Docker Community Forums

Share and learn in the Docker community.

How can I run a container (Samba AD DC) on its own interface


#1

Hi, I am fairly new to docker and struggling a bit with some of what it can do. My aim is to run Samba AD/DC in a container on a server already running Samba in ClearOS (a Centos derivative). To an extent I have it working. I am using the container from here and it works after a load of tweaking the ClearOS Samba setup.

The container is started with:

docker run -t -i -d \
	-e "DOMAIN=HOWITTS.LOCAL" \
	-e "DOMAINPASS=SomeC0mplexPassword" \
	-e "HOSTIP=172.22.22.2" \
	-e "NOCOMPLEXITY=true" \
	-p 172.22.22.2:53:53 \
	-p 172.22.22.2:53:53/udp \
	-p 172.22.22.2:88:88 \
	-p 172.22.22.2:88:88/udp \
	-p 172.22.22.2:135:135 \
	-p 172.22.22.2:137-138:137-138/udp \
	-p 172.22.22.2:139:139 \
	-p 172.22.22.2:389:389 \
	-p 172.22.22.2:389:389/udp \
	-p 172.22.22.2:445:445 \
	-p 172.22.22.2:464:464 \
	-p 172.22.22.2:464:464/udp \
	-p 172.22.22.2:636:636 \
	-p 172.22.22.2:1024-1044:1024-1044 \
	-p 172.22.22.2:3268-3269:3268-3269 \
	-v /etc/localtime:/etc/localtime:ro \
	-v /var/clearos/samba/data:/var/lib/samba \
	-v /var/clearos/samba/config:/etc/samba/external \
	--dns-search howitts.local \
	--dns 172.22.22.2 \
	--dns 172.22.22.1 \
	--add-host localdc.howitts.local:172.22.22.2 \
	-h localdc \
	--name samba \
	--privileged \
	--restart unless-stopped \
	nowsci/samba-domain

The problem is that the nmbd daemon in Samba binds to all ports and does not honour the “interfaces only” directive in smb.conf. This means that if ClearOS/Samba is running, the docker container won’t start due to the port clash. I can force nmbd to bind to a single port with:

nmbd bind explicit broadcast = yes
socket address = 192.168.20.1

This works fine with a single LAN interface and I have a full AD DC running in the docker container.

ClearOS is a router distro and can have more than one LAN interface (real or virtual), but the “socket address” parameter can only take a single IP and I need ClearOS/Samba to listen on all LAN interfaces. I have asked on the samba mailing lists and they have suggested running docker/samba on its own interface and suggested I research “docker tun” or “docker tuntap”. I am not seeing any clear direction or howto on this.

Can anyone point me in the right direction? Or am I barking up the wrong tree?

The docker version I am running is docker-1.13.1-75.git8633870.el7.centos.x86_64