[Samba] Container setup?

Joachim Lindenberg samba at lindenberg.one
Tue Jul 2 18:54:22 UTC 2019 

Hello,

I am trying to figure out, whether there are any best practices how to run a
Samba AD DC in a container. First of all: why a container? Because obviously
containers require less resources and are easier to update than multiple
linux systems – and I want to spend some of the savings into redundancy
(multiple DCs, also distributed to serve different locations).

Googling around I found several containers on github/dockerhub, e.g.
<https://github.com/Fmstrat/samba-domain>
https://github.com/Fmstrat/samba-domain (ubuntu with openvpn),
<https://hub.docker.com/r/instantlinux/samba-dc>
https://hub.docker.com/r/instantlinux/samba-dc ,
https://hub.docker.com/r/laslabs/alpine-samba-dc (both alpine), and very
likely more.

 

But what is really an adequate setup?

*	What are pros and cons of container vs. VMs?
*	What is the right distro to start with? 

*	Ubuntu appears to be lazy on updates. My 18.04.2 runs samba 4.7.6,
19.04 appears to run 4.10.0 which is not marked as stable on samba.org
(probably there is now an update available, but I didn´t check). 
*	Don´t know versions for Alpine. But Alpine is reported to have
problems with DNS resolution, and I don´t know to what extend they are
relevant with a DC.

*	What are the minimum packages required?

*	I have seen some containers using pam, but who authenticates into a
container?

*	What is a good and secure configuration? 

*	Most of the containers appear to use administrator secrets from a
configuration file, I´d prefer a prompt during initial startup (probably at
the expense that only a second start may detach)
*	What are the pros and cons of using a static IP for the container
vs. port forwarding?
*	VPN in the container or on host? Actually I´d go for wireguard
rather than OpenVPN..
*	How to include more bind configuration e.g. for an additional DNS
zone? Or require that on a different DNS server?
*	What about sysvol?
*	Ntpd - https://marc.info/?l=samba
<https://marc.info/?l=samba&m=154695462230809&w=2> &m=154695462230809&w=2 ?

*	How to do updates?

*	I can imagine using a cron job to tear down the container, then pull
or rebuild, then up. And schedule this for different work days for different
instances..

*	How to monitor replication is working?

*	I have seen some warnings about replication and containers, but I
can only guess what the root cause really is.

 

I don´t expect one size fits all. If that would be the result, then
excellent, and then ideally samba would just publish that container. But if
not, then collecting experiences and publishing a configuration (docker
build file, docker-compose.yaml, configuration files) with instructions on
github would be great. Than anyone interested (like me) can clone and
modify. Or a section on the wiki..

Any other thoughts? 

Thanks & Best Regards,
Joachim

More information about the samba mailing list