[Samba] getent not working after installing firewall
mfoley at ohprs.org
Mon Mar 4 20:47:23 UTC 2019
On Mon, 4 Mar 2019 21:28:19 +0100 Reindl Harald <h.reindl at thelounge.net> wrote:
> Am 04.03.19 um 21:18 schrieb Mark Foley via samba:
> >> It shouldn't, you normally only have one gateway, it is by definition
> >> the 'gateway' to the WAN & internet, so I would use the same one on all
> >> your machines.
> > The LAN host gateways are assiged by the dhcpd server. Unless I hard-code static IP's I can't
> > really change that. The Windows computers likewise show the AD/DC (192.168.0.2) as the gateway
> > and they all work fine.
> how does that matter?
No sure what you mean by "how does that matter?"
> your gateway is only part of the game when you try to reach an IP
> outside your LAN
> you said "Last evening I installed a Sonicwall firewall between the
> Internet and office LAN. The only change that I know of for the LAN
> workstations was that the gateway is now 192.168.0.1 instead of
> 192.168.0.2" but above you said "The Windows computers likewise show the
> AD/DC (192.168.0.2) as the gateway"
> so hell, what is the IP of your "Sonicwall firewall between the Internet
> and office LAN" and if it's 192.168.0.1 that don't match "The Windows
> computers likewise show the AD/DC (192.168.0.2) as the gateway"
Well, I figured someone might catch that, but I didn't want to muddy things further by posting
a follow-up. But, since you've noticed ... To clarify:
Without the Sonicwall, host 192.168.0.2 (DC) had the ISP's gateway 184.108.40.206 configured.
All the LAN workstations had 192.168.0.2 (DC) set as the gateway (route command output). The
dhcpcd client sets the IP, mask, nameserver and gatway so *it* set the DC as the gateway, not
me directly. Regardless, this had worked for years.
When I configured the Sonicwall (IP 192.168.0.1), it got configured with the ISP gateway. I
configured the DC (192.168.0.2) gateway with the Sonicwall's IP: 192.168.0.1.
Since the DC is still the DHCP server, it is still passing 192.168.0.2 to clients' dhcpcd as
On a domain member:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default mail.hprs.local 0.0.0.0 UG 202 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
192.168.0.0 * 255.255.255.0 U 202 0 0 eth0
1 15:45:31 root at labrat:~
# host mail.hprs.local
mail.hprs.local has address 192.168.0.2
> the AD/DC *is not your gateway* - it's the "Sonicwall firewall"
> connecting your LAN to the internet and nothing else
Now, I could configure the Linux domain members to hard-code 192.168.0.1 (Sonicwall) as the
gateway, and I'll try that as an experiment, but I'll repeat, none of the client workstation/
domain-members on the LAN are having any problem resolving names or getting outside the LAN.
So, I don't think the gateway is the problem.
If you see the message I sent later, I'm only having a problem with getent, and only for domain
members who had not previously logged onto a given Linux workstation. I don't think the gateway
is the issue with that.
More information about the samba