Hello. Perhaps this question is not new, but I found no document on this (possibly I used the wrong search terms?)... Let's suppose I have an AD domain and I need it to work across two VLANs. My DC will have to IP addresses, 192.168.x.z for one VLAN and 192.168.y.z for the other one. Of course I'll have clients on both nets. Is this supported, possible at all, or is there any stopper? Any caveat? How should DNS be configured in order that each client will look for the AD on its subnet? bye & Thanks av.
On Fri, 17 Aug 2018 10:27:39 +0200 Andrea Venturoli via samba <samba at lists.samba.org> wrote:> Hello. > > Perhaps this question is not new, but I found no document on this > (possibly I used the wrong search terms?)... > > Let's suppose I have an AD domain and I need it to work across two > VLANs. My DC will have to IP addresses, 192.168.x.z for one VLAN and > 192.168.y.z for the other one.I know you say two IP ranges, but are you also thinking of two dns domains ? If so, it will not work as you can only have one realm and this is the dns domain name in uppercase. If you are only going to have one dns domain, then it should work, you will just have to create the required reverse zones and you will probably be better off using Bind9 instead of the internal dns server. You will also probably be better off using 'sites' with at least one DC in each site.> > Of course I'll have clients on both nets. > > Is this supported, possible at all, or is there any stopper? > Any caveat? > How should DNS be configured in order that each client will look for > the AD on its subnet?Just point the clients in each 'site' to the DC(s) in the site. Rowland
On 8/17/18 11:03 AM, Rowland Penny via samba wrote:> I know you say two IP ranges, but are you also thinking of two dns > domains ?No: one DNS domain.> If you are only going to have one dns domain, then it should work, you > will just have to create the required reverse zones and you will > probably be better off using Bind9 instead of the internal dns server.Why? I'm using internal DNS right now; why would I be "better off" with Bind9? What are the shortcomings of interna DNS?> You will also probably be better off using 'sites' with at least one DC > in each site.Is this really needed? Consider my "sites" would both be local and I would only have one physical server facing both VLANs. In any case, do you have a pointer to some documentation I can use (especially WRT to DNS)? bye & Thanks av.