Re: [Samba] getent not working after installing firewall
- Date: Mon, 4 Mar 2019 21:13:00 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] getent not working after installing firewall
On Mon, 04 Mar 2019 15:47:23 -0500
Mark Foley via samba <samba@xxxxxxxxxxxxxxx> wrote:
> On Mon, 4 Mar 2019 21:28:19 +0100 Reindl Harald
> <h.reindl@xxxxxxxxxxxxx> wrote:
> > Am 04.03.19 um 21:18 schrieb Mark Foley via samba:
> > >> It shouldn't, you normally only have one gateway, it is by
> > >> definition the 'gateway' to the WAN & internet, so I would use
> > >> the same one on all your machines.
> > >
> > > The LAN host gateways are assiged by the dhcpd server. Unless I
> > > hard-code static IP's I can't really change that. The Windows
> > > computers likewise show the AD/DC (192.168.0.2) as the gateway
> > > and they all work fine.
> > how does that matter?
> No sure what you mean by "how does that matter?"
> > your gateway is only part of the game when you try to reach an IP
> > outside your LAN
> > you said "Last evening I installed a Sonicwall firewall between the
> > Internet and office LAN. The only change that I know of for the LAN
> > workstations was that the gateway is now 192.168.0.1 instead of
> > 192.168.0.2" but above you said "The Windows computers likewise
> > show the AD/DC (192.168.0.2) as the gateway"
> > so hell, what is the IP of your "Sonicwall firewall between the
> > Internet and office LAN" and if it's 192.168.0.1 that don't match
> > "The Windows computers likewise show the AD/DC (192.168.0.2) as the
> > gateway"
> Well, I figured someone might catch that, but I didn't want to muddy
> things further by posting a follow-up. But, since you've noticed ...
> To clarify:
> Without the Sonicwall, host 192.168.0.2 (DC) had the ISP's gateway
> 188.8.131.52 configured.
The ISP's gateway ? is this the ipaddress of the 'whatever it
is' (router ?) inside your premises or is it actually one of your ISP's
nameservers or your ISP's gateway ?
Your LAN appears to be using the 192.168.0/0/24 address range and I
would have expected your gateway to be 192.168.0.1 or similar.
>All the LAN workstations had 192.168.0.2
> (DC) set as the gateway (route command output). The dhcpcd client
> sets the IP, mask, nameserver and gatway so *it* set the DC as the
> gateway, not me directly. Regardless, this had worked for years.
I am now wondering if we are talking about the same program, there is
'isc-dhcp-client' and then there is 'dhcpcd', which are you using ?
> When I configured the Sonicwall (IP 192.168.0.1), it got configured
> with the ISP gateway. I configured the DC (192.168.0.2) gateway with
> the Sonicwall's IP: 192.168.0.1.
What is this Sonicwall thing, every firewall device I have had
dealings with, have had at least two network cards, one connected to
the internal network and one connected to the external network.
> Since the DC is still the DHCP server, it is still passing
> 192.168.0.2 to clients' dhcpcd as the gateway:
Then you need to reconfigure the DHCP server to send the correct
> On a domain member:
> # route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface default mail.hprs.local 0.0.0.0 UG
> 202 0 0 eth0 loopback *
> 255.0.0.0 U 0 0 0 lo 192.168.0.0
> * 255.255.255.0 U 202 0 0 eth0 1
> 15:45:31 root@labrat:~
> # host mail.hprs.local
> mail.hprs.local has address 192.168.0.2
> > the AD/DC *is not your gateway* - it's the "Sonicwall firewall"
> > connecting your LAN to the internet and nothing else
> Now, I could configure the Linux domain members to hard-code
> 192.168.0.1 (Sonicwall) as the gateway, and I'll try that as an
> experiment, but I'll repeat, none of the client workstation/
> domain-members on the LAN are having any problem resolving names or
> getting outside the LAN. So, I don't think the gateway is the
They wouldn't do, they are asking your DC and as it doesn't know, it
asks the internet through its gateway, the sonicwall thing.
> If you see the message I sent later, I'm only having a problem with
> getent, and only for domain members who had not previously logged
> onto a given Linux workstation. I don't think the gateway is the
> issue with that.
I wouldn't bet on it, especially as the problem only started after you
installed the sonicwall thing.
To unsubscribe from this list go to the following URL and read the