Build and Run Active Directory in Docker on Raspberry Pi
The low-power Raspberry Pi is an excellent platform for the modest compute requirements of an always-on Active Directory (AD) Domain Controller (DC). However, building a DC from scratch on a Raspberry Pi can be complex, and few options exist for running AD in a container due to a lack of support for ARM devices. This guide describes how to manually build a container image based upon a respected and well tested x86_64 image.
Selecting a Source Image
The nowsci / FMstrat samba-domain image is a "well documented and tested Samba Active Directory Domain Controller for new and existing domains." It can be pulled from https://hub.docker.com/r/nowsci/samba-domain and it's source is located at https://github.com/Fmstrat/samba-domain. The image can be used to join to existing domains, and to create new domains.
It is a versatile and useful image, but unfortunately it is only available for the linux/amd64 architecture; the Raspberry Pi requires ARM compatible images.
Building an ARM Image
Fortunately, a compatible container image can easily be built locally on your Pi. This will create an ARM image in your Pi's local docker image repository that can deployed and run successfully. To do so:
| Make sure to have Docker installed | sudo curl -sSL https://get.docker.com | sh |
| Switch to root | sudo su - |
| Install Git | apt install git -y |
Create a directory in which to build container images | mkdir -p /root/docker/builds |
| Move to the directory you just created | cd /root/docker/builds |
| Copy the source from https://github.com/Fmstrat/samba-domain | git clone https://github.com/Fmstrat/samba-domain.git |
Move to the cloned directory | cd samba-domain |
(Optional) Open the Dockerfile and confirm the base container is latest Ubuntu LTS release, eg:
| nano Dockerfile |
Build the container | docker build -t samba-domain . |
The build process will take a little while, particularly so on an older model Pi.
Deploying the ARM Image
Assuming:
- Your Pi has a hostname of DC01
- And an IP Address of 192.168.0.123
- Your network has a local router with a DNS server at 192.168.0.1
- You wish to create a new domain called TEST.LAB
- You are still root user
Make a directory to bind-mount your container data and config files:
mkdir /somedirectory/ADDC-TESTLAB
Then, run the image with the following command to create your AD:docker run -t -d \ --name ADDC-TESTLAB \ -e "DOMAIN=TEST.LAB" \ -e "DOMAINPASS=MySecurePassword" \ -e "DNSFORWARDER=192.168.0.1" \ -e "HOSTIP=192.168.0.123" \ -p 53:53 \ -p 53:53/udp \ -p 88:88 \ -p 88:88/udp \ -p 135:135 \ -p 137-138:137-138/udp \ -p 139:139 \ -p 389:389 \ -p 389:389/udp \ -p 445:445 \ -p 464:464 \ -p 464:464/udp \ -p 636:636 \ -p 1024-1044:1024-1044 \ -p 3268-3269:3268-3269 \ -v /etc/localtime:/etc/localtime:ro \ -v /somedirectory/ADDC-TESTLAB/data/:/var/lib/samba \ -v /somedirectory/ADDC-TESTLAB/config:/etc/samba/external \ --dns-search TEST.LAB \ --dns 192.168.0.1 \ --add-host dc01.test.lab:192.168.0.123 \ -h dc01 \ --restart=unless-stopped \ --privileged \ samba-domain:latest
Testing and applicability
This approach has been tested and proven on:
- A Raspberry Pi 2b running 2022-09-22-raspios-bullseye-armhf-lite
- A Raspberry Pi 4 running 2022-09-22-raspios-bullseye-armhf-lite
- A Raspberry Pi 4 running 2022-09-22-raspios-bullseye-arm64-lite
and also:
- Debian 11 aarch64 running in a guest VM hosted on a Raspberry Pi VMWare ESXi 7 Arm Fling host.