This is early stage of testing only. Use at your own risk. Your mileage may vary.
Update 9/2019 The script works on OMV 3, 4 and 5. With windows server 2008, 2012 and 2016. Maybe others?
Seems to be quite a few threads about this over the years. I have had it working for years but it seems to be quite tricky. With 3.0 coming I decided to look at it again. I did not test against 2.x but it may work as well. I started clean and found something I had not seen before, sssd. It seems to do both AD and other ldap well. I only have a 2008 server to test with so please test other variants if you are interested. I test this in a proxmox vm against a 2008 sbs server with only a few users. I am pasting my notes and hope they are readable.
I start with a clean install from the iso of a few days ago.
OMV 3 beta AD integration Active directory lives on DNS, i.e. you must have DNS working before trying to use AD. In my opinion the best thing to do is use dhcp and set a reservation. If dns does not work you need to jump threw hoops to make things work! Links https://wiki.ubuntu.com/Enterprise/Authentication/sssd https://help.ubuntu.com/lts/serverguide/sssd-ad.html#sssd-ad-test Plus a lot more googleing Install iso apt-get update apt-get dist-upgrade ## Upgrade from the webui fails with dependabcy issue reboot ## end up with 4.9 kernel because using # jessie-updates, previously known as 'volatile' deb http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free deb-src http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free omv-initsystem Configure smb and enable. Setup share Fix login.defs nano /etc/login.defs Add to smb/cifs extra options #Extra Options client signing = yes client use spnego = yes kerberos method = secrets and keytab password server = mustang.example.com realm = example.COM security = ads nano /etc/sssd/sssd.conf [sssd] services = nss, pam, pac config_file_version = 2 domains = example.COM [domain/example.COM] id_provider = ad access_provider = ad auth_provider = ad chpass_provider = ad ldap_idmap_default_domain = example.com ldap_idmap_autorid_compat = True #ldap_id_mapping = True #ldap_schema = ad # Enumeration is discouraged for performance reasons. enumerate = true #ldap_idmap_range_min = 20000 #ldap_idmap_range_max = 60000 ldap_schema = rfc2307bis #ldap_access_order = expire #ldap_account_expire_policy = ad #ldap_force_upper_case_realm = true #ldap_user_search_base = dc=example,dc=com #ldap_group_search_base = dc=example,dc=com #ldap_user_object_class = user #ldap_user_name = sAMAccountName #ldap_user_fullname = displayName #ldap_user_home_directory = unixHomeDirectory #ldap_user_principal = userPrincipalName #ldap_group_object_class = group #ldap_group_name = sAMAccountName ldap_id_mapping = True # Use this if users are being logged in at /. # This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with pam_mkhomedir.so override_homedir = /home/%d/%u # Uncomment if the client machine hostname doesn't match the computer object on the DC. # ad_hostname = mymachine.example.com # Uncomment if DNS SRV resolution is not working # ad_server = dc.mydomain.example.com # Uncomment if the AD domain is named differently than the Samba domain # ad_domain = example.COM chmod 0600 /etc/sssd/sssd.conf apt-get install krb5-user samba sssd ntp libpam-sss libnss-sss sssd-tools libsss-sudo libsasl2-modules-gssapi-mit ldap-utils nano /etc/nsswitch ###move dns up in hosts not sure why that needs to be done hosts: files dns mdns4_minimal [NOTFOUND=return] Join the AD kinit donadmin net ads join -k getent passwd Should show ad users getent group Should show ad groups Go to shared folders. The AD users and groups under acl One issue is sssd has an issue with restarting if id changes db causes failed start. Work around is systemctl stop sssd.service && rm /var/lib/sss/db/* && systemctl start sssd.service Another is to use the name of the share not its ip address, Another reason for getting dns right
The ultimate goal is to get sssd into the code or at least as a plugin. Another useful tool may be realmd, I have not tried that yet.
I hope this is of interest to others.
Added a script here. script post