XP clients cannot connect to AD domain

curhed · ‎06-22-2005

Hi, without knowing too much how AD works I faced issue while putting clients inside pix and leaving domain controller/file server outside.

XP clients will use only directory mapping on simple file server.

10.11.0.0/24 with XP-----in_PIX501(v6.34)_out-----192.168.0.0/24 with AD

Pix does PAT and has inbound and outbound acl without any static commands.

What traffic should allow out and what in? While I tried also without any restrictions I received prompt on XP but it failed with login/passwords.

Thanks for usefull tips!

mostiguy · ‎06-23-2005

You do not want to do NAT between a windows client and server if you want file sharing or logons to work between them.

WHy is the DC/file server outside the pix?

curhed · ‎06-23-2005

There was some companyA PCs on companyB's LAN using companyB's AD. CompanyB had to be moved to self managed LAN because of companyC, while file server and the domain were remaining same. A policy issue don't ask more, I just work there ;)

So I could make nat0 across the pix and add on the DC/filesrv?

Is the issue PAT? Could it work with static outside NAT command where DC is introduced as 10.11.0.100 on the inside?

Thanks for the answer! -tonic

mostiguy · ‎06-23-2005

The best way is no NAT, so a nat 0 and static'ing across the pix is best. PAT will likely mean no functionality whatsoever. YOu want no NAT so clients can register successfully with dynamic DNS and WINS, and have those records be accurate. If DDNS is broken, you likely will have numerous active directory issues.