ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0014141ClearCenterapp-active-directory - Active Directory Connectorpublic2017-03-30 11:402017-04-25 20:37
Reporterdloper 
Assigned Topbaldwin 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version7.3.0 Updates 
Target Version7.3.0 UpdatesFixed in Version7.3.0 Updates 
Summary0014141: Add AD DNS resolution for primary domain membership in DNSMasq on creation
DescriptionThe best practices for Active Directory connector should have the option for adding the split horizon DNS for the AD domain controller.

This should be maintained on the join of the domain as a preliminary step and a DNS check can be made to validate that the information is correct before committing the join.

The new field is optional but if specified will perform the following validation check:

New Fields: AD DNS Server 1, AD DNS Server 2

AD DNS Server 1 = dns1
AD DNS Server 2 = dns2
AD Realm = var1
Domain Controller = var2

Validation check:

var1 = tolower(var1)
var2 = tolower(var2)

dig @${dns1} srv _ldap._tcp.dc._msdcs.${var1}

This must yield matches for the the $var2 on the answer section line.

If it does not, the configuration is INVALID.

If the value is valid then the add of the DNS configuration should be made preceeding the domain join:

/etc/dnsmasq.conf:

server=/${var1}/${dns1}
server=/${var1}/${dns2}

DNSMasq should be reloaded before the join.

For more information, see these guides:

https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_splitting_dns_cache_to_use_specific_dns_server_for_domains [^]

https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_troubleshooting_the_ad_connector [^]

TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0005351)
dloper (administrator)
2017-04-11 12:24
edited on: 2017-04-11 12:31

dig @localhost srv _ldap._tcp.dc._msdcs.$(egrep "^realm" /etc/samba/smb.conf | awk -F" = " '{ print$2 }') | egrep "^_ldap\._tcp\.dc\._msdcs\.$(egrep "^realm" /etc/samba/smb.conf | awk -F" = " '{ print$2 }')\.\s[0-9]+\sIN\sSRV\s[0-9]+\s[0-9]+\s[0-9]+\s$(egrep "^password server" /etc/samba/smb.conf | awk -F" = " '{ print$2 }')\.$"

assumes the separator for realm and 'password server' in smb.conf is a space equal space

(0005441)
pbaldwin (administrator)
2017-04-25 20:11

The changes have been committed to master.

- Issue History
Date Modified Username Field Change
2017-03-30 11:40 dloper New Issue
2017-04-11 12:24 dloper Note Added: 0005351
2017-04-11 12:31 dloper Note Edited: 0005351 View Revisions
2017-04-25 11:26 pbaldwin Issue cloned: 0014511
2017-04-25 11:53 pbaldwin Status new => confirmed
2017-04-25 20:11 pbaldwin Note Added: 0005441
2017-04-25 20:37 pbaldwin Status confirmed => resolved
2017-04-25 20:37 pbaldwin Fixed in Version => 7.3.0 Updates
2017-04-25 20:37 pbaldwin Resolution open => fixed
2017-04-25 20:37 pbaldwin Assigned To => pbaldwin