[Samba] samba4 AD with NATted clients

mourik jan heupink heupink at merit.unu.edu
Wed Jul 15 10:39:48 UTC 2015


We currently run all public ip's inside our network, DC's and 
workstations too.

We are thinking perhaps to divide our network into a NATed workstations 
segment, but keep our DC's and fileservers IPs public as they are now.

We are running sernet-samba, mainly win7 clients, using GPO's, shared 

I did a quick test on a win7 workstation, put it in the NAT segment, 
configured two DCs as DNS servers. Browsing the internet works, but any 
samba/ad/cifs functionality is lost. (ssh from the NAT to the DC's also 
works, so basic connectivity is there) It's just the active directory 
that seems NOT to work.

Before looking further into this... is something like this supported? 
Should it work at all? What problems can we expect, and how to solve them?

Is anyone doing this?


More information about the samba mailing list