[Samba] samba4 AD with NATted clients
Rowland Penny
rowlandpenny241155 at gmail.com
Wed Jul 22 14:28:01 UTC 2015
On 22/07/15 14:01, mourik jan heupink wrote:
> Hi all,
>
> Further to my AD clients through NAT question: has anyone ever tried
> this diagnostics tool from microsoft in their samba4 AD installation:
>
> http://www.microsoft.com/en-us/download/confirmation.aspx?id=24009
>
> It's supposed to verify connectivity requirements for AD
> functionality. (replication, port status, etc, etc)
Well it might do, as long as you have also downloaded this:
https://www.microsoft.com/en-gb/download/details.aspx?id=17148
and you are also running it on a windows machine.
You could also use netstat on the samba4 AD DC:
netstat -nal | grep 137
Rowland
>
> At our site, it crashes on verification of udp on port 137. I thought
> this was the 'proof' that AD clients through NAT don't work, but when
> trying the tool on our regular network, it crashes as well.
>
> Is this tool functional for others here, using samba AD? (or is it
> perhaps simply incompatible with samba?)
>
> MJ
>
> On 7/15/2015 14:09, Rowland Penny wrote:
>> On 15/07/15 12:40, mourik jan heupink wrote:
>>> Hi Reindl,
>>>
>>> On 7/15/2015 13:25, Reindl Harald wrote:
>>>> i doubt that will work because there is no broadcasting possible over
>>>> NAT
>>>
>>> And I was under the impression that broadcasts were more or less from
>>> the NT4-domain days, and that now with AD things were (perhaps
>>> primarily) done using DNS..?
>>>
>>> MJ
>>>
>>>
>>
>> Have a look here: https://support.microsoft.com/en-us/kb/978772
>>
>> According to that, it is not recommended to do what you are trying,
>> though this may have changed since that was written. It does also
>> suggest that you need to run a DNS server inside the NAT.
>>
>> Rowland
>>
>>
>
More information about the samba
mailing list