[Samba] Changing IP Scope on a Samba DC

Peter Pollock peter.pollock at kingschristian.org
Sat Aug 29 21:29:02 UTC 2020 

Hi Nick,

That was why I was trying to use 192.168.4.0/22. However, as a rule I don't
allow VPN connections here, so we will just make do with 192.168.0.0/22 for
now.

I appreciate the advice though. Thank you!

On Sat, Aug 29, 2020 at 12:57 AM Nick Howitt via samba <
samba at lists.samba.org> wrote:

>
>
> On 29/08/2020 07:54, Peter Pollock via samba wrote:
> >
> > Andrew, I very much appreciate your swift reply and your expertise. I
> > readily admit I'm a little out of my depth here. I'm sitting here in
> > California at almost midnight with just the weekend to get done all I
> need
> > to do on the network and I fear this may be derailing my plans.
> >
> > This article on the Samba Wiki
> >
> https://wiki.samba.org/index.php/Changing_the_IP_Address_of_a_Samba_AD_DC
> seems
> > to suggest I need to demote and repromote if I change the address, is
> that
> > also the same if I change the subnet?
> >
> > I'm sorry if that's a dumb question, but I'm having severe problems with
> > these servers and I really don't want to screw anything up because I try
> > something stupid.
> >
> > Peter
> >
> > On Fri, Aug 28, 2020 at 11:21 PM Andrew Bartlett <abartlet at samba.org>
> wrote:
> >
> >> On Fri, 2020-08-28 at 21:02 -0700, Peter Pollock via samba wrote:
> >>> I've asked a couple of other questions on here, which people have
> >>> kindly
> >>> answered and I'm waiting for the opportunity to implement what they
> >>> have
> >>> suggested.
> >>>
> >>> In the meantime:
> >>>
> >>> We are running out of IP addresses!
> >>> We currently use 192.168.2.0/24 and it's proving to not be enough
> >>> addresses.
> >>>
> >>> I'm considering changing to 192.168.4.0/22 to virtually quadruple the
> >>> number of addresses we have available and hopefully keep us in
> >>> available
> >>> addresses for years to come.
> >>>
> >>> My question is: how hard is this to do in Samba? We have 3 DC's and
> >>> from
> >>> what I read, I need to demote one, change the IP then re-promote
> >>> it... but
> >>> I'm guessing it then won't be able to talk to the others because it
> >>> will be
> >>> on a different subnet.
> >>>
> >>> Is there any other way to do it, or is it just not possible?
> >>>
> >>> Thanks in advance for your help!
> >>
> >> G'Day Peter,
> >>
> >> Leaving aside the IP routing questions (that is just generic routing
> >> issues) Samba should just update it's address once it finds a new one.
> >>
> >> Samba can also listen on multiple IPs if they are local interfaces.
> >>
> >> But why not just change to 192.168.0.0/22 and so have IPs
> >> 192.168.0.0 - 192.168.3.255 and so not need to renumber?
> >>
> >> Anyway, not really our problem space.
> >>
> >> I hope this helps,
> >>
> >> Andrew Bartlett
> >>
> >> --
> >> Andrew Bartlett                       https://samba.org/~abartlet/
> >> Authentication Developer, Samba Team  https://samba.org
> >> Samba Developer, Catalyst IT
> >> https://catalyst.net.nz/services/samba
> >>
> >>
> >>
> >>
> For non-samba reasons I always recommend avoiding the 192.168.0.0/23
> range of IP's as they are too common defaults in domestic routers. If
> you ever set up something like OpenVPN (or other VPN's) to access your
> LAN resources from the internet, one of the requirements is that your
> LAN IP's don't overlap with the VPN clients' LAN IPs. If they do
> overlap, a connection will be made but no traffic will pass. With those
> two /24 subnets, there is a high chance that someone connecting from
> home will have problems.
>
> Nick
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list