Is there a way in Ubuntu 18.04 to map an SMB share when the users login without using a password file? The boxes I have are members of a Windows Active Directory domain and the users will use their domain credentials to authenticate. I want to automatically map drives for users and have the login be essentially passed from the user context like it is in Windows. I know there is the FSTAB and a way to use a password file for that, but I want to avoid making the users update that file when they change their domain password if possible.
Ubuntu map CIFS / SMB share using active domain credentials without password file
active-directorycifsfstabserver-message-blockUbuntu
Related Topic
- Ldap – Authenticate SMB connections on OpenBSD using Active Directory
- Linux – way to mount a Windows CIFS share and bypass the password prompt without a password file
- Microsoft SQL Server login using Active Directory Credentials
- Ubuntu – How to mount CIFS shares in Linux without password, using domain credentials
- How to users change their Active Directory password without Remote Desktop
Best Answer
Try to avoid cached passwords. Linux clients are capable of using proper Kerberos.
Configure sssd with with the ad provider.
Add pam_mount, and configure it in /etc/security/pam_mount.conf.xml. cifs mounts in here should specific options, probably including
options="sec=krb5i,vers=3.0"
, for Kerberos and a modern version of SMB that is not disabled like SMB1 should be. (Thanks Arch wiki.)