Configuring Docker for Windows Shared Drives / Volume Mounting with AD


If you’ve had a chance to work with the Docker for Windows beta, you’ve seen the promise for how much easier this can be compared to VirtualBox.

That said, there are still some issues, thus the beta tag.

One such issue is volume mounting. If you work for an enterprise, you more than likely log into your machine with corporate/domain credentials. When you configure Docker for Windows Shared Drives, you’ll get prompted with your credentials.
d4w-shared-drives

You most likely entered your corporate domain account. <domain>\user  and this will work just fine while you’re in the office.

However, once you leave the comply/cozy network; like going home to get work done, or at a customer site, you may have noticed volume sharing has stopped working. It may still work if you happen to have everything cached. But, if you restart Moby, reboot your computer; you’re SOL. Sitting On Lollipops, as Docker for Windows is unable to re-verify the credentials when it attempts to remount the drives. grrrrr

You might assume you could just use a local user account, and you could, but theirs one extra step that will likely confuse you at first.

  • On Windows 10, hit the start menu (CTRL + ESC)
  • Type “local users”, and launch the Edit local users and groups control panel applet.
  • Add a new user. I use DockerHost
    add-dockerhost-user
  • Set the password policy settings as above
  • Add a password, that you’ll remember, but others wont guess. This is an account that will have broad access to your hard drive
  • Add them to the local administrators group
    add-administrator-group

So, that’s what I would have assumed would work. And it did, sort of. When I use the handy dandy snippet to test volume mounting, I found I had strange results. Kudos to the docker team for having some fun with XAML and giving such a great visual, that actually functions. Between the professional cartoonist and developers focused on productivity, docker really has the user experience down.
If I ran docker run -v c:/Users:/data alpine ls /data, I noticed I was only seeing a partial list of information. And, it didn’t include the directories, or my projects.

It turns out, that since Windows 7, users in the Administrators group don’t actually have access to everything. Particularly, the c:\Users\<another user> directory.
To fix this, do the following:

  • [CTRL] + [ALT] + [DEL] and select Switch Users
  • Log in as the DockerHost account you created. In my case, .\DockerHost. Note, you’ll need to use .\ to tell Windows you want to login to the local group, not the default domain.
  • Once Windows gracefully welcomes you, navigate to c:\Users\
  • Now, try to open your user folder. The one you typically log in using your corporate credentials
  • You’ll notice an interesting dialog coming up that was the “blues clue” to this whole issue.
    grantpermissions
  • Click [Continue], wait a bit for Windows to apply all the ACLs, and voila. You’re now in.

Log out of this local account, and go back to your primary account.

Try the docker command again: docker run -v c:/Users:/data alpine ls /data

Does that directory listing look a bit more accurate?

As with most problems, the answer is quite obvious why it works, once the answer to the puzzle has been viewed. In this case, I don’t mind skimming to the back of the book and seeing the answer. I hope this was helpful to you as well

Steve

Comments (5)

  1. LocTeam says:

    Thank you so much for this article. I was lost for an hour and couldn’t get a partition to mount because it would not accept the credentials.

  2. Kaspars says:

    Thanks a lot for this!
    I might add that it seems once you have tried unsuccessfully mounting the shared folder you might need to do a “reset to defaults” in the Docker for Windows settings before you try it again after fixing up the permissions, as otherwise it seems to have created empty directory structure on the HyperV VM that it uses internally.

  3. Jose Luis Manners says:

    I followed these instructions and after a few tries the way I made it work was by giving Docker the local computer name as part of the credential (i.e. MYCOMPUTER\DockerHost )

    1. Steve Lasker says:

      Hi Jose,
      Yeah, I updated the post to be more specific for how to log into a local account.

      1. Jose Luis Manners says:

        oh I maybe I didn’t see that when I first read your post. 🙂 thanks for the info nonetheless.