2 Replies Latest reply: Mar 30, 2009 9:24 PM by JohnZ
JohnZ Level 1 Level 1 (0 points)
I have a server server1.ceit.uq.edu.au and I'm binding it to the AD domain uq.edu.au
The computer record created for xserve1 in AD has a DNSName of xserve1.uq.edu.au the ceit subdomain is missing.
All the services on this server get kerberos principals like xgid/xserve1.uq.edu.au@uq.edu.au also missing the ceit subdomain. I find if I access any of these services from another computer by specifying the location of the service as xserve1.ceit.uq.edu.au I get an authentication failure.
However, on the local subnet of the server I can see the services advertised via bonjour and if I select them the authentication succeeds. Unfortunately none of the users of these services will ever be on the servers local subnet.
Does anyone know how to correct the DNS name in the AD Computer record? It is not editable within AD.

Intel xserve, Mac OS X (10.5.6)
  • PatGmac Level 3 Level 3 (510 points)
    Do you have an AD domain that is authoritative for the ceit.uq.edu.au domain? If not, then your DNS is behaving properly. You are binding to uq.edu.au
  • JohnZ Level 1 Level 1 (0 points)
    The AD domain is for the entire *.uq.edu.au domain. My server is in DNS as xserve1.ceit.uq.edu.au and reverse lookup of the IP address resolves to this name. I found a Microsoft technote that says to bind a windows machine in a subdomain you have to edit the registry entry PrimaryDNSSuffix to be the subdomain, as it defaults to the AD domain, and also grant the machine write access to it's own AD computer entry. Unfortunately I don't have a Windows registry on my xserve.