laslabs / docker-alpine-samba-dc Goto Github PK
View Code? Open in Web Editor NEWSamba4 Domain Controller Based on Alpine
License: Other
Samba4 Domain Controller Based on Alpine
License: Other
Hi,
I'm trying to launch with normal startup script,
-e SAMBA_DC_REALM='corp.example.net' \
-e SAMBA_DC_DOMAIN='EXAMPLE' \
-e SAMBA_DC_ADMIN_PASSWD='5u3r53cur3!' \
-e SAMBA_DC_DNS_BACKEND='SAMBA_INTERNAL' \
-v ${PWD}/samba:/samba \
'laslabs/alpine-samba-dc:0.1.0'
but I got:
Setting up self join
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_ACCESS_DENIED.
ERROR(runtime): uncaught exception - (-1073741790, 'Access denied')
File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/samba/netcmd/domain.py", line 473, in run
nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 2175, in provision
skip_sysvolacl=skip_sysvolacl)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1806, in provision_fill
names.domaindn, lp, use_ntvfs)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1593, in setsysvolacl
service=SYSVOL_SERVICE)
File "/usr/lib/python2.7/site-packages/samba/ntacls.py", line 162, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
Thanks for you help.
Hi,
Thank you for creating this container.
The entrypoint script checks whether it's a fresh start here:
if [ ! -f /samba/etc/smb.conf ]; then
But this file never exists. There is a symlink that looks like it might have been designed to solve this:
/ # ls -l /etc/samba
total 8
lrwxrwxrwx 1 root root 10 Sep 14 2017 etc -> /samba/etc
-rw-r--r-- 1 root root 318 Jun 29 02:02 smb.conf
-rw-r--r-- 1 root root 97 Aug 9 2017 smbusers
But I've run this for a while and nothing is ever placed in /etc/samba/etc in order to be saved in the persistent volume. If the container is destroyed, the majority of the configuration is preserved by the links to /samba as an exported volume - but on restart it will detect this file as missing and build a new AD.
After issuing the example command
docker run --restart unless-stopped \
-e SAMBA_DC_REALM='corp.example.net' \
-e SAMBA_DC_DOMAIN='EXAMPLE' \
-e SAMBA_DC_ADMIN_PASSWD='5u3r53cur3!' \
-e SAMBA_DC_DNS_BACKEND='SAMBA_INTERNAL' \
-v ${PWD}/samba:/samba \
'laslabs/alpine-samba-dc:0.1.0'
provision fails
EXAMPLE - Begin Domain Provisioning
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=corp,DC=example,DC=net
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_ACCESS_DENIED.
ERROR(runtime): uncaught exception - (-1073741790, 'Access denied')
File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/samba/netcmd/domain.py", line 473, in run
nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 2175, in provision
skip_sysvolacl=skip_sysvolacl)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1806, in provision_fill
names.domaindn, lp, use_ntvfs)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1593, in setsysvolacl
service=SYSVOL_SERVICE)
File "/usr/lib/python2.7/site-packages/samba/ntacls.py", line 162, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
So I tried to do it on the previous available image 'laslabs/alpine-samba-dc:hotfix_replace-build-args-with-dot-env' - now it completes successfully, but after issuing provided post-provision run command docker run -d --restart unless-stopped -v ${PWD}/samba:/samba 'laslabs/alpine-samba-dc:hotfix_replace-build-args-with-dot-env'
it complains about no defined SAMBA_DC_DNS_BACKEND. After inspecting your entry point script I can see that it fails to find /etc/samba/smb.conf so it tries to do provision again. It does that because the file is actually created in /etc/samba/smb.conf and not /samba/etc in which you assume it is with your volume mount command. I added "-v ${PWD}/samba/etc:/etc/samba" to the provision command and run command. Now the provision is finally bypassed and actually starts the proper run command but exits with a bunch of SIGTERMS if run once or is in a constant restarting state while run with "--restart unless-stopped". I know that this is previous version, but I'm just telling you this because the 0.1.0 would probably have the same problem with /etc/samba/smb.conf location (really hard to tell because it fails to provision properly so I'm not sure where the smb.conf will be placed).
My host configuration is a current vanilla Ubuntu LTS server with docker from official PPA
# lsb_release -d
Description: Ubuntu 16.04.3 LTS
# docker --version
Docker version 17.06.2-ce, build cec0b72
/usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
/usr/sbin/samba_dnsupdate: File "/usr/lib/python2.7/site-packages/samba/netcmd/init.py", line 176, in _run
/usr/sbin/samba_dnsupdate: return self.run(*args, **kwargs)
/usr/sbin/samba_dnsupdate: File "/usr/lib/python2.7/site-packages/samba/netcmd/dns.py", line 1098, in run
/usr/sbin/samba_dnsupdate: raise e
../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 29
I wanted to know if it would be possible to configure external DNS (Bind9) instead of using internal DNS.
Would be nice to have docker version tags instead of just latest
.
If I create a container now, and then re-create it in a few months I may get a different version without even knowing it as all there is now is latest
. If I create a container with a version tag such as 1.0.0
and then re-create with the same tag at any point in the future I am guaranteed to have the re-creation work exactly as before.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.