we have setup a subnet 172.19.0.0 on a second green interface everything work well
ping, trace, internet the only problem we face is that the PC in the new subnet cannot
reach the DC in the netlogon it seems that nethserver block something for the local domaine to work properly of course DC ping.
I wonder if anyone see that problem before or maybe I need to put something in place to fix this
thanks a lot
Connecting PCs from several networks (subnets) to NethServers AD is no problem, neither is it to use Nethservers AD from a complete VPN structure of three sites, where all PC authenticated to the AD.
But then again, I’ve NEVER used NethServer as router for my network. I reserve that duty for my OPNsense firewall, a dedicated hardware box handling firewalling, internet access, VPNs, and internally DNS / DHCP for all available internal networks.
NethServers DNS is a little too limited, I need to use it because of AD, but I’ll optimize my environment accordingly.
An AD should, in my opinion, NEVER be on a router / firewall, there are too many issues that can crop up and ruin the day!
My 2 cents
my domain controller is a windows server VM in the network 192.168.0.0 green
the pc is in the network 172.19.0.0 the other green interface
the nethserver is another VM with both interfaces
thanks for the answer
You might check the Windows firewall on both PC and (especially) AD Server…
Is your nethServer the default gateway for your AD? (And the PC!)
My 2 cents
But the container is bridged with 192.168.0.0?
If the answer is yes… the server is working as configured, which seems not what you wished for.
yes we tried without FW on both PC same result
sorry I don’t understand (But the container is bridged with 192.168.0.0?)
its a VM with 4 network card,
WAN, vlan10, vlan19 and the main netwrok 192.168.0.0
Did you already check
/var/log/firewall.log on the Nethserver? Blocks should be logged.
Maybe there’s a misconfigured firewall rule?
Does the domain join work on the same PC from the main network?
Can you ping the AD by name? (DNS issue?)
The netlogon share isn’t reachable?
A “VM” with 4 network cards does not exist, 4 NICs is OK (=logical Interface)…
But using 4 Network interfaces, this does NOT make any sense:
And to which vLAN is the PC connected to? vlan10 or vlan19?
What are the IPs of these vLANs?
To which Interface are these vLANs bridged (or running on)?
My 2 cents
we find it it, was the threat shield that was hijacking the DNS request
thanks a lot for your help
@Andy_Wismer you are right, logical interface