[Samba] force re-authentication when accessing different shares
Harald Glanzer
harald.glanzer at gmail.com
Fri Jan 18 12:15:09 UTC 2019
hi all!
using samba 4.9 to export directories for 'virtual' users, i.e. users which
have distinct homedirectories and distinct smbpasswd entries under a
writeable /data partition.
to prevent the need to create /etc/passwd useraccounts (on read-only /), a
self written libnss modul acts as a source. the lib only checks if the
homedirectory exists, returns a fake passwd struct, and finally smbpasswd
backend checks for the correct password.
this solution is working in principal, but the problem is that if (1)
logging in to a share with one user(with the distinct username/password
combination), and (2) opening another share (different directory, different
username, different password), NO password prompt opens, i.e. the (correct)
share is just delivered by samba.
instead, samba should see different usernames + sharedirectories for (1)
and (2), and therefor
refuse access until successful authentication occurs.
any ideas?
regards,
harri
---------------------------------------------- smb.conf
----------------------------------------------
[global]
security = user
invalid users = root
encrypt passwords = yes
passdb backend = smbpasswd
smb passwd file = /data/samba/smbpasswd
follow symlinks = yes
wide links = yes
unix extensions = no
ntlm auth = yes
client lanman auth = yes
client ntlmv2 auth = yes
[homes]
comment = Data Directory
path = /data/samba/%S
browseable = no
read only = yes
valid users = %S
public = no
More information about the samba
mailing list