Hi all,
I am trying to get some 10.5 OD servers integrated into a Windows AD
infrastructure at a school district. There will be an OD master, a
replica, and a deployment server. The only services they will provide
is NetBoot/NetInstall, SW Update, and MCX.
The school's existing AD domain is called SCHOOL.LOCAL, which is
obviously not ideal, but cannot be changed.
I have added the Leopard servers to the domain in the following manner:
1. Verify DNS forward & reverse (e.g. macserver1.school.local)
2. Install Leopard Server in Advanced config
3. Update to 10.5.2
4. While still in Standalone mode, bind to AD using Directory Utility
5. Change server role to OD master
The result appears to be a working AD-OD triangle, in that Mac clients
bound to both will get MCX policies applied. I'm also able to add the
OD replica without any apparent problems.
My concern is that Kerberos is stopped on the OD master. Is this
normal for a subordinate directory server? I have read the newly
updated Open Directory Admin guide, but it doesn't answer this
question. On page 69 it says "The subordinate server automatically
determines that it is subordinate to an Active Directory or Open
Directory server and configures itself accordingly."
Does "accordingly" mean no Kerberos KDC? Or is this a byproduct of a
.local AD domain? I have added both school.local and .local to the DNS
search policy in Network Preferences but it makes no difference.
If this is not normal, is the solution to create a separate DNS domain
for the OD servers, and if so could it be OD.SCHOOL.LOCAL? I don't
think I can persuade the district's IT department to add another TLD
such as .private.
Thanks,
Ian
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
