Re: Moved DHCP server to DC, now only works for domain users

robert.waters <robert.waters@xxxxxxxxx> wrote:
On Aug 11, 11:39 am, "Phillip Windell" <philwind...@xxxxxxxxxxx>
wrote:
DHCP is anonymous,..it does not care about users.
Machines get an IP Config before the user can even login in the first
place,...therefore it is impossible to wait until the user has
logged in before they get the config,...the IP Config must come
first,..then the login.

Machines always go to the same DHCP they got the last successful
Config Machines always ask for the same IP# they got last time.
If a machine got a Config from the Linksys box then it will keep
trying the Linksys box the next time. Since the linksys box is still
"alive" it will try the Linksys box even of the Linksys DHCP Service
is disabled.

You're screwing yourself by even allowing the Linksys box to have
the DHCP enabled at all in the first place.

Delete and re-create the Scope. *Keep it simple*. Configure only the
basics (IP, mask, DNS, DFG) at first until it works right. Don't get
"creative" until everything works dependably. Do not enable the
Scope until the Linksys DHCP is disabled. Make sure your scope is
activated and the DHCP is authorized. You may want the Scopes to be
inactive and the DHCP Server to be un-authorized until the Linksys
box has the DHCP Disabled.

--
Phillip Windellwww.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft, or anyone else associated with me, including my cats.
-----------------------------------------------------

"robert.waters" <robert.wat...@xxxxxxxxx> wrote in message

news:78945182-708a-4435-8239-9bc40648caf2@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I have just moved the DHCP server role from a domain member server
(which is being decommissioned) to the domain controller. It will
now only provide IP addresses to machines which are logged in to the
domain (domain user accounts).
Previously, it was no problem for the old DHCP server to provide
addresses to any machine that appeared in the network. This was
good/ required behavior, because many of our machines are
journeyman laptops or linux workstations.

I have done a few hours of research on the subject, and most results
point to a problem for non-authenticated users not being able to
interact with DNS properly/securely. I have enabled insecure dynamic
updates on the DNS server, provided a dns domain name via DHCP
option 015 (which was not present on the old server, btw), and made
several more changes (that I cannot remember right now) that might
have helped, but did not.

Please, can anyone help me with this problem? I currently have an
old linksys NAT box providing IPs to everyone, and while that is a
solution, it's not an incredibly robust one.

Thank you in advance,
Robert Waters

The linksys box was not in the network until I had the problems; it
was a last-ditch solution implemented only when I could not get the
new DHCP server working for non-domain PCs.

The DHCP server worked perfectly on a domain member server, but when
moved to the domain controller (using the same configuration with
respect to DNS servers, gateway, WINS etc.) it would only grant IP
addresses to machines (users) authenticated to the domain. e.g. log
into PC with a local (non-domain) user account, no IP assigned; re-
login using a domain account, the IP is provided.
It seems that since I moved the role to the DC, it will only allow
authenticated users to get IP addresses.

Thanks for your help.

As Phil states, there is simply no way DHCP can work only for authenticated
users in the domain. DHCP doesn't know anything about AD, and DHCP lease
assignments happen long before any user has even been prompted to logged in.
Now, dyamic DNS updates *can* be restricted to nuthenticated AD users only,
but that has nothing to do with DHCP & is unlikely to be the issue here. I
agree with Phil - I'd yank out the Linksys box & and start over.


.

Relevant Pages

  • Re: Moved DHCP server to DC, now only works for domain users
    ... Machines get an IP Config before the user can even login in the first ... If a machine got a Config from the Linksys box then it will keep ... "alive" it will try the Linksys box even of the Linksys DHCP Service ...
    (microsoft.public.windows.server.networking)
  • Re: Moved DHCP server to DC, now only works for domain users
    ... Machines get an IP Config before the user can even login in the first ... Machines always go to the same DHCP they got the last successful Config ... Linksys box the next time. ...
    (microsoft.public.windows.server.networking)
  • Re: [FC3] Sites disappearing from DNS
    ... >>What could be happenning is that your ISP is rotating his machines on ... >>DNS and sending your notifications through DHCP. ... You have to read the DHCP ... firewall config and then restarting both. ...
    (Fedora)
  • Re: Moved DHCP server to DC, now only works for domain users
    ... Machines get an IP Config before the user can even login in the first ... Machines always go to the same DHCP they got the last successful Config ... Linksys box the next time. ...
    (microsoft.public.windows.server.networking)
  • RE: [SLE] Basic setup questions [Part 1]
    ... >> the range that the LinkSys thinks it owns for dynamic ... > permantently assign a DHCP address to a computer. ... (I refer to the DNS server addresses, netmask, etc., ... I saw something in the LinkSys config pages, ...
    (SuSE)