Steven Scarbrough wrote:
Not sure about AD, but in Novell, it only matters that the servers are in DNS
and the directory so that they can find each other. But our VPNs are not
associated with the directory. Ours are running on other boxes, namely
allied-telesyn routers and
sonicwall fws.
Kinda depends on what you're after. If it's the VPN, I wouldn't tie it to the
directory at all. Let the directory span it once it's set up, just as you
would a bridge on a LAN, or like a VLAN--the routing and collision domains are
the most important to
consider in terms of passing traffic. Once you can ping, just bring up the new
servers as you normally would--at least that's what we've done in eDirectory.
The routers will pass the directory info through, so then the considerations
are a) how MS does
"bringing up a server in AD" with respect to DNS and the schema, and b) whether the VPN has the capacity to handle the directory changes.
We found that in OSX, their NetInfo and OpenDirectory both were not designed
for delta changes, so every change sent the entire directory across the
sometimes full links (particularly at the beginning of the school year this was
troublesome.) But hey,
if you have the bandwith, it's a non issue. However if you have a 56kbps FrameRelay WAN link that's another thing entirely.
I'm gearing up for considering IPv6. My NAT is getting dicey, and we're only
adding more SIP traffic across the MAN and the Firewall.
Steve Scarbrough
Technology Coordinator
Storm Lake Community School District
712.732.8100 fax:8101
----- Original Message -----
Thursday, August 11, 2005 9:11:27 PM
Bulk Message
From: info-tech@aea8.k12.ia.us
Murray Gafkjen <[EMAIL PROTECTED]>
Subject: [info-tech] whistling in the dark
To: tech <info-tech@aea8.k12.ia.us>
Hey gang,
Just tried doing the impossible to my network.
I (we) attempted to change the ip range at one site from 192.168.0.1 to
192.168.2.1 in order to create VPN between two schools. Active Directory
did not like it. Is this possible, or do I need to tear down the entire
network for this to happen? Or can you even change the ip of the
primary AD within the same network?
Outside of that, life is good. I'm really impressed with the St.
Bernard content filtering box iprism...
Murray Gafkjen
Clay Central Everly
---
[This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us]
---------------------------------------------------------
Archived messages from this list can be found at:
http://www.mail-archive.com/info-tech@aea8.k12.ia.us/
---------------------------------------------------------
Thanks Steve,
I haven't had the time to play with it since my first attempt. My
tech support has also found some information, I guess we need to point
to the new DNS (even though it doesn't exist) and then make the change.
We may be changing routers this year, I may try to see what services the
new ones provides.
Murray Gafkjen
---
[This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us]
---------------------------------------------------------
Archived messages from this list can be found at:
http://www.mail-archive.com/info-tech@aea8.k12.ia.us/
---------------------------------------------------------
