David, Normally you wouldn't want load balanced servers to be in an anctive directory domain... but if it is a requirement then either use: Direct Routing (but make sure DNS is set to manual in both active directory and on the real servers) otherwise active directory stupidly registers the loopback adpater address :-0.
Or you can try single network NAT and make sure that: On the load balancer: In order for one arm NAT to work correctly you must modify the firewall script on the load balancers to disable ICMP redirects: # For single NIC NAT you will also need to disable re-directs # director is gw for realservers so turn OFF icmp redirects (1 on, 0 off) echo "0" >/proc/sys/net/ipv4/conf/all/send_redirects echo "0" >/proc/sys/net/ipv4/conf/default/send_redirects echo "0" >/proc/sys/net/ipv4/conf/eth0/send_redirects echo "0" >/proc/sys/net/ipv4/conf/eth1/send_redirects echo "0" >/proc/sys/net/ipv4/conf/eth2/send_redirects Make sure that these lines are active by removing the # at the start of each echo command. Then configure the routing on the windows real servers: Route configuration for Windows Server with one arm NAT mode When a client on the same subnet as the real server tries to access the virtual server on the load balancer the request will fail. The real server will try to use the local network to get back to the client rather than going through the load balancer and getting the correct network translation for the connection. To rectify this issue we need to add a route to the the load balancer that takes priority over Windows default routing rules. This is a simple case of adding a permanent route: route add -p 192.168.1.0 mask 255.255.255.0 metric 1 NB. Replace 192.168.1.0 with your local subnet address. The default route to the local network has a metric of 10, so this new route overrides all local traffic and forces it to go through the load balancer as required. Any local traffic (same subnet) is handled by this route and any external traffic is handled by the default route (which also points at the load balancer). I'm not sure what happens if the active directory is on a routed network, but I think it will still work. Please let me know. Thanks. 2008/10/10 David Dyer-Bennet <[EMAIL PROTECTED]> > > > > I'm not a Windows guy, but according to our Windows IT team, a computer > can't be part of a windows domain unless the domain controller can > initiate a connection to it. So these hidden servers can't be in our > corporate domain. It's not an issue with additional services, it's the > base domain membership. > -- Regards, Malcolm Turnbull. Loadbalancer.org Ltd. Phone: +44 (0)870 443 8779 http://www.loadbalancer.org/ _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
