On Wednesday, November 30, 2022 2:01:52 AM EST Joachim Lindenberg via samba wrote:> Hello Andrew, > good point. Actually I would love to run freeradius + samba in one or two > docker containers. However, while there are descriptions on how to run > freeradius in a container, there aren?t a lot for a samba member server. > Any pointer for that? Thanks, > Joachim >I work on a project that is providing OCI container images, example deployments and documentation. https://github.com/samba-in-kubernetes/samba-container/ We have images for (member) file server, AD DC, client, and just recently added a "toolbox" image for testing and diagnostics. Please don't let the 'kubernetes' in the org name scare you off the project in question is not K8S specific. I'd love more feedback and eyes on our project. We've presented some of this work at sambaXP in the past two years FWIW.> -----Urspr?ngliche Nachricht----- > Von: Andrew Bartlett <abartlet at samba.org> > Gesendet: Mittwoch, 30. November 2022 00:51 > An: Joachim Lindenberg <samba at lindenberg.one>; samba at lists.samba.org > Betreff: Re: [Samba] freeradius on dc? > > On Tue, 2022-11-29 at 22:31 +0100, Joachim Lindenberg via samba wrote: > > Hello, > > > > I am wondering whether it is possible / recommended or not, to install > > and use freeradius on a domain controller. The documentation at > > https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Act > > ive_Directory is about installation/configuration on member servers > > only. > > > > Any thoughts? What changes on a dc? > > It should still just work, as the same winbindd is under the hood and this > mode of operation is connected, but running a member server allows more > separation of concerns and avoids any DC being 'special'. > > VMs or containers are good for this. > > Andrew Bartlett
Hello John,>I work on a project that is providing OCI container images, example deployments and documentation. >https://github.com/samba-in-kubernetes/samba-container/ >We have images for (member) file server, AD DC, client, and just recently added a "toolbox" image for testing and diagnostics.Do you have instructions for a member container including join & leave instructions to an existing domain? Didn?t find that with the link given.>Please don't let the 'kubernetes' in the org name scare you off the project in question is not K8S specific. I'd love more feedback and eyes on our project.I always mention k8s in my trainings, may be I can also experiment with it now. So far my internet connection is the major hurdle and docker(-compose) was sufficient. Thanks, Joachim> -----Urspr?ngliche Nachricht----- > Von: Andrew Bartlett <abartlet at samba.org> > Gesendet: Mittwoch, 30. November 2022 00:51 > An: Joachim Lindenberg <samba at lindenberg.one>; samba at lists.samba.org > Betreff: Re: [Samba] freeradius on dc? > > On Tue, 2022-11-29 at 22:31 +0100, Joachim Lindenberg via samba wrote: > > Hello, > > > > I am wondering whether it is possible / recommended or not, to install > > and use freeradius on a domain controller. The documentation at > > https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Act > > ive_Directory is about installation/configuration on member servers > > only. > > > > Any thoughts? What changes on a dc? > > It should still just work, as the same winbindd is under the hood and this > mode of operation is connected, but running a member server allows more > separation of concerns and avoids any DC being 'special'. > > VMs or containers are good for this. > > Andrew Bartlett-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On Wednesday, November 30, 2022 4:14:07 PM EST Joachim Lindenberg via samba wrote:> Hello John, > > >I work on a project that is providing OCI container images, example > >deployments and documentation. > >https://github.com/samba-in-kubernetes/samba-container/ > >We have images for (member) file server, AD DC, client, and just recently > >added a "toolbox" image for testing and diagnostics. > Do you have instructions for a member container including join & leave > instructions to an existing domain? Didn?t find that with the link given.That's been on my TODO list, so unfortunately no proper human-readable documentation for that exists at the moment. Perhaps this thread is the motivation I need to get working on that. If you can read k8s YAML this might help serve as a starting point: https://github.com/samba-in-kubernetes/samba-container/blob/master/tests/files/ samba-domain-member-pod.yml The elevator-pitch version: * Initialize your persistent storage: <container-cmd ...> quay.io/samba.org/ samba-server:latest init * Polling join: <container-cmd ...> quay.io/samba.org/samba-server:latest must-join --files --join-file=/etc/join-data/join.json * Start winbind: <container-cmd ...> quay.io/samba.org/samba-server:latest run winbind * Start sbmd: <container-cmd ...> quay.io/samba.org/samba-server:latest run smbd (the trick here that makes it look simple is that I'm leaving out he shared mounts and the env vars ;-) )> >Please don't let the 'kubernetes' in the org name scare you off the project > >in question is not K8S specific. I'd love more feedback and eyes on our > >project. > I always mention k8s in my trainings, may be I can also experiment with it > now. So far my internet connection is the major hurdle and docker(-compose) > was sufficient.For me, the issue is that I've spent a lot of time focused on kubernetes and samba-operator [1] which does already implement domain joins with a member server, and is documented. It's just that samba-container doesn't explain how to do it manually :-( I really want the other projects to stand on their own without k8s though so I'd really like to have docs for something like a full member server on docker-compose. [1] https://github.com/samba-in-kubernetes/samba-operator> > Thanks, > Joachim > > > -----Urspr?ngliche Nachricht----- > > Von: Andrew Bartlett <abartlet at samba.org> > > Gesendet: Mittwoch, 30. November 2022 00:51 > > An: Joachim Lindenberg <samba at lindenberg.one>; samba at lists.samba.org > > Betreff: Re: [Samba] freeradius on dc? > > > > On Tue, 2022-11-29 at 22:31 +0100, Joachim Lindenberg via samba wrote: > > > Hello, > > > > > > I am wondering whether it is possible / recommended or not, to install > > > and use freeradius on a domain controller. The documentation at > > > https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Act > > > ive_Directory is about installation/configuration on member servers > > > only. > > > > > > Any thoughts? What changes on a dc? > > > > It should still just work, as the same winbindd is under the hood and this > > mode of operation is connected, but running a member server allows more > > separation of concerns and avoids any DC being 'special'. > > > > VMs or containers are good for this. > > > > Andrew Bartlett