DNS,PDC,password change doesnt work

Scherff CWO3 John M ScherffJM at pendleton.usmc.mil
Mon Aug 12 21:44:57 UTC 2002 

To drop WINS entirely from a routed IP network with non-Windows 2000
clients, your only choice is to use LMHOSTS.  True, NetBIOS name =
resolution
can use DNS (follows this order: NetBIOS name cache, WINS, broadcast,
LMHOSTS, HOSTS, DNS); however, this will not work when searching for a
domain controller (which is the only place passwords can be changed),
because this requires a domain group (service type '1C') NetBIOS name =
entry,
versus a simple unique entry.

The users on the subnet with the PDC are able to find it by broadcast.  =
The
users on the other subnet attempt to broadcast (when WINS is not an =
option),
but those broadcasts are blocked by the router.  Optionally, you can =
these
and other particular types of broadcasts to pass through the router, =
but
that's not the best choice.

Stick with WINS. =20

(I assumed, above, that you have non-Win2K clients, because you're =
using NT
4.0 DNS... for that reason, you also can't be running AD because NT 4.0 =
DNS
does not support SRV records)

Another alternative: use 'include' statements in your LMHOSTS file.

E.g., on each computer, in \winnt\system32\drivers\etc, place an =
LMHOSTS
file with the following entries:

10.0.0.1	MYSERVER	#PRE
#INCLUDE \\MYSERVER\MYSHARE\LMHOSTS

On 'MYSERVER', in a directory shared as 'MYSHARE', place an LMHOSTS =
file
with the following entries:

10.0.0.2	 MYPDC			#PRE #DOM:MYDOMAIN
10.0.0.2	"MYPDC          \0x1b"	#PRE #DOM:MYDOMAIN
		 ^--15 chars---^

Now, each computer will pull their LMHOSTS entries from the share on
MYSERVER.  If you need to change something in the LMHOSTS, you change =
it in
only one place (on MYSERVER) instead of on each computer.  The clients =
will
find the PDC and the segment master browsers will find the domain =
master
browser.

I consider this a backwoods method of doing things.  You should just =
stick
with WINS until you upgrade to AD and all your clients are Win2K or =
above.

R/ John Scherff



-----Original Message-----
From: Berger Harald [mailto:hotline at harryworld.dyndns.org]=20
Sent: Monday, August 12, 2002 5:45 AM
To: comp-protocols-dns-bind at isc.org
Subject: OT: DNS,PDC,password change doesnt work


Hi,

i=B4m a little bit OT, but i hope you can help me.

in our company we have decide to kill our WINS and use DNS.
The DNS-Servers works pretty good (9.2.1). There are two
locations, connected with cisco-routers (2MBit).

in the 1. location where the NT 4.0 Primary domain controller
is.. user can change their password (nt4-workstation).

in the second location there is only a BDC.. and the users
are unable to chage there password.=20

looking in the web. i found that you must have an WINS-Server
or you have to put some entries in the clients lmhost-file.

is there a trick to do something in the dns-server that the clients
will know where the PDC is.. the funny thin is that a ping to the
PDC works fine.

thanks for help and excuse me against for being OT....
=20

More information about the bind-users mailing list