[Samba] Re: Two pdcs on one subnet

Kevin Fries kevin-nntp at hcico.com
Fri Dec 19 19:06:37 GMT 2003 

John H Terpstra wrote:

> On Fri, 19 Dec 2003, MWONGE RICHARD wrote:
> 
>> I want to set up my network with windows 2000 server as a pdc for my
>> finance department only and samba as a pdc for the entire company that is
>> finance department inclusive on the same subnet. Please guys how can i go
>> about it.
>>  I intend to use samba 2.2.7a
> 
> Keep the domain names separate and you should be fine.
> 
> - John T.

John is correct, yet not.

Understand that no windows machine can belong to more than on Domain without
multiple NICs or multihoming your machine.  Windows creates a series of
binding to create the network services for a single machine.  There are
three parts to this binding: hardware; services; and transports.

The hardware is simply your NIC.  This is the device that physically
connects you to your network.  In Win NT3+ this is a single abstract
interface, while in Win 9x/ME there are two abstract interfaces: one for
modem type devices; and one for network adapters.

The Services in this case are called Server and Workstation.  Server is what
allows your machine to serve shares provide a local web page, etc. 
Workstation is what allows your machine to to use servers on the net.

And the last is transport.  If you are not using TCP/IP on your windows
network by now, well... we need to talk.

Now, Your windows machine will start up an SMB Server and Workstation by
default.  This service will bind to TCP port 137-139 of your IP address. 
The server will start up what is called a Listening Service.  This server
is what maintains your Domain information.  Therefore, you can not be
attached to two domains from one instance of the Server service.  And two
server services can not listen on the same IP and port combination
(otherwise, how can it determine which is the correct server for a given
message).

In summary, you need to run two server services, so you may participate in
two domains.  You need two IP addresses one for each server service. 
Therefore, as long as you keep the domains separate, and have the machines
in your finance department multihomed (two ip address assigned to each nic)
Windows will be able to talk to both networks at the same time.

BTW. this is not a Samba issue, it is the stupid way that Microsoft does
network authentication.

HTH
Kevin Fries

More information about the samba mailing list