[Samba] Multi tenancy and/or Hosted AD like solution
Andrew Bartlett
abartlet at samba.org
Sat Apr 30 08:17:55 UTC 2016
On Mon, 2016-04-18 at 09:18 -0700, Jeremy Allison wrote:
> On Mon, Apr 18, 2016 at 03:39:02PM +0200, D Grealish wrote:
> > Hi,
> > I've been doing some research and testing into implementing SAMBA 4
> > as a
> > AD/DC role for offering "AD as a service" to various small
> > companies, I've
> > been testing SAMBA out in various different configurations and
> > wondering if
> > SAMBA in AD/DC role if it's possible to segment in such a way
> >
> > some requirements:
> > - Windows 10 support, e.g SMB3
> > - AD tree segmentation so that one customer doesn't see a another
> > customer
> > AD tree, (users, computer, shares, etc..)
> > - Single or multi domain (however I understand multi trust domains
> > isn't
> > supported yet)
> >
> > some ideas:
> > - separate SAMBA instance for each customer,
> > - use docker to host each SAMBA instance
> > - single SAMBA instance running some splittree/forest
> >
> > Anyone attempt something before?
>
> Containerizations/VM's are the way to go here.
I agree. If you go into this seriously, then some patches I did for
our DNS code a while back (bug didn't integrate) would allow us to know
that our public IP isn't the local interface IP (eg, support docker).
If handled well, then docker could work well as the Samba binary could
be shared, but the databases would remain private to each instance. We
map pretty well into the 'state volume, stateless OS' model if you get
the paths right.
I'm always excited by 'samba as a service' opportunities and I
encourage you in your endeavours. Please share your experiences and if
possible any scripts/dockerfiles you make. It would be lovely if we
could have a standard way to do this.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list