Skip to content

tufand/docker-samba-dc

This branch is 2 commits behind p3t/docker-samba-dc:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

f193ca4 · Apr 3, 2022

History

26 Commits
Apr 3, 2022
Nov 28, 2021
Apr 3, 2022
Nov 28, 2021
Nov 28, 2021
Apr 3, 2022
Nov 28, 2021
Nov 28, 2021
Apr 3, 2022
Nov 28, 2021

Repository files navigation

Docker container for a Samba 4 active directory domain controller

Docker Multiplatform Build

This is a alpine-linux base samba 4 AD DC image.

Build the container

    git clone https://github.com/p3t/docker-samba-dc.git
    cd docker-samba-dc

    docker build -t p3tr/samba-dc .

or incase you want to use build-kit:

    docker buildx build --load -t p3tr/samba-dc .

Initialize domain configuration

The samba-tool which is used to setup the domain tries to modify the ACL of the sys_vol, which leads to an error, when the container is not run with --privileged=true. The priviledged option is not required to run the DC after the setup (once the config has been created).

    docker volume create samba

    docker run --rm \
        --privileged=true \
        --mount source=samba,target=/samba \
        -eDOMAIN=your-domain.local \
        -eNO_COMPLEXITY=true \
        -eADMIN_PASSWORD=<your-pass> \
        -eDNS_FORWARD="1.1.1.3 1.0.0.3" \
        p3tr/samba-dc setup

Make the controller accessible from the network

There are multiple options to make a container accessible from the network. One option is to start the container in the host-network I decided to use a macvlan.

Note: You have to make sure, that the IP-addesses in the provided range are not in-use (e.g. used by a DHCP server):

#!/bin/bash
#
# Creates a docker macvlan - subnet/gateway are the same as your lan settings. 
# Choose an ip-range not used by DHCP
#

readonly SUBNET='192.168.2.0/24'
readonly GATEWAY='192.168.2.1'

# Range of 4 addresses starting at 192.168.2.160
readonly START_IP=192.168.2.160
readonly IPRANGE="${START_IP}/30"
readonly HOST_AUXIP=$START_IP

readonly SUBIFNO=160
readonly PARENTIF="enp2s0"
readonly NETNAME="macvlan-${PARENTIF}"

# Note about 802.1q trunked bridge macvlans: 
# I assume that you need to have a VLAN capable router or layer-3 switch in order to get it working
# As I do not have such kind of hardware my containers couldn't connect to the outside world
# and they where not reachable from anywhere

echo "Creating docker network '${NETNAME}'..."

docker network create -d macvlan -o parent=${PARENTIF} \
  --subnet ${SUBNET} \
  --gateway ${GATEWAY} \
  --ip-range ${IPRANGE} \
  --aux-address "host=${HOST_AUXIP}" \
  ${NETNAME}

readonly VDEF_NAME="${PARENTIF}.${SUBIFNO}"

echo "Creating sub-dev '${VDEF_NAME}' for host -> macvlan-routing..."

sudo ip link add ${VDEF_NAME} link ${PARENTIF} type macvlan mode bridge
sudo ip addr add ${HOST_AUXIP}/32 dev ${VDEF_NAME}
sudo ip link set ${VDEF_NAME} up
sudo ip route add ${IPRANGE} dev ${VDEF_NAME}

echo "done"

Run the primary domain controller

Example:

    docker run -d --rm \
        -v samba:/samba \
        --network macvlan-enp2s0 \
        --name sambaDC \
        --hostname sambaDC \
        --ip 192.168.2.161 \
        --mac-address aa:bb:cc:ee:44:55 \
        p3tr/samba-dc start

Debug/test container

You can directly start an interactive shell and run the entrypoint.sh or parts of it manually on the command prompt:

        docker run -it \
        --privileged=true \
        --mount source=samba,target=/samba \
        -eDOMAIN=your-domain.local -eNO_COMPLEXITY=true -eADMIN_PASSWORD=<your-pass> \
        p3tr/samba-dc ash

References/documentation

Credits

Thanks to https://github.com/Fmstrat/samba-domain I took this project as initial inspiration.

About

dockerized samba domain controller

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 87.9%
  • Dockerfile 12.1%