Archive for May 31, 2013

Logging into a SMB file server multiple times with different usernames from one Mac

May 31, 2013 18 comments

An issue that I’ve run into at my workplace has been people requesting the ability to log into our SMB-using file servers with different usernames. In my specific case, I have a user who wanted to be logged into one of our Windows file servers as username, but also wanted to connect to a specific share on the same server using a different account called other_username.

Normally, this wouldn’t be an issue except this user wanted to log into share A on the server with username and share B on the server with other_username and have both shares mounted at the same time. This is a problem because the Mac’s normal behavior is to keep using the same username / password authentication when connecting to different shares that are hosted on the same server.

To make this issue that much harder to address, our Macs and our file servers are also both bound to the same Active Directory domain, which means that our users normally aren’t being prompted for their usernames and passwords. Instead, they’re using Kerberos to handle logins for the file servers. Kerberos is using the AD account of the logged-in user as part of its authentication process to our servers, so any file share will mount using that account’s access rights.

Fortunately, it does appear that there is a way to make this work. Even better, it doesn’t require breaking Kerberos or trying to get around it. See below the jump for details.

Read more…

%d bloggers like this: