> -----Original Message-----
> From: Willem van Dam [mailto:willemv at setnorbyer dot com]
> Sent: Friday, March 10, 2006 2:22 PM
> To: 'James W. McKeand'; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] IPsec VPN and M$ Windows Domain
> > Willem van Dam wrote:
> > Does the remote site have a server? If not consider setting
> up a DC in
> > the remote location. This will allow only changes to be
> synced between
> > the sites. The new DC can be in the same "SITE" as fare as
> the Active
> > Directory is concerned.
> > I assume that the remote site is a workgroup. You can add the
> > computers into the domain and have the users use domain logins. But
> > the login process will be slow due to the network
> bottleneck of going
> > across the VPN. This is why a DC in the remote location would help
> > things.
> > _________________________________
> > James W. McKeand
> I will probably have to setup a DC if the login process is
> really that slow but initially I would like to keep it simple
> because for now there will be only 1 person at our remote location.
> > This sounds like a simple DNS problem. Make sure the primary DNS
> > server is the one used in your windows environment.
> The prim. DNS is indeed the DNS server at our main location.
> I have done some more investigation in the mean time and the
> DNS requests don't seem to go over the VPN.
> Do I have to create a sever rule for this?
> Or am I doing something else wrong?
Is the DNS server in the main office in a different subnet than the one
the IPSEC tunnel is set for? This is the only thing I can think of, if
you are not specifically blocking something. I had a similar setup as
yours and DNS requests went across the tunnel just fine.
> > It is indeed a name resolution issue. This is one of those
> times when
> > the "lmhosts" file comes into play and can really work
> magic. It is
> > in the same folder as your hosts file (the sample one is named
> > lmhosts.sam).
> > Create a "lmhosts" text file with 2 lines like this:
> > pdc-ip-addr pdc-server-name #PRE #DOM:domain-name
> > pdc-ip-addr "domain-name \0x1b" #PRE
> > It is critical that the second line be exactly 20
> characters between
> > the quotes - pad you domain name with spaces if needed. Replace
> > "pdc-ip-addr", "pdc-server-name" and "domain-name" with
> your info and
> > save that file as "lmhosts"
> > and you will be able to do all the domain stuff (join, logon,
> > etc.) over the VPN. You will need to copy that file to all the
> > workstations on the remote side of the VPN.
> > See: http://support.microsoft.com/?kbid=150800
> > ~Brian
> My domain name is 16 characters (DomainName.local) So I have
> a total of 21.....
> Thanks all for your replies
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch