-
Title
How to set up in non-DNS environment or how to specify which DC to talk to ? -
Description
When using Authentication Services in a non-DNS setup or with a DNS server that doesn't include SRV records how can Authentication Services be configured so that it knows which servers to Active Directory servers to communicate with? How to hardcode the AD servers?
-
Resolution
Ensure the domain controllers can be resolved. Using either DNS or hard code the hostname mappings in /etc/hosts, using shortname and FQDN
eg.
192.168.119.1 dcname dcname.yourdomain.com dc.yourdomain.com.(Note the 3rd FQDN<dot> entry must be present if you the system uses a Internet DNS server or a server that does not contain AD/SRV records).
When joining the machine to the domain, make sure that all the servers are specified on the join line (in order of preference).
# /opt/quest/bin/vastool join domainname.com dc1.domainname.com dc2.domainname.comIf the machine is already joined you can re-configure vas.conf with the domain controllers by following the below.
1. Add the DCs to vas.conf (in order of preference).
# /opt/quest/bin/vastool configure realm domainname.com dc1.yourdomain.com dc2.yourdomain.com2. Set vas.conf to not resolve SRV records through DNS by runing the below
# /opt/quest/bin/vastool configure vas libvas use-dns-srv false3. If joined previously the SRV cache will need to be flushed by running the below command
# /opt/quest/bin/vastool flush srvinfo