ClearFoundation Tracker - ClearCenter
View Issue Details
0014141ClearCenterapp-active-directory - Active Directory Connectorpublic2017-03-30 11:402018-10-30 19:47
dloper 
user2 
normalminoralways
resolvedfixed 
7.3.0 Updates 
7.6.0 Updates7.4.0 Updates 
0014141: Add AD DNS resolution for primary domain membership in DNSMasq on creation
The best practices for Active Directory connector should have the option for adding the split horizon DNS for the AD domain controller.

This should be maintained on the join of the domain as a preliminary step and a DNS check can be made to validate that the information is correct before committing the join.

The new field is optional but if specified will perform the following validation check:

New Fields: AD DNS Server 1, AD DNS Server 2

AD DNS Server 1 = dns1
AD DNS Server 2 = dns2
AD Realm = var1
Domain Controller = var2

Validation check:

var1 = tolower(var1)
var2 = tolower(var2)

dig @${dns1} srv _ldap._tcp.dc._msdcs.${var1}

This must yield matches for the the $var2 on the answer section line.

If it does not, the configuration is INVALID.

If the value is valid then the add of the DNS configuration should be made preceeding the domain join:

/etc/dnsmasq.conf:

server=/${var1}/${dns1}
server=/${var1}/${dns2}

DNSMasq should be reloaded before the join.

For more information, see these guides:

https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_splitting_dns_cache_to_use_specific_dns_server_for_domains [^]

https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_troubleshooting_the_ad_connector [^]

No tags attached.
Issue History
2017-03-30 11:40dloperNew Issue
2017-04-11 12:24dloperNote Added: 0005351
2017-04-11 12:31dloperNote Edited: 0005351bug_revision_view_page.php?bugnote_id=5351#r1611
2017-04-25 11:26user2Issue cloned: 0014511
2017-04-25 11:53user2Statusnew => confirmed
2017-04-25 20:11user2Note Added: 0005441
2017-04-25 20:37user2Statusconfirmed => resolved
2017-04-25 20:37user2Fixed in Version => 7.3.0 Updates
2017-04-25 20:37user2Resolutionopen => fixed
2017-04-25 20:37user2Assigned To => user2
2017-08-12 18:45user2Target Version7.3.0 Updates => 7.4.0 Updates
2017-08-12 18:45user2Fixed in Version7.3.0 Updates => 7.4.0 Updates
2018-07-16 12:59user2Target Version7.4.0 Updates => 7.5.0 Updates
2018-10-30 19:47user2Target Version7.5.0 Updates => 7.6.0 Updates

Notes
(0005351)
dloper   
2017-04-11 12:24   
(edited on: 2017-04-11 12:31)
dig @localhost srv _ldap._tcp.dc._msdcs.$(egrep "^realm" /etc/samba/smb.conf | awk -F" = " '{ print$2 }') | egrep "^_ldap\._tcp\.dc\._msdcs\.$(egrep "^realm" /etc/samba/smb.conf | awk -F" = " '{ print$2 }')\.\s[0-9]+\sIN\sSRV\s[0-9]+\s[0-9]+\s[0-9]+\s$(egrep "^password server" /etc/samba/smb.conf | awk -F" = " '{ print$2 }')\.$"

assumes the separator for realm and 'password server' in smb.conf is a space equal space

(0005441)
user2   
2017-04-25 20:11   
The changes have been committed to master.