diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..69d8fa0 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,24 @@ +FROM ubuntu:20.04 + +ENV DEBIAN_FRONTEND=noninteractive +ENV TZ=America/Denver + +RUN apt-get update && apt-get install -y --no-install-recommends tzdata samba krb5-user libpam-krb5 libnss-winbind libpam-winbind iputils-ping && \ + ln -fs /usr/share/zoneinfo/$TZ /etc/localtime && \ + dpkg-reconfigure --frontend noninteractive tzdata && \ + rm -rf /var/lib/apt/lists/* + +COPY smb.conf /etc/samba/smb.conf +COPY krb5.conf /etc/krb5.conf +COPY entrypoint.sh /entrypoint.sh + +# Validate the smb.conf file +RUN testparm -s /etc/samba/smb.conf + +# Create the directory and change its ownership and permissions +RUN mkdir -p /mnt/example && chown nobody:nogroup /mnt/example && chmod 777 /mnt/example + +# Set executable permissions for the entrypoint script +RUN chmod +x /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..db4a1de --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,18 @@ +version: '3' +services: + ad-samba: + build: + context: /srv/smb-abstraction-container + volumes: + - /srv/smb-abstraction-container/exampledata:/mnt/example + ports: + - 137:137/udp + - 138:138/udp + - 139:139 + - 445:445 + networks: + docker_network: + ipv4_address: 192.168.5.231 +networks: + docker_network: + external: true diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..3620db4 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# Modify the DNS configuration in /etc/resolv.conf +echo "nameserver 192.168.3.10" > /etc/resolv.conf && \ +echo "nameserver 192.168.3.11" >> /etc/resolv.conf + +# Map nexus-dc-01.moongate.local to 192.168.3.10 in /etc/hosts +echo "192.168.3.10 nexus-dc-01.moongate.local" >> /etc/hosts +echo "192.168.3.11 nexus-dc-02.moongate.local" >> /etc/hosts +echo "192.168.3.10 nexus-dc-01" >> /etc/hosts +echo "192.168.3.11 nexus-dc-02" >> /etc/hosts + +#Start the necessary services +service winbind start +service smbd start +tail -f /dev/null diff --git a/krb5.conf b/krb5.conf new file mode 100644 index 0000000..fecb5d4 --- /dev/null +++ b/krb5.conf @@ -0,0 +1,12 @@ +[libdefaults] + default_realm = MOONGATE.LOCAL + +[realms] + MOONGATE.LOCAL = { + kdc = nexus-dc-01.moongate.local + admin_server = nexus-dc-01.moongate.local + } + +[domain_realm] + .moongate.local = MOONGATE.LOCAL + moongate.local = MOONGATE.LOCAL diff --git a/smb.conf b/smb.conf new file mode 100644 index 0000000..d6bd251 --- /dev/null +++ b/smb.conf @@ -0,0 +1,22 @@ +[global] + workgroup = MOONGATE + security = ads + realm = MOONGATE.LOCAL + kerberos method = secrets and keytab + winbind refresh tickets = Yes + vfs objects = acl_xattr + map acl inherit = Yes + store dos attributes = Yes + + idmap config * : backend = tdb + idmap config * : range = 3000-7999 + idmap config MOONGATE : backend = rid + idmap config MOONGATE : range = 10000-999999 + template shell = /bin/bash + winbind use default domain = yes + winbind offline logon = true + +[example] + path = /mnt/example + read only = no + valid users = @"MOONGATE\reconstructionlab"