I can ABSOLUTELY guarantee that it's the _kerberos records that are responsible for the AuthN locator.
Consider a keen little problem I ran into this week. I've got a site that has member servers and user machines authenticating anywhere they want to - across our 50-some odd sites. After checking Sites and Services (Subnet object is associated with the correct site), running DCDIAG, NETDIAG (with no errors, BTW) I decided to dive into DNS. Lo and behold - the _ldap. Records are registered, however there is no _kerberos or _kpasswd entries. Shut down then restart NETLOGON - voila! Records are all now registered, and authN goes to the DCs in the site. Need further proof? -rtk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, May 05, 2005 7:12 PM To: [email protected] Subject: RE: [ActiveDir] DNS vs. Hosts File I believe Jorge is correct. If I recall correctly, the last time I did a complete trace from boot to log on of a K3 Server the only SRV record looked up at any point in that process was the _ldap._tcp.<site>._sites.<domain> record. However, I can't count out that some caching from previous boots wasn't being used by the server when it started. The full proof way I guess of testing this would be to take a raw fresh box and trace it on startup through the join process and then reboot and log on to see if the kerberos record is ever queried. However, in all of the traces I have done, I don't think I ever recall seeing a query for the _kerberos records.... Does MS DNS have the capability to keep easy statistics on what records are queried and how often? joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Thursday, May 05, 2005 7:41 PM To: [email protected] Subject: Re: [ActiveDir] DNS vs. Hosts File I thought for auth purposes, it was _kerberos.tcp.<site>. etc,etc...? Am I wrong? Thanks -------------------------- Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
