Preferred variant to authenticate users of a linux NAS against UCS domain

Hi everyone,

I have got a NAS running Centos 7 where I want to enable all UCS domain users to access their private spaces via Samba and SFTP (proftpd) by being authenticated against the UCS DC.

To my knowledge I got basically 3 options to achieve that:

  1. Using winbind to join the UCS domain as a member
  2. Using sssd to join the UCS domain as a member.
  3. Using ldap via ldap.pam or individually configured for each service.

[1]:
I tried that first with the result of having samba shares working nicely on Linux and Windows machines. However, SFTP using proftpd was not able to authenticate successfully.

[2]:
Using that solution SFTP works nicely, access to Samba shares from Windows machines works as well however from Linux or Andriod machines I get an permission denied. After some research I found out that in order to have the access working one needs to retrieve a valid kerberos ticket with kinit before mounting.

[3]:
Haven’t tried that, yet.

Question:
What is the preferred variant to authenticate against UCS in this scenario ?

Thx