Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Domain administration over VPN?

from Mike Feetham [Permanent Link]
Subject: Re: [FW-1] Domain administration over VPN?
From: Mike Feetham <mike.feetham AT PERCEPTA-CRM DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Fri, 20 Feb 2004 12:17:31 -0500 
I would suggest starting with the data you have.  First, what does the
firewall log say when you try to connect with User Manager (or some other
domain application, like server manager)?  And what is the error message you
get when it fails?

Also, try running nbtstat -a <pdc name> on the remote workstation, to make
sure you are seeing netbios information from your PDC.

You should get something like this:


          NetBIOS Remote Machine Name Table

      Name               Type         Status
   ---------------------------------------------
   MyPDC              <00>  UNIQUE      Registered
   MyPDC              <20>  UNIQUE      Registered
   MyDOMAIN           <00>  GROUP       Registered
   MyDOMAIN           <1C>  GROUP       Conflict
   MyDOMAIN           <1B>  UNIQUE      Registered
   MyDOMAIN           <1E>  GROUP       Registered
   MyPDC              <03>  UNIQUE      Registered
   MyDOMAIN           <1D>  UNIQUE      Registered
   ..__MSBROWSE__.<01>  GROUP       Registered
   MyPDC              <01>  UNIQUE      Registered

   MAC Address = 00-80-5F-C1-6F-60

Also, what is the OS of the client machine?  If it is WinNT, Win2000, WinXP,
or Win2003, has it been registered as a member of the domain?  Without that
trust relationship, you won't have domain access.




-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Eric
Brouwer (Corporate DET)
Sent: Friday, February 20, 2004 9:48 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Domain administration over VPN?

If it is supported, and I am using the proper LMHOSTS entries, what might my
problem be?

Eric

-----Original Message-----
From: David Gillett [mailto:gillettdavid AT FHDA DOT EDU]
Sent: Thursday, February 19, 2004 7:34 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Domain administration over VPN?


  Believe it or not, it was in fact supported by NT 4.0.
You need WINS or the LMHOSTS #DOM: entries to associate
the domain name to a host that is a domain controller,
unless you're on a local segment where the resolution can
use (IP!) broadcasts.

Dave Gillett

> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On Behalf Of Hal
> Dorsman
> Sent: Thursday, February 19, 2004 1:04 PM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Domain administration over VPN?
>
>
> Someone correct me if I am wrong, but providing WINs information to
> your VPN client is not enough as legacy Microsoft domain naming occurs
> using Netbios, not IP compliant clients.  In order to get the
> Microsoft client to be able to browse domains, you must enable Netbios
> over TCP/IP and I do not believe that was supported in
> NT.
>
> Hal
>
> > -----Original Message-----
> > From: "Rodriguez Quintero, Juan Diego, SYNAPSIS Perú"
> > [mailto:jrodriguez AT SYNAPSIS.COM DOT PE]
> > Sent: Thursday, February 19, 2004 1:26 PM
> > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > Subject: Re: [FW-1] Domain administration over VPN?
> >
> >
> > The domain information is not only set on those lmhosts registers.
> > WINS Servers have some additional information you may need to add
> > to your lmhosts
> > file
> >
> > You may search for info on this link.
> >
> > http://www.babinszki.com/winnt/trusts/lmhosts.htm.
> >
> > I know microsoft has an article about it but I couldn´t find it
> > right now.
> >
> > Regards,
> >
> > Ing. Juan Diego Rodríguez Quintero, MCSE  CCNA
> > Ingeniero de Redes
> > Ingeniería de Sistemas y Microinformática
> >
> > Teléfonos: (511) 5171208
> > Fax: (511) 5171232
> >
> >
> >
> >
> >
> > -----Mensaje original-----
> > De: Eric Brouwer (Corporate DET) [mailto:ebrouwer AT VILLAGEGREEN DOT COM]
> > Enviado el: Jueves, 19 de Febrero de 2004 03:05 p.m.
> > Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > Asunto: Re: [FW-1] Domain administration over VPN?
> >
> >
> > I do have LMHOSTS installed.  We don't use WINS on the network, so
> > we need LMHOSTS.  I can ping my PDC by name and IP when connected
> > with VPN.
> >
> > Eric
> >
> > -----Original Message-----
> > From: Mike Feetham [mailto:mike.feetham AT PERCEPTA-CRM DOT COM]
> > Sent: Thursday, February 19, 2004 2:32 PM
> > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > Subject: Re: [FW-1] Domain administration over VPN?
> >
> >
> > The easiest way to make this work is to make sure you enter proper
> > WINS server information for your network into your remote
> > workstation.  If you
> > are not using a WINS server, then add your PDC into your
> > LMHOSTS file with
> > the #DOM:<domain> setting (the lmhosts file has examples in it).
> >
> > Otherwise your system doesn't know what IP addresses are associated
> > with the domain, even though you can ping the machines by IP
> > address.
> >
> >
> >
> > -----Original Message-----
> > From: Mailing list for discussion of Firewall-1
> > [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Hal
> > Dorsman
> > Sent: Thursday, February 19, 2004 12:45 PM
> > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > Subject: Re: [FW-1] Domain administration over VPN?
> >
> > Netbios over TCP/IP, but I am not sure you can do that
> > on NT 4.  NT domain stuff is done over Netbios and that does not
> > natively route over IP.  Win 2000 and above support Netbios in IP
> > encapsulation.
> >
> > Hal
> >
> > > -----Original Message-----
> > > From: Eric Brouwer (Corporate DET)
> > [mailto:ebrouwer AT VILLAGEGREEN DOT COM]
> > > Sent: Thursday, February 19, 2004 7:05 AM
> > > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > > Subject: [FW-1] Domain administration over VPN?
> > >
> > >
> > > Good morning,
> > >
> > > I am running SecureClient on a W2K Pro machine, and use
> > FW-1 NG w/ AI.
> > > I can make a connection to my LAN over the VPN and transfer files,
> > > but I can not perform domain administrative tasks such as User
> > > Manager for Domains.
> > > My domain is NT 4.0.  Any ideas what I could look at?
> > >
> > > Thanks,
> > >
> > > Eric
> > >
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your subscription
> > options, email fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your subscription
> > options, email fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your subscription
> > options, email fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your subscription
> > options, email fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [FW-1] VOIP, Graham King
Next by Date:  [FW-1] HELP IN PORT REDIRECT !!!!, Neeraj Jha
Previous by Thread:  Re: [FW-1] Domain administration over VPN?, Eric Brouwer (Corporate DET)
Next by Thread:  [FW-1] splitting into separate management/enforcement, Sascha Picchiantano
Indexes:  [Date] [Thread] [Top] [All Lists]