Solved

Connecting to active directory from Mac OS X 10.4.8

Posted on 2006-10-21
9
1,835 Views
Last Modified: 2013-11-13
I have one windows 2003 server with active directory, dns setup as home.pcmacsolutions.inc, I am trying to connect to the active directory and I always get "invalid domain and forest combination was specified". I added the server in the ldap new connection and it recognises the server it states dc-home, dc=pcmacsolutions, dc=inc. I just cant figure out why it will not connect. Does somebody have a clue.
0
Comment
Question by:pcmacsolutions
  • 4
  • 2
9 Comments
 
LVL 9

Accepted Solution

by:
ParadiseITS earned 125 total points
ID: 17796810
pcmac --  if you are certain your string is correct (-home, dc=pcmacsolutions, dc=inc) which is certainly appears to be, I would to point the finger at DNS.   The name pcmacsolutions.inc is not a valid domain name (.inc) and that being the case cannot be resolved and while AD in Windows probably will function for the most part with that name (you'll still run into some problems) Mac OS is non-too-happy about it.

So, my suggestion is to rename Active Directory -- which if you are running 2003 is fairly simple using the AD Rename Tool (http://www.microsoft.com/technet/downloads/winsrvr/domainrename.mspx) to a real FQDN or at least one it can resolve properly (ilovemacs.com).

If you are running Win2k it is possible but ONLY if you are not running in native mode.  You would have to pretty much blow away your DC after putting a BDC online to accomplish this (back to old NT Domain days).


Hope this helps!
0
 

Author Comment

by:pcmacsolutions
ID: 17802120
Thank you I will try this, I am new at dns and I have to admit the documentation confuses me at times. I tried with a xxx.ca before and it was not working. I will try this and get back for a follow up. It will take a few days.
Thank you for the answer.
0
 

Author Comment

by:pcmacsolutions
ID: 17829005
Ok here it is I am trying this on a test server so I uninstalled dns server and active directory and now it is home.etsga.com (wich is one of my domains). I do not have dhcp on the server, it is on my firewall (linux box). When I go to DA and configure ldap I create a new ldap connection type in home.etsga.com.  , it automatically picks a template for active directory shows me DC=home,DC=etsga,DC=com but if I click on continue nothing happens. I beleive this has to work before going on. Any suggestion.
Thank in advance.
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 

Author Comment

by:pcmacsolutions
ID: 17829054
Here is the nslookup from the mac

; <<>> DiG 9.2.2 <<>> home.etsga.com
;; global options:  printcmd
;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59488
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;home.etsga.com.                  IN      A

;; ANSWER SECTION:
home.etsga.com.            600      IN      A      192.168.45.50

;; Query time: 84 msec
;; SERVER: 192.168.45.50#53(192.168.45.50)
;; WHEN: Sun Oct 29 10:55:26 2006
;; MSG SIZE  rcvd: 48

0
 
LVL 12

Assisted Solution

by:benhanson
benhanson earned 125 total points
ID: 17970909
BTW, you can have goofy TLDS on your local domain, you just may need to do extra work to use them.  .inc is no more invalid for local networks than .local

Have you confirmed that AD is working at all?  Do you have a PC that you can try and join?  Setting up the first server in an AD domain can be confusing the first time, especially if you are doing on box DNS, since AD really wants DNS to be present, but you normally get prompted to do AD setup before DNS setup.  You should go into DNSAdmin on the 2003 server and make sure that all of the AD records are in there(_msdcs,_sites,_tcp_udp,etc.  These will all have SRV records that effectively tell Windows clients where to find authentication resources.
0
 
LVL 12

Expert Comment

by:benhanson
ID: 17970910
BTW, you can have goofy TLDS on your local domain, you just may need to do extra work to use them.  .inc is no more invalid for local networks than .local

Have you confirmed that AD is working at all?  Do you have a PC that you can try and join?  Setting up the first server in an AD domain can be confusing the first time, especially if you are doing on box DNS, since AD really wants DNS to be present, but you normally get prompted to do AD setup before DNS setup.  You should go into DNSAdmin on the 2003 server and make sure that all of the AD records are in there(_msdcs,_sites,_tcp_udp,etc.  These will all have SRV records that effectively tell Windows clients where to find authentication resources.
0
 

Author Comment

by:pcmacsolutions
ID: 17971399
Thanks a lot for the input, I will give it a try.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SUMMARY Enterprise backup in a heterogeneous network is a subject full of complications and restrictions. Issues such as filename & path structure, attributes and extended metadata always tend to complicate the subject to the extent where either …
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question