Closed farzadha2 closed 1 year ago
diegogslomp
commented
1 year ago Hello!
In that case you need a domain member and not a secondary domain controller. Check your smb.conf file:
docker compose exec filserver cat /usr/local/samba/etc/smb.confMaybe if you create a bind mount with a smb.conf with that config and changing it to a samba share you do the job. You can remove the samba-domain-join after adding the bind mount. Any trouble please let me know.
farzadha2
commented
1 year ago hi @diegogslomp thanks for the reply, so i tried the following, edited the
root@intranet:/samba/samba-ad-dc# cat sbin/samba-domain-join
#!/usr/bin/env bash
# Exit if any error
set -euo pipefail
# Require DC as argument
[[ "$#" -ge 1 ]] || { echo "Usage: samba-domain-join <server>"; exit 1; }
server="$1"
# Skip domain join if secrets exists
if [[ ! -e "${SAMBA_PATH:-/usr/local/samba}/private/secrets.keytab" ]]; then
# Wait until dc LDAP response
until nc -z "${server}" 389; do
echo "Waiting for ${server} LDAP response.."
sleep 1
done
INTERFACE=$(ip a | grep BROADCAST | head -n1 | awk '{print $2}' | sed 's/://')
# Always bind interfaces, but not in tests
if [[ "${BIND_NETWORK_INTERFACES:-true}" == true ]]; then
samba-tool domain join "${REALM}" \
--server="${server}" \
--username=administrator \
--password="${ADMIN_PASS}" \
--dns-backend="${DNS_BACKEND:-SAMBA_INTERNAL}" \
--option="dns forwarder=${DNS_FORWARDER}" \
--option="interfaces=lo ${INTERFACE}" \
--option="bind interfaces only=yes"
else
samba-tool domain join "${REALM}" \
--server="${server}" \
--username=administrator \
--password="${ADMIN_PASS}" \
--dns-backend="${DNS_BACKEND:-SAMBA_INTERNAL}" \
--option="dns forwarder=${DNS_FORWARDER}"
fi
fi
update-etc-filesand the docker compose
version: "3.1"
services:
fileserver:
image: samba:ubuntu
restart: unless-stopped
network_mode: host
build:
context: .
dockerfile: dockerfiles/ubuntu
args:
SMB_VERSION: "${SMB_VERSION:-latest}"
container_name: fileserver
hostname: fileserver
privileged: true
environment:
REALM: F2F.LOCAL
DOMAIN: F2F
ADMIN_PASS: Passw0rd
DNS_FORWARDER: 8.8.8.8
dns_search: f2f.local
dns:
- 192.168.3.200
extra_hosts:
- "zentyal zentyal.f2f.local:192.168.3.200"
command: bash -c "samba-domain-join zentyal && samba -F"
volumes:
- fileserver-local-samba:/usr/local/samba
volumes:
fileserver-local-samba:after running docker-compose up -d
it keeps going as a domain controller,
Now not sure if i understood that after i do that i need to change the smb.conf
root@intranet:/samba/samba-ad-dc# docker compose exec fileserver cat /usr/local/samba/etc/smb.conf
# Global parameters
[global]
ldap server require strong auth = No
bind interfaces only = Yes
dns forwarder = 8.8.8.8
interfaces = lo ens18
netbios name = FILESERVER
realm = F2F.LOCAL
server role = active directory domain controller
workgroup = F2F
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/f2f.local/scripts
read only = No
to removing the server role
# Global parameters
[global]
ldap server require strong auth = No
bind interfaces only = Yes
dns forwarder = 8.8.8.8
interfaces = lo ens18
netbios name = FILESERVER
realm = F2F.LOCAL
workgroup = F2F
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/f2f.local/scripts
read only = No
but would i need to demote the server after? or is it possible without adding it to the domain as a secondary
Thank you again
diegogslomp
commented
1 year ago Adding a domain controller as a fileserver is not recommended, the ideal is to add the new fileserver as a domain member, but this image doesn't have a script for that. To use this image as a fileserver, this configuration should be implemented. The samba-domain-provision and samba-domain-join scripts change the system config to run as a controller.
farzadha2
commented
1 year ago Hi @diegogslomp Thank you so much for the reply, correct what i was trying to do with your image is to join as a member and not as a domain controller but from what you commented it seems that's not possible?
I also tried editing the samba-domain-provision and samba-domain-join but got errors unfortunately
diegogslomp
commented
1 year ago Hello
It is possible, but you need to modify the update-etc-files, changing files like /etc/security/pam_winbind.conf and /etc/nsswitch.conf, as described here.
After that you need to change the samba-domain-join to join as a MEMBER, and update the smb.conf file with the share configuration.
Hi @diegogslomp I was wondering is it possible to add this container as a samba server and not as a secondary server?
i was looking at the https://github.com/diegogslomp/samba-ad-dc/blob/master/sbin/samba-domain-join would i remove something like this?
and the docker compose, as the AD server is 192.168.3.200
Thank you