我们在Debian 8上使用samba4作为AD DC,在另一台Debian 8机器上使用isc-dhcp作为DHCP路由器。 问题是,如果我在Windows客户端上设置DHCP IP,我无法join域。 如果我在Windows客户端首选的DNS上添加AD DC IP,我可以join域,但电脑不能上网。
我认为问题是与DHCP服务器。 我想所有的dynamicIP上的Windows客户端不静态。
/ etc / network / interface为域服务器
# The primary network interface allow-hotplug eth1 iface eth1 inet static address 10.10.1.100 netmask 255.255.255.0 network 10.10.1.1 broadcast 10.10.1.255 gateway 10.10.1.1 dns-nameservers 10.10.1.100 dns-search altfeldc.local / etc / hosts为域服务器
127.0.0.1 localhost 10.10.1.100 altfeldc.altfel.local altfeldc # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters
/etc/resolv.conf用于域名服务器
nameserver 10.10.1.100
/ etc / network / interface为dhcp服务器
# WAN network adapter auto dsl-provider iface dsl-provider inet ppp pre-up /bin/ip link set wan0 up # line maintained by pppoeconf provider dsl-provider auto wan0 iface wan0 inet manual # WLAN network adapter auto wlan1 iface wlan1 inet static address 10.10.1.1 netmask 255.255.255.0 network 10.10.1.0 broadcast 10.10.1.255
/ etc / hosts用于dhcp服务器
127.0.0.1 localhost 10.10.1.1 altfeldhcp # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters
/etc/resolv.conf用于dhcp服务器 – 193.xxx和213.xxx来自ISP
nameserver 193.231.252.1 nameserver 213.154.124.1
/etc/dhcp/dhcpd.conf在DHCP服务器上
ddns-update-style none; log-facility local7; authoritative; option subnet-mask 255.255.255.0; option broadcast-address 10.10.1.255; option routers 10.10.1.1; option domain-name-servers 10.10.1.100, 193.231.252.1, 213.154.124.1; option domain-name "altfel.local"; option netbios-name-servers 10.10.1.100; subnet 10.10.1.0 netmask 255.255.255.0 { interface wlan1; range 10.10.1.2 10.10.1.254; deny unknown-clients; } update-static-leases true; host altfeldc { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 10.10.1.100; { # other hosts after this line...
挖在域服务器上的命令
root@altfeldc:~# dig altfel.local ; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> altfel.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21852 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;altfel.local. IN A ;; ANSWER SECTION: altfel.local. 900 IN A 10.10.1.100 ;; Query time: 0 msec ;; SERVER: 10.10.1.100#53(10.10.1.100) ;; WHEN: Thu Jul 30 10:49:42 EEST 2015 ;; MSG SIZE rcvd: 46
nslookup在Windows客户端
C:\Users\admin>nslookup altfel.local Server: UnKnown Address: 10.10.1.100 Name: altfel.local Address: 10.10.1.100
域join错误
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "altfel.local": The error was: "DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.altfel.local Common causes of this error include the following: - The DNS SRV records required to locate an AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when an AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses: 213.154.124.1 193.231.252.1 10.10.1.100 - One or more of the following zones do not include delegation to its child zone: altfel.local local . (the root zone)