HOWTO: MS Active Directory with BIND on Linux

ISSUE

I ran into a situation where I needed to support Active Directory DNS queries with BIND running on Linux. The particular issue was that workstations on one lan couldn't access their shares or even authenticate on a Domain Controller on another lan. After several responses of "sure you can do that and it's easy" but nobody wanting to hand me the step-by-step solution I finally found the answer. Thought I would post it here for the next guy that needs it.

RESOLUTION

What I needed was SRV records to tell the workstations where the Domain Controller was on the other lan. If you have your BIND DNS already setup, all you need to add are 4 SRV entries to the same file your A records are in. Obviously you need an A record entry for the DC as well. All punctuation is required and CAPS in my example signify that it is LAN dependent, eg, you should know how to fill this in!!! In this example DCHOSTNAME.DOMAIN.COM is your Domain Controllers fully qualified domain name.

_ldap._tcp.DOMAIN.COM. SRV 0 0 389 DCHOSTNAME.DOMAIN.COM.

_kerberos._tcp.DOMAIN.COM. SRV 0 0 88 DCHOSTNAME.DOMAIN.COM.

_ldap._tcp.dc._msdcs.DOMAIN.COM. SRV 0 0 389 DCHOSTNAME.DOMAIN.COM.

_kerberos._tcp.dc._msdcs.DOMAIN.COM. SRV 0 0 88 DCHOSTNAME.DOMAIN.COM.

That's it! Now your Domain Controllers can be found via you DNS servers running on Linux. Look up a little tutorial on DNS SRV records if you need to know what this all means.

If you are experiencing issues with ScaleArc or with any of it's features, please contact ScaleArc Support.

We are available 24x7 by phone at 855 800 7225 or +1 408 412 7315.

For general support inquiries, you can also e-mail us at support@scalearc.com.