Is there any way to have Samba 4 / AD servers not connected to the internet and still have DNS working on the windows clients? My samba 3 servers are not permitted to be connected to the company network / internet so I have 2 nics in each desktop. 1 connecting to the private gigabit network where my samba 3 servers exist. The other connects to the company + internet. -- John M. Drescher
On Tue, 2012-12-11 at 12:49 -0500, John Drescher wrote:> Is there any way to have Samba 4 / AD servers not connected to the > internet and still have DNS working on the windows clients? My samba 3 > servers are not permitted to be connected to the company network / > internet so I have 2 nics in each desktop. 1 connecting to the private > gigabit network where my samba 3 servers exist. The other connects to > the company + internet.Samba doesn't require internet connectivity, but yes, you will have to work out how to ensure that the desktops can both resolve the name of the AD DC and names elsewhere on the network. This would seem to be a challenge in your setup, but perhaps you can have another dual-homed box running BIND, with a forwarder pointing to Samba4, and otherwise forwarding to the rest of the world. Then your dual-homed boxes could use that as their DNS server. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
---------- Forwarded message ---------- From: John Drescher <drescherjm at gmail.com> Date: Wed, Dec 12, 2012 at 4:51 AM Subject: Re: [Samba] Samba 4 / DNS To: Thomas Simmons <twsnnva at gmail.com>> If you have multi-homed systems, why can't you specify multiple DNS servers > on the workstations (one from the "public" network and the AD server on the > "private" network). Of course this assumes your using a domain name that the > first DNS server can't resolve.I believe the problem with that is that if the first DNS server returns that the address is not found the windows dns client does not try other DNS servers. Also, when you say "My samba 3 servers are> not permitted to be connected to the company network/internet", does this > mean directly connected? You could configure ICS (NAT) on one of the W7 > systems and have your S4 server forward all requests to the DNS server on > the primary network. This is how I'm currently running my S4 test setup to > keep it segregated from my main network which is controlled by an S3 PDC.That would not work either. Basically my non approved linux boxes are not permitted to have any connection to the Internet. NAT or proxy is certainly out. John -- John M. Drescher