[Samba] Joining Samba AD DC from Docker container fails - timeout
Rowland penny
rpenny at samba.org
Wed Jun 16 07:35:08 UTC 2021
On 15/06/2021 22:13, greg at theschaubs.com wrote:
> Hi Roland,
>
> The container is not privileged because it would conflict with other host
> processes. From a network perspective, it is running a macvlan
> configuration.
If the container isn't privileged, then give up now, it must be a
privileged container if you want to run a DC in it.
>
> To be clear, the ports are open and available. A netstat from within the
> container shows that those are the only two ports listening. Similarly, a
> port scan performed from within the container on the DC source host shows
> all of those ports as advertised. Therefore, it appears that the docker
> image is not running processes that would listen on those ports.
> Additionally, running smbd made some of those available, but not all.
> Perhaps most importantly, smbd did not listen on port 135. I have not tried
> to start nmbd or winbind prior to the join, only smbd. I can try it with
> those services running.
You shouldn't have any of the Samba daemons running when joining and you
should only start the 'samba' daemon if and when you get the DC joined
to the domain
>
> I hadn't done that yet because the documentation appears to me to imply that
> none of the samba daemons should be running during the join. My assumption
> was that samba-tool itself would initiate the processes needed for all of
> the ports. If that is wrong, it would be very easy to fix.
You need to ensure all the required ports are open in the firewall (if
using one) before the join, this is to allow replication from the
existing DC.
Rowland
More information about the samba
mailing list