Hi Everyone,
Just got around to upgrading to OMV 4. Wanted to share my steps to get SMB 3 share authentication working against my SAMBA AD server. Since I'm a security guy, this configuration only uses SMB 3 and Kerberos through sssd. Don't have to worry about legacy SMB protocols, weak NTLM hashes, NULL AD sessions, or plain text ldap calls.
Install Needed Packages
Edit /etc/krb5.conf
DNS is hard; especially regarding Kerberos. You probably have to add the following to your krb5.conf file.
Join the Domain
For Example,
Edit /etc/sssd/sssd.conf to make sure the following are set under the domain configuration.
Example full sssd.conf file
Edit /etc/login.defs
Look up the uid value in your realm.
In this example, our generated id has 9 digits, so we set the following for UID_MAX and GID_MAX in /etc/login.defs.
SMB/CIFS Advanced Options
Set then following under Extra Options of the Advanced Settings Div in the SMB/CIFS configuration.
You should now be able to see the AD users and groups in the OMV tab, and assign share permissions based on that.