Closed farzadha2 closed 12 months ago
Hi there,
thanks for the issue. That's true, there is no explicit config, but since you can configure everything using the global config envs, you can alter the samba config to your needs.
As far as I know it was available back in the time when this container was debian/ubuntu based - this container exists for several years now - and it had some breaking changes in it's earlier times. But I never tested it. I don't have an AD to test this setup easily.
If you like to help, you can try do get it working with minimal configuration - see what alpine packages are missing, and give me an example config string which would be needed
if there are not to many dependencies missing - maybe it's just realmd without much other dependencies I might add it to the container, if the configuration is a large string I might reduce it to some ad connection envs which automatically enable the realmd
but this would need your input and in the end a test of my setup - if your up to it I'm happy to get this supported in my container
if the whole impact for esablishing is too big, I might create a new variant which contains all those needed changes :)
Hi there, so i was trying to create the following but im a bit stumped not sure what i missed i did though using docker ubuntu latest
created dockerfile
FROM ubuntu:latest
ARG domain
ARG realm
ARG dc
ARG admin_password
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y samba krb5-user winbind
ADD krb5.conf /etc/krb5.conf
ADD smb.conf /etc/samba/smb.conf
ADD startup.sh /root/startup.sh
RUN chmod +x /root/startup.sh
RUN echo "$admin_password" | kinit Administrator@$realm
RUN net ads join -U Administrator%$admin_password
CMD ["/root/startup.sh"]
then created krb5.conf
[libdefaults]
default_realm = MYDOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
then created smb.conf
[global]
workgroup = MYDOMAIN.LOCAL
security = ads
realm = MYDOMAIN.LOCAL
password server = dc2.mydomain.local
idmap config * : backend = tdb
idmap config * : range = 2000-9999
winbind use default domain = true
winbind offline logon = false
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
then created startup.sh
#!/bin/bash
echo "Starting winbindd"
/etc/init.d/winbind start
echo "Joining domain"
net ads join -U Administrator
echo "Starting smbd"
/etc/init.d/smbd start
tail -f /dev/null
after that the docker-compose
version: '3'
services:
sambashares:
build:
context: .
args:
domain: mydomain.local
realm: MYDOMAIN.LOCAL
dc: dc2.mydomain.local
admin_password: MyAdminPassword123
container_name: sambashares
ports:
- "445:445"
- "139:139"
privileged: true
restart: always
but im getting this error
=> ERROR [7/8] RUN echo "MyAdminPassword123" | kinit Administrator@MYDOMAIN.LOCAL 1.6s
------
> [7/8] RUN echo "Passw0rd" | kinit Administrator@MYDOMAIN.LOCAL:
#0 1.406 kinit: Cannot find KDC for realm "MYDOMAIN.LOCAL" while getting initial credentials
------
failed to solve: process "/bin/sh -c echo \"$admin_password\" | kinit Administrator@$realm" did not complete successfully: exit code: 1
Thank you again
hi @MarvAmBass i was wondering if you got a chance to look at the AD join info?
Thank you
Hi, I'm sorry but since this is not a usecase I need, I didn't have time for that. Althrough it's interesting and would be a nice to have...
thanks for this issue, I thought about it, and I need to close this issue - usually AD connections need windbind etc.
this is meant as minimal general purpose samba/cifs fileserver - with nice preconfigurations to make specials like multi user shares and apple stuff e.g. timemachine integration possbile.
If someone needs more sophisticated stuff, he can either use my image as a base, and install and add missing stuff (e.g. winbind
)
or use my scripts and configurations as a baseline to build his/her own container.
but active directory support etc. is not in scope of this image. and it's not planned for this image in the future
Hi I was looking at the repo, i was reading the Readme but didnt seem to find how i can add the information to authenticate with my AD server i also read https://github.com/ServerContainers/samba/issues/49 which also saw the
SAMBA_GLOBAL_CONFIG_someuniquevalue
but in this value i assume that the container would also need packages like realmd to connect to the domain to be able to share files?Thank you