Joining Windows client to Leopard PDC domain

Question

Level 1

5 points

Joining Windows client to Leopard PDC domain

Leopard Server 10.5.2 providing OD, AD PDC, DHCP, DNS, AFP, SMB all on and "running"
XServe Intel
Mainly Windows XP clients but also some OS X clients

I am trying to set up a Leopard server to host a domain on our internal company LAN. I have followed the tutorials in "Mac OS X Server Essentials 10.5" and also referred to the "Open Directory Admin Guide" as well as the "Network Services Admin Guide" and am stuck in a few places.

One issue I am having is trying to join an XP client to the domain so that I can use account login and home folder access which is on the Leopard server. My 10.5 client machine can login and access the home folder fine but when I try to join the XP machine I get the following error on the PC:

"A domain controller for the domain mycompany.com could not be contacted. Ensure that the domain name is typed correctly."

I then click on Details and get the following:

"The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain mycompany.com:
The error was "DNS name does not exist."
(error code 0x0000232B RCODE NAMEERROR)
The query was for the SRV record for ldap._tcp.dc.msdcs.mycompany.com"

DHCP seems to be handing out IP addresses fine but does not hand out LDAP info. e.g. My Leopard client cannot get the LDAP via DHCP even though this is configured (according to the "Essentials" book) in the Directory Utility, it will only see the Domain controller/LDAP if I manually enter the info into it's Directory Utility. I'm wondering if this has something to do with PC not finding the domain?

What concerns me is the lack of configuration in DNS - so far I have only set up a primary zone for the domain mycompany.com with the correct primary zone name: mycompany.com. and nameserver: xserve1.mycompany.com. as well as a machine record within the zone for the server, machine name: xserve1 and IP address: 192.168.0.1 (the relevant reverse info is ok)

I have seen some discussions online that indicate I need to enter more DNS info e.g. an LDAP service record etc. but there is no mention of this in the Directory admin manual under setting up a PDC. Is this true and if so can anyone advise me as to how to enter these in Server Admin?

I am a complete beginner to server admin and command line tools but would really appreciate any help in the matter!

Thanks 🙂

Macbook 2GHz, Mac OS X (10.5.2)

Posted on Feb 24, 2008 2:51 AM

Reply

Answer 1

iwisa Author

Level 1

5 points

Feb 25, 2008 6:32 AM in response to iwisa

Sorry for the double posting but I have made some progress... I now think the problem lies elsewhere...

I enabled the WINS server within the SMB service on my Leopard PDC and entered the Server's IP address into it's DHCP WINS tab (WINS/NBNS Primary Server: 192.168.0.1). I have also changed the SMB domain to just mycompany as opposed to mycompany.com as suggested elsewhere - worked the same either way...

If I rely on DHCP to pass the WINS server's IP address to the client PC then I still get the error. If I however enter the WINS server IP address manually into the network settings of the PC then it finds the domain and I can join fine (and then log in as a user after the restart of the PC).

I was also having problems getting my 10.5 client Mac to retrieve LDAP from the DHCP using the setting in the Directory Utility (had to also enter the OD info manually which worked fine) so now I am thinking there is a problem with my DHCP handing out WINS and LDAP info. DHCP is working fine in terms of handing out IP addresses but is there any way of checking to see what else it is broadcasting at the client end or just on the network?

Reply

Answer 2

Feb 25, 2008 10:15 AM in response to iwisa

If you do this in OS X Terminal:

ipconfig getpacket en0 (if en0 is the interface used on the client) you get what the DHCP server responds when the DHCP client ask the subnet for an IP.

It's actually the client that does the broadcasting when it "screams" for an IP.

Reply

Answer 3

iwisa Author

Level 1

5 points

Feb 25, 2008 11:44 AM in response to Leif Carlsson

Hi Leif - thanks for the reply,

Maybe "broadcasting" in terms of the DHCP response was the wrong word for me to use but I see what you are saying...

I have tried this Terminal command and got the following but can't see any reference to NetBIOS/WINS server address, just the scope and node info I currently have set. The WINS/SMB server is on the same xserve unit (192.168.0.1) and have tried joining with no scope and node settings as well as node type=H.)

ipconfig getpacket en0
op = BOOTREPLY
htype = 1
flags = 0
hlen = 6
hops = 0
xid = 1499456152
secs = 0
ciaddr = 0.0.0.0
yiaddr = 192.168.0.33
siaddr = 192.168.0.1
giaddr = 0.0.0.0
chaddr = 0:17:f2:31:65:4a
sname = xserve1.MYCOMPANY.com
file =
options:
Options count is 12
dhcp messagetype (uint8): ACK 0x5
server_identifier (ip): 192.168.0.1
lease_time (uint32): 0x14e20
subnet_mask (ip): 255.255.255.0
router (ip_mult): {192.168.0.1}
domain nameserver (ip_mult): {192.168.0.1}
domain_name (string): MYCOMPANY.com
domain_search (dns_namelist): {MYCOMPANY.com}
ldap_url (string): ldap://xserve1.MYCOMPANY.com/dc=xserve1,dc=MYCOMPANY,dc=com
nb over_tcpip_nodetype (uint8): 0x8
nb over_tcpipscope (string): MYCOMPANY
end (none):

I used Wireshark on the PC client machine and got the following. Note that the DHCP Offer packet contains no option 44 (which AFAIK is what identifies the WINS server to clients) so the DHCP is not sending the address out.

No. Time Source Destination Protocol Info
3 2.996281 192.168.0.1 192.168.0.31 DHCP DHCP Offer - Transaction ID 0x2a7dee67

Frame 3 (342 bytes on wire, 342 bytes captured)
Ethernet II, Src: Apple_f2:03:08 (00:1e:52:f2:03:08), Dst: Micro-St_ff:86:a2 (00:10:dc:ff:86:a2)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.31 (192.168.0.31)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x2a7dee67
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 192.168.0.31 (192.168.0.31)
Next server IP address: 192.168.0.1 (192.168.0.1)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: Micro-St_ff:86:a2 (00:10:dc:ff:86:a2)
Server host name: xserve1.MYCOMPANY.com
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Offer
Option: (53) DHCP Message Type
Length: 1
Value: 02
Option: (t=54,l=4) Server Identifier = 192.168.0.1
Option: (54) Server Identifier
Length: 4
Value: C0A80001
Option: (t=51,l=4) IP Address Lease Time = 59 minutes, 24 seconds
Option: (51) IP Address Lease Time
Length: 4
Value: 00000DEC
Option: (t=1,l=4) Subnet Mask = 255.255.255.0
Option: (1) Subnet Mask
Length: 4
Value: FFFFFF00
Option: (t=15,l=13) Domain Name = "MYCOMPANY.com"
Option: (15) Domain Name
Length: 13
Value: 64656C616E656C65612E636F6D
Option: (t=3,l=4) Router = 192.168.0.1
Option: (3) Router
Length: 4
Value: C0A80001
Option: (t=6,l=4) Domain Name Server = 192.168.0.1
Option: (6) Domain Name Server
Length: 4
Value: C0A80001
Option: (t=46,l=1) NetBIOS over TCP/IP Node Type = B-node
Option: (46) NetBIOS over TCP/IP Node Type
Length: 1
Value: 01
End Option
Padding

I also looked at what happens at the point when I try to join the PC to the domain with and without the WINS server IP address manually entered on the PC's network settings:

Manual WINS setting communications:

2 17.727677 192.168.0.31 192.168.0.1 DNS Standard query SRV ldap._tcp.dc.msdcs.MYCOMPANY.com
Domain Name System (query)

3 17.728106 192.168.0.1 192.168.0.31 DNS Standard query response, No such name
Domain Name System (response)

4 17.733483 192.168.0.31 192.168.0.1 NBNS Name query NB MYCOMPANY.COM<1c>
NetBIOS Name Service

5 17.733833 192.168.0.1 192.168.0.31 NBNS Name query response NB 192.168.0.1
NetBIOS Name Service

DHCP-reliant WINS configuration communications:

1 0.000000 192.168.0.31 192.168.0.1 DNS Standard query SRV ldap._tcp.dc.msdcs.MYCOMPANY.com
Domain Name System (query)

2 0.000396 192.168.0.1 192.168.0.31 DNS Standard query response, No such name
Domain Name System (response)

3 0.000729 192.168.0.31 192.168.0.255 NBNS Name query NB MYCOMPANY.COM<1c>
NetBIOS Name Service

4 0.740454 192.168.0.31 192.168.0.255 NBNS Name query NB MYCOMPANY.COM<1c>
NetBIOS Name Service

5 1.490399 192.168.0.31 192.168.0.255 NBNS Name query NB MYCOMPANY.COM<1c>
NetBIOS Name Service

If anyone has any ideas...

Thanks 🙂

Reply