Foreman with Microsoft DNS and DHCP

adk · January 18, 2022, 11:20am

Hello. I am new with Foreman and have some questions about windows support in foreman. We use MS products, but now want to introduce linux servers to our environment. Hope someone could help me to find answers.

I want to use foreman with external MS DNS and DHCP servers. Installing an External Smart Proxy Server 3.1 does not mention windows support, but Foreman :: Manual does. So what is current status of windows and ms support?
Guide for windows server smart proxy is scarce and looks outdated. Do i need to install smart proxy on windows server to work with external MS DHCP and DNS or can stick with lunux smart proxy?

obol89 · January 18, 2022, 12:06pm

We are using Foreman and Katello with Windows DHCP and DNS. We don’t have any issues with that. We don’t use smart proxy for Windows at all.

For Windows DNS, we are using :use_provider: dns_nsupdate_gss in the foreman proxy DNS settings.

For DHCP we have our own scripts to manage it and we didn’t integrate it with Foreman through smart proxy. We have added our subnets and we are assigning addresses with Foreman to new hosts.

lzap · January 19, 2022, 7:21am

There is a bug that slipped into 3.1 but we will fix that in an update soon.

ericville · August 26, 2023, 6:03pm

I know this is an old post, but can you provide information on the scripts you’re using to manage MS DHCP? I’ve been trying to get the Windows Smart Proxy to work for some time now, but if there is an easier method of using MS DNS/DHCP than an external smart proxy server, then I’d really be interested to know.

Thanks,

Eric

obol89 · September 11, 2023, 1:39pm

Hi @ericville,

For DNS we are using foreman with foreman-proxy (on the same Linux server) and in the /etc/foreman-proxy/settings.d/dns.yml we have set up:

:enabled: https
:use_provider: dns_nsupdate_gss
:dns_ttl: 86400

and in the /etc/foreman-proxy/settings.d/dns_nsupdate_gss.yml:

:dns_server: YOUR_DNS_SERVER_IP
:dns_tsig_keytab: /etc/foreman-proxy/dns.keytab
:dns_tsig_principal: foremanproxy@YOURDOMAIN.COM

Foreman proxy is communicating with our Windows DNS server, and it is updating entries.

We are using MS DHCP server as well. As our source of truth, we are using Netbox, and this is where we are getting available addresses from. So, we don’t really communicate foreman directly with MS DHCP. In the Foreman settings, we have IPAM disabled, and we are modifying def suggest_ip method in the /usr/share/foreman/app/services/ipam/none.rb. So, it looks something like that:

def suggest_ip
      #logger.debug "Not suggesting IP Address for #{subnet} as IPAM is disabled"
      #nil
      result = `/usr/share/foreman/subnet.py #{subnet.id}`
      return result.strip
    end

In the python file, we are using pynetbox library to talk with Netbox.

ericville · September 14, 2023, 12:51pm

Thanks for the information, it’s much appreciated. I’ll look into Netbox for DHCP.

Eric