Require password on cifs share when using local users

[ostsjoe]

I'm trying to work out a way to force password authentication on a cifs share instead of trusting the user that's passed from the connecting client.

Is there any way to do this without linking into an external auth service? I have everything working fine as documented, If i'm logged into a windows machine as "foo" and create a share on freenas with user "foo" it all works automatically, but that's really not secure enough for what I'm trying to do.

I can also auth with the local smb client and password as so:

Code:

[root@deathstar] ~# /usr/local/bin/smbclient -U foo //localhost/foo
Enter foo's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.17]
smb: \> 

 

[cyberjock]

I think that what you want to do isn't exactly possible and isn't a FreeNAS problem.

Windows, by default, tries to use the username/password you are currently logged in as. Only after that is rejected do you get that dialog window for login information. In your case, if you are not wanting Windows to try the default you'd need to look into if you can even disable that. I've never tried and not sure if you can.

Other than that, the only way I know of to make it force the dialog window is to actually change the username and/or password on your FreeNAS machine with local authentication to something that isn't the Windows login info so that it fails the automatic login and prompts you.

 

[ostsjoe]

Thanks for taking a look.

That did give me some ideas. I added "map to guest = never" to aux parameters and its actually working as I was hoping now. If the users password doesn't match what freenas has it will pop up the password authentication box in windows. Of course that breaks no password guest access, but no big deal for my setup.