Just got around to upgrading to OMV 4. Wanted to share my steps to get SMB 3 share authentication working against my SAMBA AD server. Since I'm a security guy, this configuration only uses SMB 3 and Kerberos through sssd. Don't have to worry about legacy SMB protocols, weak NTLM hashes, NULL AD sessions, or plain text ldap calls.
Install Needed Packages
DNS is hard; especially regarding Kerberos. You probably have to add the following to your krb5.conf file.
Join the Domain
Edit /etc/sssd/sssd.conf to make sure the following are set under the domain configuration.
Example full sssd.conf file
Look up the uid value in your realm.
In this example, our generated id has 9 digits, so we set the following for UID_MAX and GID_MAX in /etc/login.defs.
SMB/CIFS Advanced Options
Set then following under Extra Options of the Advanced Settings Div in the SMB/CIFS configuration.
You should now be able to see the AD users and groups in the OMV tab, and assign share permissions based on that.