Ubuntu map CIFS / SMB share using active domain credentials without password file
Is there a way in Ubuntu 18.04 to map an SMB share when the users login without using a password file? The boxes I have are members of a Windows Active Directory domain and the users will use their domain credentials to authenticate. I want to automatically map drives for users and have the login be essentially passed from the user context like it is in Windows. I know there is the FSTAB and a way to use a password file for that, but I want to avoid making the users update that file when they change their domain password if possible.
Solution 1:
Try to avoid cached passwords. Linux clients are capable of using proper Kerberos.
Configure sssd with with the ad provider.
Add pam_mount, and configure it in /etc/security/pam_mount.conf.xml. cifs mounts in here should specific options, probably including options="sec=krb5i,vers=3.0"
, for Kerberos and a modern version of SMB that is not disabled like SMB1 should be. (Thanks Arch wiki.)