Comments (6)
Hi there,
thanks for the issue. That's true, there is no explicit config, but since you can configure everything using the global config envs, you can alter the samba config to your needs.
As far as I know it was available back in the time when this container was debian/ubuntu based - this container exists for several years now - and it had some breaking changes in it's earlier times.
But I never tested it. I don't have an AD to test this setup easily.
If you like to help, you can try do get it working with minimal configuration - see what alpine packages are missing, and give me an example config string which would be needed
if there are not to many dependencies missing - maybe it's just realmd without much other dependencies I might add it to the container, if the configuration is a large string I might reduce it to some ad connection envs which automatically enable the realmd
but this would need your input and in the end a test of my setup - if your up to it I'm happy to get this supported in my container
from samba.
if the whole impact for esablishing is too big, I might create a new variant which contains all those needed changes :)
from samba.
Hi there, so i was trying to create the following but im a bit stumped not sure what i missed i did though using docker ubuntu latest
created dockerfile
FROM ubuntu:latest
ARG domain
ARG realm
ARG dc
ARG admin_password
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y samba krb5-user winbind
ADD krb5.conf /etc/krb5.conf
ADD smb.conf /etc/samba/smb.conf
ADD startup.sh /root/startup.sh
RUN chmod +x /root/startup.sh
RUN echo "$admin_password" | kinit Administrator@$realm
RUN net ads join -U Administrator%$admin_password
CMD ["/root/startup.sh"]
then created krb5.conf
[libdefaults]
default_realm = MYDOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
then created smb.conf
[global]
workgroup = MYDOMAIN.LOCAL
security = ads
realm = MYDOMAIN.LOCAL
password server = dc2.mydomain.local
idmap config * : backend = tdb
idmap config * : range = 2000-9999
winbind use default domain = true
winbind offline logon = false
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
then created startup.sh
#!/bin/bash
echo "Starting winbindd"
/etc/init.d/winbind start
echo "Joining domain"
net ads join -U Administrator
echo "Starting smbd"
/etc/init.d/smbd start
tail -f /dev/null
after that the docker-compose
version: '3'
services:
sambashares:
build:
context: .
args:
domain: mydomain.local
realm: MYDOMAIN.LOCAL
dc: dc2.mydomain.local
admin_password: MyAdminPassword123
container_name: sambashares
ports:
- "445:445"
- "139:139"
privileged: true
restart: always
but im getting this error
=> ERROR [7/8] RUN echo "MyAdminPassword123" | kinit [email protected] 1.6s
------
> [7/8] RUN echo "Passw0rd" | kinit [email protected]:
#0 1.406 kinit: Cannot find KDC for realm "MYDOMAIN.LOCAL" while getting initial credentials
------
failed to solve: process "/bin/sh -c echo \"$admin_password\" | kinit Administrator@$realm" did not complete successfully: exit code: 1
Thank you again
from samba.
hi @MarvAmBass i was wondering if you got a chance to look at the AD join info?
Thank you
from samba.
Hi, I'm sorry but since this is not a usecase I need, I didn't have time for that. Althrough it's interesting and would be a nice to have...
from samba.
thanks for this issue, I thought about it, and I need to close this issue - usually AD connections need windbind etc.
this is meant as minimal general purpose samba/cifs fileserver - with nice preconfigurations to make specials like multi user shares and apple stuff e.g. timemachine integration possbile.
If someone needs more sophisticated stuff, he can either use my image as a base, and install and add missing stuff (e.g. winbind
)
or use my scripts and configurations as a baseline to build his/her own container.
but active directory support etc. is not in scope of this image. and it's not planned for this image in the future
from samba.
Related Issues (20)
- Error loading shared library HOT 3
- No access to shared folder HOT 5
- Read-only shared folders HOT 2
- Question: Which version of Samba (v1/v2/v3/v4) is being used, and can it be changed for best performance? HOT 5
- force user = %U with timemachine HOT 5
- Why does turning on time machine modify my read and write permissions HOT 4
- Samba Server not visible HOT 5
- `disable netbios = yes` disregards `$NETBIOS_DISABLE` HOT 1
- Multiline not working HOT 3
- Cannot use UID and GID of a host user HOT 1
- differnce to dperson/samba HOT 1
- How to set the Time Machine share max size differently for different users HOT 6
- Why I can't create file? HOT 2
- Add configuration to change AVAHI service host name HOT 10
- Not Able to Delete Files HOT 14
- auth error when use compose list format HOT 14
- enable encryption HOT 2
- Can't connect on my share remotely and not discovarable HOT 4
- Scheduled Docker builds failing HOT 3
- samba:smbd-only-latest always reports unhealthy status HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from samba.