[Samba] Running samba in Kubernetes

Andrea Cucciarre' acucciarre at cloudian.com
Tue Sep 22 11:37:56 UTC 2020 

Hello,

I have successfully (hopefully) configured samba to run in Kubernetes 
pods, basically I have a pod (i.e. container) that run winbindd and join 
the Windows AD, and a pod (i.e. container) that run smbd.
I have used socat to allow the unix socket communication between 
winbindd and smbd pods:

*** winbindd pod ***

UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 Sep17 ?        00:00:03 /bin/bash 
./winbind_entrypoint.sh
root      1131     1  0 Sep17 ?        00:00:00 /usr/bin/socat -dd 
tcp-listen:2377,fork,reuseaddr 
unix-connect:/var/lib/samba/winbindd_privileged/pipe
root      1133     1  0 Sep17 ?        00:00:00 /usr/bin/socat -dd 
tcp-listen:2376,fork,reuseaddr unix-connect:/run/samba/winbindd/pipe
root      2904     1  0 Sep18 ?        00:00:04 winbindd -s 
/etc/samba/smb.conf
root      2906  2904  0 Sep18 ?        00:00:06 winbindd -s 
/etc/samba/smb.conf
root      2908  2904  0 Sep18 ?        00:00:00 winbindd -s 
/etc/samba/smb.conf
root      2909  2904  0 Sep18 ?        00:00:00 winbindd -s 
/etc/samba/smb.conf
root      2918  2904  0 Sep18 ?        00:00:00 winbindd -s 
/etc/samba/smb.conf

*** smbd pod ***

UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 11:04 ?        00:00:00 /bin/bash 
/samba_entrypoint.sh
root        13     1  0 11:04 ?        00:00:00 socat -dd 
unix-listen:/run/samba/winbindd/pipe,reuseaddr,fork 
tcp-connect:winbindd-1:2376
root        14     1  0 11:04 ?        00:00:00 socat -dd 
unix-listen:/var/lib/samba/winbindd_privileged/pipe,reuseaddr,fork 
tcp-connect:winbindd-1:2377
root        18     1  0 11:04 ?        00:00:00 /usr/sbin/smbd 
--no-process-group
root        30    18  0 11:04 ?        00:00:00 /usr/sbin/smbd 
--no-process-group
root        31    18  0 11:04 ?        00:00:00 /usr/sbin/smbd 
--no-process-group
root        35    18  0 11:04 ?        00:00:00 /usr/sbin/smbd 
--no-process-group

All seems to run fine, both the share connection and user id mapping

# smbclient -L 127.0.0.1 -U administrator
Enter HYPERFILE\administrator's password:

         Sharename       Type      Comment
         ---------       ----      -------
         volume1         Disk      HyperFile Group 1 Endpoint 1 Volume 1

# id administrator at hyperfile.local
uid=10500(HYPERFILE\administrator) gid=10513(HYPERFILE\domain users)....

Under /var/lib/samba/ I have seen there are a lot of .tdb files, sock 
directory (i.e. msg.sock) and so on.
So I would need to know if */var/lib/samba/winbindd_privileged/pipe* and 
*/var/run/samba/winbindd/pipe* are the only file/socket needed by smbd 
to work/communicate with winbindd?

Thanks in advance
Andrea

More information about the samba mailing list