Could @robb be on point? Can you ping these 2 nethserver servers from for instance your firewall machine? (You should) Is your firewall perhaps a bit too secure, only allowing defined traffic, and you didn’t define this kind of traffic?
Maybe this:
Samba Active Directory runs inside a Linux Container which uses a virtual network interface bridged to the network interface of the system. The virtual network interface has to be visible inside the physical network, but often virtualization solutions block ARP traffic. As a result, the Samba Active Directory container is not visible from LAN hosts.
http://docs.nethserver.org/en/v7/accounts.html#installing-on-a-virtual-machine
http://docs.nethserver.org/it/v7/accounts.html#installing-on-a-virtual-machine
5 Likes
Ping from firewall to
192.168.1.1 ok
192.168.1.2 fail
192.168.1.4 ok
Assuming promiscuous mode = true and you have bridged network connections for your virtualization option, as above, you should at least be able to ping .2 from it’s host, the .1 Can you?
Also, what virtualization are you using?
2 Likes
I have to work on the network part of the virtual plant.
We use oVirt as virtualization.
I have to work on the network part of the virtual plant.
We use oVirt as virtualization.
This is really weird. If the NSDC is correctly created, it should be reachable from any IP address on the subnet.
Do you already have accounts and services created in your account provider. If not, you could try to remove the Samba4 AD accountprovider and reinstall it.
I have no explanation for this. Maybe @davidep or @giacomo have a brilliant idea that I (as a simple sysadmin) can not come up with?
I bet on the promiscuous mode which is not enabled on the hypervisor.
Take look to:
3 Likes