[Samba] force re-authentication when accessing different shares

Harald Glanzer harald.glanzer at gmail.com
Fri Jan 18 12:15:09 UTC 2019

hi all!

using samba 4.9 to export directories for 'virtual' users, i.e. users which
have distinct homedirectories and distinct smbpasswd entries under a
writeable /data partition.

to prevent the need to create /etc/passwd useraccounts (on read-only /), a
self written libnss modul acts as a source. the lib only checks if the
homedirectory exists, returns a fake passwd struct, and finally smbpasswd
backend checks for the correct password.

this solution is working in principal, but the problem is that if (1)
logging in to a share with one user(with the distinct username/password
combination), and (2) opening another share (different directory, different
username, different password), NO password prompt opens, i.e. the (correct)
share is just delivered by samba.

instead, samba should see different usernames + sharedirectories for (1)
and (2), and therefor
refuse access until successful authentication occurs.

any ideas?
---------------------------------------------- smb.conf
    security        = user
    invalid users        = root
    encrypt passwords     = yes
    passdb backend        = smbpasswd
    smb passwd file        = /data/samba/smbpasswd
    follow symlinks        = yes
    wide links        = yes
    unix extensions        = no
    ntlm auth        = yes
    client lanman auth    = yes
    client ntlmv2 auth    = yes
    comment            = Data Directory
    path            = /data/samba/%S
    browseable        = no
    read only        = yes
    valid users        = %S
    public            = no

More information about the samba mailing list