Samba in the domain. Possible transparent authentication?

A full Win-domain.
It is necessary in the composition to raise the file server.

Tried yourself handles to customize - something got confused in the config of Samba (or something else).

Launched NAS4free, started in domain. With win7(in the domain) domain user knocking on Samba - it asks me login and password. I entered the domain uchetku and Samba allowed.

But! because it is necessary that the domain was the single point of entry! And signing in with your credentials the user must re-enter somewhere the login and password.

Or is it possible to configure Samba? If Yes, in the direction of what settings to dig? or what needs additional module/option?
August 23rd 19 at 10:31
1 answer
August 23rd 19 at 10:33
Here's the output of my testparm. MB is not perfect, but it works.

[global]
 workgroup = *the name of the domain, e.g. CORP*
 realm = *full domain name, for example, CORP.COMPANY.COM*
 server string = %h server (Samba, Ubuntu)
 server role = member server
 security = ADS
 auth methods = winbind
 log file = /var/log/samba/log.%m
 max log size = 1000
 dns proxy = No
 usershare allow guests = Yes
 panic action = /usr/share/samba/panic-action %d
 template shell = /bin/bash
 winbind separator = /
 winbind enum users = Yes
 winbind enum groups = Yes
 winbind use default domain = Yes
 winbind offline logon = Yes
 idmap config * : range = 10000-20000
 idmap config * : backend = tdb
 map acl inherit = Yes
 store dos attributes = Yes
 vfs objects = acl_xattr


[IT]
 comment = IT
 path = /srv/smb/it
 read only = No
IMHO, if you use rights, the backend is better rid. In the case of a tdb fails, the file users will have different uid.
I have set so:
idmap config NT AUTHORITY : base_rid = 0
 AUTHORITY idmap config NT : range = 1200000-1299999
 AUTHORITY idmap config NT : backend = rid
 idmap config SAMBA : base_rid = 0
 idmap config SAMBA : range = 1100000-1199999
 idmap config SAMBA : backend = rid
 idmap config BUILTIN : base_rid = 0
 idmap config BUILTIN : range = 1000000-1099999
 idmap config BUILTIN : backend = rid
 idmap config MyDomain : base_rid = 100
 idmap config MyDomain : range = 100-999999
 idmap config MyDomain : backend = rid
 idmap config MyDomain : default = yes
 idmap config * : range = 1300000-1999999
 idmap config * : backend = rid
- Erling.Berni commented on August 23rd 19 at 10:36
: did not understand yet with the backend. - Brennon50 commented on August 23rd 19 at 10:39

Find more questions by tags Active DirectorySamba