Disclaimer: This Guide is far from perfect. These are the steps that I made, to connect an OpenMediaVault Server to an Windows Server 2012R2 AD/LDAP.
I'm not responsible for any problems you may run into using this Guide.
I strongly recommend to test this Guide in a Virtual testing environment before using on Productive Systems!
So. Donh and me did it and connected OpenMediaVault to an 2012R2 AD/LDAP. Weird thing, Users page in webgui is fucking slow for me, groups page is nearly instant. On donh's installation with an 2008R2 Server the users tab is way faster.
1. Enable SSH
2. Enable Samba, Set WORKGROUP to 'LOCAL' (WHEN your PDC is DC01.LOCAL.DOMAIN, change it according to your domain structure)
2.1 Extra options for Samba:
3. nano /usr/share/openmediavault/mkconf/samba.d/15ldap
3.1 Change Security = User to Security = ads
3.2 Change both IDMAPUID and IMAPGID from 1000-2000 to 16777216-33554431
4. Install anything thats needed (dnsutils to be able to use nslookup if needed)
4.1 Configure it according to your situation. You most likely fill in the IP/Hostname of your PDC/DC everytime!
5. Install openmediavault-ldap and configure it like you would normally. (See attachment: ldap_settings, change according to your structure!)
6. Apply anyhting in the GUI. Leave the GUI untouched after that! Otherwise the following changes will get reverted!
7. Edit /etc/nsswitch.conf to look like the following:
8. Restart samba and winbind
9. Add the following to your /etc/hosts file (REMEMBER: Change according your needs!)
10. Edit /etc/krb5.conf
10.1 Remove all dummy domains
10.2 add the following to the config file under [domain_realm] (CHANGE ACCORDING TO YOUR NEEDS!)
10.3 The whole file should like that
11. Check (with DATE, not in the webinterface!) that your time on your CLI is synchron with the time of your PDC!
12. execute the following command - thats the first step where you most likely run into errors!
13. join the fucking AD/LDAP
13.1. If That doesn't work, you can specify the exact hostname of the PDC
14. Check if winbind can access your AD/LDAP
14.1. Check if winbind can access Users and groups from the LDAP
14.2. nano /etc/login.defs change UID_MAX GID_MAX as follows. Then you might need to do ldconfig.
15. Check if OpenMediaVault can access it (You should see your OpenMediaVault Users AND your AD Users)
16. Check the Groups Page in the Webinterface. (This was nearly instant for both donh and me).
17. Check Users Page in the Webinterface. (This was different for donh (Windows Server 2008R2) and me (Windows Server 2012R2) - mine was slow as hell, so maybe it timeouts for you, then access the Users Page again!)
+18. To check for things I might have missed, here is my whole smb.conf
10 hours. And I'm not satisfied with it how it works here. Donh and I are unsure why its so slow for me. Hardware is out of the question. Donhs configs are a bit different from mine, he will post them later.