[Samba] Access Windows files with individual user credentials

Michael Wandel m.wandel at t-online.de
Tue Mar 15 09:16:26 UTC 2016 

On 15.03.2016 08:49, Stefan Kania wrote:
> Am 15.03.2016 um 00:17 schrieb B Martin:
>> Dear fellow Samba fans,
> 
>> This seems like a blatantly obvious need, but I'm not finding
>> anything in the Samba literature addressing it.  Maybe my search-fu
>> is just failing me.
> 
>> I have a collection of Linux machines with multiple simultaneous
>> users. The Linux machines are all running Samba 4.1.7, compiled
>> from the source since my distro (CentOS 6.6) isn't that current.
>> We are operating in a Windows A/D domain via Winbind, and
>> everything in that area seems to be working great.  Linux can see
>> all the user accounts, knows their group memberships, etc., and
>> their Windows login passwords work fine on the Linux boxes.
> 
>> The Linux users want to access Windows network shares, which I
>> currently implement using the automounter and a bit of code
>> commonly floating around the Internet to mount it via smbclient.
>> The problem with this approach is that smbclient needs login
>> credentials at the time it sets up the mount.  Everyone using that
>> mount is then being treated as if they were using the same login
>> credentials.  They don't gain their own individual access rights to
>> files on the Windows share.  That's been OK so far, but the users
>> are becoming more sophisticated in this environment and now need
>> more sophisticated access controls.
> 
>> As I think about this, it seems to me that my current
>> implementation is modeling the Windows drive mapping function,
>> where the credentials are checked at the time the drive is
>> accessed, and remains constant for the entire machine even if
>> another user logs into it.  What I really want is something that is
>> similar to Windows UNC access, in which as I understand it,
>> credentials are checked on each file open based on the particular
>> user that is trying to open the file.  This is obviously a far more
>> flexible, sophisticated approach that gives Linux users 
>> fine-grained access to files just like they would have if
>> connecting from a Windows client.
> 
>> I can't really believe this has never been discussed before, but
>> I'm not finding it.  Can someone please point me in the right
>> direction?
> 
>> Thanks everyone.
> 
>> -Brian
> 
> I use pam_mount for mounting samba-shares on a Linux-client.
> 
> 

I use cifs mounts with multiuser and kerberos options. It is good
described at https://access.redhat.com/solutions/279183 .

best regards

Michael



> 
> 

-- 
Michael Wandel
Bielefeld

More information about the samba mailing list