/docker-samba-ad-dc

Docker container for samba active directory server

Primary LanguageShellGNU General Public License v3.0GPL-3.0

docker-samba-ad-dc

Project Status: Active

ubuntu based docker container for samba active directory server

This was inspired by other older docker containers that either don't work or use completely outdated versions of samba. To fullfill my own requirements, I wrote this from scratch.

Limitations

The container needs a macvtap based network. You may try other network types, however you have been warned, it will most likely not work without problems.

Running

Setup your own samba.env file with your choice of options by copying the example.

cp samba.env.example samba.env

Then start the container. It will immediatly provision the domain and start samba afterwards.

Environment Variables explained

The environment variables are passed on to the domain provising of samba-tool. For in-depth information see the fine Samba Wiki on samba-tool.

parameter purpose
SAMBA_DC_HOSTNAME=dc Hostname of the containerized domain controller. If you change this, you will need to change the hostname in the dockerfile as well.
SAMBA_DC_HOSTIP= should be left alone (is a leftover from trying to make it work with host network)
SAMBA_DC_ADMIN_PASSWD=replacePassword Yeah for real, please change this to something secure.
SAMBA_DC_REALM=my.domain replace with your active directory domain name
SAMBA_DNS_BACKEND=SAMBA_INTERNAL should be left alone
SAMBA_DNS_FORWARDER=192.168.1.254 Sets the dns server that dns queries are forwarded to.
SAMBA_NOCOMPLEXPWD=true If true then sets the password complexity to off, expiry and password history is turned off as well, otherwise password complexity is left alone.

Volumes

As the docker file defines, and the docker-compose file configures, those are the volumes:

volume purpose
/etc/samba config files
/var/lib/samba sysvolume
/var/log/samba logfiles
/srv/shares shares and their files

You can point those to the paths of your liking, e.g:

      - /srv/docker/samba/etc:/etc/samba:rw
      - /srv/docker/samba/sys:/var/lib/samba:rw
      - /srv/docker/samba/log:/var/log/samba:rw
      - /srv/docker/samba/shares:/srv/shares:rw

Joining a domain as a dc

Be warned, this are my own notes and may or may not work!

add to .env file:

parameter purpose
SAMBA_PROVISION_TYPE=JOIN provisioning type: DC for standalone domain controller
or JOIN for joining an existing domain

fsmo transfer / seizure

Ideas shamelessly copied from Samba documentation - fsmo

samba-tool fsmo show

samba-tool fsmo transfer --role=...

check things

samba-tool fsmo show

demote old dc

!!! On the old dc run the following command

samba-tool domain demote -Uadministrator

Shameless copy from Samba documentation

Building

You can either use the following command to build the docker image for the samba ad dc:

build.sh

or simple use docker-compose

docker-compose build

There are other docker-compose files present that will most likely not work as expected.