Bill...
It took me a while to find this in my archives but
this is a pretty authoritative response to your
NT, Samba issue. Though some of these configs
may seem odd or downright WRONG.. I had a lengthy
email thread with Jeff and he seems to know
exactly whats going on in the NT and Linux realms.
He also agreed that these config seems messed up.
BUT he assured me that it was the only way he could
get everything to work reliably.
--
Date: Tue, 26 May 1998 15:26:27 -0400
X-Sender: [EMAIL PROTECTED]
X-Mailer: Windows Eudora Version 2.1.1
To: "David A. Ranch" <[EMAIL PROTECTED]>
From: Jeff Adams <[EMAIL PROTECTED]>
Subject: Re: [masq] Logging on to Corporate NT Domain from OTHER
(masqueraded side)
David;
Sorry for the delay, I've been burried.
The mandadory pieces on the MS side -
1) A PDC or BDC direct attached with both the registered and masq'd networks
assigned to it's interface(s).
2) Forwarding must be enabled on the multi-homed machine. You do not and should
not turn on rip routing.
3) You must have a wins server.
4) For the PDC and BDC's it is a good idea to make both the primary and
secondary wins setup screen point to the same place.
5) If one of the masq'd networks is a router hop away from the wins server
(one of ours was) you must make 100% sure either an NT box or a samba box
id the local browse master. If an 95 or WFW box becomes browse master then
wins will stop working properly. I used samba on the masq server.
(found this tidbit in the origional MS TCP/IP release docs)
On the masq box -
1) You must use ipfwadm to pass the masq'd network directly to the local net
without masquerading it. These fules must be first in your rule list.
Then masquerade everything else.
I'm toying with making a mini howto on this puppy. What do you think?
Jeff
At 12:36 PM 5/12/98 -0700, you wrote:
>
>[This is a little off topic for the list but traffic has been low
>and the whole NT discussion would be good for the MASQ archive
>users]
>
>
>>But, trust me, after over 100 hours of making this pig work, the
>>way we did it was the only way to get reliable results.
>
>Really?! So you are telling me that regardless of WINS, you need
>to enable either a NT or Win95 server on that RAS's subnet to STILL
>be the Subnet Master Browser? What else was "mandatory"? Not the
>NT "IP forwarding"... correct?
>
>
>>Also, supposedly, if you use the LMHOSTS file you don't need either wins
>>or the browser to hit a domain controller. But it just dosen't work (right)
>>that way.
>
>Yeah.. I've also noticed the LMHOSTS file doesn't work too well.
>NT sucks. Heh..
>
>
>>Microsoft finally admitted that with TCP/IP as the only protocol you gotta
>>have wins running along with the normal browser or it doesn't reliably
behave.
>
>Do you have a URL on this? I would love to read it.
>
>
>>Also, you can not use dns instead of wins, it must be wins. For once they
were
>>right and the answer was useful.
>
>Yeah.. I new about this one.
>
>
>>And they wonder why I don't like Microsoft. :)
>
>Hehe.. you should see all the corporations that I've worked for that
>are throwing out all their old Novell in favor for NT because its
>"better". After they have their ENTIRE SAM database die a few times
>and realize how poorly the PDC/BDC architecture system works.. they
>get really embarrassed very quick. I know that one company that is
>VERY happy about NT's shortcomings is Compaq. You can't IMAGINE
>how many big Proliants I see as BDCs.. PDCs..etc.
>
>--David
>
.----------------------------------------------------------------------------.
> | David A. Ranch - Remote Access/Linux/PCs [EMAIL PROTECTED]
|
> !----
----!
> `----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
-----'
>
Jeff Adams
[EMAIL PROTECTED]
.----------------------------------------------------------------------------.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
