[Samba] Best practice multi-homed AD DC
Johannes Engel
jcnengel+samba at gmail.com
Fri May 22 12:00:57 UTC 2020
Hi Louis,
thanks a lot, this was the way I was thinking when I posted my question.
However, I got the impression that samba itself will take steps to set up
DNS records in the relevant zones on its own for the DCs which made me
think if there is a proper way to tell samba e.g. to focus only on records
related to interfaces the service is listening on.
Best regards
Johannes
Am Mo., 18. Mai 2020 um 11:46 Uhr schrieb L.P.H. van Belle via samba <
samba at lists.samba.org>:
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Michael Jones via samba
> > Verzonden: maandag 18 mei 2020 11:34
> > Aan: Rowland penny
> > CC: sambalist
> > Onderwerp: Re: [Samba] Best practice multi-homed AD DC
> >
> > On Mon, May 18, 2020 at 2:44 AM Rowland penny via samba <
> > samba at lists.samba.org> wrote:
> >
> > > On 17/05/2020 23:10, Michael Jones wrote:
> > > > Why?
> > > Amongst others, you may get:
> > >
> > > Slow / Failed logins
> > > Replication issues
> > > Group policy access issues
> > > login script issues
> > >
> > > A multi-homed DC (for whatever reason) is a bad idea.
> > >
> > > Rowland
> > >
> >
> > I appreciate the additional information here, but that doesn't really
> > answer my question, as short and unnuanced as it was.
> >
> > Why does a multi-homed DC lead to those things as a matter of course?
> Why, because people configure these things wrong.
>
>
> >
> > What's the underlying issue in Samba that leads to these problems?
> None im my optinion.
>
> >
> > Why can't Samba workaround the underlying issue to allow multi-homed
> DCs to function correctly?
> It can, if you configure your server correctly.
> In the "old way" use iproute and routing tables.
>
> In the new way use systemd-networking and setup per interface.
> Per example what i add in a multihomed system
>
> [Address]
> Address=192.168.1.1/24
>
> [Address]
> Address=192.168.2.1/24
>
> [Route]
> Destination=192.168.1.0/24
> Gateway=192.168.1.1
>
> [Route]
> Destination=192.168.2.0/24
> Gateway=192.168.2.1
>
> These above do the same as iproute, but more easy to setup, in my personal
> opinion.
>
>
>
> >
> > Is this a fundamental issue of the SMB protocol? Or an > implementation
> bug
> > in other implementations of SMB that Samba can't provide a > workaround
> for?
>
>
> People should only not forget to..
> Setup A and PTR in all domain/reverse zones.
>
> Greetz,
>
> Louis
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list