On 20/10/2020 17:46, Stefano Vargiu wrote:> Sorry, I don't get it. > > You?mean a domain member as opposed to a domain controller? > In which way is it?going?to help? >You should really only use a Samba AD DC for authentication, so the best idea would be to add a Unix domain member to the domain and install openvpn or freeradius or some other program that will do what you require. This is know to work and I am sure, if you do decide to go down this path, that you will get help here. Your way doesn't work and I am very sure that it will never work. Rowland
Christian Naumer
2020-Oct-20 18:56 UTC
[Samba] Samba AD with multiple DC and multiple NICs
Am 20.10.20 um 19:36 schrieb Rowland penny via samba:> On 20/10/2020 17:46, Stefano Vargiu wrote: >> Sorry, I don't get it. >> >> You?mean a domain member as opposed to a domain controller? >> In which way is it?going?to help? >> > You should really only use a Samba AD DC for authentication, so the best > idea would be to add a Unix domain member to the domain and install > openvpn or freeradius or some other program that will do what you > require. This is know to work and I am sure, if you do decide to go down > this path, that you will get help here.I don't think this is what the OP wanted to do. He wanted to connect two DCs in two different offices with a VPN. However, the way he wanted to do it (Rowland is absolutely correct here) is not possible in AD. As he has used the same subnets on the the two sites if I understand this correctly. You need two different subnets at your two sites. You router/firewall needs to connect the two sites and route the traffic from one two the other DC. They need to have different IPs. REgards Christian -- Dr. Christian Naumer Unit Head Bioprocess Development B.R.A.I.N Aktiengesellschaft Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail cn at brain-biotech.com, homepage www.brain-biotech.com fon +49-6251-9331-30 / fax +49-6251-9331-11 Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Adriaan Moelker (Vorstandsvorsitzender), Lukas Linnig Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
On 20/10/2020 19:56, Christian Naumer via samba wrote:> > Am 20.10.20 um 19:36 schrieb Rowland penny via samba: >> On 20/10/2020 17:46, Stefano Vargiu wrote: >>> Sorry, I don't get it. >>> >>> You?mean a domain member as opposed to a domain controller? >>> In which way is it?going?to help? >>> >> You should really only use a Samba AD DC for authentication, so the best >> idea would be to add a Unix domain member to the domain and install >> openvpn or freeradius or some other program that will do what you >> require. This is know to work and I am sure, if you do decide to go down >> this path, that you will get help here. > I don't think this is what the OP wanted to do. He wanted to connect two > DCs in two different offices with a VPN. > > However, the way he wanted to do it (Rowland is absolutely correct here) > is not possible in AD. As he has used the same subnets on the the two > sites if I understand this correctly. > You need two different subnets at your two sites. You router/firewall > needs to connect the two sites and route the traffic from one two the > other DC. They need to have different IPs. > > REgards > > Christian >If that is what the OP wants, then yes, I did totally misunderstand :-[ But apart from that, everything else I said was correct. If the DC's are at separate places, then not only does he need to use different subnets, he needs to use different 'sites' in AD and probably 2 DC's at each site. I have never done what is being proposed, but I think the idea is that you set up VPN between the two locations and then the the two DC's talk to each other down the VPN link. Rowland