[Samba] Multi tenancy and/or Hosted AD like solution

David STIEVENARD stievenard.david at gmail.com
Thu May 5 23:13:21 UTC 2016


an idea for your needs : you could give a try to freebsd jails to 
separate samba instances.

the doc about in freebsd handbook

a thread on this topic

Hope it can be usefull.

On 05/04/2016 03:28 PM, D Grealish wrote:
> Thanks Andrew,
> I've a few ideas on the go with a client atm, will need to scrap out some
> of the data before sharing, But like you said stateless-ness is the way i'm
> trying to go here. We have a central backend that we hope can
> build/re-provision samba in a container on a per tenant bases.
> However migrating and updating SAMBA binary with a "state volume" is
> something still an unknown, as from what I understand SAMBA will have to
> run over the data files to update them to a newer version in some way.
> Could you point me to your patches in SAMBA?
> On 30 April 2016 at 10:17, Andrew Bartlett <abartlet at samba.org> wrote:
>> On Mon, 2016-04-18 at 09:18 -0700, Jeremy Allison wrote:
>>> On Mon, Apr 18, 2016 at 03:39:02PM +0200, D Grealish wrote:
>>>> Hi,
>>>> I've been doing some research and testing into implementing SAMBA 4
>>>> as a
>>>> AD/DC role for offering "AD as a service" to various small
>>>> companies, I've
>>>> been testing SAMBA out in various different configurations and
>>>> wondering if
>>>> SAMBA in AD/DC role if it's possible to segment in such a way
>>>> some requirements:
>>>>   - Windows 10 support, e.g SMB3
>>>>   - AD tree segmentation so that one customer doesn't see a another
>>>> customer
>>>> AD tree, (users, computer, shares, etc..)
>>>>   - Single or multi domain (however I understand multi trust domains
>>>> isn't
>>>> supported yet)
>>>> some ideas:
>>>> - separate SAMBA instance for each customer,
>>>> - use docker to host each SAMBA instance
>>>> - single SAMBA instance running some splittree/forest
>>>> Anyone attempt something before?
>>> Containerizations/VM's are the way to go here.
>> I agree.  If you go into this seriously, then some patches I did for
>> our DNS code a while back (bug didn't integrate) would allow us to know
>> that our public IP isn't the local interface IP (eg, support docker).
>> If handled well, then docker could work well as the Samba binary could
>> be shared, but the databases would remain private to each instance.  We
>> map pretty well into the 'state volume, stateless OS' model if you get
>> the paths right.
>> I'm always excited by 'samba as a service' opportunities and I
>> encourage you in your endeavours.  Please share your experiences and if
>> possible any scripts/dockerfiles you make.  It would be lovely if we
>> could have a standard way to do this.
>> Andrew Bartlett
>> --
>> Andrew Bartlett                       http://samba.org/~abartlet/
>> Authentication Developer, Samba Team  http://samba.org
>> Samba Developer, Catalyst IT
>> http://catalyst.net.nz/services/samba

More information about the samba mailing list