RE: unable to join domain from dmz
From: Erich D. Heintz (lists_at_heintz.us)
Date: 08/25/04
- Previous message: Ferino Mardo: "How to do rDNS. WAS: RE: educating rDNS violators"
- In reply to: Steven A. Fletcher: "RE: unable to join domain from dmz"
- Next in thread: Andrew Shore: "RE: unable to join domain from dmz"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Steven A. Fletcher'" <sfletcher@integrityts.com>, "'Dan Tesch'" <dan.tesch@comcast.net>, "'Security Basics'" <security-basics@lists.securityfocus.com> Date: Wed, 25 Aug 2004 14:38:54 -0400
I think the point of using an LMHOSTS file in this case over WINS is that
the system at issue is in a DMZ.
There's been nothing stated as to whether or not WINS exists in the LAN
segment and it's really not relevant unless you plan to open conduits to
allow WINS to work between the DMZ and the LAN.
An LMHOSTS entry is the best option here, IMHO, since it provides the
minimum amount of information needed by the DMZ system to be functional.
Putting a WINS server in the DMZ or allowing WINS traffic to traverse
between the LAN and the DMZ simply makes more information about the LAN
available to the DMZ than is needed.
-----Original Message-----
From: Steven A. Fletcher [mailto:sfletcher@integrityts.com]
Sent: Tuesday, August 24, 2004 11:40 PM
To: Dan Tesch; Security Basics
Subject: RE: unable to join domain from dmz
But, for a Windows NT 4 domain to function best, a WINS server should
already be set up. Otherwise, you have the potential to end up with a
ridiculous amount of broadcast traffic.
I don't know where people got the idea that WINS is hard to setup or
maintain. I find it extremely easy. I would be more than happy to help
anyone who needs help in that area.
Steve Fletcher
Senior Network Engineer
MCSE (NT4 and Win2k), HP Master ASE, CCNA, Security+ Integrity Technology
Solutions
Phone: (309)664-8129
Toll Free: (888) 764-8100 ext. 129
Fax: (309) 662-6421
sfletcher@integrityts.com
-----Original Message-----
From: Dan Tesch [mailto:dan.tesch@comcast.net]
Sent: Tuesday, August 24, 2004 3:50 PM
To: Security Basics
Subject: Re: unable to join domain from dmz
You can do this by adding an entry in LMHOSTS also, you can google for
instructions - simpler than setting up WINS.
> You need to setup a WINS server. Otherwise you cannot cross subnets.
>
> On Mon, 23 Aug 2004 12:12:52 +0300, Bilal Dar <bdar@pbad.sbg.com.sa>
wrote:
> > I am having a problem, i couldn't figure out the reason till now. We
are
> > having our NT 4 Primary Domain Controller on the inside network, now
i
am
> > installing another server in the DMZ as a Backup Domain Controller.
When
i
> > try to join the domain during installation i get an error stating
"The
> > domain controller for the domain cannot be located"
> >
> > Dmz = 172.17.0.0/16
> > Inside = 172.16.0.0/16
> >
> > PDC = 172.16.4.2
> > NewServer = 172.17.0.10/16
> >
> > conduit permit icmp any any
> > conduit permit ip host 172.17.0.10 172.16.0.0 255.255.0.0 conduit
> > permit ip host 172.17.0.10 172.17.0.0 255.255.0.0 conduit permit tcp
> > host 172.17.0.10 eq smtp any conduit permit tcp host 172.17.0.10 eq
> > pop3 any conduit permit tcp host 172.17.0.10 eq domain any conduit
> > permit udp host 172.17.0.10 eq domain any conduit permit ip host
> > 172.17.4.2 host 172.17.0.10
> >
> > I can ping NewServer from Inside network. Am i missing something?
> >
> > Thanks
> >
> >
>
>
> --
> END OF LINE
> -MCP
------------------------------------------------------------------------
--- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
- Previous message: Ferino Mardo: "How to do rDNS. WAS: RE: educating rDNS violators"
- In reply to: Steven A. Fletcher: "RE: unable to join domain from dmz"
- Next in thread: Andrew Shore: "RE: unable to join domain from dmz"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
