Topic: Advice needed for setting up SME 7.x and Windows 2003 Terminal Server

[Rebels]

Hello,

For years I'm a fan of SME as my email and webserver.

Now I want to setup a Windows 2003 Terminal server in combination with SME as my email and webserver.

Domains en DNS are relative new for me so I need a helping hand.

This is my hardware:

Linksys WRV 200 Router with VPN capabilities
SME 7.3 running now as server only

and I want to setup Window Server 2003 in Terminal Application mode.

I want local and remote connections through EVO T20 Thin clients.

Can anyone help and give me advise how setup the configurations?

Thnx.

[ctm]

Do this all the time, it is very common.

* Set up the SME box as the Workgroup and Domain Controller. This keeps all your usernames & passwords in one place.

* Have the Windows 2003 server join the SME box's domain as you would any other Windoze workstation. You can now log into the Windoze box as the admin for the domain (same password as the SME box).

* Set up your TS licensing (you'll need to reference the MS doc's for that), and make sure that you add 'Remote Desktop Users' to the inbuilt 'Domain Users' group in Windows. The way a user will be allowed to access the Windoze box remotely using a Terminal Session.

* Internal Remote Desktops can now log into the Windoze Server using their SME username & password.

* Remote users will need to have a hole punched through your firewall to port 3389 on the Windoze box. For extra security it's a good idea to come in through the firewall on a different port and have the firewall translate it for you. For example I normally have port 2325 -> 3389. This means that the remote user needs to add the port to the end of the IP address in the Remote Desktop client, ie. 123.123.123.123:2345.

* Try to avoid VPN if you can for TS sessions. It isn't any more secure than the method above and is noticeably slower. ( I got this gem from the forum!)

[Rebels]

Hello CTM,

Thanks for explanation and help. I will give it a try this weekend en let you know if I made it.

Perhaps I need some more tips, thanks for helping so far.

Eric

[Rebels]

Hello CTM

What are the ports that you opened in the Router for SME? Or is SME acting as server & gateway?

Eric

[ctm]

Depends on what your running on the SME box. If it's acting as the gateway there is no need to open any ports (Other than port forwarding 3389 for RDP to the Win2003TS box).

If you have the SME box as a server only behind another gateway then you wll need to open the ports for those services you are offering. If your running a web server then port 80 will need to be forwarded, if not then don't. Most common port to forward to a SME box is port 25 for SMTP email (again assuming your using the SME box for email).

Many of us open port 22 for ssh remote access, again good practice to port translate this as well, ie forward port 222 -> 22 on the SME box. Make sure that you DO NOT allow password access to SSH, read the doc's on how to set up SSH public-private keys http://wiki.contribs.org/SSH_Public-Private_Keys should you wish to do this.

If your only using the SME box as a file server then no need to forward any ports.

Plenty of info in the documentation on this site, really comes down to what your using the SME box for.