[Samba] Configuring interfaces for Samba-By-Example Ch 3

John H Terpstra jht at samba.org
Fri Nov 24 03:37:43 GMT 2006

OK, I know it will sound harsh and strange - but the truth is out there - 

On Thursday 23 November 2006 20:49, Glen Mullan wrote:
> I have spent a solid two weeks trying to implement the "Secure Office
> Networking" example in the book "Samba-3 by Example, to no avail.  In the
> example, the system sets the server up as a Samba PDC, and also as a router
> for two local subnets.  There are three network interfaces on the computer:
> eth0 for the WAN/Internet, firewalled;  eth1 & eth2 for two LAN subnets,
> bound to Samba.  The linux box is also a DHCP server for the two subnets, a
> DNS server for the local hosts on the two subnets, and a WINS server.

Nothing too amazing in that - is there?

> Despite following the book meticulously, I can't get DNS to work properly,
> or WINS to work at all, or DHCP to give ip addresses to other clients, and
> i need help.

OK - I feel your pain now, but what does/does not work?

What is your platform? Are you doing this on SUSE SLES9? Have you carefully 
verified that the path to all files is as intended when your distribution was 

> The main differences between my setup and the one described in the book:
> 1) book's example envisions the company having a registered interent
> domain: "abmas.us" for which the ISP provides addresses, gateways, dns
> servers, forwarding servers, etc.  

Right! The example is a business case in which the ISP provides a static IP 
address and hosts external DNS services. The server is also configured to do 
network address translation (NAT) so that all traffic that leaves your 
internet gateway (the server that is also the Samba host) will appear to come 
only from the external fixed IP address that connects to the ISP.

> My system has no such externel website. 

Hmmm - what do you mean by "external website"?

> The only address i would get from my ISP are the internet address, two dns
> servers, and the one assigned to my computer.

Your server will have a dynamically assigned IP Address - that will make it 
tricky to configure your firewall and NAT facility. Suggest you figure out 
how to get your internet connection, firewall and NAT working before 
embarking on all the internal services.

> 2) book's example has a fixed 
> IP for the internet connection on eth0.  My system has to use DHCP to get
> the IP from ISP. 

As I said - this will be tricky! In effect you want to use a dynamic IP 
external IP address _AND_ use NAT.  Hmmm - maybe a few others will chime in 
on that. Could be a little ambitious!

> 3) I am using Samba 3.0.23b, book is written for 3.0.20, 
> and there is some big difference with winbind and updating net
> groupmapping, that i don't quite understand fully.

I updated the on-line version of the book. You can obtain the PDF from 
http://www.samba.org/samba/docs/Samba3-ByExample.pdf and check for the 

Even so, you should be able to get Samba running without Winbind initially.

> My main question right now is how to correctly configure the 3 network
> interface cards -- the book gives no information on this and i'm not sure
> if i'm doing it correctly.

What sort of information do you expect? I decided to NOT cover basic 
installation because every distro has its own particular methods - the book 
is intended to demonstrate the use of Samba - it was never intended to be a 
comprehensive tutorial on Linux, FreeBSD, Solaris, or any other OS.

What have I missed that really should be in there? I am willing to consider 
your suggestions.

> eth0 - I think i need to configure this card for dhcp, because this is what
> my ISP requires.  

If your ISP is only willing to provide a dynamic IP address then you do need 
to configure the eth0 as a DHCP client.

> But is it possible to have dhcp running on one card, 
> while the computer runs a dhcp server for the other two cards??

Of course it is! But how will you configure NAT on the outgoing interface? 
Without NAT your internal clients will not be able to route directly to the 

> eth1 & eth2 - I know they need a static IP: ( in the book for
> eth1, for eth2).  But what should their gateway be set to?  The 
> same address (192.168.1/2.1)?  The address at the ISP which eth0 connects
> to?

The if the server is the router to the internet and its internal interface IP 
addresses are and respectively, then these are the 
gateway addresses (for the respective subnetworks) to the internet.

Eth0 is the incoming gateway from the outside world. Your ISP will route 
incoming traffic from the outside world to this address.

> And what should the two DNS servers be on each of these cards?  The ones
> which dhcp on eth0 obtained? 

The DNS server you run on your system needs to forward to your ISP's DNS 
servers to look up external addresses.

> Or the DNS server which will be running  internally on and

Your local network clients should point at your DNS server. That will be and respectively.

> What would i need to do differently in the dhcpd.conf & named.conf files
> because I don't have an external website??

Pleae explain. What does a web server have to do with dhcpd.conf and 

> If anyone has tried to implement this same setup from Samba-By-Example i
> would be very grateful for your insights.  Thank you.

I have configured dozens of sites using the example in this book - that is why 
I put it in there.

- John T.
John H Terpstra
Samba-Team Member

The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971

More information about the samba mailing list