Client OS (wxp w2k) and w2k3 web edition only accept 10 SMB connections. For
more smb connection you need w2k/w2k3 server editions. It is all about
licensing/pricing, otherwise people would use WXP as their file/print
server.
Jorge
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@ma
You need domain membership for the SASL bind as well. Essentially, it
is calling LogonUser under the hood to authenticate Windows users on the
ADAM box, so users need rights to log on locally for bind redirection.
Do you have an option for IPSEC or something to enable domain
membership? Otherwis
If I understand what you are asking Rick, I don't think you can do any bind
BUT a SASL bind for a local Windows user in ADAM.
I expect this would work fine with a machine not in a domain otherwise that
would be very limited in usefulness.
joe
-Original Message-
From: [EMAIL PROTECTE
Ok, now you made me have to go and test it! This doesn't make sense to me.
Report back shortly. I could be completely wrong but I think that would
limit usefulness a little too much.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTE
I wouldn't use SASL for this myself. I don't believe I'd want my customer
data in the windows SAM as that could run into scalability issues (that's
why we went with AD in a distributed fashion vs. local SAM right?)
>From your description, a simple bind is the way to go. You'll want to
secure the
Joe,
Thanks for the feedback. This is pretty much what I had concluded, after
doing some testing last night after this bugged me to the point that I
couldn't go to bed.
IPSec is an option, but I won't get it past InfoSec. They flat refuse to
allow domain-direct communications to the DMZ (or fro
Nuts! I had to go back and read the part about the internal users also
gaining access with internal credentials.
So to me this screams multiple instances of a directory 1 for internal and
one for external users. The internal users DB would use SASL bind
techniques and would have to be able to t
Al,
Thanks for the feedback. In reality, I don't think that the code, etc. for
ADAM SecPrinc vs. AD related will be that bad. If the account is supposed
to exist, then the user object is going to have to be in ADAM one way or the
other.
So, check first for a user object with a password in ADAM.
Oh wait a minute, I came back and
reread Rick's original post again and then JoeK's post again.JoeK
do you mean you need domain membership for the SASL auth of the AD users or SASL
auth for both AD and the local users? I initially read it as SASL bind for local
users.If for the AD users, I t
Scale could be an issue. However I would say for many companies, being able
to handle 60,000-80,000 users in that way would be more than sufficient.
Actually I think towards the end of NT they had even published info on how
to get up to 100k into NT4. I ran solid on NT4 with a couple of 80K+ user
d
> One other interesting tidbit - how does ADAM, as a non-member server,
> now who to talk to? I'm hoping that I don't have to hard define a
> particular DC. Is there a possibility that a call made references the
> RootDSE, leaving the redundant capabilities of AD in place?
Talk to for what? I
Statement of Problem:
Laptop users from MYCO (on Active Directory) traveling to OTHERCO (on
Novell NDS but not AD) are unable to authenticate to MYCO.US.PARENT.COM
Active Directory.
Required Result:
To enable laptop users from MYCO traveling to OTHERCO to authenticate to
MYCO.US.PARENT.COM
Is WINS still needed for exchange 2003? Some have said outlook still needs
WINS.
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Yep, exchange 2003 still depends on NetBIOS (WINS). See
http://support.microsoft.com/?id=837391
Jorge
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 3/6/2005 6:55 PM
Subject: [ActiveDir] WINS
Is WINS still needed for exchange 2003? Some have said outlo
Title: Re: [ActiveDir] WINS
Unfortunetly it does. I thought it didn't until I read the deployment guide. Recently upgraded for 5.5.
Robert
-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: ActiveDir@mail.activedir.org
Sent: Sun Mar 06 12:55:30 2005
Outlook shouldn't need it unless your DNS has fallen down. Exchange server
itself needs it. Well to be strictly correct, it needs NetBIOS name
resolution, you can do that with Broadcast, LMHOSTS files, or WINS. Of the
three, unless you are in the smallest of environments you probably want to
use WI
Title: Re: [ActiveDir] WINS
Just curious, where in the deployment guide does it say
that Exchange 2003 needs WINS? We are running a clustered Exchange
2003 setup and we don't have WINS configured on our
domain.
glen
[EMAIL PROTECTED]
The University of Texas at Dallas
From:
I don't think I am related to Denise Richards, it would be perfectly legal.
I don't think I need to worry about Charlie Sheen, he is a punk. :o)
On the Yamila Diaz-Rahi and the dash... I don't think we will ever know. She
doesn't inspire me such as the likes of Eliza Dushku and Denise Richards.
Title: Re: [ActiveDir] WINS
Seems we need to get to the bottom of
this. It seems that exchange just might need WINS to do netbios resolution at
some instance. Now what is that instance? It seems not everybody will
necessarily come across that instance.
From:
[EMAIL PROTECTED] [m
Title: Re: [ActiveDir] WINS
I'm really just a lurker on this list, but, last week I ran
head-first into a WINS/2003 Exchange issue adding a second
Exchange Server into a new Exchange Administrative group in one of the
domains within our AD forest. I'm not ruling out other DNS/Exchange connec
Title: Re: [ActiveDir] WINS
I'll look when I get home. I remember reading about it a year ago and was bummed out. I thought I could rid myself of wins. I did run Exchange without wins for a while but added it being MS recommends it. Only thing is it didn't give a reason why. Just said i
Title: Re: [ActiveDir] WINS
Okay, I will look into it also. We removed WINS
from our forest about a year ago and have seen no ill effects. We are not real
big, 2000 exchange accounts and 25000 users, but everything seems to be running
fine without it. Over the next few months, we are going
Ok, let's review and recap to make sure we are on the same page:
- Rick wants to authenticate extranet users as users in the ADAM store
(requires simple bind)
- Rick also wants to authenticate AD users in the internal forest
The ADAM users require simple bind.
AD users use either SASL bind wit
Title: Re: [ActiveDir] WINS
I can't recall all of the circumstances but the ones I have
personally run into or been involved in seemed to be around configuring and
installing things. The one that was most fun involved the MCS guys working with
the Exchange admins to load something or other on
Although it is not allowed (why?) there are two possibilities here as I can
see...
(1) On the UNIX zone MYCO.US.PARENT.COM delegate the underscore domains
beneath to the AD/DNS servers as seperate zones. You'll need to do the same
for the AD/DNS servers. This is needed so that the UNIX servers as t
Good restate. I think that captures it all. The key being that the ADAM
server must be a member of the internal domain. If it isn't, all users need
to go into some store (whether local, ADAM, or spinning up AD in DMZ) in the
DMZ.
Personally, I am not a fan of hooking anything outside the LAN/WAN
The DMZ AD sounds like a good way to go for me too.
Our security guys are pretty terrified of AD in the DMZ (we use IPSEC to
deal with this), but it seems like it would save a lot of hassle. I
don't personally deal with IPSEC, but it seems to have a "suck factor"
reputation with the people here
I don't have a problem with AD in the DMZ, I just wouldn't let it be
connected to my internal AD either via trusts or the truly uncool idea of
putting an internal AD DC in the DMZ.
The idea of using the local SAM ID's is if you want secure auth but don't
want to use the required SSL for AD/AM user
3. Point the clients that belong to the AD domain at the AD DNS Servers and
have a secondary DNS server in the list for the OTHERCO stuff.
4. Have the users use local IDs and use RUNAS and NET USER /USER. The only
time this would really fall down that I am aware is when managing Exchange
because
Title: Re: [ActiveDir] WINS
Page 51 of the Planning an Exchange Server 2003 Messaging System.
"Exchange requires WINS (even though Windows does not)
There's no additional information as to why Exchange requires it. I'll take a look in the Exchange 2003 Technical Reference Guide to
Title: Re: [ActiveDir] WINS
Some info regarding WINS requirement from
Microsoft:
http://support.microsoft.com/?id=837391
Yandi
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Mezzone
Sent: Monday, March 07, 2005 10:18
AM
To: ActiveDir@mail.activedir.or
I get it now. You are more paranoid about the extranet than me, not
less. We actually do lots of domain member servers in the DMZ
(including the Exchange clusters), so you would probably freak out if
you worked here. :)
In any event, hopefully Rick has enough info to push ahead.
Thanks,
Joe K
I think that pretty much covers it. Given the option, I'll likely go with
the SASL, as the MS docs don't recommend the proxy. I'll dig into why, but
I suspect that it might have to do with issues of security. However,
LDAP/SSL is the default, and one would have to change a couple of settings
to
WTF?!?!? Has this list sunk this far?
However, I should know better. It's joe, Al, and Deji.
Never mind all. False alarm. Nothing odd going on at all.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Sunday, March 06, 2005 12:29 PM
To:
Sorry for just weighing in on this thread now, this weekend has been
crazy busy with things related to my upcoming move.
I can take some of the credit/blame (you decide :)) for our guidance on
ADAM generally, as I've been involved in the docs out there.
There are two major reasons we don't recomme
Title: Re: [ActiveDir] WINS
Both Outlook and Exchange are users of NetBIOS name
resolution - to wit, in the general case, WINS.
Outlook uses it to determine where to find
its Exchange server to connect to and sometimes for what DC to use (GC
information comes from DNS unless overridden by a
Hi All,
- Is there a template where there is a checklist of the things that
should be checked on the network maintenance?
Like a network Administrator is there a baseline that one can have and
compare when monitoring and maintaining the network to ensure
everything is fine of course in addition to
Sorry I forgot to write my main question too:
- Is there any way to have the even viewer trigger an email?
Thanks
On Mon, 7 Mar 2005 09:25:13 +0300, rubix cube <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> - Is there a template where there is a checklist of the things that
> should be checked on th
38 matches
Mail list logo