Setup LXC to provide additional "system" to behave as AD controller

[AnrDaemon]

May solve #2. May be.

[AnrDaemon]

--template … is important. Dunno why it doesn't pick default type. Must be distribution specific.

add-apt-repository ppa:ubuntu-lxc/stable
apt-get update && apt-get install lxc
echo "lxc.lxcpath = /home/.lxc" >> /etc/lxc/lxc.conf
( umask 0027; mkdir /home/.lxc; )
lxc-create --name=dc1 --template=ubuntu --logfile=/var/log/lxc/dc1-create.log -- --flush-cache --mirror=http://ru.archive.ubuntu.com/ubuntu --packages=acl,nano,ncurses-term,tcpdump,python-software-properties,ldap-utils,dnsutils,aptitude
cp -r ~/.ssh ~/.profile ~/.bashrc /home/.lxc/dc1/rootfs/root

[AnrDaemon]

Bridge assembled on VirtualBox intnet doesn't forward packets. ARP tables always fall apart. I don't know if this is an LXC or VirtualBox issue.

[AnrDaemon]

Bridged container works on real hardware, but not in VM. I call bullshit on this one. Adding one more "physical" interface to VM and linking container to it in phys mode works.

[AnrDaemon]

Backup

printf "dc1/rootfs/%s\n" dev proc run sys | rar a -r -s -m5 -mde -ag-YYYYMMDD -oh -ol -ow -x@ -- dc1 dc1

[AnrDaemon]

dc1/config

# Common configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf

# Container specific configuration
lxc.rootfs = /home/.lxc/dc1/rootfs
lxc.mount = /home/.lxc/dc1/fstab
lxc.utsname = dc1
lxc.arch = i686

# Network configuration (real)
#lxc.network.type = veth
#lxc.network.veth.pair = veth1
#lxc.network.link = br0
#lxc.network.hwaddr = 00:16:3e:xx:xx:xx

# Network configuration (vbox)
lxc.network.type = phys
lxc.network.link = eth3

lxc.network.flags = up

lxc.start.auto = 1

[AnrDaemon]

passwd -l ubuntu
mv /etc/apt/sources.list /etc/apt/sources.list-us
sed -re 's#(http://)([[:alpha:]]*\.)?(archive\.ubuntu\.com/)#\1ru.\3#g' > /etc/apt/sources.list < /etc/apt/sources.list-us
apt-get update && apt-get upgrade --yes
apt-get install nano ncurses-term tcpdump python-software-properties ldap-utils

[AnrDaemon]

Только для виртуалки…

ads/rootfs/etc/network/interfaces

…
auto eth3
iface eth3 inet dhcp

[AnrDaemon]

/etc/ssh/sshd_config

#Disable RSA host key
LoginGraceTime 10
PermitRootLogin without-password
RSAAuthentication no
PasswordAuthentication no
TCPKeepAlive no
MaxAuthTries 1

[AnrDaemon]

Check for correctly working container. As ridiculous as it is, I've been bitten by /tmp not being accessible to nobody.

sudo -u '#65534' ls -l /tmp || echo 'Fail!'

[AnrDaemon]

https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/

[AnrDaemon]

macvlan's seems to be the better way to go, even if marginally.

lxc.network.type = macvlan
lxc.network.macvlan.mode = vepa (or bridge)
lxc.network.link = eth0
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.network.name = eth0

[AnrDaemon]

Trick to access filesystem of a running container. Courtesy @stgraber

ls -l /proc/$(lxc-info -n $NAME -p -H)/root/

[AnrDaemon]

Get inside a container with your favorite hat on?

lxc-attach -n $NAME -- /usr/bin/sudo -i -u $USER