[Samba] Samba AD with multiple DC and multiple NICs

Rowland penny rpenny at samba.org
Tue Oct 20 19:13:25 UTC 2020

On 20/10/2020 19:56, Christian Naumer via samba wrote:
> Am 20.10.20 um 19:36 schrieb Rowland penny via samba:
>> On 20/10/2020 17:46, Stefano Vargiu wrote:
>>> Sorry, I don't get it.
>>> You mean a domain member as opposed to a domain controller?
>>> In which way is it going to help?
>> You should really only use a Samba AD DC for authentication, so the best
>> idea would be to add a Unix domain member to the domain and install
>> openvpn or freeradius or some other program that will do what you
>> require. This is know to work and I am sure, if you do decide to go down
>> this path, that you will get help here.
> I don't think this is what the OP wanted to do. He wanted to connect two
> DCs in two different offices with a VPN.
> However, the way he wanted to do it (Rowland is absolutely correct here)
> is not possible in AD. As he has used the same subnets on the the two
> sites if I understand this correctly.
> You need two different subnets at your two sites. You router/firewall
> needs to connect the two sites and route the traffic from one two the
> other DC. They need to have different IPs.
> REgards
> Christian
If that is what the OP wants, then yes, I did totally misunderstand :-[

But apart from that, everything else I said was correct. If the DC's are 
at separate places, then not only does he need to use different subnets, 
he needs to use different 'sites' in AD and probably 2 DC's at each site.

I have never done what is being proposed, but I think the idea is that 
you set up VPN between the two locations and then the the two DC's talk 
to each other down the VPN link.


More information about the samba mailing list