Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS
-
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
If you do that mapping on the Mac, and then log in as another user, hopefully they can't see the files from the first user. If they can, that's even worse.
This I'm not following, the goal is to create a central point that I can simply drag to an individual users desktop on any given mac, and have them connect to my Windows file server.
Since this is a shared resource (organizationally) they would presumably be able to see the files saved on this SMB server.
That should work. Once they login to the Mac and it's domain joined it should use the Kerberos token to authenticate.
-
@dbeato this won't work as it would require us (IT dept) knowing people's passwords.
-
@coliver said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
If you do that mapping on the Mac, and then log in as another user, hopefully they can't see the files from the first user. If they can, that's even worse.
This I'm not following, the goal is to create a central point that I can simply drag to an individual users desktop on any given mac, and have them connect to my Windows file server.
Since this is a shared resource (organizationally) they would presumably be able to see the files saved on this SMB server.
That should work. Once they login to the Mac and it's domain joined it should use the Kerberos token to authenticate.
How would I pass the kerberos credentials into the mapping? Nothing I'm seeing appears to address it.
-
The goal here, is to use the domain user credentials, regardless who it is, and what system they logon.
I want to be able to simply add this as a part of our image and just hand it out. Once the user logs into the system for the first time (and afterwards) IT would simply drag a "shortcut" to the task tray.
Rather than requiring the user to run "Command+K" and browsing the share as shown in the above example.
-
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@coliver said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
If you do that mapping on the Mac, and then log in as another user, hopefully they can't see the files from the first user. If they can, that's even worse.
This I'm not following, the goal is to create a central point that I can simply drag to an individual users desktop on any given mac, and have them connect to my Windows file server.
Since this is a shared resource (organizationally) they would presumably be able to see the files saved on this SMB server.
That should work. Once they login to the Mac and it's domain joined it should use the Kerberos token to authenticate.
How would I pass the kerberos credentials into the mapping? Nothing I'm seeing appears to address it.
Are you domain joined?
-
@scottalanmiller yup.
-
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
If you do that mapping on the Mac, and then log in as another user, hopefully they can't see the files from the first user. If they can, that's even worse.
This I'm not following, the goal is to create a central point that I can simply drag to an individual users desktop on any given mac, and have them connect to my Windows file server.
Since this is a shared resource (organizationally) they would presumably be able to see the files saved on this SMB server.
Are they on Kerberos and have access to that share? Does the same thing work on Windows?
-
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller yup.
Okay, so this is a Mac? This isn't a question that can be asked generically. This depends on the SMB protocol server being used. Is this Mac, Samba, Windows, etc. That makes a difference. What is needed or will work for UNIX that isn't Mac doesn't apply to Mac because Mac doesn't use Samba and all other UNIX does.
-
The thing that you are trying to do, I think, is something that even Windows can't do. Or else I'm not understanding the goal. Can you explain it in a Windows context then we can translate to Mac or Samba?
-
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
If you do that mapping on the Mac, and then log in as another user, hopefully they can't see the files from the first user. If they can, that's even worse.
This I'm not following, the goal is to create a central point that I can simply drag to an individual users desktop on any given mac, and have them connect to my Windows file server.
Since this is a shared resource (organizationally) they would presumably be able to see the files saved on this SMB server.
Are they on Kerberos and have access to that share? Does the same thing work on Windows?
On Windows I haven't investigated, but we simply create a shortcut for the user, and their domain credentials allow them access to the share.
We support Kerberos yes. I could open the share using Apple's "Connect to server" without having to type in additional credentials.
-
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller yup.
Okay, so this is a Mac? This isn't a question that can be asked generically. This depends on the SMB protocol server being used. Is this Mac, Samba, Windows, etc. That makes a difference. What is needed or will work for UNIX that isn't Mac doesn't apply to Mac because Mac doesn't use Samba and all other UNIX does.
(tags buddy tags) although I should've put this bit into the OP.
-
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
The thing that you are trying to do, I think, is something that even Windows can't do. Or else I'm not understanding the goal. Can you explain it in a Windows context then we can translate to Mac or Samba?
Windows World:
Create shortcut on desktop: Server1
Shortcut details
Target: \server.domain.com
Immediately opens the available shares on the server without having to pass additional credentials.
-
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
The thing that you are trying to do, I think, is something that even Windows can't do. Or else I'm not understanding the goal. Can you explain it in a Windows context then we can translate to Mac or Samba?
Windows World:
Create shortcut on desktop: Server1
Immediately opens the available shares on the server without having to pass additional credentials.
Okay, so in theory all we need is a link to the URI and we'd like that sitting on the Mac desktop so they just click on that?
-
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller yup.
Okay, so this is a Mac? This isn't a question that can be asked generically. This depends on the SMB protocol server being used. Is this Mac, Samba, Windows, etc. That makes a difference. What is needed or will work for UNIX that isn't Mac doesn't apply to Mac because Mac doesn't use Samba and all other UNIX does.
(tags buddy tags) although I should've put this bit into the OP.
The tags and OP say UNIX, and not MacOS, which while MacOS is UNIX for sure, it's also totally separate from all other UNIX in this case. So solving for the 99% would leave you without an answer here
-
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
The thing that you are trying to do, I think, is something that even Windows can't do. Or else I'm not understanding the goal. Can you explain it in a Windows context then we can translate to Mac or Samba?
Windows World:
Create shortcut on desktop: Server1
Shortcut details
Target: \server.domain.com
Immediately opens the available shares on the server without having to pass additional credentials.
Okay, so in theory all we need is a link to the URI and we'd like that sitting on the Mac desktop so they just click on that?
Pretty much, or even somewhere that IT can tell the users (bulk email) to drag to their desktop.
-
https://discussions.apple.com/thread/3067279
Do it manually once, right click and make an alias to put on the desktop. Does that work?
-
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller yup.
Okay, so this is a Mac? This isn't a question that can be asked generically. This depends on the SMB protocol server being used. Is this Mac, Samba, Windows, etc. That makes a difference. What is needed or will work for UNIX that isn't Mac doesn't apply to Mac because Mac doesn't use Samba and all other UNIX does.
(tags buddy tags) although I should've put this bit into the OP.
The tags and OP say UNIX, and not MacOS, which while MacOS is UNIX for sure, it's also totally separate from all other UNIX in this case. So solving for the 99% would leave you without an answer here
Yea... I know. Any pointers? stupid apple
-
Changed tags and title to reflect the topic.
-
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller yup.
Okay, so this is a Mac? This isn't a question that can be asked generically. This depends on the SMB protocol server being used. Is this Mac, Samba, Windows, etc. That makes a difference. What is needed or will work for UNIX that isn't Mac doesn't apply to Mac because Mac doesn't use Samba and all other UNIX does.
(tags buddy tags) although I should've put this bit into the OP.
The tags and OP say UNIX, and not MacOS, which while MacOS is UNIX for sure, it's also totally separate from all other UNIX in this case. So solving for the 99% would leave you without an answer here
Yea... I know. Any pointers? stupid apple
When I use the apple tool, it connects to the server and then ask what share I want to open. Which this is fine and what our users expect today.
I also don't want to automatically mount and have mounted every individually shared folder from our server. More or less "connect when asked, not always"
-
In Windows world, connecting to my server, I connect, and then am offered all of the available shared folders.
In Mac, I'm forced to select one of the shared folders to mount.
Ideally, I'm looking to Mimic Windows world a bit here.
