Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

Users on both LANs need to access multi-homed stand-alone W2k3 server shares

I've installed a w2k3 stand-alone server with two nics connected to two LANs. LAN1 is an w2k AD domain and LAN2 is not. i need users on LAN2 to be able to put their project files on this server and also to have users from LAN1 to be able to access these shares for reading and writing. this is the only server on LAN2. how can i allow users on both LANs to do this? also, can this stand-alone server perform dhcp services for LAN2?
0
demus619
Asked:
demus619
  • 6
  • 5
1 Solution
 
Nirmal SharmaSolution ArchitectCommented:
Is this your scenario: -

-----W2k3 Stand-Alone---------LAN1---------------SWITCH---------------W2k Domain DC : - 192.168.1.3
            |192.168.1.2                                         |  |
            |                                                          |  +--------------------PC1 : - 192.168.1.5
            |                                                          +-----------------------PC2 : - 192.168.1.6
          LAN2
            |
            |
        SWITCH
         |  |
         |  +--------------------PC3 : - 192.168.1.7
         +-----------------------PC4 : - 192.168.1.8

If this is not your scenario then please make necessary changes and re-post it as it is.

>>>i need users on LAN2 to be able to put their project files on this server and also to have users from LAN1 to be able to access these shares for reading and writing.

Which server you are pointing in this scenarion? If you are pointing to W2k3 Stand Alone then then can access it easily using the routing. You need to add routing in this server for TCP Packets to be transffered using the Default Gateway.

>>>This is the only server on LAN2. how can i allow users on both LANs to do this?

Please tell us which server you are pointing here.

>>>Can this stand-alone server perform dhcp services for LAN2?
Yes it can if you make it member of domain and then authorize in Active Directory to service client requests. It will be your multihomed server....you need to make some changes to your scenario and let us know.

Thanks
SystmProg
0
 
demus619Author Commented:
yes,  like this.
>Is this your scenario: -

---W2k3 Stand-Alone--192.168.2.130--LAN1----SWITCH-------------W2k Domain DC : - 192.168.2.138
            |192.168.1.2                                         |  |
            |                                                          |  +--------------------PC1 : - 192.168.2.170
            |                                                          +-----------------------PC2 : - 192.168.2.171
          LAN2
            |
            |
        SWITCH
         |  |
         |  +--------------------PC3 : - 192.168.1.7
         +-----------------------PC4 : - 192.168.1.8
0
 
demus619Author Commented:
>Which server you are pointing in this scenarion? If you are pointing to W2k3 Stand Alone then then >can access it easily using the routing. You need to add routing in this server for TCP Packets to be >transffered using the Default Gateway.

not sure what you mean by pointing?  both nics have different gateway addresses. i haven't added routing to this server but i guess i can. could be problematic with both nics having different gateways.

what i was wanting was for users on LAN2 to store files on the w2k3 stand alone server and to also have some users on LAN1 to be able access these files for reading and writing. however, i didn't want users from LAN1 to be able to access any other servers past this w2k3 server that now sits inbetween both lans. hope that makes some sense.

>>>This is the only server on LAN2. how can i allow users on both LANs to do this?

>>>>Please tell us which server you are pointing here.

this question i am not clear on?


>>>Can this stand-alone server perform dhcp services for LAN2?
>>>>Yes it can if you make it member of domain and then authorize in Active Directory to service client requests. It will be your multihomed server....you need to make some changes to your scenario and let us know.

should this new server be made part of my domain on the 192.168.2.0 LAN? or would i create a new domain for the other LAN?

 


Thanks
SystmProg
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Nirmal SharmaSolution ArchitectCommented:
>>>what i was wanting was for users on LAN2 to store files on the w2k3 stand alone server and to also have some users on LAN1 to be able access these files for reading and writing. however, i didn't want users from LAN1 to be able to access any other servers past this w2k3 server that now sits inbetween both lans. hope that makes some sense.

One second...your ultimate goal is above.

>>>i was wanting was for users on LAN2 to store files on the w2k3 stand alone server

So PC3 and PC4 can store files on W2K3 Stand-Alone server because they are on the same subnet (192.168.1.0)

>>>and to also have some users on LAN1 to be able access these files for reading and writing.

So PC1 and PC2 need to route their packets to 192.168.1.2 interface. But before routing tell me their gateway address.

>>>however, i didn't want users from LAN1 to be able to access any other servers past this w2k3 server that now sits inbetween both lans. hope that makes some sense.

Ok.....so the solution is Host Routing....

So finally present a scenarion with IP Address, subnet mask and default gateway defined at each pc.

Thanks
SystmProg
0
 
Nirmal SharmaSolution ArchitectCommented:
A Host Route is a route where if the TCP/IP packets are not destined for the subnet it will send these packets to Host Route (Here Host Route is W2k3 server).
0
 
demus619Author Commented:
>>>what i was wanting was for users on LAN2 to store files on the w2k3 stand alone server and to also have some users on LAN1 to be able access these files for reading and writing. however, i didn't want users from LAN1 to be able to access any other servers past this w2k3 server that now sits inbetween both lans. hope that makes some sense.

>>>>One second...your ultimate goal is above.

yes, that is it. sorry for the lack of a better description


>>>i was wanting was for users on LAN2 to store files on the w2k3 stand alone server

>>>>So PC3 and PC4 can store files on W2K3 Stand-Alone server because they are on the same subnet (192.168.1.0)

yes, and PC1 and PC2 should be able to access these files also



>>>and to also have some users on LAN1 to be able access these files for reading and writing.

>>>>>So PC1 and PC2 need to route their packets to 192.168.1.2 interface. But before routing tell me their gateway address.

PC1 and PC2 should be able to send packets to 192.168.2.130 to access files on that server. why would they need to route to 192.168.1.2 interface?    PC1 and PC2 gw is 192.168.1.129 currently.


>>>however, i didn't want users from LAN1 to be able to access any other servers past this w2k3 server that now sits inbetween both lans. hope that makes some sense.

Ok.....so the solution is Host Routing....

>>>>So finally present a scenarion with IP Address, subnet mask and default gateway defined at each pc.

hope this helps



                              +-192.168.2.129-FW--router--Internet  
                              |
                              |
     192.168.2.130--LAN1----SWITCH-----W2kDC--192.168.2.138(a-domain.internal)
     |                        ||
     |                        |+--------PC1-192.168.2.170 gw:192.168.2.129 (a-domain.internal)      
     |                        +---------PC2-192.168.2.171 gw:192.168.2.129 (a-domain.internal)
--W2k3SA
     |                        +---------PC3-192.168.1.144 gw:192.168.1.129 (workgroup)                        
     |                        |+--------PC4-192.168.1.145 gw:192.168.1.129 (workgroup)
     |                        ||
     192.168.1.130--LAN2----SWITCH
                              |          
                              |
                              +-192.168.1.129-FW--router--Internet                                        


current setup is like above. i have not added routing services to W2k3SA yet. i hope to allow users on both lans to read+write to shares on the W2k3SA server.

thanks for your time!
0
 
Nirmal SharmaSolution ArchitectCommented:
                             +-192.168.2.129-FW--router--Internet  
                              |
                              |
     192.168.2.130--LAN1----SWITCH-----W2kDC--192.168.2.138(a-domain.internal)
     |                        ||
     |                        |+--------PC1-192.168.2.170 gw:192.168.2.129 (a-domain.internal)      
     |                        +---------PC2-192.168.2.171 gw:192.168.2.129 (a-domain.internal)
--W2k3SA
     |                        +---------PC3-192.168.1.144 gw:192.168.1.129 (workgroup)                        
     |                        |+--------PC4-192.168.1.145 gw:192.168.1.129 (workgroup)
     |                        ||
     192.168.1.130--LAN2----SWITCH
                              |          
                              |
                              +-192.168.1.129-FW--router--Internet                                        


First of all.

You have one share created "Docs" on W2k3SA. Now PC1 and PC3 can easily access it because they both are connected through LAN1 (PC1) and LAN2 (PC3). So i think both the PC1 and PC3 can ping W2K3SA computer.

PC1 is member of domain and PC3 is member of a workgroup and they both are trying to access a stand alone server in network. When PC1 or PC3 access W2K3SA server using UNC (\\192.168.1.129) do they get User Name Dialouge box? If yes then you need to create a user account on W2K3SA which can be used to access data on a workgroup system.

Let me know.

Thanks
Nirmal
0
 
demus619Author Commented:
created two shares and two local groups with local usernames on the w2k3sa server.  pc's from LAN1 and LAN2 can see the workgroup/server in explorer.  access dialog pops up when a user clicks on either share. if correct username/pw combo is given, then they can access the share of which group they belong to.

whether i have the routing service turned on or not this seems to be working.

is it better to have the routing service turned in the scenario or left not running? guess if i have to turn it on then i'll apply filters to each nic to ensure how traffic flows. and i will turn on dhcp services for LAN2.

thanks!
0
 
Nirmal SharmaSolution ArchitectCommented:
>>>is it better to have the routing service turned in the scenario or left not running? guess if i have to turn it on then i'll apply filters to each nic to ensure how traffic flows. and i will turn on dhcp services for LAN2.

Not necessary to turn on Routing Services on server because they can ping and access shares on server. You need to create an user account which is available for all PCs on both the LANs and put this user account in a restricted group on local server. This should do the job for you. You can enable DHCP server on LAN2.

Let me know.

Thanks

0
 
demus619Author Commented:
thanks for your help, really appreciate it. i created local groups for each share and added appropriate user names to each group utilizing them for acccess permissions for appropriate shares. more granular for accounting.

mucho thanks again!
0
 
Nirmal SharmaSolution ArchitectCommented:
Thanks!
:-)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now