> Disjoint namespace is the term used if you have DNS names for windows > active directory members which are anything other than: > > samaccountname.<AD domain> > > So, if you give your hosts DNS hostnames of: > > samaccountname.dept.<AD domain> > > ...this is a disjoint namespace. This is a supported configuration in > principle - AD itself and most of the Microsoft tools work just fine - > but in practice you'll find an awful lot of 3rd party stuff out there > assumes that the AD domain starts at the first "." in the hostname, and > will break if it doesn't. > > This makes me sad, since the underlying protocols at AD is built on > (DNS, Kerberos, LDAP) have plenty of mechanisms for doing the mapping > properly. They're just not used.
Okay. Fortunately, we're not doing that. "Missouri.edu" is not an AD domain. "Col.missouri.edu" however, is. So a dnps-caplap-4.col.missouri.edu is a computer named dnps-caplap-4 in the col.missouri.edu AD domain. So the "first dot" assumption should work IF you take "col.missouri.edu" as the domain, rather than just "COL" (that which is between the first two dots). --J - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
