我们在 Debian 8 上使用 samba4 作为 AD DC,在另一台 Debian 8 机器上使用 isc-dhcp 作为 DHCP 路由器。问题是,如果我在 Windows 客户端上设置 dhcp ip,我就无法加入域。如果我在 Windows 客户端首选 DNS 上添加 AD DC ip,我可以加入域,但计算机无法访问互联网。
我认为问题出在 DHCP 服务器上。我希望所有 Windows 客户端都使用动态 IP,而不是静态 IP。
域服务器的 /etc/network/interface
# The primary network interface
allow-hotplug eth1
iface eth1 inet static
address 10.10.1.100
netmask 255.255.255.0
network 10.10.1.1
broadcast 10.10.1.255
gateway 10.10.1.1
dns-nameservers 10.10.1.100
dns-search altfeldc.local
域服务器的 /etc/hosts
127.0.0.1 localhost
10.10.1.100 altfeldc.altfel.local altfeldc
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
域服务器的 /etc/resolv.conf
nameserver 10.10.1.100
dhcp 服务器的 /etc/network/interface
# WAN network adapter
auto dsl-provider
iface dsl-provider inet ppp
pre-up /bin/ip link set wan0 up # line maintained by pppoeconf
provider dsl-provider
auto wan0
iface wan0 inet manual
# WLAN network adapter
auto wlan1
iface wlan1 inet static
address 10.10.1.1
netmask 255.255.255.0
network 10.10.1.0
broadcast 10.10.1.255
dhcp 服务器的 /etc/hosts
127.0.0.1 localhost
10.10.1.1 altfeldhcp
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
/etc/resolv.conf 用于 dhcp 服务器 - 193.xxx 和 213.xxx 来自 ISP
nameserver 193.231.252.1
nameserver 213.154.124.1
DHCP 服务器上的 /etc/dhcp/dhcpd.conf
ddns-update-style none;
log-facility local7;
authoritative;
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.1.255;
option routers 10.10.1.1;
option domain-name-servers 10.10.1.100, 193.231.252.1, 213.154.124.1;
option domain-name "altfel.local";
option netbios-name-servers 10.10.1.100;
subnet 10.10.1.0 netmask 255.255.255.0 {
interface wlan1;
range 10.10.1.2 10.10.1.254;
deny unknown-clients;
}
update-static-leases true;
host altfeldc {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 10.10.1.100;
{
# other hosts after this line...
域服务器上的 dig 命令
root@altfeldc:~# dig altfel.local
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> altfel.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21852
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;altfel.local. IN A
;; ANSWER SECTION:
altfel.local. 900 IN A 10.10.1.100
;; Query time: 0 msec
;; SERVER: 10.10.1.100#53(10.10.1.100)
;; WHEN: Thu Jul 30 10:49:42 EEST 2015
;; MSG SIZE rcvd: 46
Windows 客户端上的 nslookup
C:\Users\admin>nslookup altfel.local
Server: UnKnown
Address: 10.10.1.100
Name: altfel.local
Address: 10.10.1.100
域加入错误
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "altfel.local":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.altfel.local
Common causes of this error include the following:
- The DNS SRV records required to locate an AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when an AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
213.154.124.1
193.231.252.1
10.10.1.100
- One or more of the following zones do not include delegation to its child zone:
altfel.local
local
. (the root zone)