Solved

How to authorize Linux DHCP server in Windows Domain

Posted on 2014-03-10
7
2,423 Views
Last Modified: 2014-03-11
In the scenario where DHCP server is installed on Linux OS, while the environment is using Windows domain, how would the Administrator be able to authorize DHCP server(Linux) in windows domain?
I have seen environment where they use Linux DHCP server as well as DNS server in to provide dhcp/dns services for windows machines in active directory domain

Thank you
0
Comment
Question by:jskfan
7 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 167 total points
ID: 39918156
You can't authorize a non Microsoft DHCP server in Active Directory like you can a Windows DHCP as outlined here  http://technet.microsoft.com/en-us/library/cc759688(v=ws.10).aspx

You can use non-Microsoft products for the services but some things like authorization don't work.

Thanks

Mike
0
 

Author Comment

by:jskfan
ID: 39918647
So what if someone plugs in DHCP server in the network?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 166 total points
ID: 39919245
It just works... Just that is can not set DNS(it can, with help of samba package), but clients will do that with their credential anyway.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:jskfan
ID: 39919436
in Windows DHCP, you can authorize which DHCP can hand out IPs in the domain… so there is a security fence….with Linux DHCP I do not see that fence, I am sure it got to be a secure way to implement DHCP in mixed environments Linux/DHCP
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 167 total points
ID: 39920108
so there is a security fence….with Linux DHCP I do not see that fence,
As Mike said, it is impossible to authorize a non-Windows DHCP server.

IMHO the security an authorized DHCP provides is questionable. It also only works with domain joined windows clients.

Though it is very reasonable to protect against rogue DHCP servers, there is only one point to achieve a secure solution: on your network switches.

This is called dhcp-snooping and only allows defined ports to respond with DHCP offer. There you can even force clients to clients to a DHCP address. Note: Features like arp inspection and dhcp-snooping with database are commonly only available on midrange (managed) switches.

Example for Cisco IOS, enabling arp inspection and DHCP snooping on VLAN 10:
# protects VLAN 10 against rogue DHCP servers
ip dhcp snooping vlan 10
no ip dhcp snooping information option
ip dhcp snooping database flash:/dhcp-snoop-db
ip dhcp snooping
ip arp inspection vlan 10
# on port level for each port, eg. port 1
interface 0/1
ip dhcp snooping limit rate 20
# force the client to the DHCP address only
ip verify source
# allow DHCP server on port 10
interface 0/10
ip dhcp snooping trust
no shutdown

Open in new window

0
 

Author Comment

by:jskfan
ID: 39920185
I see.. I know that DHCP snooping can be configured on Cisco IOS…
was just wondering if Linux has similar settings like windows to authorize DHCP server
0
 

Author Closing Comment

by:jskfan
ID: 39920190
Thank you Guys
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question