Weird question of the day: Containers where smbd is in a container and winbindd is outside

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Weird question of the day: Containers where smbd is in a container and winbindd is outside

Samba - samba-technical mailing list
Has anyone tried setting up a container situation where winbindd run
on the host and smbd runs in a container.

Can you bind-mount the winbindd directory where it keeps its comms
socket in the container so that smbd in the container can talk to
winbindd outside the container?

--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)

Reply | Threaded
Open this post in threaded view
|

Re: Weird question of the day: Containers where smbd is in a container and winbindd is outside

Samba - samba-technical mailing list
On Mon, Sep 11, 2017 at 04:39:35PM -0700, Richard Sharpe via samba-technical wrote:
> Has anyone tried setting up a container situation where winbindd run
> on the host and smbd runs in a container.
>
> Can you bind-mount the winbindd directory where it keeps its comms
> socket in the container so that smbd in the container can talk to
> winbindd outside the container?

No clue. As in most things, you are a pioneer ! :-) :-).

Reply | Threaded
Open this post in threaded view
|

Re: Weird question of the day: Containers where smbd is in a container and winbindd is outside

Samba - samba-technical mailing list
On Mon, Sep 11, 2017 at 7:04 PM, Jeremy Allison <[hidden email]> wrote:
> On Mon, Sep 11, 2017 at 04:39:35PM -0700, Richard Sharpe via samba-technical wrote:
>> Has anyone tried setting up a container situation where winbindd run
>> on the host and smbd runs in a container.
>>
>> Can you bind-mount the winbindd directory where it keeps its comms
>> socket in the container so that smbd in the container can talk to
>> winbindd outside the container?
>
> No clue. As in most things, you are a pioneer ! :-) :-).

I have decided that this does not buy much more than complexity, since
we would have to manage the UID/GID namespaces very carefully and tell
winbindd the ranges of UIDs/GIDs to allocate to each container.

Much easier to simply allocate a range of UIDs/GIDs to each container
and run winbindd in each container.

--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)