On 23-Apr-2013, at 2:12 AM, David Ortiz 
<dpor...@outlook.com<mailto:dpor...@outlook.com>> wrote:

Hello,
   I am trying to setup a Windows AD server as a guest on my cloudstack 
cluster, and join my other guests to the domain it is serving using PowerBroker 
Identity Services Open.  From what I am seeing, the virtual router will block 
me from being able to perform nslookup or join the domain using the 
domainjoin-cli command.

David, I don't fully understand how the VR can block you from doing nslookups. 
While the VR does provide DNS services and I have not seen it prevent DHCP 
clients from using other DNS services (like 8.8.8.8) if a client is configured 
to use something else.

 If I modify /etc/resolv.conf to point directly at my DC as the dns server, it 
can join the domain without any issues.  Unfortunately when I reboot, the dhcp 
setup with the virtual router will point it back to the virtual router as the 
name server.

Yes, that's expected behaviour from DHCP clients. They will default to DHCP 
server supplied DNS information.

This default behaviour can be modified depending on your client OS. On Linux 
distros using "dhclient", look at dhclient.conf(5) man page for "supersede".

       The supersede statement

        supersede [ option declaration ] ;

       If for some option the client should always  use  a  locally-configured
       value  or  values rather than whatever is supplied by the server, these
       values can be defined in the supersede statement.

I also found that I could get nslookup (but not joining the domain) to work by 
playing with the dnsmasq.conf settings on the virtual router a little bit, 
which works until it is rebooted at which point they revert back to what they 
had been originally.  Is there a way to get the virtual router to point guests 
at the domain controller as the DNS, or to set up the dnsmasq to allow the AD 
joins to occur (and make those settings persistent)?  Or alternatively, would I 
be able to set up DHCP on the DC and just circumvent the virtual router 
entirely?

The dhclient supersede option would fix the problem for you cleanly. The DHCP 
client will default to AD for DNS lookups and the join would succeed.

Hth.

--
Shanker Balan
Managing Consultant

[cid:E7CE8425-E245-4C99-B967-713DF2967392@local]

M: +91 98860 60539
shanker.ba...@shapeblue.com<mailto:shanker.ba...@shapeblue.com> | 
www.shapeblue.com<http://www.shapeblue.com> | Twitter:@shapeblue
ShapeBlue India, 22nd floor, Unit 2201, World Trade Centre, Bangalore - 560 055

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is operated under 
license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Reply via email to