#samba ads Dockerfile
#samba ads Dockerfile
FROM centos:6.8 RUN yum install -y ntpdate crontabs wget vim RUN service crond start RUN \cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime RUN ntpdate ntp6.aliyun.com #ntp6.aliyun.com RUN echo "*/3 * * * * /usr/sbin/ntpdate ntp6.aliyun.com &> /dev/null" > /tmp/crontab RUN crontab /tmp/crontab RUN yum install -y krb5-libs krb5-deve krb5-workstation pam_krb5 RUN yum install -y samba samba-client samba-winbind-clients samba-winbind samba-common samba4-libs samba-swat RUN yum install -y expect RUN echo '123456' |passwd root --stdin RUN sed -i 's/only_from.*=.*/only_from = 0.0.0.0/g' /etc/xinetd.d/swat RUN sed -i 's/disable.*=.*/disable = no/g' /etc/xinetd.d/swat #RUN sed -i 's/user.*=.*/user = root/g' /etc/xinetd.d/swat RUN echo -e "#!/bin/bash\nwhile true\ndo\nfor dname in \$(grep path /etc/samba/smb.conf |grep -v '/home/%D/%U' |awk '{print \$3}')\ndo\nif [ ! -e \${dname} ] \nthen mkdir -p \${dname} \nfi\ndone\nsleep 30\ndone\n###" >/opt/check_share.sh RUN cat /opt/check_share.sh RUN echo -e "#!/bin/bash \ngrep -c \"\${SMB_DNS} \${SMB_DOAMIN}\" /etc/hosts || echo \"\${SMB_DNS} \${SMB_DOAMIN}\" >>/etc/hosts " >/opt/smb_conf.sh RUN echo -e "export SMB_DOMAIN_NAME=\$(echo \${SMB_DOAMIN} |cut -d '.' -f1) \necho \" \n[logging] \ndefault = FILE:/var/log/krb5libs.log \nkdc = FILE:/var/log/krb5kdc.log \nadmin_server = FILE:/var/log/kadmind.log \n[libdefaults] \ndefault_realm = \${SMB_DOMAIN_NAME}.COM \ndns_lookup_realm = false \ndns_lookup_kdc = true \nticket_lifetime = 24h \nrenew_lifetime = 7d \nforwardable = yes \n[realms] \n\${SMB_DOMAIN_NAME}.COM = { \nkdc = \${SMB_DNS}:88 \nadmin_server = \${SMB_DNS}:749 \ndefault_domain = \${SMB_DOMAIN_NAME}.COM \n}\n[domain_realm] \n.\${SMB_DOMAIN_NAME}.com = \${SMB_DOMAIN_NAME}.COM \n\${SMB_DOMAIN_NAME}.com = \${SMB_DOMAIN_NAME}.COM \n[appdefaults] \npam = { \ndebug = false \nticket_lifetime = 36000 \nrenew_lifetime = 36000 \nforwardable = true \nkrb4_convert = false \n} \n\" >/etc/krb5.conf \n " >>/opt/smb_conf.sh RUN echo -e "echo 'passwd: files winbind \nshadow: files winbind \ngroup: files winbind \nhosts: files dns\n' >/etc/nsswitch.conf " >>/opt/smb_conf.sh RUN echo -e "echo \" \n workgroup =\${SMB_DOMAIN_NAME} \n server string = Samba Server Version %v \n netbios name = \$(echo \$(hostname) |cut -d '-' -f3-4) \n security = ads \n passdb backend = tdbsam \n realm = \${SMB_DOAMIN} \n password server = \${SMB_DNS} \n encrypt passwords = yes \n idmap uid = 16777216-33554431 \n idmap gid = 18777216-33554431 \n template shell = /bin/bash \n template homedir = /home/%U \n winbind use default domain = true \n winbind offline logon = false \n winbind enum groups = yes \n winbind enum users = yes \n winbind separator = / \n[global] \n idmap config * : range = 16777216-33554431 \n kerberos method = secrets only \n min protocol = SMB2 \n max protocol = SMB2 \n[home] \n path = /home/%D/%U \n browsable = no \n[printers] \n comment = All Printers \n path = /var/spool/samba \n printable = Yes \n browseable = No \n[process] \n path = /data/process \n write list = @\${SMB_DOMAIN_NAME}/domain users,\${SMB_DOMAIN_NAME}/administrator \n valid users = @\${SMB_DOMAIN_NAME}/domain users,\${SMB_DOMAIN_NAME}/administrator \n writeable = yes \n read only = yes \n browsable = yes \n create mask = 0777 \n directory mask = 0777 \n\" >/etc/samba/smb.conf \n" >>/opt/smb_conf.sh RUN echo -e "service crond restart \nservice winbind restart \nwbinfo -t || expect -c \"set timeout 30 \nspawn net ads join -U \${SMB_USER}@\${SMB_DOAMIN} \nexpect { \n\\\"password:\\\" { send \\\"\${SMB_USERPWD}\\\r\\\"; exp_continue} \neof { exit } \n}\"\nservice nmb restart\nservice smb restart\nservice xinetd restart\n" >>/opt/smb_conf.sh && chmod a+x /opt/smb_conf.sh /opt/check_share.sh RUN cat /opt/smb_conf.sh ENV SMB_USER administrator ENV SMB_USERPWD xxx@pwd ENV SMB_DOAMIN xxxx.com ENV SMB_DNS 192.168.10.10 EXPOSE 137 EXPOSE 138 EXPOSE 139 EXPOSE 445 EXPOSE 901 CMD /opt/smb_conf.sh;/opt/check_share.sh #