I
understand that win2k domains will run using non-M$ DNS servers tweaked to
include the special AD info, but external users will still need to use those AD
aware DNS servers to do lookups to find AD resources. Pointing remote users exclusively to a DNS server local to them,
which are not AD aware, won’t work very well. Split DNS seems to be the most comprehensive solution.
Using an
M$ DNS server seems to me to be the path of least resistance, although I agree it
certainly could be a more stable product, and in larger networks the effort
necessary to configure and maintain a ‘real’ DNS server may be worth it. We run Meta-IP for external DNS and M$
internally – both products have their good and bad points. I haven’t made an attempt to make
Meta-IP run the AD info.
As I brace
for another round of ‘out-of-office’ responses…..
Chris
Happel
CISSP CCSE CCNP CCDA MCSE
Senior Network Engineer
Bay Dweller, Inc
-----Original
Message-----
From: [email protected]
[mailto:[email protected]]
Sent: Wednesday, August 01, 2001
9:03 AM
To: Rocky Stefano
Cc: Chris Happel; 'Frank Breedijk';
[email protected]; [email protected];
[email protected]
Subject: RE: [FW1] SecuRemote and
browsing network file shares.
Maybe there are advantages whilst
switching over to use M$ DNS as this give 'nice' feature of WINS integration
-although maybe 3rd party products like MetaIP can do this also ?
Tim
Actually you do not need to use M$'s version of
DNS in order for AD to work properly. I have used BIND running a nix box
perfectly. The only extras you get with MS is secure DNS exchanges etc etc but
it works fine with BIND.
Rocky Stefano
Echelon Systems Inc.
[email protected]
www.echelonsystems.com
B
F
Systems that work...
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This email may contain confidential and/or privileged information for the sole
use of the intended recipient. Any review or distribution by others is
strictly prohibited. If you have received this email in error, please contact
the sender and delete all copies. Opinions, conclusions or other information
expressed or contained in this email are not given or endorsed by the sender
unless otherwise affirmed independently by the sender.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
Chris Happel
Sent: July 31, 2001 2:41 PM
To: 'Frank Breedijk'; [email protected];
[email protected]
Subject: RE: [FW1] SecuRemote and browsing network file shares.
Frank,
Win2k domain members expect to see special information in their DNS servers
(automatically populated into win2k AD based DNS installations). This
information is used to identify Active Directory resources. I would
recommend you check that the remote users are utilizing an internal Active
Directory-aware DNS server, or confirm a correct implementation of split DNS
on the firewall / secure client.
Best of luck.
Chris Happel
CISSP CCSE CCNP CCDA MCSE
Senior Network Engineer
Bay Dweller, Inc
-----Original Message-----
From: Frank Breedijk [mailto:[email protected]]
Sent: Tuesday, July 31, 2001 8:14 AM
To: [email protected];
[email protected]
Subject: [FW1] SecuRemote and browsing network file
shares.
>From my engineers I got the following email.
> -----Original Message-----
> From: Diego Bormann
> Sent: Tuesday, 31 July, 2001 15:08
> To: Frank Breedijk
> Subject: SecuRemote and browsing network file shares.
>
> Frank,
>
> We've the following situation with SecuRemote and browsing our network
> file shares.
>
> We've installed SecuRemote on our users laptops (win2k) to enable
> access to our network (win2k mixed mode) when the users are offsite.
> If the users is offsite and want to connect to our network, they
> follow the following procedure:
>
> 1. They logon to the laptop using their normal Network username and
> password. (they receive a message that the domain controller could not
> be found).
> 2. They setup a connection to Internet using the Infonet DialXpressway
> dailer (we are not able to change any of the dailing network
> properties).
> 3. They authenticate with SecuRemote to our Radius server.
> 4. Users are now able to synchronise their mail, and browse
our
> Intranet.
> 5. When they try to connect to 1 of our network file shares they get
> the following message:
> "There are currently no logon servers available to service the logon
> request"
> This also happens when using IP adresses and UNC network names.
>
>
> Greetings,
>
> Diëgo Bormann
> IT Engineer
>
> T +31 (0)20 8878 109
> F +31 (0)20 8878 122
> E mailto:[email protected]
> http://www.interxion.com
>
> Interxion Headquarters
> Gyroscoopweg 144
> 1042 AZ Amsterdam
>
> where the internet lives.
>
>
============================================================================
====
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================