How to set up an encrypted directory to be mounted only during samba access?

(This is not about restricting client access, for which ext3 permissions do the trick)

I’d like to encrypt the data on my NAS drive (Buffalo LinkStation Pro with SSH access enabled, if that matters) in a user-friendly way. Currently, a truecrypt container has to be manually mounted via SSH and also unmounted again (unless you solve my timeout question). Using a passwordless (but EFS encrypted) SSH key this is reduced to two PuTTY desktop shortcuts and entering the truecrypt password (until simplified further) for mounting.

However, the ideal solution would be transparent. I first thought about trying to somehow have the share allow for EFS encryption, but that would probably involve more work and EFS for multiple users without an Active Directory server seems to be troublesome.

But now my idea is an automated mount of e.g. an EncFS encrypted directory triggered automatically by a samba access from authorized users (using Windows clients). How can that be achieved? (Bonus points for displaying a honeypot share for unauthorized users…)