Re: [pfSense Support] Microsoft Server 2008 DHCP relay
On Mon 19 Apr 2010 05:17:59 NZST +1200, Tim Dressel wrote: Can anyone say from experience whether it's 'within scope' to keep pfSense as the DHCP/DNS? In other words, is it feasible to have 2K8 server turn to pfSense via something like DHCP relay? Never played with DHCP relay. Hi Tim, We are doing exactly this. I have my Win2008 server acting as DHCP and DNS. I have multiple scopes for each of the connected adapters (pfSense DHCP disabled on all interfaces). Thanks, obviously letting the 2008box do it all always works (the first law of Microsoft) but that was precisely not the point. The question was explicitly how to keep pfsense as authoritative DNS and DHCP server and how to make the Win2008 use the pfsense master. According to the OP MS is unwilling to cooperate (the second law of Microsoft). I'd be interested as well in how to keep pfsense authoritative in later MS server OSes. It works with SBS2003. Thanks, Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Microsoft Server 2008 DHCP relay
Thanks, obviously letting the 2008box do it all always works (the first law of Microsoft) but that was precisely not the point. The question was explicitly how to keep pfsense as authoritative DNS and DHCP server and how to make the Win2008 use the pfsense master. According to the OP MS is unwilling to cooperate (the second law of Microsoft). I'd be interested as well in how to keep pfsense authoritative in later MS server OSes. It works with SBS2003. We are using DHCP relay for 400 some PC's to Server 2008 DC w/ DNS/DHCP. It's a pretty basic setup and it allowed us to consolidate our DHCP onto 2 servers (failover). Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Microsoft Server 2008 DHCP relay
Thanks, obviously letting the 2008box do it all always works (the first law of Microsoft) but that was precisely not the point. The question was explicitly how to keep pfsense as authoritative DNS and DHCP server and how to make the Win2008 use the pfsense master. According to the OP MS is unwilling to cooperate (the second law of Microsoft). I'd be interested as well in how to keep pfsense authoritative in later MS server OSes. It works with SBS2003. We are using DHCP relay for 400 some PC's to Server 2008 DC w/ DNS/DHCP. It's a pretty basic setup and it allowed us to consolidate our DHCP onto 2 servers (failover). Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com That's exactly what I was hoping to hear. I'll post any meaningful distilled wisdom from our implementation! THANKS! -Karl Fife (The original poster, not Tim Dressel) :-) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Microsoft Server 2008 DHCP relay
Can anyone say from experience whether it's 'within scope' to keep pfSense as the DHCP/DNS? In other words, is it feasible to have 2K8 server turn to pfSense via something like DHCP relay? Never played with DHCP relay. Hi Karl, We are doing exactly this. I have my Win2008 server acting as DHCP and DNS. I have multiple scopes for each of the connected adapters (pfSense DHCP disabled on all interfaces). For every connected LAN that is not on the same subnet connected to where the DHCP server is physically located, I use the relay to hook up to the appropriate DHCP scope. I enable the relay on the interface, and specify the IP address of the windows DHCP server and it just works. But you only need relay if you have multiple connected subnets. I've never done this with VLAN's but it should not matter. If you have a single LAN interface and hence single subnet it should really be just that simple. You can even enable things like NAP after that (we have essentially 2 subnets, one less trusted and one trusted, and you get dumped into the individual subnet based upon your health). If you need specifics on multiple subnets let me know. Cheers, Tim
[pfSense Support] Microsoft Server 2008 DHCP relay
We have a couple of pfSense installations that want to 'lock down' their windows workstations with Win 2K8 Server and Active Directory. As you may know, normally this requires that Win Server be the DNS DHCP server. To clarify, we're NOT talking about MS Small Business Server/exchange and all of that crap--just 'regular' 2K8, with AD for lockdown/policy etc. Can anyone say from experience whether it's 'within scope' to keep pfSense as the DHCP/DNS? In other words, is it feasible to have 2K8 server turn to pfSense via something like DHCP relay? Never played with DHCP relay. Before sinking money into another server, licenses etc, I'm hoping someone can at least say yes, it works, I've tried it--it's solid so that we don't find ourselves half-way through realizing the we REALLY DO have to re-tool perfectly solid tested parts of our network just because the Microsoft tentacles want to touch be in control of everything. As I see it, I don't mind if Microsoft 2K8 server runs the Windows parts of the network but not the whole network. Has anyone actually tried this? Thanks in advance! -Karl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Microsoft Server 2008 DHCP relay
You don't need DHCP relay. Just use the pfsense's DHCP and set a domain authoritative to the DC (for DNS). A number of my remote offices that don't have DC are working like that (although only my office is using pfsense and others are using SonicWall). One different though, my is Windows 2003 R2 AD; not Windows 2008. -Raylund -Original Message- From: Karl Fife [mailto:karlf...@gmail.com] Sent: Saturday, April 17, 2010 2:17 PM To: support@pfsense.com Subject: [pfSense Support] Microsoft Server 2008 DHCP relay We have a couple of pfSense installations that want to 'lock down' their windows workstations with Win 2K8 Server and Active Directory. As you may know, normally this requires that Win Server be the DNS DHCP server. To clarify, we're NOT talking about MS Small Business Server/exchange and all of that crap--just 'regular' 2K8, with AD for lockdown/policy etc. Can anyone say from experience whether it's 'within scope' to keep pfSense as the DHCP/DNS? In other words, is it feasible to have 2K8 server turn to pfSense via something like DHCP relay? Never played with DHCP relay. Before sinking money into another server, licenses etc, I'm hoping someone can at least say yes, it works, I've tried it--it's solid so that we don't find ourselves half-way through realizing the we REALLY DO have to re-tool perfectly solid tested parts of our network just because the Microsoft tentacles want to touch be in control of everything. As I see it, I don't mind if Microsoft 2K8 server runs the Windows parts of the network but not the whole network. Has anyone actually tried this? Thanks in advance! -Karl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Microsoft Server 2008 DHCP relay
On 4/17/2010 2:17 PM, Karl Fife wrote: [...]As I see it, I don't mind if Microsoft 2K8 server runs the Windows parts of the network but not the whole network. Has anyone actually tried this? Thanks in advance! I haven't tried the DHCP parts, but I have set one up for DNS thusly: Pass the DHCP clients the AD server for DNS -- and ONLY the AD server, and then on the AD server, in the DNS server setup, setup a single forwarder: your pfSense box's LAN IP (or whatever interface it's using) That way your DNS setup in pfSense, including any overrides and such that you have set, will still be used, and 2k8 is still happily doing DNS for whatever it needs. At that site the DHCP was very vanilla so I had no problem letting AD take that over. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Microsoft Server 2008 DHCP relay
On Sat, Apr 17, 2010 at 2:17 PM, Karl Fife karlf...@gmail.com wrote: We have a couple of pfSense installations that want to 'lock down' their windows workstations with Win 2K8 Server and Active Directory. As you may know, normally this requires that Win Server be the DNS DHCP server. To clarify, we're NOT talking about MS Small Business Server/exchange and all of that crap--just 'regular' 2K8, with AD for lockdown/policy etc. Can anyone say from experience whether it's 'within scope' to keep pfSense as the DHCP/DNS? In other words, is it feasible to have 2K8 server turn to pfSense via something like DHCP relay? Never played with DHCP relay. We disabled DHCP and DNS in pfSense and do both from Active Directory. We have not had any trouble with this setup.