Search This Blog

2013-03-27

Windows Samba Login Cache

 Remove the Cached Login Information

When logging into a samba share on a windows system it will cache your login credentials on the client side.

If you already have a password cached and just want to ensure that it is removed from the password cache then remove the share using windows cmdline

Click Start > Run > type cmd

See which shares are open and delete them from the cache
net use
net use \\samba_host\samba_share /delete

I've found that this doesn't disconnect the user fully from the share immediately, even though there are no entries in "net use" or "net session". It usually requires the client to actually disconnect fully from the share and it waits for a fairly short time-out (~1min) to actually disconnect the user.

It might be possible to disconnect the remote user from the samba server using the following

Open up an administrative cmdline and close any remote connections that are initiated to forcefully remove the user from browsing the share.

net session \\client_ip /delete

Changing Client Side Caching Settings

The cache settings are stored in group policy under "Interactive Logon: Number of previous logons to cache (in case domain controller is not available).

Click Start > Run > type gpedit.msc
Go to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options



Look into the value of Interactive Logon: Number of previous logons to cache and change it to 0 to disable

Prevent Caching when Mounting

Alternatively you can mount from the commandline without maintaining a persistent connection using the /persistent:no flags

net use \\samba_share /user:domain\username /persistent:no

Confirming Sessions are Cleared

To confirm that no sessions are remaining sessions or shares open

Session Confirmation:
net session 

Share Confirmation:
net use 

Or you could simply browse to the network share using the GUI

Clearing Saved Network Drive Permissions

When you map a network drive or go to a share and tell Windows to remember your login information, all that information is stored in a place called "Credential Manager"

You can locate and delete these logins by:
Click Start > Type "Credential Manager" (or access from control panel)



From there you will see all of your credentials and be able to remove them and modify them so that the logins are no longer cached on your local machine

No comments:

Post a Comment