{"id":30119855,"url":"https://github.com/palw3ey/ye3samba","last_synced_at":"2026-04-15T07:36:24.434Z","repository":{"id":307192521,"uuid":"1028037261","full_name":"palw3ey/ye3samba","owner":"palw3ey","description":"Samba server on Debian. GNS3 ready","archived":false,"fork":false,"pushed_at":"2025-08-12T21:47:10.000Z","size":82,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-13T21:44:43.750Z","etag":null,"topics":["active-directory","docker","domain-controller","gns3","kerberos-server","ldap-server","samba-server","samba-share"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/palw3ey/ye3samba","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/palw3ey.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-28T23:54:13.000Z","updated_at":"2025-08-12T21:47:14.000Z","dependencies_parsed_at":"2025-07-30T00:51:29.318Z","dependency_job_id":"063f6056-6e73-4191-b6f7-361ef7f218b9","html_url":"https://github.com/palw3ey/ye3samba","commit_stats":null,"previous_names":["palw3ey/ye3samba"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/palw3ey/ye3samba","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palw3ey%2Fye3samba","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palw3ey%2Fye3samba/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palw3ey%2Fye3samba/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palw3ey%2Fye3samba/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/palw3ey","download_url":"https://codeload.github.com/palw3ey/ye3samba/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palw3ey%2Fye3samba/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31831847,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T07:17:56.427Z","status":"ssl_error","status_checked_at":"2026-04-15T07:17:30.007Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","docker","domain-controller","gns3","kerberos-server","ldap-server","samba-server","samba-share"],"created_at":"2025-08-10T12:51:02.582Z","updated_at":"2026-04-15T07:36:24.415Z","avatar_url":"https://github.com/palw3ey.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ye3samba\n\nSamba image build on debian. GNS3 ready\n\nThe ye3samba image automates the initial setup and configuration of a Samba server, which can function as a standalone server, a domain controller (DC), or a domain member.  \nIt handles provisioning, domain joining, share configuration, and integrates with various services : rsyslog, chronyd, sshd, rsyncd and crond.\n\n* [Simple usage](#user-content-simple-usage)\n* [Advanced usage](#user-content-advanced-usage)\n* [Prerequisite](#user-content-prerequisite)\n* [Registry](#user-content-registry)\n* [GNS3](#user-content-gns3)\n* [Compatibility](#user-content-compatibility)\n* [Build](#user-content-build)\n* [Documentation](#user-content-documentation)\n* [Ports](#user-content-ports)\n* [Environment Variables](#user-content-environment-variables)\n* [Version](#user-content-version)\n* [Changelog](#user-content-changelog)\n* [ToDo](#user-content-todo)\n* [License](#user-content-license)\n\n## Simple usage\n\nCreate a standalone samba server to share files\n\n```bash\n# create the nas folder on your host\nmkdir ~/nas\n\n# create and start\npodman run -dt --name=\"mynas\" \\\n    -v ~/nas:/nas \\\n    -p 137:137/udp -p 138:138/udp -p 139:139/tcp -p 445:445/tcp \\\n    -e Y_SHARE_NAME=\"nas\" -e Y_SHARE_PATH=\"/nas\" -e Y_SHARE_CHMOD=\"777\" \\\n    -e Y_SHARE_OPTION=\"writable = yes | read only = no | hide dot files = no | vfs objects = recycle\" \\\n    registry.gitlab.com/palw3ey/ye3samba\n\n# logs\npodman logs -f mynas\n\n# add user\npodman exec -it mynas adduser caroline \npodman exec -it mynas smbpasswd -a caroline\n```\n## Advanced usage\n\nTo show the capabilities, we will create 1 network and 3 containers : \n- a network :\u003cbr\u003e named mynet46, subnet ipv4=10.1.192.0/24 ipv6=fd00::a01:c000/120 \n- an active directory domain controller :\u003cbr\u003e fqdn=dc1.samba.lan ipv4=10.1.192.11 ipv6=fd00::a01:c00b\n- another domain controller :\u003cbr\u003e fqdn=dc2.samba.lan ipv4=10.1.192.12 ipv6=fd00::a01:c00c\n- a member server with a share :\u003cbr\u003e fqdn=nas1.samba.lan ipv4=10.1.192.13 ipv6=fd00::a01:c00d\n\n### Network\n```bash\npodman network create --ipv6 --subnet=10.1.192.0/24 --subnet=fd00::a01:c000/120 mynet46\n```\n\n### Active directory domain controller\n```bash\npodman run -dt --name=\"dc1\" --cap-add=\"NET_RAW,SYS_TIME,SYS_NICE\"  \\\n    --hostname=\"dc1\" --network=\"mynet46\" --ip=\"10.1.192.11\" --ip6=\"fd00::a01:c00b\" \\\n    -e Y_RESOLV_OPTION=\"search samba.lan | nameserver 10.1.192.11\" \\\n    -e Y_HOSTS_ENTRY=\"127.0.0.1 localhost | 10.1.192.11  dc1.samba.lan dc1\" \\\n    -e Y_SERVER_ROLE=\"dc\" -e Y_PROVISION_REALM=\"samba.lan\" -e Y_PROVISION_DOMAIN=\"samba\" -e Y_PROVISION_ADMINPASS=\"My_Str0ng_Dc_Passw0rd\" \\\n    -e Y_NETBIOS_NAME=\"dc1\" -e Y_RFC2307=\"yes\" \\\n    -e Y_IDMAP_LOWERBOUND=\"45534\" -e Y_IDMAP_UPPERBOUND=\"65533\" \\\n    -e Y_PAM_KRB_MINIMUM_UID=\"45534\" -e Y_PAM_MKHOMEDIR=\"yes\" \\\n    -e Y_GENERAL_OPTION=\"dns forwarder = 1.1.1.1 | vfs objects = dfs_samba4 acl_xattr xattr_tdb | apply group policies = yes\" \\\n    -e Y_REVERSE_ZONE=\"192.1.10.in-addr.arpa\" -e Y_REVERSE_ZONE_CREATE=\"yes\" -e Y_REVERSE_SERVER=\"dc1.samba.lan\" \\\n    -e Y_REVERSE_PTR_NAME=\"11\" -e Y_REVERSE_PTR_DATA=\"dc1.samba.lan\" \\\n    -e Y_CHRONYD=\"yes\" -e Y_CHRONYD_OPTION=\"bindcmdaddress 10.1.192.11 | allow 10.1.192.0/24 | server 0.pool.ntp.org iburst\" \\\n    -e Y_RSYNCD=\"yes\" -e Y_RSYNCD_USER=\"samba-replication\" -e Y_RSYNCD_PASSWORD=\"My_Str0ng_Rsync_Passw0rd\" \\\n    registry.gitlab.com/palw3ey/ye3samba\n\npodman logs -f dc1\n```\n\n### Add a user\n```bash\npodman exec -it dc1 samba-tool user add caroline My_Str0ng_User_Passw0rd\n```\n\n### GPO : Install admx\n```bash\npodman exec -it dc1 bash\n\nwget \"https://download.microsoft.com/download/9/5/b/95be347e-c49e-4ede-a205-467c85eb1674/Administrative%20Templates%20(.admx)%20for%20Windows%2011%20Sep%202024%20Update.msi\"\n\nmkdir extracted_msi \n\nmsiextract --directory /extracted_msi  \"Administrative Templates (.admx) for Windows 11 Sep 2024 Update.msi\"\n\nsamba-tool gpo admxload --username=administrator --password=\"My_Str0ng_Dc_Passw0rd\"\nsamba-tool gpo admxload --username=administrator --password=\"My_Str0ng_Dc_Passw0rd\" --admx-dir=\"/extracted_msi/Program Files/Microsoft Group Policy/Windows 11 Sep 2024 Update (24H2)/PolicyDefinitions/\"\n\nls -l /var/lib/samba/sysvol/samba.lan/Policies/PolicyDefinitions\n```\n\n### Add another domain controller\n```bash\n# with unidirectional SysVol replication via cron and rsync\n\npodman run -dt --name=\"dc2\" --cap-add=\"NET_RAW,SYS_TIME,SYS_NICE\"  \\\n    --hostname=\"dc2\" --network=\"mynet46\" --ip=\"10.1.192.12\" --ip6=\"fd00::a01:c00c\" \\\n    -e Y_RESOLV_OPTION=\"search samba.lan | nameserver 10.1.192.12\" \\\n    -e Y_HOSTS_ENTRY=\"127.0.0.1 localhost | 10.1.192.12  dc2.samba.lan dc2\" \\\n    -e Y_SERVER_ROLE=\"dc\" -e Y_JOIN_DOMAIN=\"samba.lan\" -e Y_JOIN_SERVER=\"10.1.192.11\" -e Y_JOIN_USER=\"Administrator\" -e Y_JOIN_PASSWORD=\"My_Str0ng_Dc_Passw0rd\" \\\n    -e Y_NETBIOS_NAME=\"dc2\" -e Y_RFC2307=\"yes\" \\\n    -e Y_IDMAP_LOWERBOUND=\"45534\" -e Y_IDMAP_UPPERBOUND=\"65533\" \\\n    -e Y_PAM_KRB_MINIMUM_UID=\"45534\" -e Y_PAM_MKHOMEDIR=\"yes\" \\\n    -e Y_GENERAL_OPTION=\"dns forwarder = 1.1.1.1 | vfs objects = dfs_samba4 acl_xattr xattr_tdb | apply group policies = yes\" \\\n    -e Y_REVERSE_ZONE=\"192.1.10.in-addr.arpa\" -e Y_REVERSE_SERVER=\"dc1.samba.lan\" \\\n    -e Y_REVERSE_PTR_NAME=\"12\" -e Y_REVERSE_PTR_DATA=\"dc2.samba.lan\" \\\n    -e Y_CHRONYD=\"yes\" -e Y_CHRONYD_OPTION=\"bindcmdaddress 10.1.192.12 | allow 10.1.192.0/24 | server 0.pool.ntp.org iburst\" \\\n    -e Y_RSYNCD=\"yes\" -e Y_RSYNCD_USER=\"samba-replication\" -e Y_RSYNCD_PASSWORD=\"My_Str0ng_Rsync_Passw0rd\" \\\n    -e Y_RSYNCD_SYSVOL_UPON_JOIN=\"yes\" -e Y_RSYNCD_SYSVOL_SERVER=\"10.1.192.11\" -e Y_RSYNCD_SYSVOL_CRON=\"*/5 * * * *\" \\\n    registry.gitlab.com/palw3ey/ye3samba\n\npodman logs -f dc2\n```\n\n### Show DRS replication status\n```bash\npodman exec -it dc2 samba-tool drs showrepl -U administrator --password=My_Str0ng_Dc_Passw0rd\n```\n\n### Add a member server with a share\n```bash\npodman run -dt --name=\"nas1\" --cap-add=\"NET_RAW\"  \\\n    --hostname=\"nas1\" --network=\"mynet46\" --ip=\"10.1.192.13\" --ip6=\"fd00::a01:c00d\" \\\n    -e Y_RESOLV_OPTION=\"search samba.lan | nameserver 10.1.192.11\" \\\n    -e Y_HOSTS_ENTRY=\"127.0.0.1 localhost | 10.1.192.13  nas1.samba.lan nas1\" \\\n    -e Y_SERVER_ROLE=\"member\" -e Y_JOIN_DOMAIN=\"samba.lan\" -e Y_JOIN_SERVER=\"10.1.192.11\" -e Y_JOIN_USER=\"Administrator@SAMBA.LAN\" -e Y_JOIN_PASSWORD=\"My_Str0ng_Dc_Passw0rd\" \\\n    -e Y_NETBIOS_NAME=\"nas1\" \\\n    -e Y_IDMAP_LOWERBOUND=\"15533\" -e Y_IDMAP_UPPERBOUND=\"65533\" \\\n    -e Y_PAM_KRB_MINIMUM_UID=\"15533\" -e Y_PAM_MKHOMEDIR=\"yes\" \\\n    -e Y_GENERAL_OPTION=\"template homedir = /home/%D/%U | template shell = /bin/sh | winbind use default domain = Yes | idmap config * : backend  = tdb | idmap config * : range = 15533-25533 | vfs objects =  acl_xattr xattr_tdb  preopen readahead recycle | idmap config samba: backend = rid | idmap config samba: range = 45534-65533 | winbind enum users = Yes | winbind enum groups = Yes\" \\\n    -e Y_REVERSE_ZONE=\"192.1.10.in-addr.arpa\" -e Y_REVERSE_SERVER=\"dc1.samba.lan\" \\\n    -e Y_REVERSE_PTR_NAME=\"13\" -e Y_REVERSE_PTR_DATA=\"nas1.samba.lan\" \\\n    -e Y_SHARE_HOMES=\"yes\" -e Y_SHARE_NAME=\"nas\" -e Y_SHARE_CHMOD=\"777\" -e Y_SHARE_PATH=\"/nas\" -e Y_SHARE_OPTION=\"writable = yes | read only = no | hide dot files = no\" -e Y_SHARE_SDDL=\"O:BAG:DUD:AI(A;OICI;0x1201bf;;;DU)(A;OICI;0x1301bf;;;DU)(A;OICIID;FA;;;DA)(A;OICIID;FA;;;SY)\" \\\n    registry.gitlab.com/palw3ey/ye3samba\n\npodman logs -f nas1\n```\n\n### Get the ACL of /nas folder\n```bash\npodman exec -it nas1 getfacl /nas\n```\n\n### Run tests\n```bash\npodman exec -it nas1 wbinfo --ping-dc\n\n# show dns zone\npodman exec -it nas1 samba-tool dns zonelist dc1 --username=administrator --password=My_Str0ng_Dc_Passw0rd\n\n# test dns resolve : ldap, kerberos, internal, external\npodman exec -it nas1 host -t SRV _ldap._tcp.samba.lan.\npodman exec -it nas1 host -t SRV _kerberos._udp.samba.lan.\npodman exec -it nas1 host -t A nas1.samba.lan.\npodman exec -it nas1 host -t A doc.ubuntu-fr.org\n\n# test dns reverse\npodman exec -it nas1 host -t PTR 10.1.192.13\n\n# test file server\npodman exec -it nas1 smbclient -L localhost -N\n\n# test winbind\npodman exec -it nas1 getent passwd administrator\npodman exec -it nas1 getent group \"Domain Users\"\n\n# test kerberos \npodman exec -it nas1 kinit administrator\npodman exec -it nas1 klist\n\n# test acl and extended attributes user and security (failed in rootless container, require root)\npodman exec -it nas1 bash -c \"touch test.txt ; setfacl -m g:adm:rwx test.txt ;  getfacl test.txt\"\npodman exec -it nas1 bash -c \"touch test.txt ; setfattr -n user.userName -v userValue test.txt ; getfattr -d test.txt\"\npodman exec -it nas1 bash -c \"touch test.txt ; setfattr -n security.secName -v secValue test.txt ; getfattr -n security.secName -d test.txt\"\n\n# test gpo\npodman exec -it nas1 samba-tool gpo listall --username=administrator --password=\"My_Str0ng_Dc_Passw0rd\"\npodman exec -it nas1 samba-tool gpo getlink \"DC=samba,DC=lan\" --username=administrator --password=\"My_Str0ng_Dc_Passw0rd\"\n\n# test ldap query\npodman exec -it nas1 ldapsearch \\\n    -x -H ldaps://dc1.samba.lan -o tls_reqcert=never \\\n    -D \"CN=Administrator,CN=Users,DC=samba,DC=lan\" \\\n    -w \"My_Str0ng_Dc_Passw0rd\" \\\n    -b \"DC=samba,DC=lan\" \\\n    \"(\u0026(objectCategory=person)(objectClass=user)(sAMAccountName=caroline))\"\n\n# show SDDL ACL\npodman exec -it nas1 mkdir /nas/newdir\npodman exec -it nas1 samba-tool ntacl get --as-sddl /nas/newdir\n\n# verify port\npodman exec -it nas1 netstat -tulnp\n```\n\n### Modify the samba configuration\n```bash\npodman exec -it nas1 nano /etc/samba/smb.conf\n\n# test\npodman exec -it nas1 testparm\n\n# reload to apply\npodman exec -it nas1 smbcontrol all reload-config\n\n# log\npodman exec -it nas1 tail -f /var/log/samba/log.smbd\n```\n\n### Port mapping to use\n```bash\n# for a DC server : \n-p 53:53/tcp -p 53:53/udp -p 88:88/tcp -p 88:88/udp -p 135:135/tcp -p 137:137/udp -p 138:138/udp -p 139:139/tcp -p 389:389/tcp -p 389:389/udp -p 445:445/tcp -p 464:464/tcp -p 464:464/udp -p 636:636/tcp -p 3268:3268/tcp -p 3269:3269/tcp -p 49152-65535:49152-65535/tcp -p 123:123/udp \n\n# for a share server : \n-p 137:137/udp -p 138:138/udp -p 139:139/tcp -p 445:445/tcp \n```\n\n### Test DC from a Windows computer that is not part of the domain\n```bash\n# open cmd.exe in local administrator, type this line and hit Enter :\nnotepad C:\\Windows\\System32\\drivers\\etc\\hosts\n\n# append this line, and close the file :\n10.1.192.11    samba.lan\n\n# from the cmd, type this line and hit Enter, this will open \"Active directory users and computer\" :\nrunas /netonly /user:samba.lan\\Administrator \"mmc.exe \\\"%SystemRoot%\\system32\\dsa.msc\\\" /domain=samba.lan\"\n\n# RSAT is required\n```\n\n### Other Windows tips\n```bash\n# connect to share with letter S\nnet use S: \\\\samba.lan\\nas My_Str0ng_User_Passw0rd /user:samba\\caroline\n\n# list connections\nnet use\n\n# show SDDL ACL\nicacls \\\\samba.lan\\nas\npowershell -c \"(Get-Acl '\\\\samba.lan\\nas').Sddl\"\n\n# remove connections\nnet use \\\\samba\\nas /delete\n\n# remove saved password \nrundll32.exe keymgr.dll, KRShowKeyMgr\ncontrol.exe /name Microsoft.CredentialManager\n```\n\n## Prerequisite\n\nSome knowledge of Linux, containerization, and Samba.\n\n### Install Podman\n```bash\n# e.g. on Ubuntu 24.04.2 LTS, with crun and pasta\nsudo apt update; sudo apt install podman crun passt\n```\n\n### Or install Docker\n```bash\n# e.g. on Ubuntu 24.04.2 LTS\nsudo apt update; sudo apt install docker.io\n\n# configuration\nsudo groupadd docker\nsudo usermod -aG docker $USER\nnewgrp docker\nsudo systemctl enable --now docker\n```\n\n## Registry\n\n| Registry | Image name |\n|---|---|\n| Docker | docker.io/palw3ey/ye3samba |\n| Github | ghcr.io/palw3ey/ye3samba |\n| Gitlab | registry.gitlab.com/palw3ey/ye3samba |\n| Redhat | quay.io/palw3ey/ye3samba |\n\n## GNS3\n\nTo run through GNS3, download and import the appliance : [ye3samba.gns3a](https://gitlab.com/palw3ey/ye3samba/-/raw/main/ye3samba.gns3a)\n\n### How to connect the docker container in the GNS3 topology ?\n\n - Drag and drop the device in the topology.  \n - Right click on the device and select \"Edit config\".  \n - If you want a static configuration, uncomment the lines just below `# Static config for eth0` or otherwise `# DHCP config for eth0` for a dhcp configuration.  \n - Click \"Save\".  \n - Add a link to connect the device to a switch or router.\n - Finally, right click on the device, select \"Start\".  \n\nTo see the output, right click \"Console\".  \nTo type commands, right click \"Auxiliary console\".  \nTo stop the container, right click \"Stop\", if it don't stop then close the \"Auxiliary console\" and retry.  \nYou should always close the \"Auxiliary console\" before closing GNS3 to avoid unexpected behaviors in the existing container.\n\n## Compatibility\n\nThe public image was build to work on these CPU architectures :\n\n- linux/386\n- linux/amd64\n- linux/arm/v6\n- linux/arm/v7\n- linux/arm64/v8\n- linux/ppc64le\n- linux/s390x\n\n## Build\n\nTo customize and create your own image.\n\n```bash\ngit clone https://gitlab.com/palw3ey/ye3samba.git\ncd ye3samba\n\n# Make all your modifications, then :\npodman build --no-cache --network=host -t ye3samba-dev .\npodman run -dt --name mysamba-dev ye3samba-dev\n\n# Verify\npodman logs -f mysamba-dev\npodman exec -it mysamba-dev ps -ef\npodman exec -it mysamba-dev bash\n```\n\n## Documentation\n\nsamba wiki = [https://wiki.samba.org/](https://wiki.samba.org/)\n\nsamba manual = [https://www.samba.org/samba/docs/current/man-html/](https://www.samba.org/samba/docs/current/man-html/)\n\nrsyslog = [https://man7.org/linux/man-pages/man8/rsyslogd.8.html](https://man7.org/linux/man-pages/man8/rsyslogd.8.html)\n\nchrony = [https://chrony-project.org/documentation.html](https://chrony-project.org/documentation.html)\n\nssh = [https://www.openssh.com/manual.html](https://www.openssh.com/manual.html)\n\nrsync = [https://rsync.samba.org/documentation.html](https://rsync.samba.org/documentation.html)\n\ncron = [https://man7.org/linux/man-pages/man8/crond.8.html](https://man7.org/linux/man-pages/man8/crond.8.html)\n\npodman = [https://docs.podman.io/en/latest/](https://docs.podman.io/en/latest/)\n\ndocker = [https://docs.docker.com/](https://docs.docker.com/)\n\n## Ports\n\nThese are the ports you may use and their descriptions, depending on the role and service you choose.\n\n| Port(s) | Description |\n|---|---|\n| 22 (TCP) | SSH |\n| 53 (TCP/UDP) | DNS (Name resolution) |\n| 88 (TCP/UDP) | Kerberos (For authentication) |\n| 123 (UDP) | NTP (Network Time Protocol - important for Kerberos time sync) |\n| 135 (TCP) | RPC Endpoint Mapper |\n| 137 (UDP) | NetBIOS Name Service |\n| 138 (UDP) | NetBIOS Datagram Service |\n| 139 (TCP) | NetBIOS Session Service (SMB over NetBIOS) |\n| 323 (UDP) | NTP monitoring command for chronyc |\n| 389 (TCP/UDP) | LDAP (Directory services) |\n| 445 (TCP) | SMB over TCP (CIFS) |\n| 464 (TCP/UDP) | Kerberos kpasswd (Password changes) |\n| 514 (TCP/UDP) | Rsyslog |\n| 636 (TCP) | LDAPS (Secure LDAP) |\n| 873 (TCP) | RSYNC |\n| 3268 (TCP) | Global Catalog (LDAP) |\n| 3269 (TCP) | Global Catalog SSL (LDAPS) |\n| 49152-65535 (TCP) | Range for various RPC services |\n\n## Environment Variables\n\nThese are the environment variables and their descriptions.  \n\n| Variables | Default | Description |\n| :- |:- |:- |\n|TZ | Europe/Paris | {IANA format} time zone,  |\n|Y_LANGUAGE | fr_FR | {locale code} Language. The list is in the folder /i18n |\n|Y_DEBUG | no | {yes/no} yes, to run entrypoint.sh with \"set -x\" instead of \"set -e\" |\n|Y_INIT | yes | {yes/no} no, to skip all init and configuration |\n|Y_RSYSLOGD | yes | {yes/no} yes, to start rsyslogd service |\n|Y_CROND | yes | {yes/no} yes, to start crond service |\n|Y_RSYNCD | no | {yes/no} yes, to start rsyncd service |\n|Y_CHRONYD | no | {yes/no} yes, to start chronyd service |\n|Y_SSHD | no | {yes/no} yes, to start sshd service |\n|Y_RSYSLOGD_AS_SERVER | no | {yes/no} yes, to act as rsync server |\n|Y_RSYSLOGD_SERVER | | {IP Address/Hostname} for client, IP of the rsync server to send log to |\n|Y_SSMTP_ROOT | | value to set for \"root=\" in /etc/ssmtp/ssmtp.conf|\n|Y_SSMTP_MAILHUB | | value to set for \"mailhub=\" in /etc/ssmtp/ssmtp.conf|\n|Y_SSMTP_HOSTNAME | | value to set for \"hostname=\" in /etc/ssmtp/ssmtp.conf|\n|Y_RSYNCD_HOSTS_ALLOW | | value to set for \"hosts allow = \" in /etc/rsyncd.conf|\n|Y_RSYNCD_USER | | value to set for \"auth users = \" in /etc/rsyncd.conf. value saved in /etc/rsyncd.secrets|\n|Y_RSYNCD_PASSWORD | | value saved in /etc/rsyncd.secrets|\n|Y_RSYNCD_SYSVOL_SERVER | | {IP Address/Hostname} IP of the server containing the sysvol to pull|\n|Y_RSYNCD_SYSVOL_CRON | | cron time expression used to pull the sysvol (unidirectional SysVol replication) \u003cbr\u003e e.g. */5 * * * *|\n|Y_RSYNCD_SYSVOL_UPON_JOIN | | {yes/no} yes, to run a rsync command (pull sysvol and idmap) upon joining the domain|\n|Y_CHRONYD_ADJTIMEX | no | {yes/no} yes, to enable the control of the system clock|\n|Y_CHRONYD_OPTION | | options to append in /etc/chrony/chrony.conf \u003cbr\u003e e.g. Y_CHRONYD_OPTION=\"bindcmdaddress 10.1.192.11 \\| allow 10.1.192.0/24 \\| server 0.pool.ntp.org iburst \\| server 1.pool.ntp.org iburst\"|\n|Y_HOSTS_ENTRY | | entries to put in /etc/hosts \u003cbr\u003e e.g. Y_HOSTS_ENTRY=\"127.0.0.1 localhost \\| ::1 ip6-localhost ip6-loopback \\| 10.1.192.11  dc1.samba.lan dc1\"|\n|Y_RESOLV_OPTION | | options to put in /etc/resolv.conf \u003cbr\u003e e.g. Y_RESOLV_OPTION=\"search samba.lan \\| nameserver 10.1.192.11\"|\n|Y_IDMAP_LOWERBOUND | | value to set for \"lowerBound:\" in /usr/share/samba/setup/idmap_init.ldif|\n|Y_IDMAP_LOWERBOUND | | value to set for \"upperBound:\" in /usr/share/samba/setup/idmap_init.ldif|\n|Y_NETBIOS_NAME | | value to set for \"netbios name = \" in /etc/samba/smb.conf|\n|Y_SERVER_ROLE | | value to set for \"server role = \" in /etc/samba/smb.conf \u003cbr\u003e e.g. use 'dc', 'member' or 'standalone' |\n|Y_RFC2307 | | {yes/no} yes, to add a line in /etc/samba/smb.conf that enable rfc2307|\n|Y_DNS_BACKEND | | value to set for \"server role = \" in /etc/samba/smb.conf|\n|Y_LOG_LEVEL | | value to set for \"server role = \" in /etc/samba/smb.conf|\n|Y_PROVISION_REALM | | value to set for \"--realm=\" in the \"samba-tool domain provision\" command|\n|Y_PROVISION_DOMAIN | | value to set for \"--domain=\" in the \"samba-tool domain provision\" command|\n|Y_PROVISION_ADMINPASS | | value to set for \"--adminpass=\" in the \"samba-tool domain provision\" command|\n|Y_PROVISION_HOST_IP | | value to set for \"--host-ip=\" in the \"samba-tool domain provision\" command|\n|Y_JOIN_DOMAIN | | domain to join|\n|Y_JOIN_USER | | value to set for \"--server=\" in the \"samba-tool domain join\" command|\n|Y_JOIN_SERVER | | value to set for \"--username=\" in the \"samba-tool domain join\" command|\n|Y_JOIN_PASSWORD | | value to set for \"--password=\" in the \"samba-tool domain join\" command|\n|Y_GENERAL_OPTION | | options to add in the [general] section of /etc/samba/smb.conf \u003cbr\u003e e.g. Y_GENERAL_OPTION=\"dns forwarder = 1.1.1.1 \\| vfs objects = dfs_samba4 acl_xattr xattr_tdb \\| apply group policies = yes\"|\n|Y_REVERSE_SERVER | | {IP Address/Hostname} IP of the DNS server to add the zone or record |\n|Y_REVERSE_ZONE | | reverse zone \u003cbr\u003e e.g. Y_REVERSE_ZONE=\"192.1.10.in-addr.arpa\"|\n|Y_REVERSE_ZONE_CREATE | | {yes/no} yes, to create the zone|\n|Y_REVERSE_PTR_NAME | | PTR nam to add \u003cbr\u003e e.g. Y_REVERSE_PTR_NAME=\"11\"|\n|Y_REVERSE_PTR_DATA | | PTR data to add \u003cbr\u003e e.g. Y_REVERSE_PTR_DATA=\"dc1.samba.lan\"|\n|Y_SHARE_NAME | | the new share name to add, will be the section name in /etc/samba/smb.conf|\n|Y_SHARE_PATH | | value to set for \"path = \" in the [Y_SHARE_NAME] section of /etc/samba/smb.conf|\n|Y_SHARE_CHMOD | | chmod to apply for the Y_SHARE_PATH path \u003cbr\u003e e.g. Y_SHARE_CHMOD=\"777\"|\n|Y_SHARE_CHOWN | | chown to apply for the Y_SHARE_PATH path \u003cbr\u003e e.g. Y_SHARE_CHOWN=\"root:root\"|\n|Y_SHARE_SDDL | | SDDL (ntacl) to apply for the Y_SHARE_PATH path \u003cbr\u003e e.g. Y_SHARE_SDDL=\"O:DAG:DAD:(A;;FRFX;;;DU)(A;OICI;FA;;;DA)(A;OICI;FA;;;SY)\"|\n|Y_SHARE_OPTION | | options to add in the [Y_SHARE_NAME] section of /etc/samba/smb.conf \u003cbr\u003e e.g. Y_SHARE_OPTION=\"writable = yes \\| read only = no \\| hide dot files = no\"|\n|Y_SHARE_HOMES | | {yes/no} yes, to add [homes] section in /etc/samba/smb.conf|\n|Y_REALM_KDC | | value to set for \"kdc =\" in /etc/krb5.conf|\n|Y_PAM_MKHOMEDIR | | {yes/no} yes, to add pam_mkhomedir.so for pam common-session and samba|\n|Y_PAM_KRB_MINIMUM_UID | | value to set for \"minimum_uid=\" argument of pam_krb5.so lines in pam|\n|Y_LOG_TO_STDOUT | no | {yes/no} yes, to show samba log in the terminal instead of the log file \u003cbr\u003e e.g. podman logs -f dc1 |\n|Y_ULIMIT_SOFT | | value for soft ulimit |\n|Y_ULIMIT_HARD | | value for hard ulimit |\n\n## Version\n\n| Name | Version |\n| :- |:- |\n|ye3samba | 2.0.0 |\n|samba | 4.22.3-Debian |\n|debian | 13.0 |\n\n## Changelog\n\n[https://gitlab.com/palw3ey/ye3samba/-/blob/main/CHANGELOG.md](https://gitlab.com/palw3ey/ye3samba/-/blob/main/CHANGELOG.md)\n\n## ToDo\n\nFeel free to contribute or share your ideas for new features, you can contact me on github, gitlab or by email. I speak French, you can write to me in other languages ​​I will find ways to translate.\n\n## License\n\nGPLv3  \nauthor: palw3ey  \nmaintainer: palw3ey  \nemail: palw3ey@gmail.com  \nGitHub: https://github.com/palw3ey/ye3samba  \nGitLab: https://gitlab.com/palw3ey/ye3samba\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpalw3ey%2Fye3samba","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpalw3ey%2Fye3samba","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpalw3ey%2Fye3samba/lists"}