[Samba] Access Windows files with individual user credentials

B Martin samba-ml1 at martinconsulting.com
Mon Mar 14 23:17:59 UTC 2016 

Dear fellow Samba fans,

This seems like a blatantly obvious need, but I'm not finding anything 
in the Samba literature addressing it.  Maybe my search-fu is just 
failing me.

I have a collection of Linux machines with multiple simultaneous users.  
The Linux machines are all running Samba 4.1.7, compiled from the source 
since my distro (CentOS 6.6) isn't that current.  We are operating in a 
Windows A/D domain via Winbind, and everything in that area seems to be 
working great.  Linux can see all the user accounts, knows their group 
memberships, etc., and their Windows login passwords work fine on the 
Linux boxes.

The Linux users want to access Windows network shares, which I currently 
implement using the automounter and a bit of code commonly floating 
around the Internet to mount it via smbclient.  The problem with this 
approach is that smbclient needs login credentials at the time it sets 
up the mount.  Everyone using that mount is then being treated as if 
they were using the same login credentials.  They don't gain their own 
individual access rights to files on the Windows share.  That's been OK 
so far, but the users are becoming more sophisticated in this 
environment and now need more sophisticated access controls.

As I think about this, it seems to me that my current implementation is 
modeling the Windows drive mapping function, where the credentials are 
checked at the time the drive is accessed, and remains constant for the 
entire machine even if another user logs into it.  What I really want is 
something that is similar to Windows UNC access, in which as I 
understand it, credentials are checked on each file open based on the 
particular user that is trying to open the file.  This is obviously a 
far more flexible, sophisticated approach that gives Linux users 
fine-grained access to files just like they would have if connecting 
from a Windows client.

I can't really believe this has never been discussed before, but I'm not 
finding it.  Can someone please point me in the right direction?

Thanks everyone.

              -Brian

More information about the samba mailing list