[Samba] Changing IP Scope on a Samba DC

Nick Howitt nick at howitts.co.uk
Sat Aug 29 07:56:45 UTC 2020 


On 29/08/2020 07:54, Peter Pollock via samba wrote:
> 
> Andrew, I very much appreciate your swift reply and your expertise. I
> readily admit I'm a little out of my depth here. I'm sitting here in
> California at almost midnight with just the weekend to get done all I need
> to do on the network and I fear this may be derailing my plans.
> 
> This article on the Samba Wiki
> https://wiki.samba.org/index.php/Changing_the_IP_Address_of_a_Samba_AD_DC seems
> to suggest I need to demote and repromote if I change the address, is that
> also the same if I change the subnet?
> 
> I'm sorry if that's a dumb question, but I'm having severe problems with
> these servers and I really don't want to screw anything up because I try
> something stupid.
> 
> Peter
> 
> On Fri, Aug 28, 2020 at 11:21 PM Andrew Bartlett <abartlet at samba.org> wrote:
> 
>> On Fri, 2020-08-28 at 21:02 -0700, Peter Pollock via samba wrote:
>>> I've asked a couple of other questions on here, which people have
>>> kindly
>>> answered and I'm waiting for the opportunity to implement what they
>>> have
>>> suggested.
>>>
>>> In the meantime:
>>>
>>> We are running out of IP addresses!
>>> We currently use 192.168.2.0/24 and it's proving to not be enough
>>> addresses.
>>>
>>> I'm considering changing to 192.168.4.0/22 to virtually quadruple the
>>> number of addresses we have available and hopefully keep us in
>>> available
>>> addresses for years to come.
>>>
>>> My question is: how hard is this to do in Samba? We have 3 DC's and
>>> from
>>> what I read, I need to demote one, change the IP then re-promote
>>> it... but
>>> I'm guessing it then won't be able to talk to the others because it
>>> will be
>>> on a different subnet.
>>>
>>> Is there any other way to do it, or is it just not possible?
>>>
>>> Thanks in advance for your help!
>>
>> G'Day Peter,
>>
>> Leaving aside the IP routing questions (that is just generic routing
>> issues) Samba should just update it's address once it finds a new one.
>>
>> Samba can also listen on multiple IPs if they are local interfaces.
>>
>> But why not just change to 192.168.0.0/22 and so have IPs
>> 192.168.0.0 - 192.168.3.255 and so not need to renumber?
>>
>> Anyway, not really our problem space.
>>
>> I hope this helps,
>>
>> Andrew Bartlett
>>
>> --
>> Andrew Bartlett                       https://samba.org/~abartlet/
>> Authentication Developer, Samba Team  https://samba.org
>> Samba Developer, Catalyst IT
>> https://catalyst.net.nz/services/samba
>>
>>
>>
>>
For non-samba reasons I always recommend avoiding the 192.168.0.0/23 
range of IP's as they are too common defaults in domestic routers. If 
you ever set up something like OpenVPN (or other VPN's) to access your 
LAN resources from the internet, one of the requirements is that your 
LAN IP's don't overlap with the VPN clients' LAN IPs. If they do 
overlap, a connection will be made but no traffic will pass. With those 
two /24 subnets, there is a high chance that someone connecting from 
home will have problems.

Nick

More information about the samba mailing list