Docker Community Forums

Share and learn in the Docker community.

API in container in Linux with authetication in Microsoft AD


(Phscuritiba) #1

Hi all,

We have a problem with using an API (implemented in .net core code) in a Docker container (in Linux CentOS7), authenticating to a domain (Microsoft AD).

In the domain (Microsoft AD), we have configured gMSA with a user account (used in the .net code in the API that is in the container) included in the group created to the gMSA.

The Linux host, where Docker is, is joined to the domain (Microsoft AD) and the communication between the Linux host and the domain (Microsoft AD) is working perfectly.

Also a “.jason file” was created following 2 posts in the MSDN of Microsoft for the connection of container Docker in Linux container applications with domain (Microsoft AD) according to the links below:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj128431(v=ws.11)

When trying to upload the contanier with the following command:

docker run -ti -p 80:80 --security-opt “credentialspec = file:/home/user/apitest/SpecCredential/gMSAservices.json”

I get the following error:
docker: Error response from daemon: invalid --security-opt 2:“credentialspec=file:/home/user/apitest/gMSAservices.json”.

Could help us with this problem, please?

PS. My version Docker is 18.05.0-ce, build f150324


(Bryce Ryan) #2

I’m not sure if you’ve seen this Docker Reference Architecture, which may prove helpful as an example of working with AD and containers: https://success.docker.com/article/modernizing-traditional-dot-net-applications

I also noticed your

docker run

command was missing the image to run. I’m sure it was a copy-paste error. I mention this because the document you reference says

docker run -it --security-opt “credentialspec=file://adoncontt1.json” microsoft/windowsservercore`