[Samba] Samba3 on multiple networks, how to make it hand out the correct IP?
L.P.H. van Belle
belle at bazuin.nl
Wed Sep 24 00:31:00 MDT 2014
I suggest you setup advanced routing with routing tables.
google a bit for it and start with reading..
here are some pointers.
add a table to /etc/iproute2/rt_tables
something like this in your interfaces file.
# The primary network interface
iface eth0 inet static
post-up ip route add 192.168.1.0/24 dev eth0 src 192.168.249.221 table UseFirstNetwork
post-up ip route add 10.1.0.0/24 dev eth0 via 192.168.249.1 table UseSecondNetwork
post-up ip rule add from 192.168.1.0/24 table UseFirstNetwork
post-up ip rule add to 192.168.1.0/24 table UseFirstNetwork
post-up ip rule add from 10.1.0.0/16 table UseSecondNetwork
post-up ip rule add to 10.1.0.0/16 table UseSecondNetwork
post-up ip route add 192.168.1.0/24 via YOURGATEWAYIP table UseFirstNetwork
post-up ip route add 0.1.0.0/24 via YOURGATEWAYIP2 table UseSecondNetwork
post-down ip rule del from 192.168.1.0/24 table UseFirstNetwork
post-down ip rule del from 10.1.0.0/16 table UseSecondNetwork
these is a nice links to read.
and really read and understand before you start using this in production.
>Van: syzop at vulnscan.org [mailto:samba-bounces at lists.samba.org]
>Namens Bram Matthys
>Verzonden: dinsdag 23 september 2014 19:55
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Samba3 on multiple networks, how to make it
>hand out the correct IP?
>My Samba 4.1.x server is connected to two networks, one in the
>range (wired) and one in the 10.* range (wifi). The clients on either
>network normally cannot reach each other.
>I noticed Samba hands out (eg: for dcname.company.net) it's
>IP's from both
>ranges to clients on both sides. So the 192.168.* clients get
>two A records:
>192.168.1.1 & 10.0.0.2.
>I noticed that, because of this current behavior, domain
>logins (well, time
>between login & until the user sees a desktop) have an extra
>delay of more
>than 60 seconds because the client tries to connect to the wrong IP.
>Eventually it works, but the penalty is huge.
>Given that Samba knows which network the client is on I would
>it to actually be a little bit smarter with regards to that.
>Anyway, I'd like to see this changed so that any clients on
>get the 192.168.1.1 address, and the clients on 10.* only get 10.0.0.2.
>How can I do this?
>Software developer/IT consultant syzop at vulnscan.org
>PGP key: www.vulnscan.org/pubkey.asc
>PGP fp: EBCA 8977 FCA6 0AB0 6EDB 04A7 6E67 6D45 7FE1 99A6
>To unsubscribe from this list go to the following URL and read the
More information about the samba