- I am attempting to log into an NT domain via securemote.
- The NT domain controller resides on a subnet that does NOT have a direct interface on the Nokia 440 firewall, therefore internal communication to the subnet is passed through an internal cisco 2500 series router (this is a test environment simulating a portion of our production environment)
- firewall encrypt rule is as follows
allusers@any > NT_PDC > any > client encrypt >long
- encrypted icmp communications are working fine. ie.ping,
HERE'S THE PROBLEM...
- I am using IKE, however in the FWZ properties,
IF "encapsulate securemote connections" is NOT CHECKED
WINDOWS LOGON ERROR: no domain controller can be found
and WINS will not work. yes, WINS is set up on the client to be the PDC and yes, the service is installed and running on the PDC.
authentication and decryption can be seen on the logs as follows:
client > NT-PDC > nbname > decrypt
IF "encapsulate securemote connections" IS CHECKED
NT LOGON ERROR: Password is incorrect, or access to server has been denied. password is definatly typed correctly, it seems to be encrypted or possibly decrypted before it hits the PDC.
authentication and decryption can be seen on the logs as follows:
client > NT-PDC > nbname > decrypt
client > NT-PDC > nbdatagram > decrypt
The PDC object is using NAT and it is a member of the encryption domain assigned to the firewall cluster object's encryption properties.
Any suggestions...??
- The NT domain controller resides on a subnet that does NOT have a direct interface on the Nokia 440 firewall, therefore internal communication to the subnet is passed through an internal cisco 2500 series router (this is a test environment simulating a portion of our production environment)
- firewall encrypt rule is as follows
allusers@any > NT_PDC > any > client encrypt >long
- encrypted icmp communications are working fine. ie.ping,
HERE'S THE PROBLEM...
- I am using IKE, however in the FWZ properties,
IF "encapsulate securemote connections" is NOT CHECKED
WINDOWS LOGON ERROR: no domain controller can be found
and WINS will not work. yes, WINS is set up on the client to be the PDC and yes, the service is installed and running on the PDC.
authentication and decryption can be seen on the logs as follows:
client > NT-PDC > nbname > decrypt
IF "encapsulate securemote connections" IS CHECKED
NT LOGON ERROR: Password is incorrect, or access to server has been denied. password is definatly typed correctly, it seems to be encrypted or possibly decrypted before it hits the PDC.
authentication and decryption can be seen on the logs as follows:
client > NT-PDC > nbname > decrypt
client > NT-PDC > nbdatagram > decrypt
The PDC object is using NAT and it is a member of the encryption domain assigned to the firewall cluster object's encryption properties.
Any suggestions...??