[Samba] force re-authentication when accessing different shares

Rowland Penny rpenny at samba.org
Mon Jan 21 09:36:40 UTC 2019


On Mon, 21 Jan 2019 09:36:13 +0100
Harald Glanzer via samba <samba at lists.samba.org> wrote:

> thats interesting. shouldn't samba force to authenticate every
> distinct username, accessing different shares?

From different clients, yes, but as Samba tries to work just like
Windows, not from the same client. Windows only allows one user at once
to log in, so it only allows one connection to Samba from the Windows
computer.

> 
> as written, if i want to access directory /data/samba/username_a, i
> need to supply the correct password for username_a, as hashed
> in smbpasswd.

That's another thing, you shouldn't be using the smbpasswd passdb, you
should be using tdbsam.

> 
> smb.conf:
> -------- 8< -------
> ...
> valid users = %S
> path = /data/samba/%S
> ...
> -------- 8< -------
> 
> if in the next step i want to access /data/samba/username_b, samba
> should know that the client which is connecting has not been
> authenticated for accessing this different share, and should require
> authentication.

If you are connecting from a Windows computer that already has a
connection open, it will use that connection.

> 
> the selft written nss source (/etc/nsswitch.conf, additional source
> for database 'passwd') installs a handler for getpwnam_r() and returns
> a passwd struct. i am confident that the module is not the culprit
> for this issue as the password(hash) needs to be checked by smbpasswd
> backend anyway.
> 

You appear to be trying to do the reverse of what 'idmap_nss' does, can
I ask why ?
Are the Windows computers part of a domain ?

Rowland
 



More information about the samba mailing list