samba - (ghcr.io/servercontainers/samba) (+ optional zeroconf, wsdd2 & time machine) on alpine [x86 + arm]
samba on alpine
with timemachine, zeroconf (avahi
) and WSD (Web Services for Devices) (wsdd2
) support.
New Registry: ghcr.io/servercontainers/samba
In March 2023 - Docker informed me that they are going to remove my
organizations servercontainers
and desktopcontainers
unless
I'm upgrading to a pro plan.
I'm not going to do that. It's more of a professionally done hobby then a professional job I'm earning money with.
In order to avoid bad actors taking over my org. names and publishing potenial
backdoored containers, I'd recommend to switch over to my new github registry: ghcr.io/servercontainers
.
You can specify DOCKER_REGISTRY
environment variable (for example my.registry.tld
)
and use the build script to build the main container and it's variants for x86_64, arm64 and arm
You'll find all images tagged like a3.15.0-s4.15.2
which means a<alpine version>-s<samba version>
.
This way you can pin your installation/configuration to a certain version. or easily roll back if you experience any problems.
To build a latest
tag run ./build.sh release
For builds without specified registry you can use the generate-variants.sh
script to generate
variations of this container and build the repos yourself.
all of those variants are automatically build and generated in one go
latest
or a<alpine version>-s<samba version>
smbd-only-latest
or smbd-only-a<alpine version>-s<samba version>
smbd-avahi-latest
or smbd-avahi-a<alpine version>-s<samba version>
smbd-wsdd2-latest
or smbd-wsdd2-a<alpine version>-s<samba version>
tzdata
package to support setting the timezone using an env
TZ=Europe/Berlin
host-name
in /etc/avahi/avahi-daemon.conf
if AVAHI_NAME
env is setlatest
tag if there was a commit within last hour
nmbd
optional use NETBIOS_DISABLE=true
to disable nmbd</service-group>
error (Issue #107)nmbd
service and increase compatibilitysmb.conf
on initialization to make testparm -s
problems visiblevfs objects = catia fruit streams_xattr
to global config to improve macos compatibility - closes issue #93older changelogs -> CHANGELOGS.md
This is a Samba Server Container running on _/alpine
.
If you experience Problems, take a look at this file: TROUBLESHOOTING.md
SAMBA_GLOBAL_STANZA
;
which will be automatically translated to \n
SAMBA_GLOBAL_CONFIG_someuniquevalue
smb.conf
key = value
space replace it with _SPACE_
foo_SPACE_bar
:
space replace it with _COLON_
foo_COLON_bar
ACCOUNT_username
:
username:[0-9]*:
or it will be detected as hash)user:1002:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:8846F7EAEE8FB117AD06BDD830B7586C:[U ]:LCT-5FE1F7DF:
(user: user
/ password: password
) add the line from /var/lib/samba/private/smbpasswd
docker run -ti --rm --entrypoint create-hash.sh ghcr.io/servercontainers/samba
docker-compose.yml
user foo
for an example how it's used/configured.valid users = alice; invalid users = bob;
UID_username
uid
explicitly for each user account.username
part must match to a specified ACCOUNT_username
environment variableGROUP_groupname
gid
GROUP_devops=1500
will create group devops
with id 1500
GROUP_bob=1000
- those groups are automatically created for the userGROUPS_username
GROUP_groupname
or mount/inject /etc/groups file (can cause problems)username
part must match to a specified ACCOUNT_username
environment variable,
GROUPS_johndoe=musican,devops
MODEL
TimeCapsule
Xserve
, PowerBook
, PowerMac
, Macmini
, iMac
, MacBook
, MacBookPro
, MacBookAir
, MacPro
, MacPro6,1
, MacPro7,1
(Tower), MacPro7,1@ECOLOR=226,226,224
(Rack), TimeCapsule
, AppleTV1,1
and AirPort
.AVAHI_NAME
AVAHI_DISABLE
SAMBA_CONF_SERVER_ROLE
$
is an invalid symbol in this envSAMBA_CONF_LOG_LEVEL
SAMBA_CONF_WORKGROUP
SAMBA_CONF_SERVER_STRING
SAMBA_CONF_MAP_TO_GUEST
SAMBA_VOLUME_CONFIG_myconfigname
docker-compose.yml
for example;
which will be automatically translated to \n
%U
e.g. path = /shares/homes/%U;
multi user mode gets activated and each user gets their own subdirectory for their own share. (great for timemachine - every user get's his own personal share)fruit:time machine = yes
and all other needed settings are automatically added
fruit:time machine max size = 500G;
to limit max size of time machine volumeWSDD2_DISABLE
WSDD2_PARAMETERS
-l
NETBIOS_DISABLE
nmbd
your shares
/shares
and configure them using the path
property/external/avahi
/etc/avahi/services/
to this spotsamba.service
for you - it will be overwritten!
Samba
Avahi
You can't proxy the zeroconf inside the container to the outside, since this would need routing and forwarding to your internal docker0 interface from outside.
So you need to use the network=host
mode to enable zeroconf from within the container
You can just expose the needed Port 548 to the docker hosts port and install avahi. After that just add a new service which fits to your config.
If you have a more sophisticated network setup (vpn, different networks etc.) you might want to avoid using zeroconfig + avahi in combination with TimeMachine.
Zeroconf limits you to the autodiscovered mdns names ($AVAHI_NAME
+ .local
). So whenever your mac can't pic up this zeroconf configuration TimeMachine will not backup your machine.
This is not bad in a normal guy's personal homenetwork. Here it would backup everytime the user is at home and has all devices (and his backup nas) in one LAN.
To overcome this issue, I'd suggest to connect your NAS/Samba Server manually using Finder
-> Go -> Connect to Server (or shortcut ⌘k
).
Enter the FQDN or IP of the server and the path to your timemachine share you want to connect to and establish the connection.
Once the connection is established, you can open Settings
-> TimeMachine and add/choose this newly connected share as your place to store your backups. You'll notice that it now shows the FQDN or IP you choose.
If you already used this NAS but with zeroconf it should detect that there are already backups for your mac and asks/continues using them - so a full backup shouldn't be required if you switch your connection method.
After you made this more explicit network configuration it will backup as soon as your device is reachable - so if a connection via VPN or cause of network cascading is possible. this way you can backup from any network as long as routing works :)
For the Windows 10 Network Discovery the hostname
of the container is used.
If you use network_mode: host
then it's the docker-host hostname
.
If you use any other network_mode
and want to avoid the autogenerated cryptic hostname of the container, you can specify
a explicit hostname using: hostname: my-samba-containers-hostname
Note: This wsdd2
service seems to need CAP_NET_ADMIN
as a capability. (more info: https://github.com/ServerContainers/samba/issues/50)
cap_add:
- CAP_NET_ADMIN