[Likewise-open-discuss] Firewall. Liekwise client outside network.
White, Steve
White.S at insightcom.com
Wed Aug 6 13:45:40 PDT 2008
I have domain.domain, adserver1.domain.domain, adserver2.domain.comain
in the hosts file pointing to the "external" address.
I was doing a tcpdump and found that as likewise was looking up
domain.domain via dns it was (of course) returning the internal IP's of
the server names. So I have added some entries into the hosts file to
help out. Howerver I'm not sure I have enough of them in hosts or not.
Etc.
I have changed the below error message, machine names, IPs etc to hide
the innocent, or guilty.
TESTlinux:~# /usr/centeris/bin/domainjoin-cli join --notimesync
domain.domain user-with-admin-prev
Joining to AD Domain: domain.domain
With Computer DNS Name: TESTlinux.domain.domain
the-admin-user at domain.domain's password:
I have [2008/08/06 16:30:11, 0]
utils/net_ads.c:ads_startup_int(493)
ads_connect: No logon servers
Error: Unable to join domain [code 0x0008000e]
Domain join operation failed to create the computer account in
Active Directory. Common causes are a bad administrator password, a bad
OU name, or an existing computer account without modification
permissions.
Thanks again.
Steve
-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Sent: Wednesday, August 06, 2008 2:59 PM
To: White, Steve
Cc: likewise-open-discuss at lists.likewisesoftware.com
Subject: Re: [Likewise-open-discuss] Firewall. Liekwise client outside
network.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
White, Steve wrote:
> I have been using likewise for only a short time and don't have
> a lot of experience with it, however I have a situation that
> I'm hoping others can help out with.
>
> Here is the over view of what we have right now.I'm simplifying
> some things here.
>
> Servers "Inside"
> ADserver1 - 10.0.0.2
> ADserver2 - 10.0.0.3
>
> Servers "Outside"
> ADserver1 - 192.168.0.2 - firewall rule that points to internal IP of
> 10.0.0.2
> ADserver2 - 192.168.0.3 - firewall rule that points to internal IP of
> 10.0.0.3
> TESTLinux - 192.168.0.4 (this is the computer that I want to add to
the
> domain and use likewise)
>
> Entries in the firewall for these servers allowing these ports back to
> the AD servers.
>
> 53 UDP/TCP DNS
> 88 UDP/TCP Kerberos 5
> 123 UDP NTP
> 137 UDP NetBIOS Name Service
> 139 TCP NetBIOS Session (SMB)
> 389 UDP/TCP LDAP
> 445 TCP SMB over TCP
> 464 UDP/TCP Machine password changes (typically after 30 days)
> 3268 TCP Global Catalog search
>
> The TESTLinux box (right now) is using the DNS servers running on
> ADserver1 with a few host file entries to get the host/ip mapping
correct.
>
> I can go into great detail about my set up. However I don't have this
> working and was wondering if anyone else had set something like this
up...
>
> Thanks in advance.
Steve,
If I understand you correctly, you are limited an external
server to talk to a specific DC. If so, I expect you will be
seeing timeouts as we rely on the DNS SRV records to select
which DC to talk to.
What error messages are you seeing?
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFImfRxIR7qMdg1EfYRAoPXAKDJlxtKfPI5eFvbHRZze5dJPP2LvwCfRqky
mv6jfHSzYyCbSufvwyB3zsg=
=3+TG
-----END PGP SIGNATURE-----
More information about the Likewise-open-discuss
mailing list