We have run WG for quite some time now, and everything is current with the version updates. We are starting to investigate setting up an Active Directory to replace our limited work group. Along with AD we were also wanting to add extra layers of security such as WGIC's authentication.
Basically, where do i start, and what questions should i be asking in this process?
Questions: (Please assume that i don't know how to do what you are going to explain.)
1. Would you even need to employ WGIC in an AD environment? (Would it be, in essence, redundant?)
2. What conflicts / problems have you guys encountered when trying to integrate AD with a Wingate setup.
Data:
1. Wingate on Win2k machine, running NAT and DHCP.
2. DNS is done by our ISP. [It is my understanding that i would have to create a secondary DNS for AD.]
3. No current user authentication on WG other than NAT.
Thanks for you time and help.
Matt
Wingate/Active Dir Integration
Moderator: Qbik Staff
2 posts
• Page 1 of 1
Wingate/Active Dir Integration
by mcb » Nov 12 05 8:21 am
- mcb
- Posts: 41
- Joined: Aug 07 04 7:36 am
- Location: NE Tennessee
Re: Wingate/Active Dir Integration
by kgoodknecht » Nov 13 05 4:30 pm
Answers inline
We have run WG for quite some time now, and everything is current with the version updates. We are starting to investigate setting up an Active Directory to replace our limited work group. Along with AD we were also wanting to add extra layers of security such as WGIC's authentication.
Basically, where do i start, and what questions should i be asking in this process?
Questions: (Please assume that i don't know how to do what you are going to explain.)
1. Would you even need to employ WGIC in an AD environment? (Would it be, in essence, redundant?)
You can use the WGIC on the member clients, however it cannot be used on a server or a machine with IIS running due to port conflicts.
2. What conflicts / problems have you guys encountered when trying to integrate AD with a Wingate setup.
The problems encountered depend basically on the machine you install it on, I have Wingate installed on my DC with the Wingate DNS and DHCP disabled. You must use the MS DNS server for all DNS and recommended to use the MS DHCP server if DHCP is going to be used.
Data:
1. Wingate on Win2k machine, running NAT and DHCP.
It is recommended to use MS DHCP as it has better support for Active Directory with at least these three options: Use Options 003 (Router) to assign the Wingate machine as the gateway, option 006 to assign only the AD DNS server, even if you only have one, option 015 to assign the AD DNS domain name to allow for DDNS Registration of clients that do not support DDNS registration.
2. DNS is done by our ISP. [It is my understanding that i would have to create a secondary DNS for AD.]
This is going to have to change, you cannot use an ISP or any other DNS server that does not support the AD Domain. It is recopmmended to use the domain Controller for DNS to get the security of using AD Integrated zones.
All member clients MUST use only the internal AD DNS server or you can expect network errors and extended startup and logon times. No ISP or external DNS allowed in any position of and AD Domain member.
You can use your ISP's DNS as a forwarder on the Forwarders tab of the DNS server properties in the DNS Management Console.
See:300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202
We have run WG for quite some time now, and everything is current with the version updates. We are starting to investigate setting up an Active Directory to replace our limited work group. Along with AD we were also wanting to add extra layers of security such as WGIC's authentication.
Basically, where do i start, and what questions should i be asking in this process?
Questions: (Please assume that i don't know how to do what you are going to explain.)
1. Would you even need to employ WGIC in an AD environment? (Would it be, in essence, redundant?)
You can use the WGIC on the member clients, however it cannot be used on a server or a machine with IIS running due to port conflicts.
2. What conflicts / problems have you guys encountered when trying to integrate AD with a Wingate setup.
The problems encountered depend basically on the machine you install it on, I have Wingate installed on my DC with the Wingate DNS and DHCP disabled. You must use the MS DNS server for all DNS and recommended to use the MS DHCP server if DHCP is going to be used.
Data:
1. Wingate on Win2k machine, running NAT and DHCP.
It is recommended to use MS DHCP as it has better support for Active Directory with at least these three options: Use Options 003 (Router) to assign the Wingate machine as the gateway, option 006 to assign only the AD DNS server, even if you only have one, option 015 to assign the AD DNS domain name to allow for DDNS Registration of clients that do not support DDNS registration.
2. DNS is done by our ISP. [It is my understanding that i would have to create a secondary DNS for AD.]
This is going to have to change, you cannot use an ISP or any other DNS server that does not support the AD Domain. It is recopmmended to use the domain Controller for DNS to get the security of using AD Integrated zones.
All member clients MUST use only the internal AD DNS server or you can expect network errors and extended startup and logon times. No ISP or external DNS allowed in any position of and AD Domain member.
You can use your ISP's DNS as a forwarder on the Forwarders tab of the DNS server properties in the DNS Management Console.
See:300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202
Best regards,
Kevin Goodknecht [Microsoft MVP]
See me in the Microsoft Public DNS newsgroups
Kevin Goodknecht [Microsoft MVP]
See me in the Microsoft Public DNS newsgroups
- kgoodknecht
- Senior Member
- Posts: 161
- Joined: Nov 24 03 1:31 pm
- Location: Wichita Falls, TX
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 17 guests