Weird question of the day: Containers where smbd is in a container and winbindd is outside

[Richard Sharpe]

On Mon, Sep 11, 2017 at 7:04 PM, Jeremy Allison <jra at samba.org> wrote:
> On Mon, Sep 11, 2017 at 04:39:35PM -0700, Richard Sharpe via samba-technical wrote:
>> Has anyone tried setting up a container situation where winbindd run
>> on the host and smbd runs in a container.
>>
>> Can you bind-mount the winbindd directory where it keeps its comms
>> socket in the container so that smbd in the container can talk to
>> winbindd outside the container?
>
> No clue. As in most things, you are a pioneer ! :-) :-).

I have decided that this does not buy much more than complexity, since
we would have to manage the UID/GID namespaces very carefully and tell
winbindd the ranges of UIDs/GIDs to allocate to each container.

Much easier to simply allocate a range of UIDs/GIDs to each container
and run winbindd in each container.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)