Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS
-
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
The thing that you are trying to do, I think, is something that even Windows can't do. Or else I'm not understanding the goal. Can you explain it in a Windows context then we can translate to Mac or Samba?
Windows World:
Create shortcut on desktop: Server1
Immediately opens the available shares on the server without having to pass additional credentials.
Okay, so in theory all we need is a link to the URI and we'd like that sitting on the Mac desktop so they just click on that?
-
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller yup.
Okay, so this is a Mac? This isn't a question that can be asked generically. This depends on the SMB protocol server being used. Is this Mac, Samba, Windows, etc. That makes a difference. What is needed or will work for UNIX that isn't Mac doesn't apply to Mac because Mac doesn't use Samba and all other UNIX does.
(tags buddy tags) although I should've put this bit into the OP.
The tags and OP say UNIX, and not MacOS, which while MacOS is UNIX for sure, it's also totally separate from all other UNIX in this case. So solving for the 99% would leave you without an answer here
-
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
The thing that you are trying to do, I think, is something that even Windows can't do. Or else I'm not understanding the goal. Can you explain it in a Windows context then we can translate to Mac or Samba?
Windows World:
Create shortcut on desktop: Server1
Shortcut details
Target: \server.domain.com
Immediately opens the available shares on the server without having to pass additional credentials.
Okay, so in theory all we need is a link to the URI and we'd like that sitting on the Mac desktop so they just click on that?
Pretty much, or even somewhere that IT can tell the users (bulk email) to drag to their desktop.
-
https://discussions.apple.com/thread/3067279
Do it manually once, right click and make an alias to put on the desktop. Does that work?
-
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller yup.
Okay, so this is a Mac? This isn't a question that can be asked generically. This depends on the SMB protocol server being used. Is this Mac, Samba, Windows, etc. That makes a difference. What is needed or will work for UNIX that isn't Mac doesn't apply to Mac because Mac doesn't use Samba and all other UNIX does.
(tags buddy tags) although I should've put this bit into the OP.
The tags and OP say UNIX, and not MacOS, which while MacOS is UNIX for sure, it's also totally separate from all other UNIX in this case. So solving for the 99% would leave you without an answer here
Yea... I know. Any pointers? stupid apple
-
Changed tags and title to reflect the topic.
-
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller said in Is it possible to mount smb share using login credentials of current user.:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller yup.
Okay, so this is a Mac? This isn't a question that can be asked generically. This depends on the SMB protocol server being used. Is this Mac, Samba, Windows, etc. That makes a difference. What is needed or will work for UNIX that isn't Mac doesn't apply to Mac because Mac doesn't use Samba and all other UNIX does.
(tags buddy tags) although I should've put this bit into the OP.
The tags and OP say UNIX, and not MacOS, which while MacOS is UNIX for sure, it's also totally separate from all other UNIX in this case. So solving for the 99% would leave you without an answer here
Yea... I know. Any pointers? stupid apple
When I use the apple tool, it connects to the server and then ask what share I want to open. Which this is fine and what our users expect today.
I also don't want to automatically mount and have mounted every individually shared folder from our server. More or less "connect when asked, not always"
-
In Windows world, connecting to my server, I connect, and then am offered all of the available shared folders.
In Mac, I'm forced to select one of the shared folders to mount.
Ideally, I'm looking to Mimic Windows world a bit here.
-
@scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
https://discussions.apple.com/thread/3067279
Do it manually once, right click and make an alias to put on the desktop. Does that work?
Yes this works, using Option and Command to drag the shared folder to the desktop I get an alias that when opened opens the share.
This however is per shared folder, not per server.
-
Do I have you guys stumped?
-
@scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller yup.
Okay, so this is a Mac? This isn't a question that can be asked generically. This depends on the SMB protocol server being used. Is this Mac, Samba, Windows, etc. That makes a difference. What is needed or will work for UNIX that isn't Mac doesn't apply to Mac because Mac doesn't use Samba and all other UNIX does.
To clarify.
This is a Windows Server (soon to be 2016), and Apple client.
-
@dustinb3403 said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
@scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
https://discussions.apple.com/thread/3067279
Do it manually once, right click and make an alias to put on the desktop. Does that work?
Yes this works, using Option and Command to drag the shared folder to the desktop I get an alias that when opened opens the share.
This however is per shared folder, not per server.
Edit the URI I guess?
The "server" must be a share, so you should be able to specify that. Also, why do you want it done that way? That's a weird way to group access.
-
@dustinb3403 said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
@scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
@dustinb3403 said in Is it possible to mount smb share using login credentials of current user.:
@scottalanmiller yup.
Okay, so this is a Mac? This isn't a question that can be asked generically. This depends on the SMB protocol server being used. Is this Mac, Samba, Windows, etc. That makes a difference. What is needed or will work for UNIX that isn't Mac doesn't apply to Mac because Mac doesn't use Samba and all other UNIX does.
To clarify.
This is a Windows Server (soon to be 2016), and Apple client.
The server side won't matter, but the client side definitely does.
-
@scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
@dustinb3403 said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
@scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
https://discussions.apple.com/thread/3067279
Do it manually once, right click and make an alias to put on the desktop. Does that work?
Yes this works, using Option and Command to drag the shared folder to the desktop I get an alias that when opened opens the share.
This however is per shared folder, not per server.
Edit the URI I guess?
The "server" must be a share, so you should be able to specify that. Also, why do you want it done that way? That's a weird way to group access.
We have different shared folders, with different permissions from a single server.
Also not seeing a way to edit the Shortcut on the desktop, short of the name. But not the path.
-
As to why I'd prefer it to be done this way, is not everyone will have access to all of the shared folders under each server.
So if I simply can provide an alias to the server from their desktops or task tray etc than I don't have to worry about failed login attempts to a share the user doesn't have access to.
This would simply give them access to the server, and with correct permissions allow them to only see what they have access too.
Where as, having saying 100 shared folders, each would have to attempt to connect. Creating all kinds of failed login attempts to a resource the user doesn't have.
-
@dustinb3403 said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
As to why I'd prefer it to be done this way, is not everyone will have access to all of the shared folders under each server.
So if I simply can provide an alias to the server from their desktops or task tray etc than I don't have to worry about failed login attempts to a share the user doesn't have access to.
This would simply give them access to the server, and with correct permissions allow them to only see what they have access too.
Where as, having saying 100 shared folders, each would have to attempt to connect. Creating all kinds of failed login attempts to a resource the user doesn't have.
Yes, but you could group them under one share on the server, or a few shares. Clearly SMB perms exist for a reason and I'm not trying to throw them out the window, but why not use a single share and NTFS ACLs from there? Keep it simple.
-
@scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
@dustinb3403 said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
As to why I'd prefer it to be done this way, is not everyone will have access to all of the shared folders under each server.
So if I simply can provide an alias to the server from their desktops or task tray etc than I don't have to worry about failed login attempts to a share the user doesn't have access to.
This would simply give them access to the server, and with correct permissions allow them to only see what they have access too.
Where as, having saying 100 shared folders, each would have to attempt to connect. Creating all kinds of failed login attempts to a resource the user doesn't have.
Yes, but you could group them under one share on the server, or a few shares. Clearly SMB perms exist for a reason and I'm not trying to throw them out the window, but why not use a single share and NTFS ACLs from there? Keep it simple.
Ha...
Yea no I understand what you're saying there but that would require restructuring all of the data. And well.. that ain't happening. (lol)
Due to fs limitations and file path names etc. . . just not happening. .
-
You could try NextCloud.
-
So then I guess the next reasonable question is there a way at login (post joining the domain) to automatically create the SMB connections that the user can then select from?
IE all of these ..
And put them into "Favorite Servers:"
-
@scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS:
You could try NextCloud.
That won't work due to business requirements.
