laslabs / docker-alpine-samba-dc Goto Github PK
View Code? Open in Web Editor NEWSamba4 Domain Controller Based on Alpine
License: Other
docker-alpine-samba-dc's People
Contributors
Stargazers
Watchers
Forkers
gjchentw fote mharrend phreakazoid dtelless caitlinelfring jlmc-miranda lotusshaney whlsxl jhpgfsdocker-alpine-samba-dc's Issues
Failed at startup
Hi,
I'm trying to launch with normal startup script,
-e SAMBA_DC_REALM='corp.example.net' \
-e SAMBA_DC_DOMAIN='EXAMPLE' \
-e SAMBA_DC_ADMIN_PASSWD='5u3r53cur3!' \
-e SAMBA_DC_DNS_BACKEND='SAMBA_INTERNAL' \
-v ${PWD}/samba:/samba \
'laslabs/alpine-samba-dc:0.1.0'
but I got:
Setting up self join
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_ACCESS_DENIED.
ERROR(runtime): uncaught exception - (-1073741790, 'Access denied')
File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/samba/netcmd/domain.py", line 473, in run
nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 2175, in provision
skip_sysvolacl=skip_sysvolacl)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1806, in provision_fill
names.domaindn, lp, use_ntvfs)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1593, in setsysvolacl
service=SYSVOL_SERVICE)
File "/usr/lib/python2.7/site-packages/samba/ntacls.py", line 162, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
Thanks for you help.
Storage persistance broken
Hi,
Thank you for creating this container.
The entrypoint script checks whether it's a fresh start here:
if [ ! -f /samba/etc/smb.conf ]; then
But this file never exists. There is a symlink that looks like it might have been designed to solve this:
/ # ls -l /etc/samba
total 8
lrwxrwxrwx 1 root root 10 Sep 14 2017 etc -> /samba/etc
-rw-r--r-- 1 root root 318 Jun 29 02:02 smb.conf
-rw-r--r-- 1 root root 97 Aug 9 2017 smbusers
But I've run this for a while and nothing is ever placed in /etc/samba/etc in order to be saved in the persistent volume. If the container is destroyed, the majority of the configuration is preserved by the links to /samba as an exported volume - but on restart it will detect this file as missing and build a new AD.
Provisioning is broken in 0.1.0
After issuing the example command
docker run --restart unless-stopped \
-e SAMBA_DC_REALM='corp.example.net' \
-e SAMBA_DC_DOMAIN='EXAMPLE' \
-e SAMBA_DC_ADMIN_PASSWD='5u3r53cur3!' \
-e SAMBA_DC_DNS_BACKEND='SAMBA_INTERNAL' \
-v ${PWD}/samba:/samba \
'laslabs/alpine-samba-dc:0.1.0'
provision fails
EXAMPLE - Begin Domain Provisioning
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=corp,DC=example,DC=net
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_ACCESS_DENIED.
ERROR(runtime): uncaught exception - (-1073741790, 'Access denied')
File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/samba/netcmd/domain.py", line 473, in run
nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 2175, in provision
skip_sysvolacl=skip_sysvolacl)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1806, in provision_fill
names.domaindn, lp, use_ntvfs)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1593, in setsysvolacl
service=SYSVOL_SERVICE)
File "/usr/lib/python2.7/site-packages/samba/ntacls.py", line 162, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
So I tried to do it on the previous available image 'laslabs/alpine-samba-dc:hotfix_replace-build-args-with-dot-env' - now it completes successfully, but after issuing provided post-provision run command docker run -d --restart unless-stopped -v ${PWD}/samba:/samba 'laslabs/alpine-samba-dc:hotfix_replace-build-args-with-dot-env' it complains about no defined SAMBA_DC_DNS_BACKEND. After inspecting your entry point script I can see that it fails to find /etc/samba/smb.conf so it tries to do provision again. It does that because the file is actually created in /etc/samba/smb.conf and not /samba/etc in which you assume it is with your volume mount command. I added "-v ${PWD}/samba/etc:/etc/samba" to the provision command and run command. Now the provision is finally bypassed and actually starts the proper run command but exits with a bunch of SIGTERMS if run once or is in a constant restarting state while run with "--restart unless-stopped". I know that this is previous version, but I'm just telling you this because the 0.1.0 would probably have the same problem with /etc/samba/smb.conf location (really hard to tell because it fails to provision properly so I'm not sure where the smb.conf will be placed).
My host configuration is a current vanilla Ubuntu LTS server with docker from official PPA
# lsb_release -d
Description: Ubuntu 16.04.3 LTS
# docker --version
Docker version 17.06.2-ce, build cec0b72
ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
/usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
/usr/sbin/samba_dnsupdate: File "/usr/lib/python2.7/site-packages/samba/netcmd/init.py", line 176, in _run
/usr/sbin/samba_dnsupdate: return self.run(*args, **kwargs)
/usr/sbin/samba_dnsupdate: File "/usr/lib/python2.7/site-packages/samba/netcmd/dns.py", line 1098, in run
/usr/sbin/samba_dnsupdate: raise e
../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 29
Question about DNS configuration
I wanted to know if it would be possible to configure external DNS (Bind9) instead of using internal DNS.
Version tags
Would be nice to have docker version tags instead of just latest.
If I create a container now, and then re-create it in a few months I may get a different version without even knowing it as all there is now is latest. If I create a container with a version tag such as 1.0.0 and then re-create with the same tag at any point in the future I am guaranteed to have the re-creation work exactly as before.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.