Solved

DHCP - USERNAME PASSWORD USE

Posted on 2011-03-11
28
592 Views
Last Modified: 2012-05-11
Hi, when ive configured on win 2003 with DHCP and got it working as always.  ive always wondered when going through I think the 'properties' section it shows somewhere the 'domain' ect as being completed by default and noticed a username & password part left blank and wondered when or not should I add a username & password?
0
Comment
Question by:mikey250
  • 15
  • 6
  • 4
  • +1
28 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35114904
you need to implement 802.1x:

http://en.wikipedia.org/wiki/IEEE_802.1X
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 35115542
>should I add a username & password?

No.  You should not.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35115641
If you want high security you need 802.1x, you not able to use username/passsword field with DHCP server
0
 

Author Comment

by:mikey250
ID: 35121731
yes thanks for that url  - useful to have although i understand what 802.1x is - it is an encapsulation method via L2 or even L3 switches that is used.
0
 

Author Comment

by:mikey250
ID: 35121747
i would add something like:

aaa new-model
radius-server 10.1.1.1 key xxx124
aaa authentication dot1x default group radius
dot1x system-auth-control

int fa0/1
switchport mode access
spanning-tree portfast
dot1x port-control auto

so ONLY when a SERVER is directly connected with a x-over cable obviously to the switchport, then when a user logs on from other ports with the 'dot1x port-control auto' command added will a user be able to gain access as expected?
0
 

Author Comment

by:mikey250
ID: 35121748
Hi RPPreacher,  you say 'NO' - i presume you mean only under specific circumstances?
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 35122943
You provided no circumstances. In general, leave it blank. If you have specific application or a specific goal that you are trying to achieve, you should ask that.
0
 

Author Comment

by:mikey250
ID: 35146905
Hi RPPreacher,  as I have NEVER added those 'username & password' details as dhcp has always worked, I've NEVER come across a situation like you suggest, so I WOULD NOT KNOW what to ask as such except WHEN i would add these details!!:))
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 35147754
Ah.  You are asking '*why* one would use those fields' not '*if* you should you those fields'.

Now the question is clear.

0
 

Author Comment

by:mikey250
ID: 35149837
correct. As ive configured and tested win 2003 server, dns, dhcp & sp2 & added radius server & IAS.  Then successfully was able to logon via a test client pc with no problems.  Confirming this was successful!!  I then installed a VPN and tested this and this was also successful!!

But now I wish to use those commands but not sure what to do?
0
 

Author Comment

by:mikey250
ID: 35149848
apologies wrong response to wrong thread!!!
0
 

Author Comment

by:mikey250
ID: 35149857
that is correct regarding 'Why' one would add username & password details?
0
 

Author Comment

by:mikey250
ID: 35255282
please disregard last thread!! my last question is why would I add username & password on the dhcp?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 20

Expert Comment

by:RPPreacher
ID: 35257103
I have not been able to find any instance of using these fields.  Sorry.
0
 

Author Comment

by:mikey250
ID: 35257795
so are you saying that although you have seen for yourself where i mean, but i should just ignore it as it is not needed anyway?
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 35919008
Hi, this is for DNS dynamic update. Here is an excerpt from :

http://support.microsoft.com/kb/816592

To help protect against nonsecure records or to enable members of the DnsUpdateProxy group to register records in zones that enable only secured dynamic updates, follow these steps:
Create a dedicated user account.
Configure DHCP servers to perform DNS dynamic updates with the user account credentials. (These credentials are the user name, the password, and the domain.)

This should answer your question. Hope it helps.
0
 

Author Comment

by:mikey250
ID: 35923495
Hi The_Kirschi,  Im am not sure if this is what I was after, but please correct me if I am wrong?  I have looked at the url you sent and cannot specifically see the part I am questioning!

As I have used and setup DHCP with no problems, I have noticed within DHCP in one of the menu tab there is an option to add the following:

- Username
- Password
- Domain

I usually leave these fields blank, so that is why I was asking "when would this information be added"?

Unless your response to my question is actually your answer and that "I should create a specific account for those individuals that use dns/dhcp for example" and then the username and password of that "single domain" would be added as above, in order to protect records travelling via dhcp?
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 35923600
I thought this is the answer, yes. But maybe I misunderstood. Where exactly are these domain credentials fields in the DHCP?
0
 

Author Comment

by:mikey250
ID: 35923730
I have currently unistalled Windows 2003 dhcp options they are there but this has never stopped me from using dhcp, but it is obviously there for something specific unless a firewall protects this in the real world and presumably never used!!

When I get round to installing it but hopefully in next few weeks I will let you know unless you have a quicker method of looking otherwise appreciate your response back anyway!!!:))((
0
 

Author Comment

by:mikey250
ID: 35923734
I cannot remember exactly where in DHCP but ive seen it but always left them blank anyway!!
0
 
LVL 16

Accepted Solution

by:
The_Kirschi earned 500 total points
ID: 35924449
Have a look at this:

http://technet.microsoft.com/en-us/library/cc775839%28WS.10%29.aspx

Is this the place you found it?

Sure, DHCP will work fine, even if you don't specify credentials, but if you do, then updates to DNS entries through DHCP will be more secure, when you configure an account here.
0
 

Author Comment

by:mikey250
ID: 35924521
It appears to be it!  so adding accounts in the dhcp specifically provides extra protection!  all good thanks for the advice!!  no expert appeared to know what i mean't!!:))
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 35924569
That's what the real experts are for. ;-)
0
 
LVL 16

Assisted Solution

by:The_Kirschi
The_Kirschi earned 500 total points
ID: 35924680
0
 

Author Comment

by:mikey250
ID: 35924772
Thanks appreciated I will use this from now on just to make it a habbit!  Im assuming though that most people in companies may or may not use it and just create dns/dhcp admin right type accounts without filling in those details?

If this is so is it just a secondary layer of protection?
0
 
LVL 16

Assisted Solution

by:The_Kirschi
The_Kirschi earned 500 total points
ID: 35930138
Not sure, how other people handle this. I assume that is not used very often as the setting is not required and also not obviously available, i. e. little bit hard to find. So many don't know about it at all. Also I think that most administrators think the threat to DNS within the corporate LAN is negligible. So they don't care about that additional security. All in all this is only my personal opinion which is not based on any facts or experience. Maybe 90% of administrators use it... I don't know.

At least if you study the Microsoft Technet online guides for configuring DNS/DHCP or if you take some Microsoft course about server certification you will come across this.
0
 

Author Comment

by:mikey250
ID: 35931304
Yes I have in the passed done MS course but it was never mentioned or taught!!!  thanks for the useful feedback anyway!!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now