Hi, I am fairly new to docker and struggling a bit with some of what it can do. My aim is to run Samba AD/DC in a container on a server already running Samba in ClearOS (a Centos derivative). To an extent I have it working. I am using the container from here and it works after a load of tweaking the ClearOS Samba setup.
The container is started with:
docker run -t -i -d \ -e "DOMAIN=HOWITTS.LOCAL" \ -e "DOMAINPASS=SomeC0mplexPassword" \ -e "HOSTIP=172.22.22.2" \ -e "NOCOMPLEXITY=true" \ -p 172.22.22.2:53:53 \ -p 172.22.22.2:53:53/udp \ -p 172.22.22.2:88:88 \ -p 172.22.22.2:88:88/udp \ -p 172.22.22.2:135:135 \ -p 172.22.22.2:137-138:137-138/udp \ -p 172.22.22.2:139:139 \ -p 172.22.22.2:389:389 \ -p 172.22.22.2:389:389/udp \ -p 172.22.22.2:445:445 \ -p 172.22.22.2:464:464 \ -p 172.22.22.2:464:464/udp \ -p 172.22.22.2:636:636 \ -p 172.22.22.2:1024-1044:1024-1044 \ -p 172.22.22.2:3268-3269:3268-3269 \ -v /etc/localtime:/etc/localtime:ro \ -v /var/clearos/samba/data:/var/lib/samba \ -v /var/clearos/samba/config:/etc/samba/external \ --dns-search howitts.local \ --dns 172.22.22.2 \ --dns 172.22.22.1 \ --add-host localdc.howitts.local:172.22.22.2 \ -h localdc \ --name samba \ --privileged \ --restart unless-stopped \ nowsci/samba-domain
The problem is that the nmbd daemon in Samba binds to all ports and does not honour the “interfaces only” directive in smb.conf. This means that if ClearOS/Samba is running, the docker container won’t start due to the port clash. I can force nmbd to bind to a single port with:
nmbd bind explicit broadcast = yes socket address = 192.168.20.1
This works fine with a single LAN interface and I have a full AD DC running in the docker container.
ClearOS is a router distro and can have more than one LAN interface (real or virtual), but the “socket address” parameter can only take a single IP and I need ClearOS/Samba to listen on all LAN interfaces. I have asked on the samba mailing lists and they have suggested running docker/samba on its own interface and suggested I research “docker tun” or “docker tuntap”. I am not seeing any clear direction or howto on this.
Can anyone point me in the right direction? Or am I barking up the wrong tree?
The docker version I am running is docker-1.13.1-75.git8633870.el7.centos.x86_64