NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry



Hi Bob,

The use of :domain label in the dnsinfo.C file is only for the Windows NT
clients.

To quote the Public Configuration Document

"To solve the issue of browsing with a Win98 client, we previously had to
manually add an LMHOSTS entry to the clients:
10.10.1.10 ?PDC-KIRK      \0x1b? #PRE

This entry is only required to allow Win98 clients to browse in Network
Neighborhood; however, they can
still authenticate and browse by Universal Naming Convention (UNC) when it
is not used. WinNT
clients do not require this entry.

This entry in the LMHOSTS file is required for Win98 clients to locate the
domain master browser for retrieval of a resource list ? THIS IS ALWAYS THE
PDC. The name must be padded out to 15 characters with spaces and contained
in double-quotes as shown above. Appended to the padded name is a hex
character \0x1b that notifies our client this name is a domain master
browser. Be sure to add the #PRE tag to store this in the NetBIOS name cache
or this will not work. "

But if you have SP2 and configure it as per my earlier email. You dont have
to manually configure each win 98/95 workstation as it will be done whenever
the topology is updated.

So the Anatomy of the dnsinfo.C file for LMHOSTS is as follows:
>(
 ^Required at the top of the file.
>	:LMdata (
	^Section Label (note the lowercase 'd' and the whitespace after the label).
>		: (
		^Required LMHOSTS entry (note the whitespace after the colon)
>			:ipaddr (10.0.0.1)
			^IP address of the PDC (note the whitespace)
>			:name (MERLIN)
			^Name of the PDC
>			:domain (ROUNDTABLE) (note the whitespace)
			^Name of the Domain that this is the PDC for (note the whitespace)
>		)
		^Required end of the definition for this LMHOSTS entry
>		: (
		^Required for Win95/98 clients ( note the whitespace after the colon)
>			:ipaddr (10.0.0.1)
			^IP Address of the PDC (note the whitespace)
>			:name (MERLIN)
			^Name of the PDC (note the whitespace)
>		)
		^Required end of the definition for this LMHOSTS entry for Win95/98
clients
>	)
	^Required - ends the LMdata section
>)
 ^Required at bottom of file.

- Greg
-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of Bob
Bisignani
Sent: 15 September 2000 1:06 a.m.
To: [email protected]; [email protected]; [email protected];
[email protected]
Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry



Gregor,
      Logon script now executes since adding :netbios_nat (true) but drive
mappings generate an network path not found (system 53) error. A net time
entry in the logon script works it references the
%logonserver% parameter but net use t: \\server\share does not work. Maybe
\\server.domain.com\share is required?? After logon script executes and the
desktop comes up, net use t: \\server\share works with no problems, it just
does not work in the logon script. I tried adding an entry for "server" in
my dnsinfo.C, it replicated to the LMHosts file but the logon script still
did not work. Both NT 4.0 and Windows 2000 did the same thing. Client is
version 4165 (SP2) VPN-1 fw-1 is SP1.

      Also, in your dnsinfo.C file below you sometime use :domain parameter
and some time do not - is this for PDCs and BDCs only?

      Thanks

Bob

>From: "Gregor Munro" <[email protected]>
>To: "Gregor Munro" <[email protected]> , "Bob Bisignani"
><[email protected]>, <[email protected]> , <[email protected]> ,
><[email protected]>
>Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
>Date: Thu, 14 Sep 2000 08:17:18 +1200
>
>Hi,
>
>For all those following this thread, we solved the problem offline. The
>solution is in the $FWDIR/conf/dnsinfo.C file. It comes down to uppper and
>lower case of letters and the correct placing of spaces.
>--snip--
>(
>	:LMdata (
>		: (
>			:ipaddr (10.0.0.1)
>			:name (MERLIN)
>			:domain (ROUNDTABLE)
>		)
>		: (
>			:ipaddr (10.0.0.1)
>			:name (MERLIN)
>		)
>	)
>)
>--snip--
>I suggest you cut and past from the above and replace the IP addresses and
>host names as appropriate.
>What are the differences? Well firstly there's correct spacing, secondly
>theres a second LMdata section without the domain specified and LASTLY....I
>changed LMData to LMdata (lower case d).
>
>Note that this will insert an entry with a "\0x1b" in the LMHosts entry.
>This is a Microsoft thing. It should be there!
>
>Yours Kindly
>Gregor Munro
>-----Original Message-----
>From: [email protected]
>[mailto:[email protected]]On Behalf Of
>Gregor Munro
>Sent: 12 September 2000 7:52 a.m.
>To: Bob Bisignani; [email protected]; [email protected];
>[email protected]
>Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
>
>
>
>Bob,
>
>I have it going at 7 sites now on WinNT, Win98 and Win95 platforms.
>
>There are a couple of gotcha's in this whole thing
>1) check yout LMHOSTS file and make sure that the PDC data is correctly
>being inserted.
>Be *VERY* careful with the placing of spaces as if they are incorrect, it
>will stop it all from working!!!
>The online documentation says to cut and paste but its a little difficult
>from a PDF document!
>
>Correct format and spacings in the dnsinfo.c file:
>(
>	:LMData (
>			: (
>				:ipaddr (<your PDC's IP Address>)
>				:name (<your PDC's Name>)
>				:domain (<your NT Domain name>)
>			)
>		)
>)
>
>For Example
>(
>	:LMData (
>			: (
>				:ipaddr (10.0.0.1)
>				:name (PDC1)
>				:domain (SITDOM)
>			)
>		)
>)
>
>Note that if you are using split dns you would have another section in this
>file...
>
>2) If you are using NetBIOS over NAT, then you'll need to include the
>following line in your objects.C file on the FireWall Management server.
>:netbios_nat (true)
>
>3) Make sure that the dnsinfo.C file is named dnsinfo.C - ie the case on
>the
>name counts (and not dnsinfo.c or DNSINFO.C). Also be wary of some text
>editors as they sometimes insert non-text characters which once again will
>stop things from working.
>
>Whenever you make changes to the .C files, its good practice to stop the
>management server (and any GUI clients) make the changes and then restart
>the management server again. Then deploy the rulebase to the firewall
>modules.
>
>Go to SecureClient and update the site. Then Check the contents of your
>winnt\system32\drivers\etc\drivers\LMHOST's file and make sure that its
>been
>updated.
>
>
>Yours Kindly
>Greg Munro
>
>-----Original Message-----
>From: [email protected]
>[mailto:[email protected]]On Behalf Of Bob
>Bisignani
>Sent: 12 September 2000 12:23 a.m.
>To: [email protected]; [email protected];
>[email protected]
>Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
>
>
>
>Gentlemen,
>            Have you gotten Secure Domain Logon (SDL) to work? I tried this
>using an NT and Windows 2000 Client and I was unable to get it to work. The
>PDC never answered. The log shows the request got thru but there was never
>any return answer. NT Event viewer on the PDC does not show anything
>either.
>Thanks
>
>Bob
>
>
> >From: Dan Hitchcock <[email protected]>
> >To: "'Patrick Baird'" <[email protected]>,
> >"'[email protected]'"
> ><[email protected]>
> >Subject: RE: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
> >Date: Fri, 8 Sep 2000 16:18:42 -0700
> >
> >I think this is what you're after:
> >
> >http://support.checkpoint.com/kb/docs/public/os/winnt/pdf/SDL-Prep.pdf
> >
> >Don't be thrown by the "NT" in the URL - the info you want is in there.
> >
> >Dan Hitchcock
> >CCNA, MCSE
> >Network Engineer
> >Xylo, Inc. (formerly employeesavings.com)
> >> >The work/life solution for corporate thought leaders
> >
> >
> >-----Original Message-----
> >From: Patrick Baird [mailto:[email protected]]
> >Sent: Friday, September 08, 2000 3:30 PM
> >To: '[email protected]'
> >Subject: [FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry
> >
> >
> >
> >My previous post:  [FW1] Split Horizon DNS w/ Split DNS for VPN has been
> >resolved, it is a simple matter of getting the NAT rules correct.  my
>fault
> >for posting.
> >
> >Anyway,
> >I am reading the SDL document for win98, authored on May 22, 2000 and I
>see
> >the following:
> >
> >"To solve the issue of browsing with a win98 client, we will manually add
> >an
> >LMHOSTS entry to the clients:
> >
> >##.##.##.##	"PDC-KIRK     \0X1B"	#pre
> >
> >Note: SP2 for CP2000 will allow central management of this entry through
> >the
> >use of dnsinfo.C, and this document will be updated accordingly when it
> >becomes available.  BLAH,BLAH...BLAH,BLAH"
> >
> >Well, i viewed this document today, have SP2 running, so I don't think it
> >was updated.  Anyway, does anyone know how to modify the dnsinfo.C file
>to
> >include the additional required LMHOSTS entry for win98 clients, instead
>of
> >having to manually add the 0x1b entry to each clients lmhosts file?
> >
> >thanks
> >
> >PDB
> >
> >
> >
>
>===========================================================================
>=
> >====
> >      To unsubscribe from this mailing list, please see the instructions
>at
> >                http://www.checkpoint.com/services/mailing.html
>
>===========================================================================
>=
> >====
> >
> ><< HowtoconfigureSecureDomainLogon-PreparingYourNetwork.url >>
>
>_________________________________________________________________________
>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>Share information about yourself, create your own public profile at
>http://profiles.msn.com.
>
>
>
>===========================================================================
=
>====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>===========================================================================
=
>====
>
>
>
>===========================================================================
=
>====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>===========================================================================
=
>====
>

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.