Solved

How to authorize Linux DHCP server in Windows Domain

Posted on 2014-03-10
7
2,487 Views
Last Modified: 2014-03-11
In the scenario where DHCP server is installed on Linux OS, while the environment is using Windows domain, how would the Administrator be able to authorize DHCP server(Linux) in windows domain?
I have seen environment where they use Linux DHCP server as well as DNS server in to provide dhcp/dns services for windows machines in active directory domain

Thank you
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 167 total points
ID: 39918156
You can't authorize a non Microsoft DHCP server in Active Directory like you can a Windows DHCP as outlined here  http://technet.microsoft.com/en-us/library/cc759688(v=ws.10).aspx

You can use non-Microsoft products for the services but some things like authorization don't work.

Thanks

Mike
0
 

Author Comment

by:jskfan
ID: 39918647
So what if someone plugs in DHCP server in the network?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 166 total points
ID: 39919245
It just works... Just that is can not set DNS(it can, with help of samba package), but clients will do that with their credential anyway.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:jskfan
ID: 39919436
in Windows DHCP, you can authorize which DHCP can hand out IPs in the domain… so there is a security fence….with Linux DHCP I do not see that fence, I am sure it got to be a secure way to implement DHCP in mixed environments Linux/DHCP
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 167 total points
ID: 39920108
so there is a security fence….with Linux DHCP I do not see that fence,
As Mike said, it is impossible to authorize a non-Windows DHCP server.

IMHO the security an authorized DHCP provides is questionable. It also only works with domain joined windows clients.

Though it is very reasonable to protect against rogue DHCP servers, there is only one point to achieve a secure solution: on your network switches.

This is called dhcp-snooping and only allows defined ports to respond with DHCP offer. There you can even force clients to clients to a DHCP address. Note: Features like arp inspection and dhcp-snooping with database are commonly only available on midrange (managed) switches.

Example for Cisco IOS, enabling arp inspection and DHCP snooping on VLAN 10:
# protects VLAN 10 against rogue DHCP servers
ip dhcp snooping vlan 10
no ip dhcp snooping information option
ip dhcp snooping database flash:/dhcp-snoop-db
ip dhcp snooping
ip arp inspection vlan 10
# on port level for each port, eg. port 1
interface 0/1
ip dhcp snooping limit rate 20
# force the client to the DHCP address only
ip verify source
# allow DHCP server on port 10
interface 0/10
ip dhcp snooping trust
no shutdown

Open in new window

0
 

Author Comment

by:jskfan
ID: 39920185
I see.. I know that DHCP snooping can be configured on Cisco IOS…
was just wondering if Linux has similar settings like windows to authorize DHCP server
0
 

Author Closing Comment

by:jskfan
ID: 39920190
Thank you Guys
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question