[ previous ] [ next ] [ threads ]
 
 From:  "Willem van Dam" <willemv at setnorbyer dot com>
 To:  "'James W. McKeand'" <james at mckeand dot biz>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPsec VPN and M$ Windows Domain
 Date:  Fri, 10 Mar 2006 14:21:51 -0500
> Willem van Dam wrote:
---8<---8<---8<---
> 
> Does the remote site have a server? If not consider setting 
> up a DC in the remote location. This will allow only changes 
> to be synced between the sites. The new DC can be in the same 
> "SITE" as fare as the Active Directory is concerned.
> 
> I assume that the remote site is a workgroup. You can add the 
> computers into the domain and have the users use domain 
> logins. But the login process will be slow due to the network 
> bottleneck of going across the VPN. This is why a DC in the 
> remote location would help things.
> 
> _________________________________
> James W. McKeand
> 
James,

I will probably have to setup a DC if the login process is really that slow
but initially I would like to keep it simple because for now there will be
only 1 person at our remote location.

> This sounds like a simple DNS problem.  Make sure the primary 
> DNS server is the one used in your windows environment.
>
Danny,

The prim. DNS is indeed the DNS server at our main location. I have done
some more investigation in the mean time and the DNS requests don't seem to
go over the VPN.
Do I have to create a sever rule for this?
Or am I doing something else wrong?

> It is indeed a name resolution issue.  This is one of those 
> times when the "lmhosts" file comes into play and can really 
> work magic.  It is in the same folder as your hosts file (the 
> sample one is named lmhosts.sam).
> 
> Create a "lmhosts" text file with 2 lines like this:
> pdc-ip-addr    pdc-server-name    #PRE    #DOM:domain-name
> pdc-ip-addr    "domain-name     \0x1b"    #PRE
> 
> It is critical that the second line be exactly 20 characters 
> between the quotes - pad you domain name with spaces if 
> needed.  Replace "pdc-ip-addr", "pdc-server-name" and 
> "domain-name" with your info and save that file as "lmhosts" 
> and you will be able to do all the domain stuff (join, logon, 
> etc.) over the VPN.  You will need to copy that file to all 
> the workstations on the remote side of the VPN.
> 
> See: http://support.microsoft.com/?kbid=150800
> 
> ~Brian
> 
Brian,

My domain name is 16 characters (DomainName.local) So I have a total of
21.....

Thanks all for your replies