| Asset ID: |
1-71-1402003.1 |
| Update Date: | 2012-06-26 |
| Keywords: | |
Solution Type
Technical Instruction Sure
Solution
1402003.1
:
Sun Storage 7000 Unified Storage System: DNS server settings required for integration of the ZFS Storage Appliance with Active Directory
| Related Items |
- Sun Storage 7310 Unified Storage System
- Sun Storage 7410 Unified Storage System
- Sun ZFS Storage 7120
- Sun Storage 7110 Unified Storage System
- Sun ZFS Storage 7320
- Sun ZFS Storage 7420
- Sun Storage 7210 Unified Storage System
|
| Related Categories |
- PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
- .Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
|
In this Document
Created from <SR 3-3740498461>
Applies to:
Sun Storage 7310 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7410 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)
Goal
This document describes the DNS records required to join the ZFS Storage Appliance to an Active Directory domain. Active Directory requires that resources be located by DNS records.
These required DNS records are not unique to the NAS, but are often found to be misconfigured.
Fix
In order to integrate with Active Directory, the ZFSSA must locate Windows Domain resources via DNS.
Locating the Domain resources via DNS is accomplished primarily using SRV records. An SRV record, defined in RFC 2082 is a type of DNS record that specifies the location of available services. Typically, this will be a Windows 2003 or Windows 2008 server. Many DNS server solutions support these records, but many find it easiest to use Windows DNS servers for this purpose, as the Active Directory support is integrated, and all required DNS records are automatically created when DNS is installed on an AD Domain Controller.
The following DNS records are required for a properly functioning Active Directory environment. Note that the first six are the most critical to the ZFSSA AD integration:
Record: Host record for the appliance
Type: A
Description: Standard DNS host entry to resolve host to IP address
Record: Reverse record for the appliance
Type: PTR
Description: Standard DNS reverse lookup entry to resolve IP address to appliance hostname.
Record: _ldap._tcp.pdc._msdcs.<DnsDomainName>
Type: SRV
Description: This record allows clients to locate the Primary Domain Controller (PDC).
Record: _kerberos._tcp.dc._msdcs.<DnsDomainName>
Type: SRV
Description: This record allows clients to locate all Domain Controllers.
Record: _ldap._tcp.dc._msdcs.<DnsDomainName>
Type: SRV
Description: This record allows clients to locate the Kerberos Key Distribution Center (KDC).
Record: <DomainControllerFQDN>
Type: A
Description: This allow the IP addresses of the Domain Controllers to be resolved.
Record: _ldap._tcp.gc._msdcs.<DnsForestName>
Description: This record allows clients to locate the Global Catalog server.
Record: GcIpAddress
Type: A
Description: This record also allows clients to resolve the IP address of the Global Catalog server..
Record: <DsaGuide>._msdcs.<DnsForestName>
Type: CNAME
Description: This record is an alias that enables a client to locate any domain controller in the forest by looking up an A record.
For more information on verifying the SRV records for a Windows DNS server see MSKB Document #816587.
Back to <Document 1402353.1> Sun Storage 7000 Unified Storage System: How to Troubleshoot Active Directory Issues.
References
RFC 2082: http://www.faqs.org/rfcs/rfc2052.html
MSKB 816587: http://support.microsoft.com/kb/816587
<NOTE:1402353.1> - Sun Storage 7000 Unified Storage System: How to Troubleshoot Active Directory Issues
Attachments
This solution has no attachment
