I just want to share a problem and a solution that I encountered, this being because I have limited knowledge about authentication.
The issue was that a user was logged into an OMV share from a Windows laptop and I couldn't find any way to sign the user out. So, instead I thought that I would change the password of the user that was logged in, but to my surprise this didn't prevent the user from still accessing the OMV share.
Those who know will of course know why, but I thought it could be useful to have on the forum for new users as I spent an hour figuring it out.
It's because OMV/Debian's authentication is token based and a token is generated by the server that is stored at the client, this token is used as authentication, so the user doesn't have to log in all the time. It will eventually expire, but you may want the token to expire immediately.
So, the solution is not to change the password, because the user is still the same and will be authenticated based on the token, the solution is to change the permission for that user and that will revoke the users token. I'm not 100% sure that it's necessary to restart the SMB share also, but could be.