similar to: Read Only DC in one way only

On Wed, 13 Jun 2018 12:28:23 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > Hi Rowland, > > > I have no homes share. As far as I know I should not have that share > on a DC ..? Then don't worry about it, I was just checking if you had one. > > > Regarding the security consideration for a DMZ zone, what do you > suggest instead of putting

On Wed, 13 Jun 2018 11:33:48 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > > > > > Here it is. It talks about homes share but I think we don't care ? > Final error is not explicit to me.. Maybe you? > > > > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse:

Dear all, setting up a DMZ environment I was thinking to use an RODC there for user authentication. One of the application in the DMZ needs to access the directory via LDAP. When I tried to connect to the RODC using LDAP with simple bind, I always received the following error ldap_bind: Invalid credentials (49)         additional info: 80090308: LdapErr: DSID-0C0903A9, comment:

On Thu, 14 Jun 2018 10:23:56 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > Hi Rowaland, > > > I read the doc. > The reason is the usual one. We need authentication inside the DMZ > zone and do not want any modification from this zone. We also need a > fileserver into this zone where corporate users can log-in. We are > asked to keep the solution

Dear all, We (me and colleagues) were considering setting an RODC in our DMZ for some authentication related questions. We were curious about any suggested best practices for those cases. We also notice that there are quite a lot of ports to open vs. the ADs. * TCP 88 (Kerberos Key Distribution Center) * TCP 135 (Remote Procedure Call) * TCP 139 (NetBIOS Session Service) * TCP 389

On Fri, 13 Dec 2024 10:14:27 +0100 Ilias Chasapakis forumZFD via samba <samba at lists.samba.org> wrote: > Dear all, > > We (me and colleagues) were considering setting an RODC in our DMZ > for some authentication related questions. > > We were curious about any suggested best practices for those cases. > > We also notice that there are quite a lot of ports to

Der Rowland, We share that concerns actually and of course if there is a way to avoid it, it is always better. Another fellow suggested us an LDAP-Proxy instead (personally have never setup one). What we actually need in our case scenario, is only that service and not the rest of bells and whistles of an RODC. I just was wondering if someone had experience with what happens if one does

Hi I am trying to setup samba (rhel6/centos 6.2) and I am having some issues. So what I have is Server A (centos 6.2) It exists in my DMZ so very limited access to thing. Juts mainly DNS and some ports for RODC Sever B (W2k8r2) RODC, exists in my insecure vlan, stepping stone into the DMZ (dmz-inside) My Windows box work fine talking to the RODC When I try wbinfo -u it fails. I have opened

On Fri, 17 May 2024 12:36:33 -0300 Gilberto Ferreira via samba <samba at lists.samba.org> wrote: > Hi there. > I have two samba servers, let's say srv01 and srv02. For that matter, > both are Zentyal Server 4 and 8, respectively. > In the srv01 there is samba version 4.1, which is in the network > 182.168.200.0/24, and which is by the way also the gateway to both >

I'm dealing with an environment with AD servers in a normal working environment, all working and happy. I'm using bare Kerberos authentication for my Linux hosts to authenticate local accounts against the AD server, all well and good, I've not needed to integrate LDAP support and don't want to. But there are DMZ VLAN's with hosts exposed directly to the Internet. I'd like

Hi Rowaland, I read the doc. The reason is the usual one. We need authentication inside the DMZ zone and do not want any modification from this zone. We also need a fileserver into this zone where corporate users can log-in. We are asked to keep the solution simple, easy to understand an maintain. I can force authentication to this DC instead of choosing the DC "randomly". So, do

Hello all, i am new to shorewall and i already have a question ;) i am running a mailserver in my dmz (or actually this will be when = evertything will be working fine with shorewall) with public ip = addresses.. i have a subnet of 8 ip addresses (255.255.255.248 mask) and = i was planning of the classic 3 nic (eth0-2) setup... the dmz should = work with proxy-arping...=20 now my quesion is

Hi there. I have two samba servers, let's say srv01 and srv02. For that matter, both are Zentyal Server 4 and 8, respectively. In the srv01 there is samba version 4.1, which is in the network 182.168.200.0/24, and which is by the way also the gateway to both network. In the srv02 there is samba version 4.15, which is in the DMZ network 10.10.100.0/24 The first is an additional controller for

Hi Andrew, I am deeply impressed by your speed! :D The RODC is actually Samba 4.7.4, the other DCs are still on 4.6.12. Any suggestion how I can debug this w/o setting everything on level 10? ;) Best regards Johannes Am 22.01.2018 um 20:45 schrieb Andrew Bartlett: > On Mon, 2018-01-22 at 20:36 +0100, Johannes Engel via samba wrote: >> Dear all, >> >> setting up a DMZ

Been trying to puzzle through a firewall layout here involving E-Mail. Would have thought this was a more common kind of scenario, but I haven't been able to Google me up an answer to this one. At present I have an SMTP server (Postfix) in my DMZ that is simply re-routing mail into my secure network. This is a less than optimal setup simply due to having to allow traffic from the DMZ

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

I made a boo boo in my config and put in this rule #PPTP DNAT net:213.67.241.162/217.209.46.204/32 loc:192.168.221.200 tcp 1723 DNAT net:213.67.241.162/32,217.209.46.204/32 loc:192.168.221.200 47 - And the the following happened.. and I wonder why it didn''t complain? I am sure I am just misunderstanding some doc

thanks again for your sharp eye and speedy response. i have corrected the typos in the IP in the masq file. I am sorry to have to ask for more help but my pc''s on the local network can''t reach the dmz webserver using the webserver''s local or Public IP address. I need to be able to do this in order to test the split DNS setup for the network. Using ethereal on the

I''m getting 2 or three of these a day...Any ideas ? The 192.168.250.zz is a eth0:3 on a box that currently only has eth0:1 active Dec 1 15:47:40 machine-name kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=my.real.ip.addr DST=66.228.216.22 LEN=68 TOS=0x00 PREC=0xC0 TTL=255 ID=12031 PROTO=ICMP TYPE=3 CODE=1 [SRC=66.228.216.22 DST=192.168.250.zz LEN=40 TOS=0x00 PREC=0x00 TTL=46

Hopefully this is an easy question.... I''m using a leaf router (bearing) running shorewall. Three interfaces net, loc, and dmz. Only one computer in the dmz and its being proxy arp''d. External and internal (net and loc) can reach the dmz but the dmz cannot reach the isp''s gateway and beyond, but can reach a system adjacent to the firewall.