RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry

["Bob Bisignani" <rjbcheckpt@FW1-NOSPAMhotmail.com>]

Gregor,
      Yes, we are using IP Pool NAT for SecuRemote Connections.

Bob


> From: "Gregor Munro" <gmunro@securit.co.nz>
> To: "Bob Bisignani" <rjbcheckpt@hotmail.com>
> Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
> Date: Wed, 13 Sep 2000 07:08:50 +1200
>
> Are you using IP Pooling?
> Greg
>
> -----Original Message-----
> From: Bob Bisignani [mailto:rjbcheckpt@hotmail.com]
> Sent: 13 September 2000 7:08 a.m.
> To: gmunro@securit.co.nz; danh@xylo.com; pbaird@mvest.com;
> fw-1-mailinglist@lists.us.checkpoint.com
> Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
>
>
> Gregor,
>        I got the LMhosts file to update alright and fw1 passes the traffic
> from the client. The log shows that the PDC/BDC never responds. Any ideas?
> Nothing is in event viewer logs.
>
>        Are you using a pcanyhere or a 3rd party gina.dll file?
>
> Thanks
>
>
>
> Bob Bisignani
>
>
> >From: "Gregor Munro" <gmunro@securit.co.nz>
> >To: "Bob Bisignani" <rjbcheckpt@hotmail.com>, <danh@xylo.com> ,
> ><pbaird@mvest.com> , <fw-1-mailinglist@lists.us.checkpoint.com>
> >Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
> >Date: Tue, 12 Sep 2000 07:52:23 +1200
> >
> >Bob,
> >
> >I have it going at 7 sites now on WinNT, Win98 and Win95 platforms.
> >
> >There are a couple of gotcha's in this whole thing
> >1) check yout LMHOSTS file and make sure that the PDC data is correctly
> >being inserted.
> >Be *VERY* careful with the placing of spaces as if they are incorrect, it
> >will stop it all from working!!!
> >The online documentation says to cut and paste but its a little difficult
> >from a PDF document!
> >
> >Correct format and spacings in the dnsinfo.c file:
> >(
> >	:LMData (
> >			: (
> >				:ipaddr (<your PDC's IP Address>)
> >				:name (<your PDC's Name>)
> >				:domain (<your NT Domain name>)
> >			)
> >		)
> >)
> >
> >For Example
> >(
> >	:LMData (
> >			: (
> >				:ipaddr (10.0.0.1)
> >				:name (PDC1)
> >				:domain (SITDOM)
> >			)
> >		)
> >)
> >
> >Note that if you are using split dns you would have another section in 
> this
> >file...
> >
> >2) If you are using NetBIOS over NAT, then you'll need to include the
> >following line in your objects.C file on the FireWall Management server.
> >:netbios_nat (true)
> >
> >3) Make sure that the dnsinfo.C file is named dnsinfo.C - ie the case on
> >the
> >name counts (and not dnsinfo.c or DNSINFO.C). Also be wary of some text
> >editors as they sometimes insert non-text characters which once again 
> will
> >stop things from working.
> >
> >Whenever you make changes to the .C files, its good practice to stop the
> >management server (and any GUI clients) make the changes and then restart
> >the management server again. Then deploy the rulebase to the firewall
> >modules.
> >
> >Go to SecureClient and update the site. Then Check the contents of your
> >winnt\system32\drivers\etc\drivers\LMHOST's file and make sure that its
> >been
> >updated.
> >
> >
> >Yours Kindly
> >Greg Munro
> >
> >-----Original Message-----
> >From: owner-fw-1-mailinglist@lists.us.checkpoint.com
> >[mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of Bob
> >Bisignani
> >Sent: 12 September 2000 12:23 a.m.
> >To: danh@xylo.com; pbaird@mvest.com;
> >fw-1-mailinglist@lists.us.checkpoint.com
> >Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
> >
> >
> >
> >Gentlemen,
> >            Have you gotten Secure Domain Logon (SDL) to work? I tried 
> this
> >using an NT and Windows 2000 Client and I was unable to get it to work. 
> The
> >PDC never answered. The log shows the request got thru but there was 
> never
> >any return answer. NT Event viewer on the PDC does not show anything
> >either.
> >Thanks
> >
> >Bob
> >
> >
> > >From: Dan Hitchcock <danh@xylo.com>
> > >To: "'Patrick Baird'" <pbaird@mvest.com>,
> > >"'fw-1-mailinglist@lists.us.checkpoint.com'"
> > ><fw-1-mailinglist@lists.us.checkpoint.com>
> > >Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
> > >Date: Fri, 8 Sep 2000 16:18:42 -0700
> > >
> > >I think this is what you're after:
> > >
> > >http://support.checkpoint.com/kb/docs/public/os/winnt/pdf/SDL-Prep.pdf
> > >
> > >Don't be thrown by the "NT" in the URL - the info you want is in there.
> > >
> > >Dan Hitchcock
> > >CCNA, MCSE
> > >Network Engineer
> > >Xylo, Inc. (formerly employeesavings.com)
> > >
> > >The work/life solution for corporate thought leaders
> > >
> > >
> > >-----Original Message-----
> > >From: Patrick Baird [mailto:pbaird@mvest.com]
> > >Sent: Friday, September 08, 2000 3:30 PM
> > >To: 'fw-1-mailinglist@lists.us.checkpoint.com'
> > >Subject: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
> > >
> > >
> > >
> > >My previous post:  [FW1] Split Horizon DNS w/ Split DNS for VPN has 
> been
> > >resolved, it is a simple matter of getting the NAT rules correct.  my
> >fault
> > >for posting.
> > >
> > >Anyway,
> > >I am reading the SDL document for win98, authored on May 22, 2000 and I
> >see
> > >the following:
> > >
> > >"To solve the issue of browsing with a win98 client, we will manually 
> add
> > >an
> > >LMHOSTS entry to the clients:
> > >
> > >##.##.##.##	"PDC-KIRK     \0X1B"	#pre
> > >
> > >Note: SP2 for CP2000 will allow central management of this entry 
> through
> > >the
> > >use of dnsinfo.C, and this document will be updated accordingly when it
> > >becomes available.  BLAH,BLAH...BLAH,BLAH"
> > >
> > >Well, i viewed this document today, have SP2 running, so I don't think 
> it
> > >was updated.  Anyway, does anyone know how to modify the dnsinfo.C file
> >to
> > >include the additional required LMHOSTS entry for win98 clients, 
> instead
> >of
> > >having to manually add the 0x1b entry to each clients lmhosts file?
> > >
> > >thanks
> > >
> > >PDB
> > >
> > >
> > >
> >
> >===========================================================================
> >=
> > >====
> > >      To unsubscribe from this mailing list, please see the 
> instructions
> >at
> > >                http://www.checkpoint.com/services/mailing.html
> >
> >===========================================================================
> >=
> > >====
> > >
> > ><< HowtoconfigureSecureDomainLogon-PreparingYourNetwork.url >>
> >
> >_________________________________________________________________________
> >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
> >
> >Share information about yourself, create your own public profile at
> >http://profiles.msn.com.
> >
> >
> >
> >===========================================================================
> =
> >====
> >      To unsubscribe from this mailing list, please see the instructions 
> at
> >                http://www.checkpoint.com/services/mailing.html
> >===========================================================================
> =
> >====
> >
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.



================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================