Solved

how to see Linux host on SBS domain

Posted on 2011-09-27
31
537 Views
Last Modified: 2012-05-12
I have a linux host (Slackware distro) getting its dynamic IP address from our SBS 2008 domain server. I've also added this linux host to the WORKGROUP workgroup via Samba. After doing that, domain workstations (running Windows) can see this linux host in My Network Places.

However, I have a 2nd linux host, WEBSERVER, also in the WORKGROUP workgroup, and it cannot ping, ssh, scp, etc. to the above-mentioned host using its hostname, LABRAT.  I can, however, ping the various Windows workstations on the domain from WEBSERVER.

Also - the SBS server is the DNS server for the domain and both Linux hosts have it in their /etc/resolv.conf.

So, why can't linux host WEBSERVER see linux host LABRAT if the SBS server is the domain DNS server? What do I have to do?
0
Comment
Question by:jmarkfoley
  • 13
  • 10
  • 3
  • +2
31 Comments
 
LVL 39

Expert Comment

by:noci
ID: 36715113
Windows uses DNS as a second chance, WINS is prefered if used.
Wins is really a windows only afair. And Samba supplies a windows filesharing layer including WINS
That's why you do see the Samba server (which supports WINS) .

Also if you use DHCP to assign addresses, in general is isn't considered safe if anybody can update the DNS server as windows supports. Only the DHCP server is allowed to update the server.
The DHCP server can add & remove addresses in DNS on non-windows networks.

So this web server either needs a static entry (reserved IP address through DHCP or really static) and a DNS entry
or the DHCP server needs to update the DNS.

After that the server most probably will be reachable through it's name.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 36716364
I don't want to give this host a static entry. Do you know how I can make the DHCP server update the DNS? Note that the DHCP server and DNS server are on the same box: the SBS 2008 domain server.
0
 
LVL 39

Expert Comment

by:noci
ID: 36716572
Is the dhcp server windows or unix?
0
 
LVL 2

Expert Comment

by:jspaziano
ID: 36717150
if your SBS is doing dhcp you can have it update DNS with assignments, i think by default it will only do it if requested but you can change it to always update DNS regardless of if a client requests it or not.

0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 36718016
noci: the Windows SBS server is the DHCP server.

ispaziano:> if your SBS is doing dhcp you can have it update DNS with assignments

so, do you know how to do this? I've looked at the DHCP options in the SBS server and I don't see anything (but maybe I'm missing it).
0
 
LVL 39

Expert Comment

by:noci
ID: 36900157
I am not fluent in Windows sorry.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 36901569
> noci:
> I am not fluent in Windows sorry.

Yeah, I know what you mean. I only speak pdigin-Windows myself. Thanks for trying.

Me Windows pretty one day.
0
 
LVL 39

Expert Comment

by:noci
ID: 36902338
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 36906744
I followed the instructions in noci's link and basically went into SBS 2008 DCHP and set the scope DNS properties to: enable DNS dynamic updates - always dynamically update DNS A and PTR records; Discard A and PTR records when lease is deleted; Dynamically update DNS A and PTR records for DHCP clients that to not request updates.

I still don't see my liunx host in the computer list in either the DNS list or the DHCP list. I cannot ping this linux host from my other linux host.

Other ideas? Surely this has been done a million times!
0
 
LVL 39

Expert Comment

by:noci
ID: 36906798
Your linux host is requesting it address through DHCP , if was it setup static??.
And you are sure that server serves it's ip address?
If you want to give it a fixed address it can receive a reservation based on MAC-address.
0
 
LVL 39

Expert Comment

by:noci
ID: 36906811
"if was" should read "or was it"

BTW, if DHCP takes to long you'' probably endup fit an address like 169.254.x.x (APIPA addresses).
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 36906935
The Windows SBS server is the domain/LAN DHCP server and the linux host is requesting the DHCP address from the SBS server. To the best of my knowledge, there are no other DHCP servers on the LAN. Furthermore, the address generated is within the address range configured for the SBS DHCP server, so I think it's pretty certain the SBS server is generating the address. The address generated is 192.168.0.54 with the dynamic range starting at 192.168.0.30. Addresses below that are reserved for static IPs.

I've already got a static IP for a couple of the linux computers on the LAN, but we are likely going to add several more and I really don't want to get into having to configure static IPs for them. Besides, configuring static IP isn't that simple either. Not only do I have to configure the static IP on the linux box, but I then have to go into the SBS DNS server and add the static IP there or it won't serve that hosthame.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 36907067
Here's a bit of info I found on the SBS, Server Manager help for DHCP server:

You can use the DHCP server to register and update the PTR and A resource records on behalf of the server's DHCP-enabled clients. When you do this, you must use an additional DHCP option, the Client FQDN option (option 81). This option lets the client send its FQDN to the DHCP server in the DHCPREQUEST packet. This enables the client to notify the DHCP server as to the service level it requires.

The FQDN option includes the following six fields:

Code -- Specifies the code for this option (81).
Len -- Specifies the length of this option. (This must be a minimum of 4.)
Flags -- Specifies the type of service.
0 -- Client will register the "A" (Host) record.
1 -- Client wants DHCP to register the "A" (Host) record.
3 -- DHCP will register the "A" (Host) record regardless of the client's request.
RCODE1 -- Specifies a response code the server is sending to the client.
RCODE2 -- Specifies an additional delineation of RCODE1.
Domain Name -- Specifies the FQDN of the client.

If the client requests to register its resource records with DNS, the client is responsible for generating the dynamic UPDATE request per Request for Comments (RFC) 2136. Then, the DHCP server registers its PTR (pointer) record.
------------

So, this seems to be saying the the DHCP client (the linux computer) "is responsible for generating the dynamic UPDATE request."

Any idea how to do that from Linux?

(btw - I *think* MIcrosoft could have made this more difficult, but I'm not sure how)
0
 
LVL 39

Expert Comment

by:noci
ID: 36908192
And that is something that linux systems don't do natively... (because of security considerations).
You need type 3 service. ALLWAYS.  Think of that poor printer that you cannot update, how does that need to update it's records?
or signal that it needs to request it?

(Cant you add the option to the DHCP Scope, or host reservation?)
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:jmarkfoley
ID: 36910605
more info ... surely some SBS and/or Linux guru can connect the dots!
If I release the current DHCP lease: dhclient -r, then add:

send host-name "labrat.mypublicdomain.com";

to the /etc/dhclient.conf file. Then run: dhclient -v eth0,  the labrat.mypublicdomain.com shows up in DHCP > mail.hprs.local > IPv4 > Scope > Address Pool, list of computer with the IP and FQDN as shown.

However, if I set the host-name to "labrat.ohprs.local" (ohprs.local is the local Windows/SBS domain), this FDQN *does not* show up in the DHCP address pool list. Instead, "mail.hprs.local" shows up associated with the IP address. Note that this host (mail.hprs.local) is the domain controller, Active Directory server, DHCP server and DNS server.

In neither case does the FQDN show up in DNS anywhere, even in the case where the labrat.mypublicdomain.com FQDN shows up in DHCP.

So, how do I get this @#$! host to show up in DNS?!

Another interesting point, probably Linux specific: I can only get the labrat.mypublicdomain.com to show in DHCP if I kill the lease using, dhclient -r, then run dhclient -v eth0. When the linux computer simple boots, it apparent does not look at /etc/dhclient.conf. Why?
0
 
LVL 39

Expert Comment

by:noci
ID: 36910896
Is eth0 configured for DHCP.  (probably yes) there are several dhcp client tools, with various options.
So is dhclient used during boot, or one of the others (bootp, dhcpcd, pump, ..?)

if dhclient is used during boot, is it possible the boot script uses dhclient -c /etc/dhclient.$interface  (i.e. dhclient.eth0)?

BTW, I run Gentoo, and there expliciti options for network configuration (as a whole) are in a netconfig file, including which dhcp client to use and their options.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 36944540
There is only one network card and it is set up for DHCP:

# Config information for eth0:
IPADDR[0]=""
NETMASK[0]=""
USE_DHCP[0]="yes"
DHCP_HOSTNAME[0]="mail.hprs.local"

I have no idea which client is used for dhcp? How can I find that out? I don't have /etc/dhclient.eth0. All I have is /etc/dhclient.conf.

Do any SBS gurus know how to get SBS DHCP clients into the SBS DNS? If I have no suggestions in the next day or two, I'll assume it is not possible ... which is sad to think that Windows DNS will play nicely only with other Windows computers ... I have printers, network attached storage, etc. all of which happen to have static DNSs now, but surely it's not the case that these could not have recognized DNS entries if using DHCP?
0
 
LVL 34

Assisted Solution

by:Duncan Roe
Duncan Roe earned 100 total points
ID: 36945170
I have been trying to solve this problem for a long time (of name resolution with Windows DHCP / DNS).
Linux does dynamic DNS (DDNS) properly. DHCP updates DDNS as it hands out each IP, providing there was a host name in the DHCP request. This is quite secure: you only need to have DDNS accept updates from the host running DHCP (typically localhost).
Windows is different. DHCP hands out an IP, and subsequently the host receiving the IP sends an update to DDNS with its host name. This is not at all secure: DDNS has to accept updates from anywhere.
From my Linux DDNS here, I see log messages detailing unauthorised attempts to do updates coming from the Windows systems in the network. What I have not yet managed to do is capture one of the packets causing these messages. Once I get one, I could generate another with netcat and get the Windows DDNS at work to know the name of my Linux system there.

The resolution needs a long-running tcpdump of all traffic (tcp / udp) with DNS from a target Windows system. Stop it once that system is mentioned in a log message and examine around the log message time in the dump for the exact packet format (needs tcpdump -s 1500 (-X or dump output to a file)). I'll get round to it one day - if anyone else can do it in the meantime that'd be great.
0
 
LVL 39

Assisted Solution

by:noci
noci earned 100 total points
ID: 36945796
It might be a tad more difficult, your machine most probably needs to be part of the domain to do that.
So some kerberos & encryption is to be expected.
That still doesn't make it safe though.

I don't know SBS but Windows DHCP DOES have an option to have the DHCP server update DNS.

>>>>
which is sad to think that Windows DNS will play nicely only with other Windows computers ... I have printers, network attached storage, etc. all of which happen to have static DNSs now, but surely it's not the case that these could not have recognized DNS entries if using DHCP?
>>>>
Welcome to the windows view on the blissfully happy world...
And that pinter etc. issue exactly the reason why you need the DHCP server update the DNS.
You might need to set hostname & MAC address using a reservation though. (or depend on a username to be supplied in the request).
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 36947180
The DNS log message complains of an attempt to change the host name. So I reckon the request came in clear, or DNS wouldn't have understood what it was. Time will tell...
0
 
LVL 39

Expert Comment

by:noci
ID: 36947632
If DNS complains then it got a request. UNIX dhcp requests a hostname & address pair  for A & PTR to be removed if existing before adding a new one. I do know microsoft does things differently, for better or worse.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 36980506
noci:
> I don't know SBS but Windows DHCP DOES have an option to have the DHCP server update DNS.

Yes, I have that option set, but it doesn't work for non-Windows hosts. See my 36910605.

OK, I think I'm going to accept the fact that SBS 2008 cannot normally register hostnames of non-Windows DHCP connected host in its DNS. duncan_roe's research into this might prove useful, but the result would still be a difficult to understand and maintain bit of black magic.

Since no SBS gurus have responded, I'll have to assume they don't know how to do it either.

In one of the links, I read that multiple DHCP and DNS servers can exist in the same domain. If that is true, we have a smart router (Fortinet) which can be a DHCP server and a DNS server. If I set that up, perhaps I can get my DHCP address from the router and *it* will get my hostname properly, then SBS's DNS can get the hostname from the router, or if not, the other non-windows computers can at least point to the router as well as the SBS server as DNS servers.

Is that plausible? If so I think I would have to:

1) tell the DHCP client to get the IP from the router (how would I do that? I didn't get an answer to my 36944540 posting on how to identify/change the DHCP client in linux).

2) put the router's IP in /etc/resolv.conf

Does that seem right? Any other suggestions?

Meanwhile, I'll make a new post to the SBS zone about multiple DHCP and DNS server (since it appears the SBS gurus have grown bored with this post).
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 36980864
You've really made this far more complicated than you need to. Set up the SBS DHCP server to always register A (and PTR, if you choose) records. DON'T futz with special scope options. Those are for the CLIENT to request dynamic updates. In this case, you want the SERVER to do so, so the scopes are not necessary.

Secondly, make sure your domain name is the windows domain, not the public domain (.local).

Finally, make sure the name of the machine is accurate in both the hostname AND dhcp client conf files, and you'll see your registration start to work properly.

I've done this literally dozens of times over and it does work. But often when it fails, it is because DHCP is misconfigured on the client.

-Cliff
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 37003258
cgaliher: > You've really made this far more complicated than you need to. ...

I really don't mean to! I want to make it dead-simple if possible. So, since you've done this a lot, please guide me through. My linux, DHCP client has the following host/domain settings:

root@labrat:~# hostname
labrat
root@labrat:~# hostname -d
hprs.local
root@labrat:~# domainname
(none)
root@labrat:~# dnsdomainname
hprs.local
root@labrat:~# nisdomainname
(none)
root@labrat:~# ypdomainname
(none)

You can see that the dnsdomainname is hprs.local (the local windows domain). Should anything else be set here?

My /etc/rc.d/rc.inet1.conf has:

# Config information for eth0:
IPADDR[0]=""
NETMASK[0]=""
USE_DHCP[0]="yes"
DHCP_HOSTNAME[0]="mail.hprs.local"

mail.hprs.local *is* the SBS/DHCP server. Anything else DHCP-wise is out-of-the-box default. I am using whatever client gets installed on a vanilla system creation ... and this is a newly created Linux system using kernel 2.6.33.4

 On the SBS 2008 Server: Administrative Tools > DHCP, I have the options set as shown in the attached image. I do believe I have it set as you recommend.

The next image is the address leases page. You can see that 192.168.54, the Linux host in question has mail.hprs.local as the name, not labrat.hprs.local.

The 3rd image is from DNS > MAIL > Forward Lookup Zones > hprs.local. As you can see, 192.168.0.54 is not in the list.

So, what am I doing wrong? THX ... this is driving me nutz!

DHCPoptions.jpg
addressLeases.jpg
DNSnames.jpg
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 300 total points
ID: 37003436
Okay, I think I see the misunderstanding. Remember that DHCP is BROADCAST process. You do NOT tell the DHCP client which server to talk to. If you had to do that, it'd defeat the purpose of DHCP. do I think you misunderstand what the DHCP_HOSTNAME option in inet1.conf file does. It does not say which machine to talk TO. it tells the responding DHCP server what name it thinks IT is. So change that to labrat I stead of mail, release the DHCP lease on the client. Delete the lease on the server. Delete the DNS entry on the server. Then reregister. Things will work as you expect. THAT is why you are seeing a "mail" entry appear with your Linux address. Because that is what your DHCP client is telling your DHCP server that is its name. Because of that entry.

Make sense?

-Cliff
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 37008722
Brilliant!!! Half-way there! I did as you instructed in the rc.inet1.conf file. I didn't realize that was supposed to be the name of the DHCP client host. I assumed the client host/domain was picked up from the local /etc/hostname file. I thought the inet1 entry was to optionally specify a DHCP host and, therefore, I could specify a different one if I wanted to. I stand enlightened. Now, I have the right hostname in the DHCP lease list (see image).

HOWEVER ... still nothing in the DNS list. Still can't see this host on the domain. What next?
newDHCPleases.jpg
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 37009596
Now, with all the tweaking you've been doing you probably have a minor misconfig in the server. Go set the DHCP server to always create an A and PTR records, make sure dynamic updates are enabled, and make sure the credentials provided have Permissons to access DNS. Then the DHCP server will handle the rest.

-Cliff
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 37009661
Well, I don't think I've tweaked DNS at all during this process. If you look at my 1st image in posting 37003258 I believe it indicates that I have the A and PTR records configured as you describe.

> make sure dynamic updates are enabled, and make sure the credentials provided have Permissons to access DNS.

These seem like something I haven't looked a yet. How do I determine whether "dynamic updates are enabled"? In the image referenced I have "Always dynamically update A and PTR records." Is there something else to be done on this?

As far as I know, I have provided no "credentials" permitting access to DNS. How to I verify that? The scope properties have "Nework access protection disabled".  There are dozens of 'Server Options", both General and Advanced, the lists of which are extrordinarily hard to read in the tiny window provided. Is there something here I should set? Should I restart the DNS and/or DHCP services?

0
 
LVL 1

Author Closing Comment

by:jmarkfoley
ID: 37050425
This question is stale. I will repost. Thanks for your efforts thus far
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now