Dear Samba-List, i'm new to the list and new to samba. Right now I'm trying setup a samba ADDC serving around 50 Windows 10 clients and a couple of linux clients. My ADDC Host has two NICs, eth0 should be connected to the wan - network, eth1 should be connect to a 10.* network, serving the windows and linux clients. The ADDC is up and running, serving only the 10.* network. I established a NAT service between the wan-network and the 10.* network. My windows client are able to surf the www ;-), they connect to the domain. Since I don't have another piece of extra hardware for the fileserver I did as mentioned in the SambaWiki: "If you do decide to use the Samba DC as a fileserver, please consider running a VM, on the DC, containing a separate Samba Unix domain member and use this instead." I set up a virtual machine running linux as guest os, but to be honest, i'm lost. I don't know how to integrate the virtual machine into the 10.* network to serve as a filesharer. I've setup up a bridge interface br0 on the host, added an tap0 device and the eth1 interface to the bridge. The tap0 is listening/connected to the virtual machine, the br0 interface was assigned the IP of the eth1 interface, the eth1 interface ip was flushed, and the eth1 interface was set into promisc-mode. The samba ADDC is now listenig to the br0 interface. This is working, the windows 10 clients can connect to the ADDC .... But ... The nating between br0 and eth0 doesn't work. Mmmmm, to be honest, it is definitively a wise decision to hide my 10.* network behind nat. Hope I was able to explain my problem. To set up the bridge I was following the guide at: https://brezular.com/2011/06/19/bridging-qemu-image-to-the-real-network-using-tap-interface/ Can someone on the list give me some general or even detailed directions? Many thanks and enjoy your weekend, blubberbaer
Hi blubberbaer, On Fri, 7 Feb 2020 at 19:26, kaffeesurrogat via samba <samba at lists.samba.org> wrote:> i'm new to the list and new to samba. Right now I'm trying setup a samba > ADDC serving around 50 Windows 10 clients and a couple of linux clients. > [...] > I set up a virtual machine running linux as guest os, but to be honest, > i'm lost. I don't know how to integrate the virtual machine into the > 10.* network to serve as a filesharer. > [...] > > The nating between br0 and eth0 doesn't work. Mmmmm, to be honest, it is > definitively a wise decision to hide my 10.* network behind nat.I haven't done this before (my DC hardware isn't powerful enough to run VMs) but as I understand it, the idea is that the host running AD DC shouldn't be used for a fileserver - therefore a new (virtual) host is set up for use as a fileserver. So far, so good. I wonder if the problem you're having might be to do with NAT? You mention that your eth1 network is connected to the clients - but the mention of NAT worries me a little, as server services behind NAT tend to be more troublesome to get working (and also if there is only a single IP address being NATted, then there could be conflicts between the AD DC and the VM running as a fileserver) Are you able to bridge (and not NAT) your fileserver VM on the eth1 network, so that it gets a real IP address on that subnet, and doesn't use NAT? The clients should ideally be able to reach the fileserver directly, not via NAT. It wasn't clear to me from your original post where the NAT was being applied. Can you confirm what IP address your fileserver VM has - is it in the same IP address range as the Windows clients, and can they communicate with it in both directions? Hope that helps give some pointers at least, J -- "If we knew what it was we were doing, it would not be called research, would it?" - Albert Einstein
Hi Jonathan,
thanks for your replay, that was really kind.
The thingy is now working.
Here is the output of "ip addr":
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether ac:1f:6b:12:b7:f2 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq
master br0 state UP group default qlen 1000
link/ether ac:1f:6b:12:b7:f3 brd ff:ff:ff:ff:ff:ff
inet6 fe80::ae1f:6bff:fe12:b7f3/64 scope link
valid_lft forever preferred_lft forever
5: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 00:11:f6:7e:db:43 brd ff:ff:ff:ff:ff:ff
inet XXX.XX.XX.XXXX/19 brd XXX.XX.XX.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 fe80::211:f6ff:fe7e:db43/64 scope link
valid_lft forever preferred_lft forever
6: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master br0 state UP group default qlen 1000
link/ether 5a:b0:10:70:8f:e6 brd ff:ff:ff:ff:ff:ff
inet6 fe80::58b0:10ff:fe70:8fe6/64 scope link
valid_lft forever preferred_lft forever
7: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP group default qlen 1000
link/ether 5a:b0:10:70:8f:e6 brd ff:ff:ff:ff:ff:ff
inet 10.20.30.1/24 scope global noprefixroute br0
valid_lft forever preferred_lft forever
inet6 fe80::8802:16ff:fea9:9842/64 scope link
valid_lft forever preferred_lft forever
To make a summary:
eth1 and tap0 are members of br0. the virtual machine is listening on
tap0. Nating is done between wlan0 and the br0 interface.
Got it running. Quite happy about it :-) Wlan0 will be taken down and i
will switch to eth0 if i feel confident about my setup.
If there is anyone who wants to make a similiar setup, let me know. I
will dig up all my config files ...
Have fun,
blubberbaer
On 16/02/2020 18:10, Jonathan Hunter via samba wrote:> Hi blubberbaer,
>
> On Fri, 7 Feb 2020 at 19:26, kaffeesurrogat via samba
> <samba at lists.samba.org> wrote:
>> i'm new to the list and new to samba. Right now I'm trying
setup a samba
>> ADDC serving around 50 Windows 10 clients and a couple of linux
clients.
>> [...]
>> I set up a virtual machine running linux as guest os, but to be honest,
>> i'm lost. I don't know how to integrate the virtual machine
into the
>> 10.* network to serve as a filesharer.
>> [...]
>>
>> The nating between br0 and eth0 doesn't work. Mmmmm, to be honest,
it is
>> definitively a wise decision to hide my 10.* network behind nat.
>
> I haven't done this before (my DC hardware isn't powerful enough to
> run VMs) but as I understand it, the idea is that the host running AD
> DC shouldn't be used for a fileserver - therefore a new (virtual) host
> is set up for use as a fileserver. So far, so good.
>
> I wonder if the problem you're having might be to do with NAT?
>
> You mention that your eth1 network is connected to the clients - but
> the mention of NAT worries me a little, as server services behind NAT
> tend to be more troublesome to get working (and also if there is only
> a single IP address being NATted, then there could be conflicts
> between the AD DC and the VM running as a fileserver)
>
> Are you able to bridge (and not NAT) your fileserver VM on the eth1
> network, so that it gets a real IP address on that subnet, and doesn't
> use NAT? The clients should ideally be able to reach the fileserver
> directly, not via NAT. It wasn't clear to me from your original post
> where the NAT was being applied.
>
> Can you confirm what IP address your fileserver VM has - is it in the
> same IP address range as the Windows clients, and can they communicate
> with it in both directions?
>
> Hope that helps give some pointers at least,
>
> J
>
Reasonably Related Threads
- AD DC and file server on a virtual machine
- Default Group Policies and Default Domain Controller Policy are empty
- Default Group Policies and Default Domain Controller Policy are empty
- Internal DNS, update of reverse zone fails
- Internal DNS, update of reverse zone fails