On 23-Apr-2013, at 2:12 AM, David Ortiz
<dpor...@outlook.com<mailto:dpor...@outlook.com>> wrote:
Hello,
I am trying to setup a Windows AD server as a guest on my cloudstack
cluster, and join my other guests to the domain it is serving using PowerBroker
Identity Services Open. From what I am seeing, the virtual router will block
me from being able to perform nslookup or join the domain using the
domainjoin-cli command.
David, I don't fully understand how the VR can block you from doing nslookups.
While the VR does provide DNS services and I have not seen it prevent DHCP
clients from using other DNS services (like 8.8.8.8) if a client is configured
to use something else.
If I modify /etc/resolv.conf to point directly at my DC as the dns server, it
can join the domain without any issues. Unfortunately when I reboot, the dhcp
setup with the virtual router will point it back to the virtual router as the
name server.
Yes, that's expected behaviour from DHCP clients. They will default to DHCP
server supplied DNS information.
This default behaviour can be modified depending on your client OS. On Linux
distros using "dhclient", look at dhclient.conf(5) man page for "supersede".
The supersede statement
supersede [ option declaration ] ;
If for some option the client should always use a locally-configured
value or values rather than whatever is supplied by the server, these
values can be defined in the supersede statement.
I also found that I could get nslookup (but not joining the domain) to work by
playing with the dnsmasq.conf settings on the virtual router a little bit,
which works until it is rebooted at which point they revert back to what they
had been originally. Is there a way to get the virtual router to point guests
at the domain controller as the DNS, or to set up the dnsmasq to allow the AD
joins to occur (and make those settings persistent)? Or alternatively, would I
be able to set up DHCP on the DC and just circumvent the virtual router
entirely?
The dhclient supersede option would fix the problem for you cleanly. The DHCP
client will default to AD for DNS lookups and the join would succeed.
Hth.
--
Shanker Balan
Managing Consultant
[cid:E7CE8425-E245-4C99-B967-713DF2967392@local]
M: +91 98860 60539
shanker.ba...@shapeblue.com<mailto:shanker.ba...@shapeblue.com> |
www.shapeblue.com<http://www.shapeblue.com> | Twitter:@shapeblue
ShapeBlue India, 22nd floor, Unit 2201, World Trade Centre, Bangalore - 560 055
This email and any attachments to it may be confidential and are intended
solely for the use of the individual to whom it is addressed. Any views or
opinions expressed are solely those of the author and do not necessarily
represent those of Shape Blue Ltd or related companies. If you are not the
intended recipient of this email, you must neither take any action based upon
its contents, nor copy or show it to anyone. Please contact the sender if you
believe you have received this email in error. Shape Blue Ltd is a company
incorporated in England & Wales. ShapeBlue Services India LLP is operated under
license from Shape Blue Ltd. ShapeBlue is a registered trademark.
