Avatar of Yashy
Yashy
Flag for United Kingdom of Great Britain and Northern Ireland asked on

How to access domain controller, from outside (i.e. from the internet, outside of the WAN)?

hi guys

we're trying to configure a cloud based application to synchronise itself with our LDAP server which is on the LAN IP 10.0.0.2. We've opened up the firewall ports also.

However, there's a section on this cloud application where you have to fill in the LDAP host name. It definitely doesn't work when I put just the external IP in there. My question is, what do I put in there? How would it know how to look at for our domain controller from the internet?

I've attached screenshot.

Thanks
Yashy
LDAP.jpeg
DNSDHCP

Avatar of undefined
Last Comment
sysreq2000

8/22/2022 - Mon
sysreq2000

For starters you would need to forward port 389 to your server. Or is that what you meant by "opened up firewall ports"? What type of router do you have?
motnahp00

Interesting you brought this up.

I found this URL not too long ago:

http://technet.microsoft.com/en-us/library/bb727063.aspx

I hope it helps you.
Yashy

ASKER
Yes, I have opened up our firewall. It's a Sonicwall NSA 3500. It's port forwarding port 389 to our server.

I just don't know what to put into the LDAP server section. It doesn't work with 10.0.0.2 in there, as it probably has no clue where 10.0.0.2 is. So should I be putting our external facing public IP in there?

thanks
Your help has saved me hundreds of hours of internet surfing.
fblack61
sysreq2000

Yes put your outside facing IP there, then your router will redirect that to 10.0.0.2
Suliman Abu Kharroub

Its better to setup a vpn server server in your firewall (sonicwall) and connect VPN from the client.

more secure and best practice.

Note: LDAP needs a lot of ports to be opened not only 389.
Yashy

ASKER
How would I connect with VPN?

It's a cloud based service, so it would mean they would have to set up a VPN to our site right?

Also, I thought LDAP was only port 389. That's what the provider has asked me to open up, strangely enough.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
sysreq2000

Does that mean it didn't work? If not remember to open the firewall ports on Windows server if that's not what you meant in your original post.Also try doing an ldap query against your server from within your network, to make sure everything is OK there.
Yashy

ASKER
No, it didn't work when we put in the public facing IP address follwed by port 389. We've opened the firewall and have done the NAT policy. Still though, they can't telnet to that port 389.

However, I can telnet to that server from internally. I get a feeling it could be firewall related on our NSA 3500?
Suliman Abu Kharroub

some firewalls has a filttering machinazem to fillter traffic , it could be the problem.

you need to disable ldap fillters on the firewall.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
ASKER CERTIFIED SOLUTION
sysreq2000

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question