andyneff/AD_in_docker.md

## AD_in_docker.md

      
    Raw
  

              AD_in_docker.md
            
          
    Based on this article, I created a simple docker that uses the host's sssd and can authenticate
docker build -t {someimage} .
docker run -it --rm -v=/var/lib/sss/pipes/:/var/lib/sss/pipes/:rw {someimage}
Tests to show it's working
getent passwd -s sss
getent group -s sss

login {your username here}

  
## Dockerfile
FROM fedora:35

# This is needed for sssd to work in the container, it will patch nsswitch.conf for you
RUN dnf install -y sssd-client; \
    rm -rf /var/cache/yum

# Tell system-auth to use sssd, installing sssd-client does not do this for you,
# normally auth config would do this, but we are skipping that
RUN for auth in system-auth password-auth smartcard-auth; do \
      sed -i 's/auth .* pam_deny.so/auth sufficient pam_sss.so forward_pass\n&/' "/etc/pam.d/${auth}"; \
    done

# For testing with su/login, this can be removed
RUN dnf install -y util-linux
	FROM fedora:35

	# This is needed for sssd to work in the container, it will patch nsswitch.conf for you
	RUN dnf install -y sssd-client; \
	rm -rf /var/cache/yum

	# Tell system-auth to use sssd, installing sssd-client does not do this for you,
	# normally auth config would do this, but we are skipping that
	RUN for auth in system-auth password-auth smartcard-auth; do \
	sed -i 's/auth .* pam_deny.so/auth sufficient pam_sss.so forward_pass\n&/' "/etc/pam.d/${auth}"; \
	done

	# For testing with su/login, this can be removed
	RUN dnf install -y util-linux