NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry



Bob,

I have it going at 7 sites now on WinNT, Win98 and Win95 platforms.

There are a couple of gotcha's in this whole thing
1) check yout LMHOSTS file and make sure that the PDC data is correctly
being inserted.
Be *VERY* careful with the placing of spaces as if they are incorrect, it
will stop it all from working!!!
The online documentation says to cut and paste but its a little difficult
from a PDF document!

Correct format and spacings in the dnsinfo.c file:
(
	:LMData (
			: (
				:ipaddr (<your PDC's IP Address>)
				:name (<your PDC's Name>)
				:domain (<your NT Domain name>)
			)
		)
)

For Example
(
	:LMData (
			: (
				:ipaddr (10.0.0.1)
				:name (PDC1)
				:domain (SITDOM)
			)
		)
)

Note that if you are using split dns you would have another section in this
file...

2) If you are using NetBIOS over NAT, then you'll need to include the
following line in your objects.C file on the FireWall Management server.
:netbios_nat (true)

3) Make sure that the dnsinfo.C file is named dnsinfo.C - ie the case on the
name counts (and not dnsinfo.c or DNSINFO.C). Also be wary of some text
editors as they sometimes insert non-text characters which once again will
stop things from working.

Whenever you make changes to the .C files, its good practice to stop the
management server (and any GUI clients) make the changes and then restart
the management server again. Then deploy the rulebase to the firewall
modules.

Go to SecureClient and update the site. Then Check the contents of your
winnt\system32\drivers\etc\drivers\LMHOST's file and make sure that its been
updated.


Yours Kindly
Greg Munro

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of Bob
Bisignani
Sent: 12 September 2000 12:23 a.m.
To: [email protected]; [email protected];
[email protected]
Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry



Gentlemen,
           Have you gotten Secure Domain Logon (SDL) to work? I tried this
using an NT and Windows 2000 Client and I was unable to get it to work. The
PDC never answered. The log shows the request got thru but there was never
any return answer. NT Event viewer on the PDC does not show anything either.
Thanks

Bob


>From: Dan Hitchcock <[email protected]>
>To: "'Patrick Baird'" <[email protected]>,
>"'[email protected]'"
><[email protected]>
>Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
>Date: Fri, 8 Sep 2000 16:18:42 -0700
>
>I think this is what you're after:
>
>http://support.checkpoint.com/kb/docs/public/os/winnt/pdf/SDL-Prep.pdf
>
>Don't be thrown by the "NT" in the URL - the info you want is in there.
>
>Dan Hitchcock
>CCNA, MCSE
>Network Engineer
>Xylo, Inc. (formerly employeesavings.com)
>>The work/life solution for corporate thought leaders
>
>
>-----Original Message-----
>From: Patrick Baird [mailto:[email protected]]
>Sent: Friday, September 08, 2000 3:30 PM
>To: '[email protected]'
>Subject: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
>
>
>
>My previous post:  [FW1] Split Horizon DNS w/ Split DNS for VPN has been
>resolved, it is a simple matter of getting the NAT rules correct.  my fault
>for posting.
>
>Anyway,
>I am reading the SDL document for win98, authored on May 22, 2000 and I see
>the following:
>
>"To solve the issue of browsing with a win98 client, we will manually add
>an
>LMHOSTS entry to the clients:
>
>##.##.##.##	"PDC-KIRK     \0X1B"	#pre
>
>Note: SP2 for CP2000 will allow central management of this entry through
>the
>use of dnsinfo.C, and this document will be updated accordingly when it
>becomes available.  BLAH,BLAH...BLAH,BLAH"
>
>Well, i viewed this document today, have SP2 running, so I don't think it
>was updated.  Anyway, does anyone know how to modify the dnsinfo.C file to
>include the additional required LMHOSTS entry for win98 clients, instead of
>having to manually add the 0x1b entry to each clients lmhosts file?
>
>thanks
>
>PDB
>
>
>
>===========================================================================
=
>====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>===========================================================================
=
>====
>
><< HowtoconfigureSecureDomainLogon-PreparingYourNetwork.url >>

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.