[Samba] Best practice multi-homed AD DC

Alex MacCuish alex at maccuish.org.uk
Mon May 18 09:44:35 UTC 2020

I have a multi-homed DC in the cloud so our mail server can do LDAP 
lookups locally, but I make sure Samba only listens on the VPN 
interface. If you allow Samba to listen on all interfaces, it tends to 
want to register all possible addresses in DNS, which leads to 
connection failures when clients try addresses that they can't reach. 
Otherwise, it works pretty well for me :)

On 18/05/2020 10:34, Michael Jones via samba wrote:
> On Mon, May 18, 2020 at 2:44 AM Rowland penny via samba <
> samba at lists.samba.org> wrote:
>> On 17/05/2020 23:10, Michael Jones wrote:
>>> Why?
>> Amongst others, you may get:
>> Slow / Failed logins
>> Replication issues
>> Group policy access issues
>> login script issues
>> A multi-homed DC (for whatever reason) is a bad idea.
>> Rowland
> I appreciate the additional information here, but that doesn't really
> answer my question, as short and unnuanced as it was.
> Why does a multi-homed DC lead to those things as a matter of course?
> What's the underlying issue in Samba that leads to these problems?
> Why can't Samba workaround the underlying issue to allow multi-homed DCs to
> function correctly?
> Is this a fundamental issue of the SMB protocol? Or an implementation bug
> in other implementations of SMB that Samba can't provide a workaround for?

More information about the samba mailing list