[Samba] Two Samba 4 AD DC, a VPN

Rowland Penny rpenny at samba.org
Wed Apr 11 16:24:28 UTC 2018 

On Wed, 11 Apr 2018 17:42:33 +0200
Lmloge <lmloge at orange.fr> wrote:

> Hello, hello Rowland,
> 
> So the physical configuration is something like below :
> 
> +-------------------------------+
> server_a
>    Samba AD DC
>    Domain: mycompany.net
>    Subnet: 192.168.1.0/24
>    IP    : 192.168.1.2
> +-------------------------------+
> 
> +-------------------------------+
> pc_a_1
>    FQDN: pc_a_1.mycompany.net.
>    IP:   192.168.1.33
> +-------------------------------+
> 
> +-------------------------------+
> pc_a_2
>    FQDN: pc_a_2.mycompany.net.
>    IP:   192.168.1.35
> +-------------------------------+
> 
> Internet, WAN // VPN tunnel
> 
> +-------------------------------+
> server_b
>    Samba AD DC
>    Domain: mycompany.net
>    Subnet: 192.168.2.0/24
>    IP    : 192.168.2.2
> +-------------------------------+
> 
> +-------------------------------+
> pc_b_1
> FQDN: pc_b_1.mycompany.net.
> IP:   192.168.2.33
> +-------------------------------+
> 
> +-------------------------------+
> pc_b_2
> FQDN: pc_b_2.mycompany.net.
> IP:   192.168.2.35
> +-------------------------------+
> 
> rowland> you will probably be better off setting up a one domain
> rowland> forest 
> and using subnets and sites.
> 
> This is indeed what I would like to do.
> - one forest
> - one domain "mycompany.net"
> - one site
> - two subnets 192.168.1.0/24 and 192.168.2.0/24 separated by a VPN.
> 
> On the LAN 192.168.1.0/24, I have a Windows Server with "Active 
> Directory Sites and Services".
> I can see:
> ------------------------------------------------------------
> Active Directory Sites and Services [server_a.mycompany.net]
> Sites
> -- Inter-Site Transports
> -- Subnets
> -- Default-First-Site-Name
> ---- Servers
> ------ SERVER_A
> -------- NTDS Settings
> ------------------------------------------------------------
> 
> So, we can say we have:
> - one forest

Yes

> - one site (Default-First-Site-Name)

I would set up two sites, something like SITE-A and SITE-B

> - Nothing about subnets

AD works off DNS, so as long the DNS servers running on the DCs can
find any other DCs and the clients, the different subnets shouldn't
matter.

> - The notion of domain "mycompany.net" on the first line

The 'first line' of where ?

If you are referring to the dns domain, then I wouldn't us
'mycompany.net', you probably have this as your registered dns domain.
I would use something like 'ad.mydomain.net'

Rowland

More information about the samba mailing list