* 'samba'
apt install -y samba winbind krb5-config libnss-winbind acl krb5-user
systemctl enable –now {smbd,nmbd}
<pre> cat « EOF > /etc/krb5.conf [libdefaults] default_realm = AUGIN.RU
kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true
[realms] DC1.AUGIN.RU = {
kdc = dc1.augin.ru admin_server = dc1.augin.ru
}
AUGIN.RU = {
kdc = dc1.augin.ru
}
[domain_realm] dc1.augin.ru = DC1.AUGIN.RU .dc1.augin.ru = DC1.AUGIN.RU EOF
cat « EOF > /etc/samba/smb.conf [global]
workgroup = AUGIN security = ads kerberos method = secrets and keytab realm = AUGIN.RU winbind use default domain = true winbind enum groups = Yes winbind enum users = Yes idmap config * : range = 16777216-33554431 idmap config * : backend = autorid winbind offline logon = false
vfs objects = acl_xattr nt acl support = yes inherit acls = yes inherit owner = yes inherit permissions = yes map acl inherit = yes unix extensions = no
map hidden = no map system = no map archive = no store dos attributes = Yes
[exchange\$]
comment = exchange folder path = /home/exchange public = yes writable = yes
EOF
cat « EOF > /etc/nsswitch.conf passwd: files systemd winbind group: files systemd winbind shadow: files gshadow: files
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis EOF
mkdir /home/exchange
</pre> net ads join -U Administrator
systemctl restart smbd nmbd winbind setfacl -R -m g:«domain admins»:rwx /home setfacl -R -d -m g:«domain admins»:rwx /home