http://ru.wikipedia.org/wiki/Samba

# apt install samba

# cd /etc/samba/

# pkg install samba43

# service samba_server rcvar

# cat /etc/rc.conf

...
samba_server_enable=yes
smbd_enable=yes
nmbd_enable=no
winbindd_enable=no

# сd /usr/local/etc/

ubuntu# cat smb.conf

freebsd# cat smb4.conf

[global]
   security = user
   map to guest = Bad User
[share]
   force user = asterisk
   path = /var/spool/asterisk/monitor/
   guest ok = Yes

server# testparm

!!! Липовое окно аутентификации возникает в случае совпадения имени пользователя Windows с пользователем зарегистрированным в /etc/passwd

ubuntu# cat smb.conf

freebsd# cat smb4.conf

[global]
   unix charset = UTF-8
   dos charset = cp866
   workgroup = CORPX
   security = user
#   hosts allow = 192.168.100+X. 192.168.200+X.
   map to guest = Bad User
[share]
   path = /disk2
   guest ok = yes
   read only = no
   force user = games
#   browseable = no

# mkdir /disk2

# chown games /disk2

# testparm

Добавляем пользователей user1 и user2 на server (Управление учетными записями в Linux, Управление учетными записями в FreeBSD)

!!! smbd должен быть запущен!!!

server# smbpasswd -a user1

server# smbpasswd -a user2

server# pdbedit -w -L

server# smbpasswd -x user1

server# cat smb.conf

[global]
        unix charset = UTF-8
        dos charset = cp866
        workgroup = CORPX
        security = user
[homes]
        read only = no 
[share]
        path = /var/samba
#       valid users = student studentN games
#       valid users = @wheel games
#       valid users = @admin games
        force user = games
        read only = No

server# mkdir /var/samba

server# chown -R games /var/samba

!!! В FreeBSD samba должна быть скомпилирована с поддержкой ADS !!!

server# kadmin -l

kadmin> add -r cifs/gate.corpX.un
kadmin> add -r cifs/gate.CORPX.UN

kadmin> ext -k gatecifs.keytab cifs/gate.corpX.un
kadmin> ext -k gatecifs.keytab cifs/gate.CORPX.UN

server# kadmin.local

kadmin.local:  addprinc -randkey cifs/gate.corpX.un
kadmin.local:  addprinc -e rc4-hmac:normal -randkey cifs/gate.CORPX.UN

kadmin.local:  ktadd -k gatecifs.keytab cifs/gate.corpX.un
kadmin.local:  ktadd -k gatecifs.keytab cifs/gate.CORPX.UN

server# scp gatecifs.keytab gate:

Login: gatecifs
Password: Pa$$w0rd

Пароль не меняется и не устаревает

Устанавливаем Microsoft Windows Support Tools

Название сервиса HTTP обязательно заглавными буквами

C:\>ktpass -princ cifs/gate.corpX.un@CORPX.UN -mapuser gatecifs -pass 'Pa$$w0rd' -out gatecifs.keytab

C:\>pscp gatecifs.keytab gate:

gate# ktutil copy /root/gatecifs.keytab /etc/krb5.keytab

gate# ktutil list

root@gate:~# ktutil

ktutil: rkt /root/gatecifs.keytab
ktutil: list
ktutil: wkt /etc/krb5.keytab
ktutil: quit

root@gate:~# klist -k /etc/krb5.keytab

ubuntu# cat smb.conf

freebsd# cat smb4.conf

[global]
...
	security = ADS
	realm = CORPX.UN
        kerberos method = system keytab
...
[share]
...
        path = /var/samba
        valid users = @group1, games
...

Авторизация в режиме ADS (Сервис WINBIND)

Примечание: достаточно зарегистрировать SAMBA сервер в домене, принципал cifs не нужен

Авторизация в режиме DOMAIN (Сервис WINBIND)

gate# cat smb.conf

[global]

...

[homes]
        read only = no        
[share]
        path = /var/samba
;        valid users = CORPX\user1, CORPX\Administrator, CORPX\root 
;        valid users = "@CORPX\domain admins" games
;        valid users = "@CORPX\domain users" games
        valid users = @group1 games
        read only = no
        force user = games

gate# cat smb.conf

[global]
...
#For autocreate home dir trought PAM mkhome_dir in /etc/pam.d/samba
        obey pam restrictions = yes
;        /usr/sbin/edquota -p stone val

# cat smb.conf

[global]
...
        log level = 2
        log file = /var/log/samba.log.%m
        max log size = 50
        debug timestamp = yes
...

# cat smb.conf

[global]
...
  server string = MS File Server
...