Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to authorize Linux DHCP server in Windows Domain

Posted on 2014-03-10
7
Medium Priority
?
2,695 Views
Last Modified: 2014-03-11
In the scenario where DHCP server is installed on Linux OS, while the environment is using Windows domain, how would the Administrator be able to authorize DHCP server(Linux) in windows domain?
I have seen environment where they use Linux DHCP server as well as DNS server in to provide dhcp/dns services for windows machines in active directory domain

Thank you
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 668 total points
ID: 39918156
You can't authorize a non Microsoft DHCP server in Active Directory like you can a Windows DHCP as outlined here  http://technet.microsoft.com/en-us/library/cc759688(v=ws.10).aspx

You can use non-Microsoft products for the services but some things like authorization don't work.

Thanks

Mike
0
 

Author Comment

by:jskfan
ID: 39918647
So what if someone plugs in DHCP server in the network?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 664 total points
ID: 39919245
It just works... Just that is can not set DNS(it can, with help of samba package), but clients will do that with their credential anyway.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:jskfan
ID: 39919436
in Windows DHCP, you can authorize which DHCP can hand out IPs in the domain… so there is a security fence….with Linux DHCP I do not see that fence, I am sure it got to be a secure way to implement DHCP in mixed environments Linux/DHCP
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 668 total points
ID: 39920108
so there is a security fence….with Linux DHCP I do not see that fence,
As Mike said, it is impossible to authorize a non-Windows DHCP server.

IMHO the security an authorized DHCP provides is questionable. It also only works with domain joined windows clients.

Though it is very reasonable to protect against rogue DHCP servers, there is only one point to achieve a secure solution: on your network switches.

This is called dhcp-snooping and only allows defined ports to respond with DHCP offer. There you can even force clients to clients to a DHCP address. Note: Features like arp inspection and dhcp-snooping with database are commonly only available on midrange (managed) switches.

Example for Cisco IOS, enabling arp inspection and DHCP snooping on VLAN 10:
# protects VLAN 10 against rogue DHCP servers
ip dhcp snooping vlan 10
no ip dhcp snooping information option
ip dhcp snooping database flash:/dhcp-snoop-db
ip dhcp snooping
ip arp inspection vlan 10
# on port level for each port, eg. port 1
interface 0/1
ip dhcp snooping limit rate 20
# force the client to the DHCP address only
ip verify source
# allow DHCP server on port 10
interface 0/10
ip dhcp snooping trust
no shutdown

Open in new window

0
 

Author Comment

by:jskfan
ID: 39920185
I see.. I know that DHCP snooping can be configured on Cisco IOS…
was just wondering if Linux has similar settings like windows to authorize DHCP server
0
 

Author Closing Comment

by:jskfan
ID: 39920190
Thank you Guys
0

Featured Post

More Than Just A Video Library

Train for your certification. Learn the latest DevOps tools. Grow your skillset to do better work.

At Linux Academy, we release new training modules every week so you'll always be up to date on the latest tech.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question