Hailong Wang
2022-Apr-16 16:54 UTC
[Samba] Deploy separate DC & file share services in one host
Hi everyone. I use docker to deploy AD DC & smbd file share service in two containers on a single host. the docker image is based on Ubuntu 20.04, samba version is 4.13.17. When I visit the file share service( use wsdd2 & avahi ), windows 10 is worked, but other clients like macOS, have a 50 percent possibility to show the DC file share (netlogon & sysvol). According to "Setting up Samba as an Active Directory Domain Controller" https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server, I know AD DC can act as the file share service, but it will show netlogon and sysvol in the shared directory. Any idea? # DC smb.conf [global] netbios name = DCSERVER realm = SAMBADC.COM server role = active directory domain controller workgroup = SAMBADC server services = -dns rpc server port = 10240 bind interfaces only = Yes [netlogon] path = /var/lib/samba/sysvol/SAMBADC.COM/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No # file share smb.conf [global] security = ADS server role = MEMBER SERVER workgroup = SAMBADC netbios name = FSSERVER realm = SAMBADC.COM idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config SAMBADC: backend = rid idmap config SAMBADC: range = 10000-999999 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288 winbind enum groups = Yes winbind enum users = Yes winbind refresh tickets = Yes winbind separator = + winbind use default domain = Yes winbind expand groups = 2
John Mulligan
2022-Apr-19 14:19 UTC
[Samba] Deploy separate DC & file share services in one host
On Saturday, April 16, 2022 12:54:12 PM EDT Hailong Wang via samba wrote:> Hi everyone. > I use docker to deploy AD DC & smbd file share service in two containers on > a single host. the docker image is based on Ubuntu 20.04, samba version is > 4.13.17. > > When I visit the file share service( use wsdd2 & avahi ), windows 10 is > worked, but other clients like macOS, have a 50 percent possibility to show > the DC file share (netlogon & sysvol). > > According to "Setting up Samba as an Active Directory Domain Controller" > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Dom > ain_Controller#Using_the_Domain_Controller_as_a_File_Server, I know AD DC > can act as the file share service, but it will show netlogon and sysvol in > the shared directory. > > Any idea?How are you separating the network traffic for the different samba instances? Are you trying to change ports (I see `rpc server port` set on the example)? Alternatively, are you giving the containers different IPs? Based on the fact that most clients require SMB traffic on port 445 I would personally be aiming for something like the latter. But I'd like to know more before making assumptions about your network.> > # DC smb.conf > > [global] > netbios name = DCSERVER > realm = SAMBADC.COM > server role = active directory domain controller > workgroup = SAMBADC > server services = -dns > rpc server port = 10240 > bind interfaces only = Yes > > [netlogon] > path = /var/lib/samba/sysvol/SAMBADC.COM/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > # file share smb.conf > > [global] > security = ADS > server role = MEMBER SERVER > workgroup = SAMBADC > netbios name = FSSERVER > realm = SAMBADC.COM > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > > idmap config SAMBADC: backend = rid > idmap config SAMBADC: range = 10000-999999 > > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 > SO_SNDBUF=524288 > > winbind enum groups = Yes > winbind enum users = Yes > winbind refresh tickets = Yes > winbind separator = + > winbind use default domain = Yes > winbind expand groups = 2