they were using the same login credentials. They don't gain their own
individual access rights to files on the Windows share. That's been OK
so far, but the users are becoming more sophisticated in this
environment and now need more sophisticated access controls.
As I think about this, it seems to me that my current implementation is
modeling the Windows drive mapping function, where the credentials are
checked at the time the drive is accessed, and remains constant for the
entire machine even if another user logs into it. What I really want is
something that is similar to Windows UNC access, in which as I
understand it, credentials are checked on each file open based on the
particular user that is trying to open the file. This is obviously a
far more flexible, sophisticated approach that gives Linux users
fine-grained access to files just like they would have if connecting
from a Windows client.
I can't really believe this has never been discussed before, but I'm not
finding it. Can someone please point me in the right direction?
Thanks everyone.
-Brian
More information about the samba
mailing list