Solved

How to authorize Linux DHCP server in Windows Domain

Posted on 2014-03-10
7
2,149 Views
Last Modified: 2014-03-11
In the scenario where DHCP server is installed on Linux OS, while the environment is using Windows domain, how would the Administrator be able to authorize DHCP server(Linux) in windows domain?
I have seen environment where they use Linux DHCP server as well as DNS server in to provide dhcp/dns services for windows machines in active directory domain

Thank you
0
Comment
Question by:jskfan
7 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 167 total points
ID: 39918156
You can't authorize a non Microsoft DHCP server in Active Directory like you can a Windows DHCP as outlined here  http://technet.microsoft.com/en-us/library/cc759688(v=ws.10).aspx

You can use non-Microsoft products for the services but some things like authorization don't work.

Thanks

Mike
0
 

Author Comment

by:jskfan
ID: 39918647
So what if someone plugs in DHCP server in the network?
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 166 total points
ID: 39919245
It just works... Just that is can not set DNS(it can, with help of samba package), but clients will do that with their credential anyway.
0
 

Author Comment

by:jskfan
ID: 39919436
in Windows DHCP, you can authorize which DHCP can hand out IPs in the domain… so there is a security fence….with Linux DHCP I do not see that fence, I am sure it got to be a secure way to implement DHCP in mixed environments Linux/DHCP
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 167 total points
ID: 39920108
so there is a security fence….with Linux DHCP I do not see that fence,
As Mike said, it is impossible to authorize a non-Windows DHCP server.

IMHO the security an authorized DHCP provides is questionable. It also only works with domain joined windows clients.

Though it is very reasonable to protect against rogue DHCP servers, there is only one point to achieve a secure solution: on your network switches.

This is called dhcp-snooping and only allows defined ports to respond with DHCP offer. There you can even force clients to clients to a DHCP address. Note: Features like arp inspection and dhcp-snooping with database are commonly only available on midrange (managed) switches.

Example for Cisco IOS, enabling arp inspection and DHCP snooping on VLAN 10:
# protects VLAN 10 against rogue DHCP servers
ip dhcp snooping vlan 10
no ip dhcp snooping information option
ip dhcp snooping database flash:/dhcp-snoop-db
ip dhcp snooping
ip arp inspection vlan 10
# on port level for each port, eg. port 1
interface 0/1
ip dhcp snooping limit rate 20
# force the client to the DHCP address only
ip verify source
# allow DHCP server on port 10
interface 0/10
ip dhcp snooping trust
no shutdown

Open in new window

0
 

Author Comment

by:jskfan
ID: 39920185
I see.. I know that DHCP snooping can be configured on Cisco IOS…
was just wondering if Linux has similar settings like windows to authorize DHCP server
0
 

Author Closing Comment

by:jskfan
ID: 39920190
Thank you Guys
0

Join & Write a Comment

Suggested Solutions

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now