Hello, Nelson,
Eric from the CIFS Client lab here. Yes, the behavior you observe is correct and by design, but there are solutions.
First, limiting user_x to share_x can be done on the server side, or through the Unix permissions on one of the parent directories of the mount-point. The example you show won't work as is. If you want to separate the users' access rights on the client side, you would have to use a mount-point like /mnt/user_a/mnt_a, and then set the permission on the subdirectory "user_a" such that user_b cannot access it (the lowest-level directory of the mount-point becomes mode 777 and owned by root, while it is mounted, so you have to control access at a higher level).
Now on to the username issue...
There must be a one-to-one mapping between each local (hp-ux) login and each remote (cifs) login. You are attempting, as the local user "root", to be logged into a unique server as two different remote users. That is not supported.
Here is how to achieve your desired setup (this assumes that "root" on the hp-ux system is not one of the users who is going to access the Samba mounts).
1. As root, mount the two shares without logging in:
cifsmount -f //server/share_a /mpt_a
cifsmount -f //server/share_b /mnt_b
Note that if you are using CIFS Client A.01.xx, the "-f" must be placed on the command-line after the mountpoint. (We highly recommend upgrading to A.02.xx, btw. It is much improved.)
Or, the equivalent (and perhaps more straightforward):
mount -F cifs server:/share_a /mpt_a
mount -F cifs server:/share_b /mpt_b
2. Now, the two users must, AS THEMSELVES on the hp-ux system, do cifslogin. So if, as it seems from your post, you are trying to do this for them, using the -s option so they never have to actually do it themselves, you can become them via su(1). Assuming this, and that users a & b have the same hp-ux and cifs account names, as root do:
su user_a
cifslogin -s -P xxx server
exit
su user_b
cifslogin -s -P xxx server
exit
where, as above, if you are using an older client version, the command-line options must be at the end of the line (after "server").
If the the users' hp-ux and cifs account names are not equal, then the cifslogin command is:
cifslogin server username -s -P xxx
or for A.02, you can use:
cifslogin -s -P xxx -U username server
Of course, an alternate way to store user_a's and user_b's credentials is for them to telnet to the hp-ux system and perform cifslogin themselves. With CIFS Client A.02.xx, this can be done even if the server is not mounted. After the mounts are created, the users will have automatic access.
Please post your results so I can follow up with you if the outcome is not what you are seeking.
-Eric
