[Samba] Deploy separate DC & file share services in one host

John Mulligan phlogistonjohn at asynchrono.us
Tue Apr 19 14:19:45 UTC 2022 

On Saturday, April 16, 2022 12:54:12 PM EDT Hailong Wang via samba wrote:
> Hi everyone.
> I use docker to deploy AD DC & smbd file share service in two containers on
> a single host. the docker image is based on Ubuntu 20.04, samba version is
> 4.13.17.
> 
> When I visit the file share service( use wsdd2 & avahi ),  windows 10 is
> worked, but other clients like macOS, have a 50 percent possibility to show
> the DC file share (netlogon & sysvol).
> 
> According to "Setting up Samba as an Active Directory Domain Controller"
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Dom
> ain_Controller#Using_the_Domain_Controller_as_a_File_Server, I know AD DC
> can act as the file share service, but it will show netlogon and sysvol in
> the shared directory.
> 
> Any idea?

How are you separating the network traffic for the different samba instances? Are 
you trying to change ports (I see `rpc server port` set on the example)? 
Alternatively, are you giving the containers different IPs?

Based on the fact that most clients require SMB traffic on port 445 I would 
personally be aiming for something like the latter. But I'd like to know more 
before making assumptions about your network.



> 
> #  DC smb.conf
> 
> [global]
> netbios name = DCSERVER
> realm = SAMBADC.COM
> server role = active directory domain controller
> workgroup = SAMBADC
> server services = -dns
> rpc server port = 10240
> bind interfaces only = Yes
> 
> [netlogon]
> path = /var/lib/samba/sysvol/SAMBADC.COM/scripts
> read only = No
> 
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
> 
> #  file share smb.conf
> 
> [global]
>   security = ADS
>   server role = MEMBER SERVER
>   workgroup = SAMBADC
>   netbios name = FSSERVER
>   realm = SAMBADC.COM
> 
>   idmap config * : backend = tdb
>   idmap config * : range = 3000-7999
> 
>   idmap config SAMBADC: backend = rid
>   idmap config SAMBADC: range = 10000-999999
> 
>   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288
> SO_SNDBUF=524288
> 
>   winbind enum groups = Yes
>   winbind enum users = Yes
>   winbind refresh tickets = Yes
>   winbind separator = +
>   winbind use default domain = Yes
>   winbind expand groups = 2

More information about the samba mailing list