Great Circle Associates Firewalls
(October 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: RE: Technical details of NT Domains..
From: "Greg King (Exchange)" <gregking @ microsoft . com>
Date: Thu, 5 Oct 1995 13:23:48 -0700
To: "firewalls @ greatcircle . com" <firewalls @ greatcircle . com>, "mark . horn1 @ jsc . nasa . gov" <mark . horn1 @ jsc . nasa . gov> 
To logon onto a NT domain you have a rpc call the the domain server. The RPC to logon is TCP.  The datagrams to discover the DC to log onto is UDP.
If you need more info please let me know

Greg King
Microsoft 
BackOffice Capacity Planning


----------
From: 	mark .
 horn1 @
 jsc .
 nasa .
 gov[SMTP:mark .
 horn1 @
 jsc .
 nasa .
 gov]
Sent: 	Wednesday, October 04, 1995 12:00 PM
To: 	firewalls @
 greatcircle .
 com
Subject: 	Technical details of NT Domains..

Hello,

We have some users who need to login to a windows NT domain that has been set
up here.

We currently have an IP firewall installed.  This firewall is installed on our
LAN and protects us from the Internet.  Since there isn't a site wide
firewall, it also protects us from the rest of JSC.  Its a screened host
gateway (Nomenclature taken from Marcus J. Ranum's "Thinking About
Firewalls").  Currently, only IP is filtered at our firewall.  All non-IP
protocolas are passed through.  All non-IP protocols are filtered at the
site's connection to the Internet.

Now, it turns out that my users can't login to an NT domain.  I wouldn't have
expected this because I assumed that NT would have used NetBEUI or some such
other non-IP protocol to communicate.  After some experimentation, I've
discovered that I need to set up the following for this to work:

	a) Each Win95 machine needs to have a WINS server configured
	b) UDP needs to be wide open to that Win95 machine.

It looks like WINS is a UDP based protocol, and it manages the name resolution
for the NT domain.  Then, using some unknown protocol, our machines talk to
the NT domain server for authentication.  From there, they talk to the
individual disk servers in the NT domain over NetBEUI.  (All of this is not
much more than a Wild Ass Guess (tm))

So, the questions is can anyone tell me the specifics of how one logs into an
NT domain?  In particular, what are the details of the data exchange?  What
I'm looking for is something along the lines of how Brent Chapman describes
protocols in his tutorials (e.g. NTP servers send to & from UDP port 123, NTP
clients send to UDP 123, and from random UDP port >1023).  Does anyone know
how logging into an NT domain utilizes UDP?

If WINS is the only thing using UDP, has anyone set up udprelay to act as a
proxy for it?

Thanks in advance.
--
Mark Horn (sparkie)                                horn @
 mickey .
 jsc .
 nasa .
 gov
http://tommy.jsc.nasa.gov/~horn                    mark .
 horn1 @
 jsc .
 nasa .
 gov

Free Advice and Opinions -- Refunds Available
Indexed By Date Previous: Re: Copy of RFC1597
From: bnowlin @ nyjets . lerc . nasa . gov (Ben Nowlin)
Next: RE: WWW & Proxy Servers
From: "Dominy Leigh" <dominy_leigh @ po . gis . prc . com>
Indexed By Thread Previous: Re: Technical details of NT Domains..
From: Steve Kennedy <steve @ gbnet . org>
Next: running "smapd" chrooted ..
From: okuyama @ netcom . com (Darin Okuyama)
Google
 
Search Internet Search www.greatcircle.com