~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Regardless, that decision has already been made and I don't have any input into it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I think you should make an attempt to point out the precarious location of this server, since security appears to be a concern. You'll have more holes open in the firewall to address this box where it is, than you'd have to have if the box were inside. If you want domain logon capabilities, then you need to allow SMB traffic (TCP 445), DNS and Kerberos, among others -- and I would deem that highly inadvisable. -ASB FAST, CHEAP, SECURE: Pick Any TWO http://www.ultratech-llc.com/KB/ On 9/7/05, Jason B <[EMAIL PROTECTED]> wrote: > Because this will be a sharepoint server for clients. Regardless, that > decision has already been made and I don't have any input into it. > Any info on the ports I'd need open? > > ----- Original Message ----- > From: "ASB" <[EMAIL PROTECTED]> > To: <ActiveDir@mail.activedir.org> > Sent: Wednesday, September 07, 2005 8:45 AM > Subject: Re: [ActiveDir] Which ports to open in the DMZ to communicate with > AD & SQL... > > > Why did you decide to put it in the DMZ? > > -ASB > > On 9/7/05, Jason B <[EMAIL PROTECTED]> wrote: > > We are putting a MS sharepoint server in the DMZ and need to have it on > > the > > domain and communicating with a SQL server on the domain. Because of > > these > > needs, we only want to open the minimum number of ports to get > > functionality. We have LDAP (389) opened and SQL (1433) opened. What > > other > > ports will we need to open to be able to log in on the sharepoint server > > with a domain account? Currently, with only these two ports opened, a > > domain account can't log on to the sharepoint server in the DMZ. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
