sambaXP 2023 - SINK Demo 2 #130
phlogistonjohn
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The SINK Team's 2023 sambaXP presentation contains two demonstrations. This year the theme was how SINK projects are more then just for use on Kubernetes and that samba-container images can be used without a Kubernetes cluster.
The goal of this demo is to show that the samba-container images are flexible enough to be used in a simple container orchestration system like docker-compose, while at the same time demonstrating the ability of containers
to isolate resources such that an AD DC container can be run on the same node as a domain member file server without putting each Samba instance in it's own Virtual Machine.
Video Recording
The original demo recording
Introduction Text
Running an AD DC and A Member File Server on the same host
(without dedicated virtual machines)
Using Docker and Docker Compose
Docker Compose will provide a simple "orchestration" system.
We're hosting the containers on a single node running Debian "Bookworm".
Already configured / installed:
Reference Links
SINK:
Debian: https://www.debian.org/
Docker:
Configuration Files and Commands Used
Prerequisites
This demo requires a system (VM or hardware) running Debian Bookworm on the
x86_64
architecture.Install "docker-compose".
Ensure that the user can run docker commands and others via
sudo
.Note that this demo assumes particular network addresses and subnet. In particular it assumes the test node is connected to 192.168.122.0/24. You can alter the IP addresses in the docker compose YAML file and the
docker network create
command to fit your local network. You'll probably want to change the domain to one that you control or something likesambaxp.test
.Copy Configuration Files
Create a directory to host the compose YAML file. I simply use
compose
.Copy the following YAML to
compose/compose.yaml
:Create a file called
demo2.yaml
. This is the sambacc configuration file.Copy the following to
demo2.yaml
:Connect to the Debian test node and run:
While docker-compose is bringing up the containers it will pause while the "must-join"
container is running. In another shell connect to the Debian node and run:
sudo docker exec -it compose_join_fs_1 samba-container join
This should prompt you for a password. Provide the admin password for the testdomain as defined in the YAML file above.
A few moments after the password is provided the
docker-compose
command should continue progressing and, if everything goes as planned, the AD DC will be running as well as an smbd with users from the domain.Once the containers are running we can add the filer server's IP to the AD DC DNS so client can refer to it by a name.
On the Debian node, run:
sudo docker exec -it compose_dc_1 samba-tool dns add localhost -P sambaxp.cx.fdopen.net smbfs1 A 192.168.122.30
(There are other ways to accomplish this, but this demonstrates the use of samba-tool commands run manually within this system).
Try adding the AD DC server IP address as your DNS host, or if you have a more proper DNS configuration in your office/home/lab, delegate your domain to it in DNS and then join a Windows host to your domain and then access the share using Single-Sign-On!
Beta Was this translation helpful? Give feedback.
All reactions