* 'samba' apt install -y samba winbind krb5-config libnss-winbind acl krb5-user

systemctl enable –now {smbd,nmbd}

<pre> cat « EOF > /etc/krb5.conf [libdefaults] default_realm = AUGIN.RU

kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true

[realms] DC1.AUGIN.RU = {

kdc = dc1.augin.ru
admin_server = dc1.augin.ru

}

AUGIN.RU = {

kdc = dc1.augin.ru

}

[domain_realm] dc1.augin.ru = DC1.AUGIN.RU .dc1.augin.ru = DC1.AUGIN.RU EOF

cat « EOF > /etc/samba/smb.conf [global]

 workgroup = AUGIN
 security = ads
 kerberos method = secrets and keytab
 realm = AUGIN.RU
 winbind use default domain = true
 winbind enum groups = Yes
 winbind enum users = Yes
 idmap config * : range = 16777216-33554431
 idmap config * : backend = autorid
 winbind offline logon = false

 vfs objects = acl_xattr
 nt acl support = yes
 inherit acls = yes
 inherit owner = yes
 inherit permissions = yes
 map acl inherit = yes
 unix extensions = no

 map hidden = no
 map system = no
 map archive = no
 store dos attributes = Yes

[exchange\$]

 comment = exchange folder
 path = /home/exchange
 public = yes
 writable = yes

EOF

cat « EOF > /etc/nsswitch.conf passwd: files systemd winbind group: files systemd winbind shadow: files gshadow: files

hosts: files dns networks: files

protocols: db files services: db files ethers: db files rpc: db files

netgroup: nis EOF

mkdir /home/exchange

</pre> net ads join -U Administrator

systemctl restart smbd nmbd winbind setfacl -R -m g:«domain admins»:rwx /home setfacl -R -d -m g:«domain admins»:rwx /home