[clue-tech] Best practice network design?

[Chris Schock]

This isn't really a Linux question, so feel free to tune out if you want.
I figured I'd ask this list anyway because the folks here are generally
pretty bright and may have come across this.

I am wondering if there is a good solution or best practice to an issue I
am having. Let me first give a brief background:

I have a network with a firewall. The firewall separates the internal and
external network, and also has a DMZ. Nothing shocking here.

On the internal network I have several Windows and Linux boxes. The
Windows boxes authenticate via a Windows Domain.

My problem is this: I need to have a Windows server in the DMZ
authenticate users against the Windows Domain, but in order for this to
work I have to open every single blessed port Windows talks on to make it
work - making the DMZ completely useless.

Has anyone else run into this situation, and if so, how did you handle it?
Is there something easy I'm overlooking?

Again, apologies for asking a Windows question to a Linux newsgroup,
please no flames. :) I don't get to make the OS decisions.

Thanks for any and all suggestions!