Recent Posts

Archives

Topics


« | Main | »

Using Multiple Credentials in Windows

By dbott | October 8, 2009

Many times, it is necessary to connect to your NAS using different credentials than the ones you are currently using. A good example of this is when multiple users wish to have concurrent drive mappings to their home directory on the NAS when sharing a computer.

A short-coming in Windows will only allow a client to have one set of concurrent credentials for each ‘virtual circuit’. Of course, logging out allows you to clear the circuit and use a different set of credentials to connect to the NAS. So, if User2 comes along to User1‘s computer and maps a drive to the NAS, everything works as it should:

C:\Documents and Settings\user1>net use p: \\NAS1\user2
The password is invalid for \\NAS1\user2.

Enter the user name for 'NAS1': user2
Enter the password for NAS1: *****

The command completed successfully.

However, if User1 comes back to his computer and tries to map drive Q to the NAS using his credentials, the drive mapping fails:

C:\Documents and Settings\user1>net use q: \\NAS1\user1
The password is invalid for \\NAS1\user1.

Enter the user name for 'NAS1': user1
Enter the password for NAS1:
Enter the user name for 'NAS1': user1
Enter the password for NAS1:

System error 1219 has occurred.

Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.

The drive mapping fails because the user is trying to map a drive over the same ‘virtual circuit’. If you logout & login the ‘virtual circuit’ is destroyed and User1 can map his drive.

Here’s the trick: If the virtual circuit names were different, the 2 users could both specify different credentials and each maintain their own drive mapping. Of course, you only have one NAS and don’t want to logout/login every 2 minutes (or buy a NAS for each user), so here’s what you can do:

Connect to the NAS using a different hostname than the first user (you could also use the IP address, but that’s only helpful if you have only 2 users). Most operating systems allow you to create friendly names for computers, rather than having to remember the IP address. There are different name services (WINS & DNS) and they can be managed by a server or at the local computer level (by entering the desired information in the ‘hosts’ or ‘lmhosts’ file).

In my example below, I’ve connected to the hostname of the NAS (aka ‘NetBIOS Name’ in Windows parlance) for User2:

C:\Documents and Settings\user1>net use p: \\NAS1\user2
The password is invalid for \\NAS1\user2.

Enter the user name for 'NAS1': user2
Enter the password for NAS1:
The command completed successfully.

And now for user1, I’ve connected using the IP address of the NAS, rather than the hostname:

C:\Documents and Settings\user1>net use q: \\192.168.1.2\user1
The command completed successfully.

C:\Documents and Settings\user1>

Here’s a screenshot of my computer connected to the NAS using separate credentials mapped to drives P and Q:

Connected to ReadyNAS using Multiple Credentials

Connected to ReadyNAS using Multiple Credentials

Depending on how many user’s that may be trying to connect in each session, you would need to create a unique hostname for the NAS for each user. This can be accomplished by creating aliases for the NAS in your DNS server, or for smaller networks, in the local [b]hosts[/b] file on each computer.

A Practical Example:

Supposing you had a small 5-user network, with 1 NAS (hostname=NAS1), you could do something similar to the following:

1. Edit the C:\Windows\System32\Drivers\etc\hosts file on each PC to include something similar to:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source NAS
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
192.168.1.2 NAS1 # NAS alias for User1
192.168.1.2 NAS2 # NAS alias for User2
192.168.1.2 NAS3 # NAS alias for User3
192.168.1.2 NAS4 # NAS alias for User4
192.168.1.2 NAS5 # NAS alias for User5

2. Next, create a batch file that will delete any existing mapped drives and then re-map the user’s home folders using their assigned NAS aliases:

net use * /delete /yes
net use P: \\NAS1\user1 /user:user1
net use Q: \\NAS2\user2 /user:user2
net use R: \\NAS3\user3 /user:user3
net use S: \\NAS4\user4 /user:user4
net use T: \\NAS5\user5 /user:user5

Note: you will be prompted to enter the password for each user. You could automate the entire process, but it would involve saving the user’s password (in plain text) in the file (generally a bad idea).

net use P: \\NAS1\user1 /user:user1 user1's_secret_password

To clear all connections, run this command:

C:\Documents and Settings\user1>net use * /delete /yes
You have these remote connections:

P: \\NAS1\user1
Q: \\NAS2\user2
R: \\NAS3\user3
S: \\NAS4\user4
T: \\NAS5\user5
Continuing will cancel the connections.

The command completed successfully.

Of course, there are probably much more elegant ways to do this (if you run your own DNS server, you could create a number of aliases for the NAS and you wouldn’t need to update each hosts file). You could also create a VBS script that would prompt the user to enter their credentials and the script would then create the alias in the hosts file and map the drive based on the username supplied (assuming the username is also the name of the share in which they are being connected).

Additional background can be found here:

http://support.microsoft.com/kb/938120

Topics: ReadyNAS, Tech | No Comments »

Comments are closed.