[Samba] samba4 AD with NATted clients

mourik jan heupink heupink at merit.unu.edu
Wed Jul 22 13:01:46 UTC 2015

Hi all,

Further to my AD clients through NAT question: has anyone ever tried 
this diagnostics tool from microsoft in their samba4 AD installation:


It's supposed to verify connectivity requirements for AD functionality. 
(replication, port status, etc, etc)

At our site, it crashes on verification of udp on port 137. I thought 
this was the 'proof' that AD clients through NAT don't work, but when 
trying the tool on our regular network, it crashes as well.

Is this tool functional for others here, using samba AD? (or is it 
perhaps simply incompatible with samba?)


On 7/15/2015 14:09, Rowland Penny wrote:
> On 15/07/15 12:40, mourik jan heupink wrote:
>> Hi Reindl,
>> On 7/15/2015 13:25, Reindl Harald wrote:
>>> i doubt that will work because there is no broadcasting possible over
>>> NAT
>> And I was under the impression that broadcasts were more or less from
>> the NT4-domain days, and that now with AD things were (perhaps
>> primarily) done using DNS..?
>> MJ
> Have a look here: https://support.microsoft.com/en-us/kb/978772
> According to that, it is not recommended to do what you are trying,
> though this may have changed since that was written. It does also
> suggest that you need to run a DNS server inside the NAT.
> Rowland

More information about the samba mailing list