General discussion

  • Creator
    Topic
  • #2074736

    Domain Trust Between Networks

    Locked

    by featsfanbob ·

    We are trying to set up a domain trust between two networks. One of the networks has a firewall, the other does not. I have opened up ports 135-139 on the firewall for both networks. We are not using WINS but are trying to use an LMHosts file. Is it necessary to use WINS? Is DNS involved? I can ping between the two networks and I can see the server using the IP address. Help!!

All Comments

  • Author
    Replies
    • #3776355

      Domain Trust Between Networks

      by guy ·

      In reply to Domain Trust Between Networks

      The first goal with setting up trusts if for the PDC’s (Not BDC’s) in each domain to be able to see the other. To achieve that they need to be able to resolve their NetBIOS (Machine names). This is a job for WINS or LMHOSTS (DNS and Hosts are not needed. WINS is the better long term solution, LMHosts is good for short term and troubleshooting. If you go with LMHOSTS take a look at the #PRE and #DOM commands. Also look at NBTSTAT /? and in particular NBTSTAT -R to reload the LMhosts without a reboot.
      Finally take time to plan the Trusted and Trusting. Always start at the Trusted PDC and add the Trusting Domain in the box, the password is not the Administrator’s password, its just a password for the trust.

    • #3776329

      Domain Trust Between Networks

      by msheehan ·

      In reply to Domain Trust Between Networks

      Assuming your LMHosts file is set up correctly you will also need a HOSTS (winnt\system32\drivers\etc) file if you are not using DNS. Once that’s set up you will be able to connect and ping via computer name.

      My recommendation (again, not necessary if you have LMHOST and HOST set up correctly) would be to set up DNS and use WINS. You’ll have to open up more ports on the firewall for this.

      Q179442 – How to Configure a firewall for WinNT and Trusts explains more about ports. It does say you need to open up everything above 1024. You could forget all the ports and set up a secure tunnel (based on IP and MAC address) from server to server.

      Mike

    • #3776322

      Domain Trust Between Networks

      by ustutz ·

      In reply to Domain Trust Between Networks

      Post your domain controller information in your LMHOSTS file as follows:

      10.10.10.21 THEIRPDC #DOM:THEIRDOMAIN #PRE
      10.10.10.21 “THEIRDOMAIN 0x1C” #PRE

      The above listing would be for the other domain. Put this file on your PDC, andpost your information on the other PDC. DO not include BDC information – for that WINS is better. The 0x1C mapping identifies a domain name. You could also use the 0x1B mapping (“unique”). It seems 1C works better. Once you established the trust, either establish WINS replication (prefered) between the two primary WINS servers or map required servers in the static mappings. Static mappings are not an optimal solution, but for a limited number of servers they are manageable.

    • #3776311

      Domain Trust Between Networks

      by kostya_belous ·

      In reply to Domain Trust Between Networks

      while recompiling your wu-ftpd server
      (http://www.academ.com/academ/wu-ftpd) you
      must type:
      ./configure –disable-dns
      make
      ./build install
      this option (disable-dns) skip all DNS lookups (see README.AUTOCONF)

    • #3776268

      Domain Trust Between Networks

      by Anonymous ·

      In reply to Domain Trust Between Networks

      Ports for NT Trusts UDP:137,138 TCP:139

      WINS would probably be necessary across a router. Either that or fix up that LMHOSTS file at the domain level as described above in some of the other messages. DNS is not at issue.

      Good luck!

    • #3776263

      Domain Trust Between Networks

      by Anonymous ·

      In reply to Domain Trust Between Networks

      The Backofice resource kit has the ‘mailbox merge tool’ that will do what you described above

      OR you could try this one:
      http://www.microsoft.com/exchange/downloads/MoveServer.htm THis is actually SP3 for exchange.

    • #3776251

      Domain Trust Between Networks

      by stefan.mcintyre ·

      In reply to Domain Trust Between Networks

      Make things easier on yourself, set up a WINS SEVER on both sides with the trust going both ways as PUSH PULL PARTNERS. Setup the following Ports as follows:

      Port 135 = (tcp/udp) RPC
      Port 137 = NETBIOS Name Service
      Ports 138/139 (NETBIOS)for Browsing/NetUse respectively.

Viewing 6 reply threads