On January 11, 2010 3:45:11 PM -0800 Jordan Brown <[email protected]>
wrote:
Frank Cusack wrote:
the forest). I've chosen site names that match the ".loc" part of the
fdqn, is there a way to convince Windows to assign names which include
the site as part of the name? I haven't defined subnets to go along
with sites, should that help? Should I just create AD subdomains that
match the dns subdomains?
I'm not sure whether you're talking about AD sites here, or just
informally talking about multiple locations. AD sites are orthogonal to
domains, I believe.
I think you're probably talking informally, that you want to use the
third component of the domain to represent location, while keeping all of
the systems in a single AD domain. I don't know whether that's possible.
Actually I am talking about AD sites and not just using that term
generically. I've never used sites before, so don't know too much
about them, but my understanding is they are simply a load balancing
device and not a hierarchichal part of the domain topology per se.
It just would be convenient for me if they could be made to be part
of the topology and I wouldn't have to have multiple domains in the
forest.
I suspect that if you move the DC to dc1.XYZ.COM it will relieve the
indigestion. If convenient, it's worth trying. (I don't think that's
the _answer_, but it might be a workaround.) The nature of the bug is
that kclient (and maybe smbadm join too) assumes that the DC is directly
under the domain, not under a subdomain, superdomain, peer, or whatever.
It's going to be more convenient for me to create the child subdomain
LOC.XYZ.COM so I guess I'll have to suck it up. Maybe it won't matter
in the end anyway (having multiple domains), as apparently users can
belong in the parent domain without a problem as far as windows is
concerned. Hopefully the solaris cifs server is ok with that ...
(The nitty-gritty details of the bug that I noticed are that when kclient
discovers a DC by looking for an SRV record, it uses the domain suffix of
the server as the domain name, rather than using the domain suffix of the
name of the SRV record.)
I do have to note again, that when I join the domain with samba, using
the net command, the fqdn does get populated correctly, and inspection
of the secrets.tdb file seems to show a keytab with the correct fqdn.
If my guess is correct, that's simple to answer: Samba doesn't have the
bug :-)
Well that is interesting. The server fqdn is in a subdomain but the
domain name, the kerberos realm and the SRV records are all in the
parent domain.
But samba just has a different bug, as it can join but still doesn't
serve clients.
For sure Windows supports hostnames in different DNS domain names than
their AD domain names (I think they call it disjoint names) but I guess
this isn't a common configuration and not well tested on the unix side
of things.
-frank
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
