Windows domain clients will need SRV records in the DNS in order to authenticate and join the domain. Here is an example of the DNS records you will need for a Windows 2008 R2 server to join a domain (the domain controller is also Win2008R2):
ip host ns.example.com 10.88.33.4
ip host example.com ns ns.example.com
ip host dc1.example.com 10.88.33.2
ip host _ldap._tcp.example.com srv 0 0 389 dc1.example.com
ip host _ldap._tcp.dc._msdcs.example.com srv 0 0 88 dc1.example.com
ip host _kdc._tcp.example.com srv 0 0 88 dc1.example.com
ip host WIN-IRQG06G53P6.example.com 10.88.33.2
!
interface GigabitEthernet0/0
description WAN
ip address 10.89.28.33 255.255.255.0
ip nat outside
ip dns view-group default
interface GigabitEthernet0/1
description LAN
ip address 10.88.33.4 255.255.255.0
ip nat outside
ip dns view-group default
!
ip dns view default
logging
domain name example.com
domain name-server 10.88.33.4
dns forwarder 8.8.8.8
dns forwarder 8.8.4.4
dns forwarding source-interface GigabitEthernet0/1
ip dns view-list default
view default 5
!
ip dns server
ip dns primary example.com soa ns.example.com admin@example.com 21600 900 7776000 86400
!
The line 'ip host WIN-IRQG06G53P6.example.com 10.88.33.2' is there to show that even though I set the dc1's hostname to "dc1" in Windows, this domain controller still responds to domain join requests using this name (and the client could not join the domain until this entry was here). If you have issues finding this, debug DNS on the Cisco router like this:
debug ip dns name-list
debug ip dns view
debug ip dns view-list
terminal monitor
No comments:
Post a Comment