Multiple authenticated access to multiple FreeNAS smb share is possible?

[Arka Banerjee]

As per different google search, I can't made more than one authenticated access to a network share. Scenario and error given below:

• There are two smb shares (test1 & test2) on a remote freenas server.
• First connected to test1 using test1 user and password. Then, I try to use different user credentials to connect to the other network share (test2).

Error: Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.

Smb Configuration:

Code:

[global]
  server max protocol = SMB3
  encrypt passwords = yes
  dns proxy = no
  strict locking = no
  oplocks = yes
  deadtime = 15
  max log size = 51200
  max open files = 28721
  logging = syslog:1
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes
  getwd cache = yes
  guest account = nobody
  map to guest = Bad User
  obey pam restrictions = yes
  directory name cache size = 0
  kernel change notify = no
  panic action = /usr/local/libexec/samba/samba-backtrace
  nsupdate command = /usr/local/bin/samba-nsupdate -g
  server string = FreeNAS Server
  ea support = yes
  store dos attributes = yes
  lm announce = yes
  hostname lookups = yes
  time server = yes
  acl allow execute always = true
  dos filemode = yes
  multicast dns register = yes
  domain logons = no
  local master = yes
  idmap config *: backend = tdb
  idmap config *: range = 90000001-100000000
  server role = standalone
  netbios name = FREENAS
  workgroup = WORKGROUP
  security = user
  pid directory = /var/run/samba
  create mask = 0666
  directory mask = 0777
  client ntlmv2 auth = yes
  dos charset = CP437
  unix charset = UTF-8
  log level = 1


[test1]
  path = /mnt/Testpool/test1
  comment = Test1 Share
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl aio_pthread
  hide dot files = yes
  guest ok = no
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare
  valid users = +test1


[test2]
  path = /mnt/Testpool/test2
  comment = Test2 Share
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl aio_pthread
  hide dot files = yes
  guest ok = no
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare
  valid users = +test2

But I have a old samba setup in rhel. Where somehow I am able to get multiple authenticated connection. So please tell me whether older version of samba supports that or I need to configure something.

This is old samba share configuration where I can simultaneously login in XXX and YYY using different credential from a single system.

Code:

[XXX]
 comment = XXX Share
 security = user
 path = /software/data/public/xxx
 writable = yes
 valid users = +smbxxxx
 public = yes
 keepalive = 6000
[YYY]
 comment = YYY Share
 security = user
 path = /software/data/public/yyy
 writable = yes
 valid users = +smbxxxx
 public = yes

 

[SweetAndLow]

I don't think you are actually connecting as different users. I think you might just be connecting in guest mode. I'm pretty sure that windows doesn't allow you to make multiple connections as different users, it has nothing to do with the server. There might be a way to do it using netuse commands but I'm not super familiar with that.

 

[Arka Banerjee]

As windows design multiple authenticated connection is not possible. But somehow in my existing set up with Samba version 3.0.33-3.29.el5_7.4, Whenever I am trying to access a authenticated share for first time it gives me an authentication prompt and after successful log if I try another access to another share then there is also authentication prompt. And if I provide correct user name and password then only I am able to log in. Moreover when I am logged in into two share directory and try to create folder, folder is getting created with perfect permission.

For example: Two share directory XXX and YYY.

Valid user XXX is x and group is p.
Valid user XXX is y and group is q

If I create folder the permission is showing:

• x(sharename/x) Full control
• p(Unix group/p) Read & Execute
• Everyone Read & Execute

Similar for YYY share

• y(sharename/y) Full control
• q(Unix group/q) Read & Execute
• Everyone Read & Execute

Please tell me how this is possible. My existing samba 3.0.33-3.29.el5_7.4 config file is attached here. Please open this config file in Notepad++ or wordpad.

 

[Ericloewe]

Why the hell would you want to connect as different users to a single server? Except for testing/setup/etc., it's a silly idea.

 

[Arka Banerjee]

Why the hell would you want to connect as different users to a single server? Except for testing/setup/etc., it's a silly idea.

This can be a requirement. There will be hierarchy of users. So may be one slightly elevated user need to access more than one folder. Since this is a forum for freenas I am asking for the solution and I have running samba which supports this somehow.

 

[Ericloewe]

So set permissions accordingly. Don't make people use multiple accounts.

 

[SweetAndLow]

This can be a requirement. There will be hierarchy of users. So may be one slightly elevated user need to access more than one folder. Since this is a forum for freenas I am asking for the solution and I have running samba which supports this somehow.

Yes this sounds like a permissions problem not something you need to hack around with to make it work.

Sent from my Nexus 5X using Tapatalk

 

[Arka Banerjee]

I have already attached the samba configuration file where multiple authentication is happening. Now I am attaching the screenshot where I am connected to the same server with same name but with different username. If anyone has any explanation please tell me. Because windows by default don't allow this.

 

[SweetAndLow]

I have already attached the samba configuration file where multiple authentication is happening. Now I am attaching the screenshot where I am connected to the same server with same name but with different username. If anyone has any explanation please tell me. Because windows by default don't allow this.

Just out of curiosity how do you know that each share has authenticated with a different user? Is there a way to verify the connection? I don't think you can trust it just because of the command you use.

Sent from my Nexus 5X using Tapatalk

 

[Ericloewe]

I have already attached the samba configuration file where multiple authentication is happening. Now I am attaching the screenshot where I am connected to the same server with same name but with different username. If anyone has any explanation please tell me. Because windows by default don't allow this.

So there are several shares open (not users). That changes nothing. Stop chasing this foolish idea of one user per share and setup permissions like you would in any Windows server.

 

[Arka Banerjee]

So there are several shares open (not users). That changes nothing. Stop chasing this foolish idea of one user per share and setup permissions like you would in any Windows server.

As per my understanding, when you try to connect a share it only take the server's netbios name and since all the shares are created in the same server it is not supposed to connect more than one share.

I find some help from another forum like a command which shows me the connection with the username from which the connection has established. (wmic netuse get username /value). And surprisingly all the shares are connected with my desktop's username. Means I am verifying with Unix credential but connected with my windows username.

 

[SweetAndLow]

As per my understanding, when you try to connect a share it only take the server's netbios name and since all the shares are created in the same server it is not supposed to connect more than one share.

I find some help from another forum like a command which shows me the connection with the username from which the connection has established. (wmic netuse get username /value). And surprisingly all the shares are connected with my desktop's username. Means I am verifying with Unix credential but connected with my windows username.

Why is it a surprise? We tried telling you that from the start. You can also use smbstatus on the server to see connections and the user that authenticated.

Sent from my Nexus 5X using Tapatalk

 

[Arka Banerjee]

Why is it a surprise? We tried telling you that from the start. You can also use smbstatus on the server to see connections and the user that authenticated.

Sent from my Nexus 5X using Tapatalk

So Can you tell me how may I achieve this with freenas. Because in my case when I am connecting to a freenas share and running wmic command it giving me the Unix username not the windows one.

 

[SweetAndLow]

So Can you tell me how may I achieve this with freenas. Because in my case when I am connecting to a freenas share and running wmic command it giving me the Unix username not the windows one.

You will always see the server users because that is the user you used to authenticate with. If you want them to be the same you either make them the same on both sides or use ad/LDAP service. I think you are going about this with some strange assumptions that is confusing you.

Sent from my Nexus 5X using Tapatalk