[Samba] Multi tenancy and/or Hosted AD like solution
dev.grealish at gmail.com
Wed May 4 07:28:23 UTC 2016
I've a few ideas on the go with a client atm, will need to scrap out some
of the data before sharing, But like you said stateless-ness is the way i'm
trying to go here. We have a central backend that we hope can
build/re-provision samba in a container on a per tenant bases.
However migrating and updating SAMBA binary with a "state volume" is
something still an unknown, as from what I understand SAMBA will have to
run over the data files to update them to a newer version in some way.
Could you point me to your patches in SAMBA?
On 30 April 2016 at 10:17, Andrew Bartlett <abartlet at samba.org> wrote:
> On Mon, 2016-04-18 at 09:18 -0700, Jeremy Allison wrote:
> > On Mon, Apr 18, 2016 at 03:39:02PM +0200, D Grealish wrote:
> > > Hi,
> > > I've been doing some research and testing into implementing SAMBA 4
> > > as a
> > > AD/DC role for offering "AD as a service" to various small
> > > companies, I've
> > > been testing SAMBA out in various different configurations and
> > > wondering if
> > > SAMBA in AD/DC role if it's possible to segment in such a way
> > >
> > > some requirements:
> > > - Windows 10 support, e.g SMB3
> > > - AD tree segmentation so that one customer doesn't see a another
> > > customer
> > > AD tree, (users, computer, shares, etc..)
> > > - Single or multi domain (however I understand multi trust domains
> > > isn't
> > > supported yet)
> > >
> > > some ideas:
> > > - separate SAMBA instance for each customer,
> > > - use docker to host each SAMBA instance
> > > - single SAMBA instance running some splittree/forest
> > >
> > > Anyone attempt something before?
> > Containerizations/VM's are the way to go here.
> I agree. If you go into this seriously, then some patches I did for
> our DNS code a while back (bug didn't integrate) would allow us to know
> that our public IP isn't the local interface IP (eg, support docker).
> If handled well, then docker could work well as the Samba binary could
> be shared, but the databases would remain private to each instance. We
> map pretty well into the 'state volume, stateless OS' model if you get
> the paths right.
> I'm always excited by 'samba as a service' opportunities and I
> encourage you in your endeavours. Please share your experiences and if
> possible any scripts/dockerfiles you make. It would be lovely if we
> could have a standard way to do this.
> Andrew Bartlett
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT
More information about the samba