RE: [m0n0wall] IPsec VPN and M$ Windows Domain

From:	Brian Neufeld <bneufeld at cset dot org>
To:	'Willem van Dam' <willemv at setnorbyer dot com>, m0n0wall at lists dot m0n0 dot ch
Subject:	RE: [m0n0wall] IPsec VPN and M$ Windows Domain
Date:	Fri, 10 Mar 2006 10:27:12 -0800

> -----Original Message-----
> From: Willem van Dam [mailto:willemv at setnorbyer dot com] 
> Sent: Friday, March 10, 2006 7:39 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] IPsec VPN and M$ Windows Domain
> 
> 
> Hi List,
> 
> I have 2 locations (main and remote) connected to each other 
> via IPsec VPN via 2 m0n0walls. At the main location I have a 
> Windows 2003 domain server. How can I make it possible for 
> the computers at the remote location to logon to the domain? 
> I edited the host file on the remote computer and I can map 
> network drives and printers but I would like to logon to the 
> domain if possible.
> 
> Thanks,
> 
> Willem van Dam
> 

It is indeed a name resolution issue.  This is one of those times when
the "lmhosts" file comes into play and can really work magic.  It is in
the same folder as your hosts file (the sample one is named
lmhosts.sam).

Create a "lmhosts" text file with 2 lines like this:
pdc-ip-addr    pdc-server-name    #PRE    #DOM:domain-name
pdc-ip-addr    "domain-name     \0x1b"    #PRE

It is critical that the second line be exactly 20 characters between the
quotes - pad you domain name with spaces if needed.  Replace
"pdc-ip-addr", "pdc-server-name" and "domain-name" with your info and
save that file as "lmhosts" and you will be able to do all the domain
stuff (join, logon, etc.) over the VPN.  You will need to copy that file
to all the workstations on the remote side of the VPN.

See: http://support.microsoft.com/?kbid=150800

~Brian