DNS, DHCP and Static IP with Ubuntu

I finished setting up an Ubuntu server a test lab, and quickly learned a few tips for DHCP and static IP addresses.

Setting and Interface for DHCP

If you want to change an interface to use DHCP, edit /etc/network/interfaces making sure you remove the static config

Example:

nano /etc/network/interfaces

iface eth0 inet static

address 192.168.0.x
netmask 255.255.255.0
network 192.168.0.x
broadcast 192.168.0.255
gateway 192.168.0.x

to

iface eth0 inet dhcp

The reverse can be done to change from DHCP to static.

Adding Alternative DNS server

Since DNS servers are handled by the DHCP, I wanted to add an alternative DNS server. Editting the dhclient.conf lets you do this and adding the following the lines to the file.

Example:

nano /etc/dhcp3/dhclient.conf

prepend domain-name-servers 127.0.0.1

or use supersede to replace them.

supersede domain-name-servers 127.0.0.1

Now the your Ubuntu server can run with DHCP with alternative DNS servers.

Use /etc/init.d/networking restart to apply the changes for the DHCP and DNS right away.

Windows Vista/7 Printer deployment via GPP

If you're deploying printers via Group Policy Preference under users configuration, you'll find that printers are not installing when users login. Windows would also log the following error

"preference item in the '[USER] Default User Policy' Group Policy object did not apply because it failed with error code '0x80070005 Access is denied"

There are 2 things you need to do to resolve this:

1) Modify "Point and Print" restrictions to allow users to install network printers without elevating to admin privileges. In XP, this is the default behavior, but in Windows Vista and above, Windows must have admin privileges to install printer drivers from the printer server.

To add allow users on Windows Vista/7 to you must change these settings under GRO
>Computer Configuration/Policies/Administrative Templates/Printer/Print and Point Restrictions
>"Do not show warning or elevation prompt" for installling and updating drivers.


2) Ensure that printers are being installed using the user security context. For some reason, user GPP printers are installed under the SYSTEM context, which means the installation can't communicate to the print server to download drivers, thus installation fails. More about GPP security context here.

In the "common" tab of each printer in GPP, check "Run in logged-on user's security context (user policy option)"


Now your GPP deployed printers should install properly.

Cisco IOS IKE pre-shared key error message

I found out if your IPSec tunnel's preshared key is wrong on Cisco IOS routers, the message that it shows is:

%CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 173.33.140.143 failed it ^s sanity check or is malformed

Talk about cryptic messages! Not very helpful, but now you know if you see that message, check your preshared keys!