Comments (5)
aczwink
commented on August 15, 2024
2
I have found the issue.
The problem is that init.sh puts the dns forwarder at the top of the [global] section in smb.conf, however, the "samba-tool domain provision" (and maybe also join) command adds already a dns forwarder (the one from /etc/resolv.conf) far more down already, overriding the desired one (see my screenshot).
Samba will use the second one, which is the docker internal DNS server (127.0.0.11). Since the container is configured to have itself as its DNS server, this will cause a loop for every DNS lookup outside of the AD zone itself.
I fixed the issue and created a pull request.
from samba-domain.
burnbabyburn
commented on August 15, 2024
Hi,
tried to replicate your problem with my version. I changed the naming of some config params and didn't updated the README examples. My bad.
Following command was run:
#build and cleanup
git clone https://github.com/burnbabyburn/docker-ubuntu-samba-dc
cd docker-ubuntu-samba-dc
docker build . -t samba-ad-dc
docker volume rm samba-data samba-config samba-etc
# create and run
docker volume create samba-data
docker volume create samba-config
docker run -t -i \
-e "DOMAIN=OFFICE.COMPANY.COM" \
-e "DOMAIN_PASS=Password1" \
-e "ENABLE_DNSFORWARDER=192.168.1.1" \
-e "HOSTIP=192.168.1.250" \
-e "ENABLE_DYNAMIC_PORTRANGE=49152-49172" \
-p 53:53 \
-p 53:53/udp \
-p 88:88 \
-p 88:88/udp \
-p 135:135 \
-p 137-138:137-138/udp \
-p 139:139 \
-p 389:389 \
-p 389:389/udp \
-p 445:445 \
-p 464:464 \
-p 464:464/udp \
-p 636:636 \
-p 3268-3269:3268-3269 \
-p 49152-49172 \
-v /etc/localtime:/etc/localtime:ro \
-v samba-data:/var/lib/samba \
-v samba-config:/etc/samba/external \
--dns-search office.company.com \
--dns 127.0.0.1 \
--add-host localdc.office.company.com:192.168.1.250\
-h localdc \
--name samba-bbb \
--privileged \
--restart unless-stopped \
samba-ad-dc
complete output can be found here: https://pastebin.com/DKECUHAw
My docker Host with samba-ad-dc has 192.168.10 but i kept your IP address of 250 for localdc. so some output may look a little wierd
on win client
nslookup localdc.office.company.com 192.168.1.10
Server: OdroidN2.samdom.example
Address: 192.168.1.10
Name: localdc.office.company.com
Address: 192.168.1.250
on docker host
dig @192.168.1.10 localdc.office.company.com
; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.1.10 localdc.office.company.com
; (1 server found)
;; ANSWER SECTION:
localdc.office.company.com. 900 IN A 192.168.1.250
localdc.office.company.com. 900 IN A 172.17.0.2
in container
root@localdc:/# dig localdc.office.company.com
;; QUESTION SECTION:
;localdc.office.company.com. IN A
;; ANSWER SECTION:
localdc.office.company.com. 900 IN A 192.168.1.250
localdc.office.company.com. 900 IN A 172.17.0.2
ports used in docker container
root@localdc:/# netstat -nvuap|wc -l
23
looks good to me. if the error persist, could you provide a log?
from samba-domain.
Merlin83b
commented on August 15, 2024
Yep, that's done the trick thank you. I have a couple of errors during the run from ntpd:
Attempting to autogenerate TLS self-signed keys for https for hostname 'LOCALDC.office.company.com'
12 May 14:57:28 ntpd[706]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): good hash signature
12 May 14:57:28 ntpd[706]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): loaded, expire=2022-12-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37
12 May 14:57:28 ntpd[706]: switching logging to file /var/log/ntp
12 May 14:57:28 ntpd[706]: Listen and drop on 0 v6wildcard [::]:123
12 May 14:57:28 ntpd[706]: Listen and drop on 1 v4wildcard 0.0.0.0:123
12 May 14:57:28 ntpd[706]: Listen normally on 2 lo 127.0.0.1:123
12 May 14:57:28 ntpd[706]: Listen normally on 3 eth0 172.17.0.2:123
12 May 14:57:28 ntpd[706]: Listening on routing socket on fd #20 for interface updates
12 May 14:57:28 ntpd[706]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
12 May 14:57:28 ntpd[706]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
TLS self-signed keys generated OK
2022-05-12 14:57:29,254 INFO success: ntpd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-05-12 14:57:29,254 INFO success: samba entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
/usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
/usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
/usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
/usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
/usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
dnsupdate_nameupdate_done: Failed DNS update with exit code 5
but after the sleep 300s expires, everything seems to run normally then. I also tried adding in --dns 192.168.1.1 to the run command but it made no difference. The server is remote so I haven't had a chance to try really using it yet, but the DNS queries seems to work properly now.
from samba-domain.
Fmstrat
commented on August 15, 2024
Can this be closed?
from samba-domain.
frasou
commented on August 15, 2024
Actually not. It is still a problem.
docker version
Version: 20.10.24+dfsg1
uname -r
6.1.0-10-amd64
docker pull nowsci/samba-domain:latest
So with latest version, with exact configuration template , using docker-compose up -d
(samba-ad-dc runs on 192.168.100.252, docker-compose.yml is below)
from a PC in LAN:
host google.com 192.168.100.252
then on docker host:
ss -4pn | grep 53| wc -l
28231
and in htop process samba: task[dns] pre-fork master shows 100% CPU occupation
cat docker-compose.yml
samba:
image: nowsci/samba-domain
container_name: samba
volumes:
- /etc/localtime:/etc/localtime:ro
- samba-data:/var/lib/samba
- samba-config:/etc/samba/external
environment:
- DOMAIN=VRBA.LAN
- DOMAIN_DC=dc=vrba,dc=lan
- DOMAIN_EMAIL=i
- DOMAINPASS=123Qwer
- DNSFORWARDER=192.168.100.254
- HOSTIP=192.168.100.252
ports:
- 192.168.100.252:53:53
- 192.168.100.252:53:53/udp
- 192.168.100.252:88:88
- 192.168.100.252:88:88/udp
- 192.168.100.252:123:123
- 192.168.100.252:123:123/udp
- 192.168.100.252:135:135
- 192.168.100.252:137-138:137-138/udp
- 192.168.100.252:139:139
- 192.168.100.252:389:389
- 192.168.100.252:389:389/udp
- 192.168.100.252:445:445
- 192.168.100.252:464:464
- 192.168.100.252:464:464/udp
- 192.168.100.252:636:636
- 192.168.100.252:1024-1044:1024-1044
- 192.168.100.252:3268-3269:3268-3269
dns_search:
- vrba.lan
dns:
- 192.168.100.252
- 192.168.100.254
extra_hosts:
- dc1.vrba.lan:192.168.100.252
hostname: dc1
cap_add:
- NET_ADMIN
- SYS_NICE
- SYS_TIME
devices:
- /dev/net/tun
privileged: true
restart: always
from samba-domain.
Related Issues (20)
- Any specific reason why "extnet" is present in the docker-compose examples but not in normal docker examples? HOT 6
- Cannot connect using ldapsearch HOT 2
- Have rsync based sysvol share replication from existing dc on join
- Setting Active Directory site does not properly update dns entries
- Adding secondary DC with JOIN does not add expected DNS entries HOT 3
- Windows clients not registering in DNS HOT 6
- Help: docker samba service client HOT 1
- is this project still alive? HOT 9
- split into latest / latest-multisite
- Roadmap 1.0 HOT 7
- add ENV 'URDOMAIN' to set diverging NETBIOS domain name
- cannot build 'develop' branch HOT 2
- Stopped working after update to latest image version HOT 1
- NTP errors HOT 1
- Beginners question - getting started HOT 5
- Bug: Supervisord Error and Warning
- Unable to create files on samba share from linux AD client
- Several errors when running as instructed HOT 1
- [Question] Where to place domain.sh?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from samba-domain.