Move w2k Member of Samba Domain to DMZ
First Posting - hello all :)
I set up an w2k Server as a member of my Samba domain. All was fine. Now i had to move this server into a DMZ with another ip adress range The Firewall ist allowing needed ports. If i do an \\<servername-pdc>\share i get my share But if i want to browse the network the pdc isnīt found, because the w2k Server just browses itīs own network, but doesnīt find the pdc behind the firewall. any ideas how to browse a Linux PDC behind a firewall? can i hardcode the ip adress of the pdc on my w2k box instead of browsing for it? thanks a lot ollitronix Solved myself: had to properly set up lmhost resolving auf netbios names on the w2k box |
From a traffic and security point of view,
putting a PDC inside a DMZ isn't good practice.. Like you have done, there is now a broadcast path out of the DMZ into your workstation network, effectively making the DMZ just another network segment, and passing what was local traffic through the firewall.. Are you sure you want it in there? If it was ever compromised, it is as good now as in the workstation network segment.. |
Itīs not the PDC standing in the DMZ, but the win2k server, which has to authenticate users against the Samba domain.
Unfortunately there is no other way to implement the feauters we need. |
All times are GMT -5. The time now is 12:29 AM. |