[Samba] force re-authentication when accessing different shares

Rowland Penny rpenny at samba.org
Fri Jan 18 13:18:33 UTC 2019 

On Fri, 18 Jan 2019 13:15:09 +0100
Harald Glanzer via samba <samba at lists.samba.org> wrote:

> hi all!
> 
> using samba 4.9 to export directories for 'virtual' users, i.e. users
> which have distinct homedirectories and distinct smbpasswd entries
> under a writeable /data partition.
> 
> to prevent the need to create /etc/passwd useraccounts (on
> read-only /), a self written libnss modul acts as a source. the lib
> only checks if the homedirectory exists, returns a fake passwd
> struct, and finally smbpasswd backend checks for the correct password.
> 
> this solution is working in principal, but the problem is that if (1)
> logging in to a share with one user(with the distinct
> username/password combination), and (2) opening another share
> (different directory, different username, different password), NO
> password prompt opens, i.e. the (correct) share is just delivered by
> samba.
> 
> instead, samba should see different usernames + sharedirectories for
> (1) and (2), and therefor
> refuse access until successful authentication occurs.
> 
> any ideas?
> regards,
> harri
> ---------------------------------------------- smb.conf
> ----------------------------------------------
> [global]
>     security        = user
>     invalid users        = root
>     encrypt passwords     = yes
>     passdb backend        = smbpasswd
>     smb passwd file        = /data/samba/smbpasswd
>     follow symlinks        = yes
>     wide links        = yes
>     unix extensions        = no
>     ntlm auth        = yes
>     client lanman auth    = yes
>     client ntlmv2 auth    = yes
> [homes]
>     comment            = Data Directory
>     path            = /data/samba/%S
>     browseable        = no
>     read only        = yes
>     valid users        = %S
>     public            = no

How does the OS know who the users are on /data/samba ?
I don't actually think this is Samba problem, it is more likely to be
something in your lib or that the link already establish is being
reused, something that is outside the control of Samba.

It may help if you could explain what you are trying to do and why you
are doing it.

Rowland

More information about the samba mailing list