-   Linux - Networking (
-   -   Move w2k Member of Samba Domain to DMZ (

ollitronix 07-15-2004 03:41 AM

Move w2k Member of Samba Domain to DMZ
First Posting - hello all :)

I set up an w2k Server as a member of my Samba domain. All was fine.
Now i had to move this server into a DMZ with another ip adress range
The Firewall ist allowing needed ports.
If i do an \\<servername-pdc>\share i get my share

But if i want to browse the network the pdc isnīt found, because the w2k Server just browses itīs own network, but doesnīt find the pdc behind the firewall.

any ideas how to browse a Linux PDC behind a firewall?
can i hardcode the ip adress of the pdc on my w2k box instead of browsing for it?

thanks a lot

Solved myself:
had to properly set up lmhost resolving auf netbios names on the w2k box

peter_robb 07-18-2004 03:09 PM

From a traffic and security point of view,
putting a PDC inside a DMZ isn't good practice..

Like you have done, there is now a broadcast path out of the DMZ into your workstation network, effectively making the DMZ just another network segment, and passing what was local traffic through the firewall..

Are you sure you want it in there?
If it was ever compromised, it is as good now as in the workstation network segment..

ollitronix 07-19-2004 02:16 AM

Itīs not the PDC standing in the DMZ, but the win2k server, which has to authenticate users against the Samba domain.
Unfortunately there is no other way to implement the feauters we need.

All times are GMT -5. The time now is 11:06 PM.