Re: (ASCEND) NT Domain Authentication

To: ascend-users@max.bungi.com
Subject: Re: (ASCEND) NT Domain Authentication
From: "Dr. Wolfgang Beneicke" <beneicke@mpimf-heidelberg.mpg.de>
Date: Fri, 08 Jan 1999 23:04:30 +0100
References: <199901080645.WAA16181@max.bungi.com>
Sender: owner-ascend-users@max.bungi.com

taylor@atlanta.sgi.com (Charlie Taylor) wrote:
> ...
> We have separate subnets for our main office net and our
> dial-up net and I would like for users to be able to 
> authenticate, in the NT sense, via dialup.  I assume
> that NT does some kind of broadcast to find a domain
> controller so traditionally, I guess there are two
> ways to handle this.
> ...

I am in exactly the same situation, and yes it works.

Steps to take:
1. Make the workstation a domain member (via Control
Panel/Network/Identification). 
If you succeed here you won't have any trouble later.

Usually it will not work out of the box. Assuming that 
2. the machine has TCP/IP loaded 

it will have to know the IP address of the domain controller (PDC) to
find it and to register itself there. 

IP addresses and WinNT names are connected via 
- a WINS database (which is overkill for a remote client) or
- the LMHOSTS file

3. LMHOSTS layout
I use the static LMHOSTS for simplicity. It is assumed in
%systemroot%/system32/drivers/etc. Use the template LMHOSTS.SAM as an
example but DO delete all comments - all lines are scanned sequentially
for each lookup.
The crucial line needed looks like

149.247.48.195	panama	#PRE #DOM:ISLAND

This identifies the server \\panama as the PDC of domain ISLAND.

4. Now you can join the domain, the Pipeline will route the request to
the main network, and NT will display the "Welcome to the ISLAND domain"
banner. 
5. After reboot the logon applet will let you choose between local and
domain logon.

(For a long time I thought it would need both TCP/IP and NetBEUI
protocols - until I deleted the latter).

Caveat:
Filter everything you don't absolutely need (on the Pipeline). NT makes
browser keepalives every 10 or 12 minutes. There is a fix for this in
the MS Knowledgebase ("excessive traffic"). And many many posts on this
list about NT filters for the name services.

Keep us informed please.

Best regards,

   Wolfgang

_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
                         B  E  N  E  I  C  K  E
                               EDV-Beratung
________________________________________________________________________
        Netzwerk-Design - 3Com Solution Partner
           ISDN Remote Access - ASCEND Vertrieb
              Workstation Memories und Storage Solutions
                 Windows NT-Netzwerke
                    ApplePoint

Dr. Wolfgang Beneicke                              fon +49-6223-97 07 20
Fasanenstrasse 16, D-69251 Gaiberg (Heidelberg)    fax +49-6223-97 07 21
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) (rant) brain damage?
Next by Date: Re: (ASCEND) CLID data in ERROR
Prev by thread: (ASCEND) NT Domain Authentication
Next by thread: (ASCEND) Lotus Notes and Pipeline 50
Index(es):
- Date
- Thread