Solved AD DNS using 2008 server under linux domain

August 11, 2011 at 08:03:51
Specs: Linux x86_64
I want to create Active Directory for testing. I have installed windows 2008 server on a PC with 2 nic cards. Only 1 nic card is connected to my main domain in the office. Obtained a static IP from my admin and used it the IPV4 settings.

Created AD DNS test.local in a new forest and restarted the server, since then server is not working as expected. Open the server manager, thats all.. Under the Computer information, 'collecting data...' stayed forever..

Couldn't open the network and sharing centre... failed to stop the DHCP server... failed to perform any networking task..

My Questions are:

How do I setup a AD DNS in 2008 server with 1 nic card connected to a switch?
Do I need a router for local domain?
Can I create a local domain under my main Linux domain using win server 2008?

Am I missing any fundamental point to configure?

Please help me...


See More: AD DNS using 2008 server under linux domain

Report •


✔ Best Answer
August 17, 2011 at 05:00:47
A client machine needs to be joined to the domain. For this to work properly it needs to look at the DNS server on your new server. Normally you would do this via DHCP but as you already have a main domain I'm guessing that might be running a DHCP server. That server will be assigning the default DNS server so a DHCP address picked up there will not have the right settings (without some reconfiguration of the existing network). If you also run a DHCP server on your Windows server, you can't easily control which server a client gets its address from (and you might get the Linux machines getting an address from the wrong server).

This means that, in your circumstance, the easiest solution is to give your client machine a fixed IP address, with the Windows server as its DNS server. I'm assuming a Windows client here (other clients are possible, but more complicated); in that case it needs to be a "Pro" client. Home clients (at least with Windows 7, and possibly earlier) can't join a domain. With those provisos, go to Control Panel/System. You want the "Change name" option, which gives you the chance to join a domain rather than a Workgroup. In the process you will be asked to authenticate with the name and password of a Domain Administrator; this you should have.

Once the computer is joined to the Domain you can log onto it with the name of any user that you have added to AD; initially just the Domain Admin "Administrator". Just create a new user in AD and then you'll be able to use that on any client that is joined to the Domain.

Note that you can still log on to clients as a local user if you wish to. Just log on to the "local computer" rather than "Domain". I hope this makes some sort of sense; you really would be advised to get hold of a book to progress further. I always recommend Mark Minasi's Mastering Windows 2008 Server.



#1
August 11, 2011 at 08:29:37
Could you just clarify. You have set up a DNS sever on you AD server, and it is using that DNS server in its network configuration? That should just work.

Report •

#2
August 11, 2011 at 08:55:35
Well, Let me clarify ...

I have to test LDAP authentication using AD.
We have a main company domain in the office. I need to setup a AD, for that I need a local DNS setup.

Then I bought a Windows 2008 OEM server with 5 CAL. Installed 64-bit server on my high spec PC (quad core and 2.4ghz).

PC is connected to the company network via switch. this was from on board ETH0.

As part of the installation I have given 'test.local' as my domain name and 'test-ad' as my computer name.
installation was successful. Then I obtained a static IP for my server so that I can be seen in the company network.

Up to here everything was fine.

Then went to Server Manager and using 'dcpromo' created a Domain controller... (I thought I created it, but not sure If I did it correctly)

followed this link..

http://elmajdal.net/Win2k8/Setting_...


Rebooted the server.

Opened Server Manager, Server is trying to get the Computer name, Domain name etc., hangs at 'collecting data...'

I think I mis-configured DNS that's why Server couldn't detect any detail....


could you help me setup a local dns and AD, so that I can add some users and groups for my LDAP testing.


Appreciate your Help.


Report •

#3
August 11, 2011 at 09:19:54
It does sound like you have a problem with DNS. Your computer needs to be looking at itself for DNS. If it's not doing this then you will have problems. The DNS server on the Windows Server should be set to forward requests it can't handle to your network's DNS server.

As a first step I would check your IP configuration to ensure that this is the case; the DNS server entry in the configuration should be the IP address of the computer itself (or you could use 127.0.0.1) If not you may find that just changing this will correct the situation. If not I would recommend that you run dcpromo again to remove AD and start over.

If your network is already configured to look for DNS on the server that you are setting up, then I don't know what the problem could be. But I would again recommend uninstalling AD and reinstalling. At this stage I wouldn't set up a DHCP server on your Windows Server; that's an unnecessary additional complication. Just stick with simple AD and DNS.

To sum up:

You must run a DNS server on your Windows Server.
Your Windows Server must look to itself for DNS resolution, not another DNS server.

With those provisos I have never known dcpromo to fail.

(To the experts here: I know that some of what I have said here is unnecessarily proscriptive. But it's the easiest way to get a working setup without having to worry about whether another DNS server is set for auto-updates, can handle the record types required by AD, and is write-accessible by the AD server.)


Report •

Related Solutions

#4
August 11, 2011 at 09:35:02
Good explanation Ijack.. Thanks you very much.

Trying to run dcpromo as you said, but it stucks on 'Checking for AD domain services binaries installed' popup message... and never go further...

You are correct! my DNS server entry is wrong.. good catch..it is pointing to my corporate domain.... but how could I change it as I cant open the networking and sharing centre...!! Is there any way of chaning the DNS entries from my IPV4 settings...

Thanks for your help in aavance.


Report •

#5
August 11, 2011 at 12:07:31
You can use netsh.exe in a command prompt to change network settings. Have a look here: http://www.petri.co.il/configure_tc... .

(it doesn't mention 2008 in that link, but I presume it still works.)


Report •

#6
August 12, 2011 at 05:01:55
I managed to get on to regedit and change the details and restarted the server but no joy.

I had a static ip assigned by my company dhcpserver 192.168.128.149

Now I disable the DHCP and then restarted the server, got IP 192.168.128.2 and DNS is 127.0.0.1

Could you please help me...

What n/w settings should I use? do I need to connect the another n/w port to the same switch?

Please advice.

Thanks


Report •

#7
August 12, 2011 at 09:24:08
For an AD server you really need a static IP. Set the network settings to:

IP Address 192.168.128.149
Netmask 255.255.255.0
Gateway <Your normal gateway on the company network>
DNS 127.0.0.1

Use netsh to do this if you still can't get at the GUI for network settings.

To make things easier I would run dcpromo to remove your current installation and then run it again to start over. If you already have DNS server running on your server then tell dcpromo to use that; otherwise tell it to create a DNS server. You will be creating a new domain (call it something different from your normal Company domain to keep things easy) in a new forest.

It doesn't matter what network connections you have on your server. To just install AD you don't actually need to be connected to a network at all. It needs to create DNS records, but these are all on your server.

That really should complete and set up your Active Directory.


Report •

#8
August 12, 2011 at 10:03:51
Hi Ijack,

set the static ip and try to run dcpromo.. still hangs..

Question: my ipv6 has ::1 as address

do I need to disable ipv6?


Report •

#9
August 12, 2011 at 12:29:25
ipv6 doesn't matter one way or the other.

TBH, if this is a new install I would be inclined to take the easy way out and reinstall the OS and try again. I know it's a bit defeatist, but it may be quicker than trying to fix whatever has gone wrong.

I've set up Windows Server with AD (2000, 2003, and 2008) hundreds of times (well high double figures at least) and I've never encountered this sort of problem.


Report •

#10
August 16, 2011 at 09:43:32
Hi Ijack,

As you said I have just re-installed 2008 server now and have a DNS as test.local created as part of the instalaltion process.

host name: AD
domain name: text.local
ip: 192.168.128.2
gw:192.168.128.1

dhcp enabled: No
dns: 127.0.0.1

Now I can go to Server Manager and see my domain is running.

What Do I need to do inorder to get started working with the other comupters in the network.

We have a main domain already running on Linux machine.

First of All,

what do I need to add to the domain?
how can I access using any xp/vista host?
Do I need to add the groups and users and hosts one after another?

I just want to test AD working or not?

So I need to use the username/password in my test application which can point to the AD and authenticate it via my local domain.

Apprecaite your time to give me some advice.

Thanks in advance.


Report •

#11
August 17, 2011 at 05:00:47
✔ Best Answer
A client machine needs to be joined to the domain. For this to work properly it needs to look at the DNS server on your new server. Normally you would do this via DHCP but as you already have a main domain I'm guessing that might be running a DHCP server. That server will be assigning the default DNS server so a DHCP address picked up there will not have the right settings (without some reconfiguration of the existing network). If you also run a DHCP server on your Windows server, you can't easily control which server a client gets its address from (and you might get the Linux machines getting an address from the wrong server).

This means that, in your circumstance, the easiest solution is to give your client machine a fixed IP address, with the Windows server as its DNS server. I'm assuming a Windows client here (other clients are possible, but more complicated); in that case it needs to be a "Pro" client. Home clients (at least with Windows 7, and possibly earlier) can't join a domain. With those provisos, go to Control Panel/System. You want the "Change name" option, which gives you the chance to join a domain rather than a Workgroup. In the process you will be asked to authenticate with the name and password of a Domain Administrator; this you should have.

Once the computer is joined to the Domain you can log onto it with the name of any user that you have added to AD; initially just the Domain Admin "Administrator". Just create a new user in AD and then you'll be able to use that on any client that is joined to the Domain.

Note that you can still log on to clients as a local user if you wish to. Just log on to the "local computer" rather than "Domain". I hope this makes some sort of sense; you really would be advised to get hold of a book to progress further. I always recommend Mark Minasi's Mastering Windows 2008 Server.


Report •

#12
August 18, 2011 at 09:26:49
excellent. I did that now I have been using my AD and tetsing LDAP.

Now I can run any LDAP search commands from my PC or any other servers using appropriate DN.

Cool.. All worked well.

Thanks Ijack for your help.


Report •

Ask Question