[Samba] Samba AD with multiple DC and multiple NICs

Stefano Vargiu vstefanoxx at gmail.com
Tue Oct 20 21:09:09 UTC 2020

I didn't know the concept of site in AD: thank you for pointing that out to
me, I'll read about it.
I'm also going to avoid the same subnets on the two sites, but honestly
I'll try to keep the multi-homed configuration because I always used it (at
least in single master configurations), always worked and I never had
problems with it: I think it's enough that all the IPs of the domain
controller are reachable (through appropriate routing) from any subnets
served by it.

Thank you

Il giorno mar 20 ott 2020 alle ore 21:14 Rowland penny via samba <
samba at lists.samba.org> ha scritto:

> On 20/10/2020 19:56, Christian Naumer via samba wrote:
> >
> > Am 20.10.20 um 19:36 schrieb Rowland penny via samba:
> >> On 20/10/2020 17:46, Stefano Vargiu wrote:
> >>> Sorry, I don't get it.
> >>>
> >>> You mean a domain member as opposed to a domain controller?
> >>> In which way is it going to help?
> >>>
> >> You should really only use a Samba AD DC for authentication, so the best
> >> idea would be to add a Unix domain member to the domain and install
> >> openvpn or freeradius or some other program that will do what you
> >> require. This is know to work and I am sure, if you do decide to go down
> >> this path, that you will get help here.
> > I don't think this is what the OP wanted to do. He wanted to connect two
> > DCs in two different offices with a VPN.
> >
> > However, the way he wanted to do it (Rowland is absolutely correct here)
> > is not possible in AD. As he has used the same subnets on the the two
> > sites if I understand this correctly.
> > You need two different subnets at your two sites. You router/firewall
> > needs to connect the two sites and route the traffic from one two the
> > other DC. They need to have different IPs.
> >
> > REgards
> >
> > Christian
> >
> If that is what the OP wants, then yes, I did totally misunderstand :-[
> But apart from that, everything else I said was correct. If the DC's are
> at separate places, then not only does he need to use different subnets,
> he needs to use different 'sites' in AD and probably 2 DC's at each site.
> I have never done what is being proposed, but I think the idea is that
> you set up VPN between the two locations and then the the two DC's talk
> to each other down the VPN link.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list