[Samba] Samba AD with multiple DC and multiple NICs

L.P.H. van Belle belle at bazuin.nl
Wed Oct 21 11:59:50 UTC 2020 

To give an idea. 

# /etc/systemd/network/30-eth0.network
# Assuming LAN (samba interface ) 
[Match]
Name=eth0
 
[Network]
DHCP=no
DNSSEC=allow-downgrade
IPv6PrivacyExtensions=no
IPv6AcceptRouterAdvertisements=no
LinkLocalAddressing=no
 
# Samba AD-DC DNS.  
DNS=192.168.2.1
DNS=192.168.2.2
# Primary dnsDomain, the AD-DC should be in this DnsDomain
Domains=internal.domain.tld

# Time
NTP=192.168.2.1
NTP=192.168.2.2
 
[Address]
Address=192.168.2.1/24
 
[Route]
Destination=0.0.0.0/0
Gateway=192.168.2.1

 
# /etc/systemd/network/30-eth1.network # Assuming WAN (VPN interface ) 
[Match]
Name=eth1
 
[Network]
DHCP=no
DNSSEC=allow-downgrade
IPv6PrivacyExtensions=no
IPv6AcceptRouterAdvertisements=no
LinkLocalAddressing=no
 
# ! If you want to use lets-encrypt or so, use external DNS
DNS=8.8.8.8
DNS=1.1.1.1
# And the external search domain. 
Domains=domain.tld

[Address]
Address=1.2.3.4/24
Gateway=1.2.3.1 

 
Above eliminate the need to configure routing tables, for example.
 
 
Greetz, 
 
Louis
 
 


Van: Stefano Vargiu [mailto:vstefanoxx at gmail.com] 
Verzonden: woensdag 21 oktober 2020 13:18
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba AD with multiple DC and multiple NICs



> I suggest, research systemd-networkd 
Thank you, that is interesting information: I never used it.


> Mainly. Section [Networking] optional Route  

Do you mean [Network] section?
And Route is a section, right? (I see also a Route parameter and that's about IPv6)


> Setup the resolving per interface and your problem is solved.
Do you mean DNS resolving customized per interface?
I wonder if that's comparable to what I was trying to do with the DNS proxy in front of samba's DNS.


> I have more info on this also with the vpn part but i dont have the time 
write it out atm. (sorry) 

Don't worry, you already gave me a good starting point.


Il giorno mer 21 ott 2020 alle ore 12:25 L.P.H. van Belle via samba <samba at lists.samba.org> ha scritto:


I suggest, research systemd-networkd 
Mainly. Section [Networking] optional Route
https://www.freedesktop.org/software/systemd/man/systemd.network.html

Setup the resolving per interface and your problem is solved.
But, do note, an AD-DC only has 1 real hostname. 
So setting this up  can be done but before you install samba you must be sure
all resolving and works as expected. 

Only configure 1 hostname in /etc/hosts 
Any other one should come out the DNS. 

I have more info on this also with the vpn part but i dont have the time 
write it out atm. (sorry) 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefano Vargiu via samba
> Verzonden: woensdag 21 oktober 2020 11:59
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba AD with multiple DC and multiple NICs
> 
> >  they can only have one hostname, so which Ipaddress do you 
> link to that?
> 
> Both IPs? The requirement of a DC having only one hostname 
> doesn't rule out
> the option to let it be resolved to multiple IPs (which on 
> the other hand
> samba does automatically when binding it to multiple interfaces).
> 
> > What you could is, use one IP and then use a CNAME for the other IP
> Sorry, again I don't get it. Why a CNAME?
> How can I associate the second IP to a CNAME record?
> 
> With the configuration you are suggesting, are you implying 
> that I should
> only bind samba to one interface, or I can keep two interfaces in the
> "interfaces" parameter?
> 
> 
> Il giorno mer 21 ott 2020 alle ore 10:06 Rowland penny via samba <
> samba at lists.samba.org> ha scritto:
> 
> > On 20/10/2020 22:09, Stefano Vargiu via samba wrote:
> > > I didn't know the concept of site in AD: thank you for 
> pointing that out
> > to
> > > me, I'll read about it.
> > > I'm also going to avoid the same subnets on the two 
> sites, but honestly
> > > I'll try to keep the multi-homed configuration because I 
> always used it
> > (at
> > > least in single master configurations), always worked and 
> I never had
> > > problems with it: I think it's enough that all the IPs of 
> the domain
> > > controller are reachable (through appropriate routing) 
> from any subnets
> > > served by it.
> > >
> > > Thank you
> > > Stefano
> > >
> > You can do as you wish, but I will say it again, just in 
> case you missed
> > it, Active Directory Domain Controllers do not like being being
> > multi-homed, they can only have one hostname, so which 
> Ipaddress do you
> > link to that ? What you could is, use one IP and then use a 
> CNAME for
> > the other IP.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list