Samba in the domain. Is transparent authentication possible?

S

Sergey2017-01-25 06:11:05

Active Directory

Sergey, 2017-01-25 06:11:05

There is a full-fledged Win-domain.
It is necessary to raise the file server in its composition.
I tried to configure it myself with handles - something got confused in the Samba config (or something else).
Deployed NAS4free, brought it to the domain. With win7 (in the domain) as a domain user, I knock on Samba - it asks me for a username and password. I entered a domain account and Samba started up.
But! it is necessary because the domain was a single entry point! And having logged in under his credentials, the user does not have to re-enter the login-password somewhere.
Is it possible to set up Samba this way? If yes - in the direction of which settings to dig? Or what additional modules/options are needed?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander, 2017-01-25
@Adorne

Here is the output of my testparm. Mb is not perfect, but it works.

[global]
  workgroup = *имя домена, например, CORP*
  realm = *полное имя домена, например, CORP.COMPANY.COM*
  server string = %h server (Samba, Ubuntu)
  server role = member server
  security = ADS
  auth methods = winbind
  log file = /var/log/samba/log.%m
  max log size = 1000
  dns proxy = No
  usershare allow guests = Yes
  panic action = /usr/share/samba/panic-action %d
  template shell = /bin/bash
  winbind separator = /
  winbind enum users = Yes
  winbind enum groups = Yes
  winbind use default domain = Yes
  winbind offline logon = Yes
  idmap config * : range = 10000-20000
  idmap config * : backend = tdb
  map acl inherit = Yes
  store dos attributes = Yes
  vfs objects = acl_xattr


[IT]
  comment = IT
  path = /srv/smb/it
  read only = No