[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] SecureRemote and WINS
Title: RE: [FW1] SecureRemote and WINS
I read somewhere that someone had dns_label_count at 4 and it did not work. They upped it to 12 and it worked. I don't know what the value does, but 12 is working for me... at least for DNS. I just came across another document that has both DNS and LMdata entries in the dnsinfo.C file here:
http://support.checkpoint.com/kb/docs/public/os/winnt/pdf/SDL-Prep.pdf
It looks like this (I have not tried this yet):
--------------------SNIP--------------------
(
:dns_servers (
: (spock
:obj (
: (10.10.1.100)
)
:topology (
: (
:ipaddr (10.10.1.0)
:ipmask (255.255.255.0)
)
)
:domain (
: (
:dns_label_count (10)
:domain (.trek.com)
)
)
)
)
:encrypt_dns (true)
:LMdata (
: (
:ipaddr (10.10.1.10)
:name (PDC-KIRK)
:domain (DOM-NCC1701)
)
: (
:ipaddr (10.10.1.20)
:name (BDC-SPOCK)
:domain (DOM-NCC1701)
)
)
)
--------------------------------SNIP-------------------------
-----Original Message-----
From: Ravi Kohli [mailto:[email protected]]
Sent: Friday, December 08, 2000 10:09 AM
To: Scott Hunter
Subject: RE: [FW1] SecureRemote and WINS
dns_label_count (12)
You sure its 12?
Ravi
-----Original Message-----
From: [email protected] [mailto:[email protected]]On Behalf Of Scott Hunter
Sent: Friday, December 08, 2000 6:04 AM
To: '[email protected]'
Cc: 'CryptoTech'
Subject: Re: [FW1] SecureRemote and WINS
Since that post, I found the split DNS document and implemented that and DNS resolution is working. I am not crazy about the idea that I have to manually distribute a userc.C to all my SecureRemote clients, btw. I also stumbled upon some info on how to push LMdata info and I tried it but it is not working. I may have some syntax problems in my dninfo.C. Here is what it looks like now:
----------------SNIP----------------------
(
:dns_servers (
: (kirk.scotty
:obj (
: (10.0.10.11)
)
:topology (
: (
:ipaddr (10.0.10.0)
:ipmask (255.255.255.0)
)
)
:domain (
: (
:dns_label_count (12)
:domain (.trek.com)
)
)
)
)
:encrypt_dns (true)
)
(
:LMdata (
: (
:ipaddr (10.0.10.11)
:name (KIRK)
:domain (TREK)
)
: (
:ipaddr (10.0.10.193)
:name (SPOCK)
)
)
)
----------------SNIP----------------------
Where kirk is my PDC,DNS and WINS server, scotty is my FW1 and spock is a BDC. Trek is the NT domain and trek.com is Internet domain name. These names have been changed to protect the innocent.
Thanks for responding!
-----Original Message-----
From: CryptoTech [mailto:[email protected]]
Sent: Thursday, December 07, 2000 7:10 PM
To: Scott Hunter
Cc: '[email protected]'
Subject: Re: [FW1] SecureRemote and WINS
Scott,
In my setup, after I pushed DNS config and WINS resolver info to the client, he was able to browse based on the contents of the wins server. Are you saying that this is not working for you?
CryptoTech
Scott Hunter wrote:
I have scoured this mailing list archive but I still can't find any info on how to resolve internal Windows machine names when using SecureRemote. I wish I could just add an WINS server entry that would get sent out as part of userc.c so that the remote machine would attempt a lookup on an internal WINS server. I tried manually entering the WINS server in the IP settings for the dialup connection, but then it doesn't get DNS server entries and nothing resolves. I know you can populate the LMHOSTS file with PDC and BDC info, but does anyone know if you can populate it with master browser or WINS entries? Even with PPTP you get a DHCP address with all of the internal networking info and everything resolves. Any thoughts? Am I going to have to have my ISP add all the IP address for all the servers? That's bad for two reasons. One, many people want to access machines that get their addresses via DHCP and two, it doesn't scale. There must be an automated way of doing this. Something you can roll out with the SecureRemote client. If I could send everyone an LMHOSTS file that would point everyone to the WINS server that would be good enough, but I don't want to roll out an LMHOSTS file every day.
