[Likewise-open-discuss] Firewall. Liekwise client outside network.
Gerald (Jerry) Carter
jerry at samba.org
Mon Aug 11 08:50:08 PDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
White, Steve wrote:
> I have domain.domain, adserver1.domain.domain, adserver2.domain.comain
> in the hosts file pointing to the "external" address.
>
> I was doing a tcpdump and found that as likewise was looking up
> domain.domain via dns it was (of course) returning the internal IP's of
> the server names. So I have added some entries into the hosts file to
> help out. Howerver I'm not sure I have enough of them in hosts or not.
Likewise (winbind) is doing SRV DNS queries which don't go via
the NSS gethostbyname() calls. Is DNS only returning internal
addresses? or both internal and external? You should be able to
assign an AD site for the external network. Then have DNS return
internal and external addresses. Likewise will honor the site
information and use the external address once the client actually
is able identity it's current site information.
> I have changed the below error message, machine names, IPs etc to hide
> the innocent, or guilty.
>
> TESTlinux:~# /usr/centeris/bin/domainjoin-cli join --notimesync
> domain.domain user-with-admin-prev
> Joining to AD Domain: domain.domain
> With Computer DNS Name: TESTlinux.domain.domain
>
> the-admin-user at domain.domain's password:
> I have [2008/08/06 16:30:11, 0]
> utils/net_ads.c:ads_startup_int(493)
> ads_connect: No logon servers
Yeah. Looks like the DCs are firewalled off. Specifically UDP/389
that the client is using to determine site info.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIoF+wIR7qMdg1EfYRAlfDAJ9qxvpo3hI9V6HrXMA3QuQwDAu8RwCdHNms
kEohx5b7k6AywQDPYIxVwPk=
=/ZxY
-----END PGP SIGNATURE-----
More information about the Likewise-open-discuss
mailing list