I have failed to make an AD many times, but would like to give it a shot again. The last time was several years ago and the main hurdle was not understanding how to setup and configure local DNS servers, which seemed to have been a requirement.
Are there any implications in regards to IPFire I need to address?
This AD, would have only 3 cable connected windows computers attached to it and the only reason to do it, for starters, is to make sure they are updated with Windows patches and such. It may lead to more experimenting, but getting it to work is a first.
Starting ever so gently with a rack server I can use for this I am not sure on whether to allow an DC with AD to run its own DNS when I use IPFire for that. It was the hickup last time I attempted this: what do I do with DNS? How does the network feel about multiple DNS servers?
I will run this on 192.168.1.40 which is the current static IP mapped for that machine, but perhaps I should put this in a dedicated segment?
So everything went ok until I take a laptop and connect it via cable (not wifi) on to the same network as the AD server and try to join it to the AD, then it complains on not being able to find the AD servers DNS and a nslookup only finds ipfire router. Laptop has an IP within the 192.168.1.* range and AD srever has IP 192.168.1.42. I can ping it from laptop.
Not really expecting anything from you guys, just posting stuff as it happens.
@sec-con Have you checked the DHCP settings in IPFire to ensure it’s distributing the correct DNS server addresses to clients? For example using the console this could be a possible entry in /etc/unbound/local.d/ad.conf
to clarify, there is nothing special about calling the configuration file ad.conf. Any file in /etc/unbound/local.d/ will be imported in the main configuration file /etc/unbound/unbound.conf. You could name the file custom.conf, it would have the same effect.
Using *.homered.conram.it for my internal network. Not fully, though, but IPFire is on fwipfire.homered.conram.it and given that, since the servers hostname is called “wsrvaddc1”, it would become wsraddc1.homered.conram.it .
I also have the 180 update to install so will do both tomorrow.
Someday I will have vpn’s and a site on the web linking in via my Internet domain.
PS C:\Users\info> ping 192.168.1.42
Pinging 192.168.1.42 with 32 bytes of data:
Reply from 192.168.1.42: bytes=32 time<1ms TTL=128
Reply from 192.168.1.42: bytes=32 time<1ms TTL=128
Reply from 192.168.1.42: bytes=32 time<1ms TTL=128
Reply from 192.168.1.42: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.42:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
PS C:\Users\info> nslookup 192.168.1.42
Server: fwipfire.homered.conram.it
Address: 192.168.1.1
Name: wsrvaddc1.homered.conram.it
Address: 192.168.1.42
I made that with nano
GNU nano 7.2 ad.conf
forward-zone:
name: "wsrvaddc1.homered.conram.it."
forward-addr: 192.168.1.42
rebooted
Note: This information is intended for a network administrator. If you are not your network’s administrator, notify the administrator that you have received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain “wsrvaddc1.homered.conram.it”:
The error was: “DNS name does not exist.”
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.wsrvaddc1.homered.conram.it
Common causes of this error include the following:
The DNS SRV records required to locate an AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when an AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
192.168.1.1
One or more of the following zones do not include delegation to its child zone:
wsrvaddc1.homered.conram.it
homered.conram.it
conram.it
it
. (the root zone)
The issue was of course simpler to solve than I expected, and it was due to me doing to many things at once and not consistently. Once I defined a local DNS, 127.0.0.1 and ONLY that, on the ADDC computer I could use it’s IP (192.168.1.42) as a DNS entry on an experimental client , and ONLY that, and join it to the AD.
I see so many tutorials, but this was 2 computers and nothing else, still caused some headache.
