Solved

How to authorize Linux DHCP server in Windows Domain

Posted on 2014-03-10
7
2,205 Views
Last Modified: 2014-03-11
In the scenario where DHCP server is installed on Linux OS, while the environment is using Windows domain, how would the Administrator be able to authorize DHCP server(Linux) in windows domain?
I have seen environment where they use Linux DHCP server as well as DNS server in to provide dhcp/dns services for windows machines in active directory domain

Thank you
0
Comment
Question by:jskfan
7 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 167 total points
ID: 39918156
You can't authorize a non Microsoft DHCP server in Active Directory like you can a Windows DHCP as outlined here  http://technet.microsoft.com/en-us/library/cc759688(v=ws.10).aspx

You can use non-Microsoft products for the services but some things like authorization don't work.

Thanks

Mike
0
 

Author Comment

by:jskfan
ID: 39918647
So what if someone plugs in DHCP server in the network?
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 166 total points
ID: 39919245
It just works... Just that is can not set DNS(it can, with help of samba package), but clients will do that with their credential anyway.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:jskfan
ID: 39919436
in Windows DHCP, you can authorize which DHCP can hand out IPs in the domain… so there is a security fence….with Linux DHCP I do not see that fence, I am sure it got to be a secure way to implement DHCP in mixed environments Linux/DHCP
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 167 total points
ID: 39920108
so there is a security fence….with Linux DHCP I do not see that fence,
As Mike said, it is impossible to authorize a non-Windows DHCP server.

IMHO the security an authorized DHCP provides is questionable. It also only works with domain joined windows clients.

Though it is very reasonable to protect against rogue DHCP servers, there is only one point to achieve a secure solution: on your network switches.

This is called dhcp-snooping and only allows defined ports to respond with DHCP offer. There you can even force clients to clients to a DHCP address. Note: Features like arp inspection and dhcp-snooping with database are commonly only available on midrange (managed) switches.

Example for Cisco IOS, enabling arp inspection and DHCP snooping on VLAN 10:
# protects VLAN 10 against rogue DHCP servers
ip dhcp snooping vlan 10
no ip dhcp snooping information option
ip dhcp snooping database flash:/dhcp-snoop-db
ip dhcp snooping
ip arp inspection vlan 10
# on port level for each port, eg. port 1
interface 0/1
ip dhcp snooping limit rate 20
# force the client to the DHCP address only
ip verify source
# allow DHCP server on port 10
interface 0/10
ip dhcp snooping trust
no shutdown

Open in new window

0
 

Author Comment

by:jskfan
ID: 39920185
I see.. I know that DHCP snooping can be configured on Cisco IOS…
was just wondering if Linux has similar settings like windows to authorize DHCP server
0
 

Author Closing Comment

by:jskfan
ID: 39920190
Thank you Guys
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now