Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Enterprise Microsoft Q&A: Hello for Buttprint
 
  • Post
  • Reply
Cao Ni Ma
May 25, 2010



 So we are migrating about 1k assets from one domain to another, much larger domain and we need to keep the first domain running till the migration is complete. Our networking team created new vlans and we set up some dns pointing to the new domain. We joined a freshly imaged machine to the new domain.

The machines from one domain can ping the machines from the other domain while they are in our network, so we figured we'd try to switch the domain on an established test asset. Well, after switching the dns on the old asset, creating the object on the new domain and using our new admin credentials, the machine did successfully join the domain. Or so we thought, after the restart they fail to get an IP. Even after adding the machines to the MAB to bypass the radius they will not get an IP. We know its authentication related, but why wouldn't adding them to the MAB work in this case?

* # ¿ Feb 27, 2021 01:05
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 24, 2024 10:41
  • Quote
Cao Ni Ma
May 25, 2010

klosterdev posted:

Probably dumb question: A quick google search says MAB operates at layer 2, and seems to affect layers 2-3/4 in some capacity (depending on what they mean by port) if its an authentication issue, wouldn't that be a completely seperate issue at the application level?

Normally a packet is sent to the radius server, which is application level but in our network it'll first check the mac address to see if there is a mab exception. If there is, it'll bypass the radius check and go straight into the dhcp to get an IP assigned. We use it on certain hardware like controllers, some printers, when we want to pxe re-image machines or when trusted assets from outside our domain need access to our network for a few days so we dont have to re-image their entire box. The radius only checks if the asset is in one of the domains.

I dont know, the more I think about it the more I think its dns for some stupid reason

* # ¿ Feb 27, 2021 01:36
  • Quote
Cao Ni Ma
May 25, 2010

mllaneza posted:

If you give one of the affected machines a static IP, can it ping the DNS and/or DHCP servers its supposed to be talking to ?

Nope, even with a static IP. I've tried given it an IP from the old domains range and the new ones swapping out the dns between just in case.

e-Our networking chief figured it out, apparently the tools that we use to add machines to the MAB were just adding them to the first domains side of the network, not the second. When he hardcoded the mac into the other sides mab it picked up an IP.

Cao Ni Ma fucked around with this message at 16:12 on Mar 1, 2021

* # ¿ Feb 27, 2021 14:34
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Enterprise Microsoft Q&A: Hello for Buttprint