Announcement

Collapse
No announcement yet.

Joining client to natted domain server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Joining client to natted domain server

    Please let us know if we have to make any changes while joining a client machines to a domain where the domain controller is natted to some other private ip address. ie, the physical ip address of the machine is different from the natted ip(which is also a private ip). The clients can only communicate with the natted ip and not the physical ip address.

    Regards,
    Anishk

  • #2
    Maybe it's me, but I do not understand what you have typed. A diagram of the network, with appropriate sample IPs, would be of help. Thanks.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Our AD server is 10.20.30.40 which has been now natted to 10.20.50.50. The client machines which are in a different network say, 10.30.40.100 are now not able to join to domain which were previously joining.

      Regards,
      Anishk

      Comment


      • #4
        Can the clients ping the DC by IP, NetBIOS name and fqdn?
        If so, try joining using domain.com (fqdn syntax) rather than DOMAIN (NetBIOS syntax)
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Originally posted by Ossian View Post
          Can the clients ping the DC by IP, NetBIOS name and fqdn?
          If so, try joining using domain.com (fqdn syntax) rather than DOMAIN (NetBIOS syntax)
          We are able to ping by ip (natted - 10.20.50.50) but not to netbios name or fqdn.. Saw some posts by microsoft that joining client machines to domain under natted environment is not recommended and tested. ! but don't know whether it is possiblr or not ..

          Comment


          • #6
            You need to get DNS sorted first - without that, there is no way you can join the domain
            Can you post an IPCONFIG/ALL from client and from DC
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Wherever you do your routing between your address ranges, make sure you have 'ip helper-address' commands on the vlan gateways which point to the NAT address of the DC. Also, make sure your NAT device (router/firewall?) isn't blocking any ports between the client ranges and the DC when it does the NAT.
              *RicklesP*
              MSCA (2003/XP), Security+, CCNA

              ** Remember: credit where credit is due, and reputation points as appropriate **

              Comment

              Working...
              X