[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
Bob, I have it going at 7 sites now on WinNT, Win98 and Win95 platforms. There are a couple of gotcha's in this whole thing 1) check yout LMHOSTS file and make sure that the PDC data is correctly being inserted. Be *VERY* careful with the placing of spaces as if they are incorrect, it will stop it all from working!!! The online documentation says to cut and paste but its a little difficult from a PDF document! Correct format and spacings in the dnsinfo.c file: ( :LMData ( : ( :ipaddr (<your PDC's IP Address>) :name (<your PDC's Name>) :domain (<your NT Domain name>) ) ) ) For Example ( :LMData ( : ( :ipaddr (10.0.0.1) :name (PDC1) :domain (SITDOM) ) ) ) Note that if you are using split dns you would have another section in this file... 2) If you are using NetBIOS over NAT, then you'll need to include the following line in your objects.C file on the FireWall Management server. :netbios_nat (true) 3) Make sure that the dnsinfo.C file is named dnsinfo.C - ie the case on the name counts (and not dnsinfo.c or DNSINFO.C). Also be wary of some text editors as they sometimes insert non-text characters which once again will stop things from working. Whenever you make changes to the .C files, its good practice to stop the management server (and any GUI clients) make the changes and then restart the management server again. Then deploy the rulebase to the firewall modules. Go to SecureClient and update the site. Then Check the contents of your winnt\system32\drivers\etc\drivers\LMHOST's file and make sure that its been updated. Yours Kindly Greg Munro -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Bob Bisignani Sent: 12 September 2000 12:23 a.m. To: [email protected]; [email protected]; [email protected] Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry Gentlemen, Have you gotten Secure Domain Logon (SDL) to work? I tried this using an NT and Windows 2000 Client and I was unable to get it to work. The PDC never answered. The log shows the request got thru but there was never any return answer. NT Event viewer on the PDC does not show anything either. Thanks Bob >From: Dan Hitchcock <[email protected]> >To: "'Patrick Baird'" <[email protected]>, >"'[email protected]'" ><[email protected]> >Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry >Date: Fri, 8 Sep 2000 16:18:42 -0700 > >I think this is what you're after: > >http://support.checkpoint.com/kb/docs/public/os/winnt/pdf/SDL-Prep.pdf > >Don't be thrown by the "NT" in the URL - the info you want is in there. > >Dan Hitchcock >CCNA, MCSE >Network Engineer >Xylo, Inc. (formerly employeesavings.com) >>The work/life solution for corporate thought leaders > > >-----Original Message----- >From: Patrick Baird [mailto:[email protected]] >Sent: Friday, September 08, 2000 3:30 PM >To: '[email protected]' >Subject: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry > > > >My previous post: [FW1] Split Horizon DNS w/ Split DNS for VPN has been >resolved, it is a simple matter of getting the NAT rules correct. my fault >for posting. > >Anyway, >I am reading the SDL document for win98, authored on May 22, 2000 and I see >the following: > >"To solve the issue of browsing with a win98 client, we will manually add >an >LMHOSTS entry to the clients: > >##.##.##.## "PDC-KIRK \0X1B" #pre > >Note: SP2 for CP2000 will allow central management of this entry through >the >use of dnsinfo.C, and this document will be updated accordingly when it >becomes available. BLAH,BLAH...BLAH,BLAH" > >Well, i viewed this document today, have SP2 running, so I don't think it >was updated. Anyway, does anyone know how to modify the dnsinfo.C file to >include the additional required LMHOSTS entry for win98 clients, instead of >having to manually add the 0x1b entry to each clients lmhosts file? > >thanks > >PDB > > > >=========================================================================== = >==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >=========================================================================== = >==== > ><< HowtoconfigureSecureDomainLogon-PreparingYourNetwork.url >> _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|