[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Logon to domain fails


  • Subject: Re: [Openvpn-users] Logon to domain fails
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Sun, 13 Jan 2008 18:58:31 -0600
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID776maNa770409X28

Erestor Elensar wrote:
I have several site to site tunnels.
Each site has his windows AD server. Now on one sites we must shutdown the AD server and let the workstations join another AD domain. Because we use routing i have activate wins on both sides but it seems inpossible to find the AD server. I can ping but the 'windows protocols' seems not to go trough the tunnel, there is no firewall.

what i'm i missing here, it should be possible ?
Thanks

This doesn't really have anything to do with OpenVPN but with Windows DNS. Since each of your locations is a different Active Directory domain I'm assuming they are also acting as DNS servers for local clients. When a PC is joining a domain it sends out a DNS request for the domain being joined; this DNS entry is maintained by Active Directory and thus wouldn't exist on independent DNS servers from other domains.

Since you have multiple sites you should really put them all under a single domain and configure each of the domain controllers as different sites; this will insure that you have a unified DNS to do what you want. You may also be able to resolve the issue by adjusting the DNS server for the network where you're removing the former server, but you're just going to run into these types of problems later if you don't properly set up your network.

OpenVPN doesn't care about the protocols being sent over the tunnels because it just sends IP packets across the link. The only "Windows protocols" that won't work over a routed OpenVPN configuration are NBNS and any other local broadcast traffic since that occurs on an Ethernet layer and not an IP layer.

In short, fix your DNS and you should be able to join the domain as you expect.

--
Josh


Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users