|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
Gregor, thanks for the info on the LMdata section. My winnt and win9x clients are correctly receiving the information which should enable browsing but it still does not work. The LMHosts file is correct, I have my wins servers IP address in the dial up properties, and I can map drives etc... but can't browse the network. My dnsinfo.C file is also working for dns resolution and mappings of my domains, etc... Are any of you using NT and dialing out to an ISP (my case MSN). I am confused on how to get SDL working on NT when I am supplying credentials for MSN when I dial out. I guess my thick skull needs a step by step on how to log into a winnt machine locally, dial the ISP, and get SSO and SDL to fire up on SecuRemote I want to get network neighborhood browsable because my users aren't very technical and mapping a drive is extremely hard for them to do for some reason... thanks PDB -----Original Message----- From: Bob Bisignani [mailto:[email protected]] Sent: Thursday, September 14, 2000 9:06 AM To: [email protected]; [email protected]; [email protected]; [email protected] Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry Gregor, Logon script now executes since adding :netbios_nat (true) but drive mappings generate an network path not found (system 53) error. A net time entry in the logon script works it references the %logonserver% parameter but net use t: \\server\share does not work. Maybe \\server.domain.com\share is required?? After logon script executes and the desktop comes up, net use t: \\server\share works with no problems, it just does not work in the logon script. I tried adding an entry for "server" in my dnsinfo.C, it replicated to the LMHosts file but the logon script still did not work. Both NT 4.0 and Windows 2000 did the same thing. Client is version 4165 (SP2) VPN-1 fw-1 is SP1. Also, in your dnsinfo.C file below you sometime use :domain parameter and some time do not - is this for PDCs and BDCs only? Thanks Bob >From: "Gregor Munro" <[email protected]> >To: "Gregor Munro" <[email protected]> , "Bob Bisignani" ><[email protected]>, <[email protected]> , <[email protected]> , ><[email protected]> >Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry >Date: Thu, 14 Sep 2000 08:17:18 +1200 > >Hi, > >For all those following this thread, we solved the problem offline. The >solution is in the $FWDIR/conf/dnsinfo.C file. It comes down to uppper and >lower case of letters and the correct placing of spaces. >--snip-- >( > :LMdata ( > : ( > :ipaddr (10.0.0.1) > :name (MERLIN) > :domain (ROUNDTABLE) > ) > : ( > :ipaddr (10.0.0.1) > :name (MERLIN) > ) > ) >) >--snip-- >I suggest you cut and past from the above and replace the IP addresses and >host names as appropriate. >What are the differences? Well firstly there's correct spacing, secondly >theres a second LMdata section without the domain specified and LASTLY....I >changed LMData to LMdata (lower case d). > >Note that this will insert an entry with a "\0x1b" in the LMHosts entry. >This is a Microsoft thing. It should be there! > >Yours Kindly >Gregor Munro >-----Original Message----- >From: [email protected] >[mailto:[email protected]]On Behalf Of >Gregor Munro >Sent: 12 September 2000 7:52 a.m. >To: Bob Bisignani; [email protected]; [email protected]; >[email protected] >Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry > > > >Bob, > >I have it going at 7 sites now on WinNT, Win98 and Win95 platforms. > >There are a couple of gotcha's in this whole thing >1) check yout LMHOSTS file and make sure that the PDC data is correctly >being inserted. >Be *VERY* careful with the placing of spaces as if they are incorrect, it >will stop it all from working!!! >The online documentation says to cut and paste but its a little difficult >from a PDF document! > >Correct format and spacings in the dnsinfo.c file: >( > :LMData ( > : ( > :ipaddr (<your PDC's IP Address>) > :name (<your PDC's Name>) > :domain (<your NT Domain name>) > ) > ) >) > >For Example >( > :LMData ( > : ( > :ipaddr (10.0.0.1) > :name (PDC1) > :domain (SITDOM) > ) > ) >) > >Note that if you are using split dns you would have another section in this >file... > >2) If you are using NetBIOS over NAT, then you'll need to include the >following line in your objects.C file on the FireWall Management server. >:netbios_nat (true) > >3) Make sure that the dnsinfo.C file is named dnsinfo.C - ie the case on >the >name counts (and not dnsinfo.c or DNSINFO.C). Also be wary of some text >editors as they sometimes insert non-text characters which once again will >stop things from working. > >Whenever you make changes to the .C files, its good practice to stop the >management server (and any GUI clients) make the changes and then restart >the management server again. Then deploy the rulebase to the firewall >modules. > >Go to SecureClient and update the site. Then Check the contents of your >winnt\system32\drivers\etc\drivers\LMHOST's file and make sure that its >been >updated. > > >Yours Kindly >Greg Munro > >-----Original Message----- >From: [email protected] >[mailto:[email protected]]On Behalf Of Bob >Bisignani >Sent: 12 September 2000 12:23 a.m. >To: [email protected]; [email protected]; >[email protected] >Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry > > > >Gentlemen, > Have you gotten Secure Domain Logon (SDL) to work? I tried this >using an NT and Windows 2000 Client and I was unable to get it to work. The >PDC never answered. The log shows the request got thru but there was never >any return answer. NT Event viewer on the PDC does not show anything >either. >Thanks > >Bob > > > >From: Dan Hitchcock <[email protected]> > >To: "'Patrick Baird'" <[email protected]>, > >"'[email protected]'" > ><[email protected]> > >Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry > >Date: Fri, 8 Sep 2000 16:18:42 -0700 > > > >I think this is what you're after: > > > >http://support.checkpoint.com/kb/docs/public/os/winnt/pdf/SDL-Prep.pdf > > > >Don't be thrown by the "NT" in the URL - the info you want is in there. > > > >Dan Hitchcock > >CCNA, MCSE > >Network Engineer > >Xylo, Inc. (formerly employeesavings.com) > >> >The work/life solution for corporate thought leaders > > > > > >-----Original Message----- > >From: Patrick Baird [mailto:[email protected]] > >Sent: Friday, September 08, 2000 3:30 PM > >To: '[email protected]' > >Subject: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry > > > > > > > >My previous post: [FW1] Split Horizon DNS w/ Split DNS for VPN has been > >resolved, it is a simple matter of getting the NAT rules correct. my >fault > >for posting. > > > >Anyway, > >I am reading the SDL document for win98, authored on May 22, 2000 and I >see > >the following: > > > >"To solve the issue of browsing with a win98 client, we will manually add > >an > >LMHOSTS entry to the clients: > > > >##.##.##.## "PDC-KIRK \0X1B" #pre > > > >Note: SP2 for CP2000 will allow central management of this entry through > >the > >use of dnsinfo.C, and this document will be updated accordingly when it > >becomes available. BLAH,BLAH...BLAH,BLAH" > > > >Well, i viewed this document today, have SP2 running, so I don't think it > >was updated. Anyway, does anyone know how to modify the dnsinfo.C file >to > >include the additional required LMHOSTS entry for win98 clients, instead >of > >having to manually add the 0x1b entry to each clients lmhosts file? > > > >thanks > > > >PDB > > > > > > > >=========================================================================== >= > >==== > > To unsubscribe from this mailing list, please see the instructions >at > > http://www.checkpoint.com/services/mailing.html > >=========================================================================== >= > >==== > > > ><< HowtoconfigureSecureDomainLogon-PreparingYourNetwork.url >> > >_________________________________________________________________________ >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > >Share information about yourself, create your own public profile at >http://profiles.msn.com. > > > >=========================================================================== = >==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >=========================================================================== = >==== > > > >=========================================================================== = >==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >=========================================================================== = >==== > _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
