samba - Jul 1998 - Domain logon from behind proxy...

I think this has been addressed a few times,
but without quite satisfactory results.

I have a private subnet behind an NAT
proxy server (IPMASQ), and a public subnet
on the other side with the NT PDC on the public.
(Using both NetBEUI & TCP/IP).  The PDC
will change later, but currently I'm trying to
find out how this all works before I do that.

I'm trying to make a client machine on the
private side use only TCP/IP, no NetBEUI,
and logon to the domain.  I've tried various
assortments of WINS on the proxy machine,
on a single-card private Samba machine,
various LMHOST configurations (one line
that always seems to give a "too many columns"
is the:

192.68.1.3    mypdc    #PRE    #DOM:mydomain

line out of the examples - the error says "obsolete
syntax".

Anyway, I'm up to about 120 different ways to do
this (except for building a hole into the proxy, and
making WINS run on the NT PDC itself) that don't
work - I get a "can't log into domain, cached info
used", though I can browse the net & do my shares
as normal, I can't log in as an uncached user.

If anyone has a simple step-by-step guide for
setting up domain logons from behind a proxy,
I for one would appreciate it.

Thanks,
Bill
bill@rfa.org

>I have a private subnet behind an NAT
>proxy server (IPMASQ), and a public subnet
>on the other side with the NT PDC on the public.

Before I get the usual responses, I should
note that I'm using the latest versions of
all the software on RedHat 5.1, and have
successfully set up Linux PPP dial-in so it
authorizes on the NT PDC & logs into
the domain, using SMB_PAM and so on.
The Masq problem is just proving more
difficult.

thanks,
Bill

On Mon, 13 Jul 1998 samba@samba.anu.edu.au wrote:
> 
> Date: Sat, 11 Jul 1998 22:36:46 -0400
> From: "Bill Eldridge" <bill@rfa.org>
> To: <samba@samba.anu.edu.au>
> Subject: Domain logon from behind proxy...
> Message-ID: <000e01bdad3d$ea3f9e10$0a021eac@eldridgeb.rfa.org>
> 
> 
> I think this has been addressed a few times,
> but without quite satisfactory results.
> 
> I have a private subnet behind an NAT
> proxy server (IPMASQ), and a public subnet
> on the other side with the NT PDC on the public.
> (Using both NetBEUI & TCP/IP).  The PDC
> will change later, but currently I'm trying to
> find out how this all works before I do that.
> 
> I'm trying to make a client machine on the
> private side use only TCP/IP, no NetBEUI,
> and logon to the domain.  I've tried various
> assortments of WINS on the proxy machine,
> on a single-card private Samba machine,
> various LMHOST configurations (one line
> that always seems to give a "too many columns"
> is the:
> 
> 192.68.1.3    mypdc    #PRE    #DOM:mydomain
Bill, I haven't tried logging in through a proxy, so I don't know if
this will work for you, however it worked for me when our Telecomm folks
turned off udp forwarding through ports 137, 138, & 139.

In your lmhosts file, put in lines like the following for your PDC:

 192.68.1.3  mypdc    #PRE    #DOM:mydomain
 192.68.1.3  "mydomain       \0x1c"         #PRE
 192.68.1.3  "mydomain       \0x1b"         #PRE

Note that the number of spaces between quotes in the second and third
lines lines are pertinent;  there should be 15 characters (including
name and spaces) before the hex values.

c
--
Clifford Green               Internet -  green@umdnj.edu
Academic Computing Services     voice -     732-235-5250
UMDNJ-IST                         fax -     732-235-5252
Help wanted telepath: you know where to apply