|
|
We have set up DFS, so we will have the ability to move shares without
users having to keep changing their paths to the shares from their
workstations.
This works fine for users in the local domain, but users connecting
from an external domain, can only connect when they mapped directly to
\\server\share.
The dfs path of \\domain\dfsroot\share will not resolve externally.
Is there some way make DFS paths to resources on our local domain work
for the users who connect from the other domain?
They do have network access and permissions to the resources, but they
just cannot resolve the DFS path.
Is there an entry that needs to be added to their local DNS servers or
something else?
|
|
Can you ping the internal DNS IP address from the external machines?
If you can:
In the external domains DNS console,
Right click the local server name and select properties,
Click on the forwarders tab, and click on the New button,
type in the domain name you want to reach there, and add the
ip address of the computer handling dns for that domain.
If you can't ping the ineternal DNS IP address from the external machines
there is more you would have to do but I am guessing the above should
get you going.
Hope it helps ya.
<mygposts[ at ]gmail.com> wrote in message
news:14bcabdb-fc80-41fb-8a91-2d538d564b70[ at ]s1g2000prg.googlegroups.com...
[Quoted Text] > We have set up DFS, so we will have the ability to move shares without
> users having to keep changing their paths to the shares from their
> workstations.
> This works fine for users in the local domain, but users connecting
> from an external domain, can only connect when they mapped directly to
> \\server\share.
> The dfs path of \\domain\dfsroot\share will not resolve externally.
>
> Is there some way make DFS paths to resources on our local domain work
> for the users who connect from the other domain?
> They do have network access and permissions to the resources, but they
> just cannot resolve the DFS path.
> Is there an entry that needs to be added to their local DNS servers or
> something else?
|
|
On Oct 28, 12:48 pm, "Spaceman" <space...[ at ]realspaceman.com> wrote:
[Quoted Text] > Can you ping the internal DNS IP address from the external machines?
> If you can:
> In the external domains DNS console,
> Right click the local server name and select properties,
> Click on the forwarders tab, and click on the New button,
> type in the domain name you want to reach there, and add the
> ip address of the computer handling dns for that domain.
>
> If you can't ping the ineternal DNS IP address from the external machines
> there is more you would have to do but I am guessing the above should
> get you going.
> Hope it helps ya.
>
> <mygpo...[ at ]gmail.com> wrote in message
>
> news:14bcabdb-fc80-41fb-8a91-2d538d564b70[ at ]s1g2000prg.googlegroups.com...
>
>
>
> > We have set up DFS, so we will have the ability to move shares without
> > users having to keep changing their paths to the shares from their
> > workstations.
> > This works fine for users in the local domain, but users connecting
> > from an external domain, can only connect when they mapped directly to
> > \\server\share.
> > The dfs path of \\domain\dfsroot\share will not resolve externally.
>
> > Is there some way make DFS paths to resources on our local domain work
> > for the users who connect from the other domain?
> > They do have network access and permissions to the resources, but they
> > just cannot resolve the DFS path.
> > Is there an entry that needs to be added to their local DNS servers or
> > something else?- Hide quoted text -
>
> - Show quoted text -
Would something need to be set up on our local DNS server to allow it
to respond to requests orginating from outside our domain?
I also assume ports on the firewall would also need to be opened to
allow DNS traffic through.
Is that true?
|
|
Yep, that's right.
For your DNS server to respond to external requests, you need to allow port
53 UDP through to that server.
If you want to also present shares, you will also need to open the standard
file sharing ports (135-139 TCP/UDP as well as port 445 TCP/UDP).
You should ensure that your security is tight before opening these ports to
the outside world, so I would strongly recommend restricting who can access
them.
--
Mat Mirabito,
MCSE, MCITP (Server & Enterprise)
"mygposts[ at ]gmail.com" wrote:
[Quoted Text] > On Oct 28, 12:48 pm, "Spaceman" <space...[ at ]realspaceman.com> wrote:
> > Can you ping the internal DNS IP address from the external machines?
> > If you can:
> > In the external domains DNS console,
> > Right click the local server name and select properties,
> > Click on the forwarders tab, and click on the New button,
> > type in the domain name you want to reach there, and add the
> > ip address of the computer handling dns for that domain.
> >
> > If you can't ping the ineternal DNS IP address from the external machines
> > there is more you would have to do but I am guessing the above should
> > get you going.
> > Hope it helps ya.
> >
> > <mygpo...[ at ]gmail.com> wrote in message
> >
> > news:14bcabdb-fc80-41fb-8a91-2d538d564b70[ at ]s1g2000prg.googlegroups.com...
> >
> >
> >
> > > We have set up DFS, so we will have the ability to move shares without
> > > users having to keep changing their paths to the shares from their
> > > workstations.
> > > This works fine for users in the local domain, but users connecting
> > > from an external domain, can only connect when they mapped directly to
> > > \\server\share.
> > > The dfs path of \\domain\dfsroot\share will not resolve externally.
> >
> > > Is there some way make DFS paths to resources on our local domain work
> > > for the users who connect from the other domain?
> > > They do have network access and permissions to the resources, but they
> > > just cannot resolve the DFS path.
> > > Is there an entry that needs to be added to their local DNS servers or
> > > something else?- Hide quoted text -
> >
> > - Show quoted text -
>
> Would something need to be set up on our local DNS server to allow it
> to respond to requests orginating from outside our domain?
> I also assume ports on the firewall would also need to be opened to
> allow DNS traffic through.
> Is that true?
>
|
|
Hello,
Can you also add the domain to the list of trusted intranet
zones. You can do this via Internet Explorer or Group Policy.
Regards,
John
"mygposts[ at ]gmail.com" wrote:
[Quoted Text] > On Oct 28, 12:48 pm, "Spaceman" <space...[ at ]realspaceman.com> wrote:
> > Can you ping the internal DNS IP address from the external machines?
> > If you can:
> > In the external domains DNS console,
> > Right click the local server name and select properties,
> > Click on the forwarders tab, and click on the New button,
> > type in the domain name you want to reach there, and add the
> > ip address of the computer handling dns for that domain.
> >
> > If you can't ping the ineternal DNS IP address from the external machines
> > there is more you would have to do but I am guessing the above should
> > get you going.
> > Hope it helps ya.
> >
> > <mygpo...[ at ]gmail.com> wrote in message
> >
> > news:14bcabdb-fc80-41fb-8a91-2d538d564b70[ at ]s1g2000prg.googlegroups.com...
> >
> >
> >
> > > We have set up DFS, so we will have the ability to move shares without
> > > users having to keep changing their paths to the shares from their
> > > workstations.
> > > This works fine for users in the local domain, but users connecting
> > > from an external domain, can only connect when they mapped directly to
> > > \\server\share.
> > > The dfs path of \\domain\dfsroot\share will not resolve externally.
> >
> > > Is there some way make DFS paths to resources on our local domain work
> > > for the users who connect from the other domain?
> > > They do have network access and permissions to the resources, but they
> > > just cannot resolve the DFS path.
> > > Is there an entry that needs to be added to their local DNS servers or
> > > something else?- Hide quoted text -
> >
> > - Show quoted text -
>
> Would something need to be set up on our local DNS server to allow it
> to respond to requests orginating from outside our domain?
> I also assume ports on the firewall would also need to be opened to
> allow DNS traffic through.
> Is that true?
>
|
|
|