An issue that I’ve run into at my workplace has been people requesting the ability to log into our SMB-using file servers with different usernames. In my specific case, I have a user who wanted to be logged into one of our Windows file servers as username, but also wanted to connect to a specific share on the same server using a different account called other_username.
Normally, this wouldn’t be an issue except this user wanted to log into share A on the server with username and share B on the server with other_username and have both shares mounted at the same time. This is a problem because the Mac’s normal behavior is to keep using the same username / password authentication when connecting to different shares that are hosted on the same server.
To make this issue that much harder to address, our Macs and our file servers are also both bound to the same Active Directory domain, which means that our users normally aren’t being prompted for their usernames and passwords. Instead, they’re using Kerberos to handle logins for the file servers. Kerberos is using the AD account of the logged-in user as part of its authentication process to our servers, so any file share will mount using that account’s access rights.
Fortunately, it does appear that there is a way to make this work. Even better, it doesn’t require breaking Kerberos or trying to get around it. See below the jump for details.
To connect to an SMB file server using a different username, you can use this procedure:
1. In the Finder, choose the Go menu, then select Connect to Server.
2. Type the network address for the computer or server in the Server Address field in the following format:
smb://other_username:*@server.name.here
The ” * ” is to trigger the server login window for your SMB server, so that the password for the other_username account can be entered.
3. Click the Connect button.
4. Enter the desired username and password when prompted.
Username: other_username
Password: The current account password for other_username
5. Select the share on your SMB server that you want to use.
WARNING: Do not try to mount the same share twice using different usernames.
One way you can verify that you’re actually connected using different usernames is to use the mount command in Terminal. This should show all mounted volumes on the Mac, including mounted fileshares. The fileshare mount information should include which account was used to mount the share.
NOTES:
1. Depending on your file server, this approach may not work consistently. On our Isilon storage, the SMB share would mount with the user-specified username every time. On another server I tested, the server would prefer the specific username that was last used to connect and keep using that username when mounting additional shares.
2. This did not appear to work with AFP fileshares.
Hat tip: kbotnen in the ##osx-server IRC room
