Adding Linux 5 machine to Windows Server 2008 DNS


In order to add a Linux machine to an existing Windows Server 2008 DNS server, there are several main steps that need to be carried out:

  1. Prepare the Linux servers to join the Windows DNS configuration (this includes installing required packages, editing configuration files, checking hostname resolution, configure Kerberos and Samba, etc)
  2. Add the DNS entries for the Linux machine to the Windows Server 2008 DNS configuration (both forward looking and reverse lookup zones)
  3. If necessary, create a new reverse lookup zone in the Windows Server 2008 configuration

The main goal of this exercise is for me to be able to add all of my Linux (both RHEL and OEL servers) virtual machines to the DNS configuration, in order for me to test out various deployment and failover testing scenarios for Oracle 11g Release 2 RAC, Oracle 12c Cloud Control, and also data replication with Oracle Goldengate (all hopefully subjects of future entries in this blog). Explaining the different components involved as well as what their function is within Linux and Windows Server is not the goal of this entry.

So what I do NOT need are things such as :

  1. authentication for Windows Active Directory users on my existing Windows Server 2008 when accessing Linux machine
  2. home directory and file sharing between platforms, and so on

Basically, all I need is DNS membership and host/IP address resolution features, and will not be going into detail on any of the other DNS/Active Directory settings. So if this is what you need, the following entry isnt going to be of much use.

So, to start off, I will need to install the required packages (updated based on this helpful post) on my Linux machine running on RHEL 5.5. I have already configured YUM in a previous post, so I’ll just dive right into it:

Package list:
samba3x.x86_64
samba3x-common.x86_64
samba3x-winbind.x86_64
samba-common
samba-client
samba
system-config-samba
pam_krb5
krb5-workstation
krb5-libs


[root@rhelgrid yum.repos.d]# yum list | grep system-config-samba
This system is not registered with RHN.
RHN support will be disabled.

system-config-samba.noarch                1.2.41-5.0.1.el5           el5_u5_base

[root@rhelgrid yum.repos.d]# yum install system-config-samba
Loaded plugins: rhnplugin, security
This system is not registered with RHN.
RHN support will be disabled.

Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package system-config-samba.noarch 0:1.2.41-5.0.1.el5 set to be updated
–> Finished Dependency Resolution

 Dependencies Resolved
 ================================================================================
Package                                   Arch            Version                   Repository                         Size
=================================================================================

Installing:
system-config-samba         noarch        1.2.41-5.0.1.el5         el5_u5_base                   218 k

Transaction Summary
==================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 218 k
Is this ok [y/N]: y

Downloading Packages:
system-config-samba-1.2.41 5.0.1.el5.noarch.rpm                               | 218 kB     00:01

Running rpm_check_debug
Running Transaction Test
Finished Transaction Test

Transaction Test Succeeded

Running Transaction
Installing     : system-config-samba                                                      1/1

Installed:
system-config-samba.noarch 0:1.2.41-5.0.1.el5
Complete!

NOTE: The above example was for the system-config-samba package, but the steps are the same for all the packages in the above list, so I will skip the complete list of RPM installations for brevity


Next, I will verify the entries in the /etc/hosts file, to ensure that the fully qualified host names (FQDN) are specified (note that my DNS server is named MYD, with the IP address of 192.168.0.20 and also the fully qualified name including my domain)

 [root@rhelrac1 yum.repos.d]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1                  localhost.localdomain localhost
192.168.0.51            rhelrac1.innotiiveasia.local rhelrac1
192.168.0.52            rhelrac2.innotiiveasia.local rhelrac2
192.168.0.53            rhelrac3.innotiiveasia.local rhelrac3
192.168.0.54            rhelrac4.innotiiveasia.local rhelrac4
192.168.0.55            rhelgrid.innotiiveasia.local rhelgrid
192.168.0.20            myd.innotiiveasia.local myd

Now to check that my DNS server has been specified, and the Linux machine knows to use DNS-based host resolution (by editing the /etc/resolv.conf and /etc/nsswitch.conf files respectively)

Note that I have created an entry for the DNS server (or the nameserver) in the resolv.conf file, with the correct IP address specified:

[root@rhelgrid yum.repos.d]# more /etc/resolv.conf
nameserver 192.168.0.20

And in my /etc/nsswitch.conf file, I have specified that the host name resolution should include both the hosts entries, as well as the DNS server configurations, as shown in the following lines:


[root@rhelgrid pam.d]# more /etc/nsswitch.conf | grep dns
#       dns                     Use DNS (Domain Name Service)
#hosts:     db files nisplus nis dns
hosts:      files dns

Now we are ready to configure the Kerberos daemon to connect to the Windows DNS server zone (or realm, in Kerberos terms), as well as test connectivity between our Linux machine and the DNS server. First, we need to edit the configuration file (/etc/krb5.conf) to include the entries as shown below:

[root@rhelgrid yum.repos.d]# more /etc/krb5.conf

[libdefaults]
default_realm = INNOTIIVEASIA.LOCAL
dns_lookup_realm = yes
dns_lookup_kdc = yes
ticket_lifetime = 24h
forwardable = yes

Here, the main section is the realm/DNS zone definition, as shown in the stanza above. Additional configurations (such as application defaults, logging, etc) is not shown for brevity. As can be seen, I’m specifying my domain name as INNOTIIVEASIA.LOCAL (all in uppercase, as this is a requirement). To test the settings supplied, we can now do the following:

[root@rhelgrid yum.repos.d]# kinit ADMINISTRATOR@INNOTIIVEASIA.LOCAL
Password for ADMINISTRATOR@INNOTIIVEASIA.LOCAL:

If everything is working correctly, there will be no messages/errors returned. If there are any messages displayed, the previous configuration files may not be accurate. We can now join the domain by running the following:

[root@rhelgrid samba]# net ads join -U administrator
Enter administrator’s password:
Using short domain name — INNOTIIVEASIA
Joined ‘RHELGRID’ to realm ‘innotiiveasia.local’

[NOTE: As mentioned earlier, it’s important to ensure that the configuration has been done correctly in the Kerberos, hosts and nsswitch files, or you may encounter errors such as shown below:
[root@rhelgrid samba]# net ads join -U administrator
Enter administrator’s password:
Using short domain name — INNOTIIVEASIA
Joined ‘RHELGRID’ to realm ‘innotiiveasia.local’
No DNS domain configured for rhelgrid. Unable to perform DNS Update.
DNS update failed!

Once all the requirements have been completed (in my case I had made a mistake in the /etc/hosts file), this should no longer be a problem]

Moving on to the Windows Server 2008 machine, we can now see that an entry has been created for our Linux host (in my case, rhelgrid) on the DNS server’s forward lookup zone:

Windows Server 2008 DNS entry

So we’re almost done, all that remains is to ensure that we have a reverse lookup domain configured and working, so that not only will our servers be able to resolve fully qualified hostnames, but also the IP addresses for all the hosts in our DNS configuration. From here on, these steps will be on the Windows Server 2008 machine, as the administrator user (or other similar users with administrator privileges).

If you’re following the screenshots above, everything should be fairly self-explanatory, but the general idea is I have a domain with the IP configuration of 192.168.0.XX, and thus my reverse-lookup domains will start with 0.168.192.XX. I have elected to enable this reverse lookup zone only for IPv6 addresses (as we do not use IPv6 in our test environments, for now).

The last step is to add the pointer to my Linux server (rhelgrid.innotiiveasia.local, IP 192.168.0.55) to the reverse lookup zone, and test the functionality from our Linux box. Again the steps are carried out on the Windows Server 2008 machine, and are fairly self-explanatory.

In brief, what I’ve done here is configured a pointer for the reverse lookup zone in our DNS server, and added a pointer (or entry) for the rhelgrid machine that has already been registered in the forward lookup zone earlier in this post (when we added the host with the net join ads command). Now it should be possible to perform both forward and reverse DNS lookups from the Linux server, as shown below:

[root@rhelgrid etc]# nslookup rhelgrid.innotiiveasia.local
Server:         192.168.0.20
Address:        192.168.0.20#53
Name:   rhelgrid.innotiiveasia.local
Address: 192.168.0.55

[root@rhelgrid etc]# nslookup 192.168.0.55
Server:         192.168.0.20
Address:        192.168.0.20#53
55.0.168.192.in-addr.arpa       name = rhelgrid.innotiiveasia.local.

About these ads

About oracletempspace

I'm an Oracle enthusiast, whose work revolves around consulting, designing, implementing and generally helping businesses get the most out of Oracle Database and related products.
This entry was posted in Adding Linux hosts, Configure reverse lookup DNS zone, DNS configuration, DNS configuration, DNS configuration, Join Windows Server domain, Join Windows Server domain, Windows Server 2008 and tagged , , , , , . Bookmark the permalink.

One Response to Adding Linux 5 machine to Windows Server 2008 DNS

  1. Sherrie says:

    It’s really a great and useful piece of
    info. I’m happy that you simply shared this useful information with
    us. Please keep us informed like this. Thank you for sharing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s