Coming from someone that has no clue about active directory... If your using a basic zone, why don't you have the AD server deployed outside of cloudstack s control. Then point have your dns entries point to it. Have the default security group for guests open to the ports AD works on.
Ahmad On Apr 22, 2013, at 1:42 PM, David Ortiz <dpor...@outlook.com> wrote: > Hello, > I am trying to setup a Windows AD server as a guest on my cloudstack > cluster, and join my other guests to the domain it is serving using > PowerBroker Identity Services Open. From what I am seeing, the virtual > router will block me from being able to perform nslookup or join the domain > using the domainjoin-cli command. If I modify /etc/resolv.conf to point > directly at my DC as the dns server, it can join the domain without any > issues. Unfortunately when I reboot, the dhcp setup with the virtual router > will point it back to the virtual router as the name server. I also found > that I could get nslookup (but not joining the domain) to work by playing > with the dnsmasq.conf settings on the virtual router a little bit, which > works until it is rebooted at which point they revert back to what they had > been originally. Is there a way to get the virtual router to point guests at > the domain controller as the DNS, or to set up the dnsmasq to allow the AD > joins to occur (and make those settings persistent)? Or alternatively, would > I be able to set up DHCP on the DC and just circumvent the virtual router > entirely? > Thanks, > David Ortiz
