Solved

Connecting to active directory from Mac OS X 10.4.8

Posted on 2006-10-21
9
1,833 Views
Last Modified: 2013-11-13
I have one windows 2003 server with active directory, dns setup as home.pcmacsolutions.inc, I am trying to connect to the active directory and I always get "invalid domain and forest combination was specified". I added the server in the ldap new connection and it recognises the server it states dc-home, dc=pcmacsolutions, dc=inc. I just cant figure out why it will not connect. Does somebody have a clue.
0
Comment
Question by:pcmacsolutions
  • 4
  • 2
9 Comments
 
LVL 9

Accepted Solution

by:
ParadiseITS earned 125 total points
ID: 17796810
pcmac --  if you are certain your string is correct (-home, dc=pcmacsolutions, dc=inc) which is certainly appears to be, I would to point the finger at DNS.   The name pcmacsolutions.inc is not a valid domain name (.inc) and that being the case cannot be resolved and while AD in Windows probably will function for the most part with that name (you'll still run into some problems) Mac OS is non-too-happy about it.

So, my suggestion is to rename Active Directory -- which if you are running 2003 is fairly simple using the AD Rename Tool (http://www.microsoft.com/technet/downloads/winsrvr/domainrename.mspx) to a real FQDN or at least one it can resolve properly (ilovemacs.com).

If you are running Win2k it is possible but ONLY if you are not running in native mode.  You would have to pretty much blow away your DC after putting a BDC online to accomplish this (back to old NT Domain days).


Hope this helps!
0
 

Author Comment

by:pcmacsolutions
ID: 17802120
Thank you I will try this, I am new at dns and I have to admit the documentation confuses me at times. I tried with a xxx.ca before and it was not working. I will try this and get back for a follow up. It will take a few days.
Thank you for the answer.
0
 

Author Comment

by:pcmacsolutions
ID: 17829005
Ok here it is I am trying this on a test server so I uninstalled dns server and active directory and now it is home.etsga.com (wich is one of my domains). I do not have dhcp on the server, it is on my firewall (linux box). When I go to DA and configure ldap I create a new ldap connection type in home.etsga.com.  , it automatically picks a template for active directory shows me DC=home,DC=etsga,DC=com but if I click on continue nothing happens. I beleive this has to work before going on. Any suggestion.
Thank in advance.
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 

Author Comment

by:pcmacsolutions
ID: 17829054
Here is the nslookup from the mac

; <<>> DiG 9.2.2 <<>> home.etsga.com
;; global options:  printcmd
;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59488
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;home.etsga.com.                  IN      A

;; ANSWER SECTION:
home.etsga.com.            600      IN      A      192.168.45.50

;; Query time: 84 msec
;; SERVER: 192.168.45.50#53(192.168.45.50)
;; WHEN: Sun Oct 29 10:55:26 2006
;; MSG SIZE  rcvd: 48

0
 
LVL 12

Assisted Solution

by:benhanson
benhanson earned 125 total points
ID: 17970909
BTW, you can have goofy TLDS on your local domain, you just may need to do extra work to use them.  .inc is no more invalid for local networks than .local

Have you confirmed that AD is working at all?  Do you have a PC that you can try and join?  Setting up the first server in an AD domain can be confusing the first time, especially if you are doing on box DNS, since AD really wants DNS to be present, but you normally get prompted to do AD setup before DNS setup.  You should go into DNSAdmin on the 2003 server and make sure that all of the AD records are in there(_msdcs,_sites,_tcp_udp,etc.  These will all have SRV records that effectively tell Windows clients where to find authentication resources.
0
 
LVL 12

Expert Comment

by:benhanson
ID: 17970910
BTW, you can have goofy TLDS on your local domain, you just may need to do extra work to use them.  .inc is no more invalid for local networks than .local

Have you confirmed that AD is working at all?  Do you have a PC that you can try and join?  Setting up the first server in an AD domain can be confusing the first time, especially if you are doing on box DNS, since AD really wants DNS to be present, but you normally get prompted to do AD setup before DNS setup.  You should go into DNSAdmin on the 2003 server and make sure that all of the AD records are in there(_msdcs,_sites,_tcp_udp,etc.  These will all have SRV records that effectively tell Windows clients where to find authentication resources.
0
 

Author Comment

by:pcmacsolutions
ID: 17971399
Thanks a lot for the input, I will give it a try.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SUMMARY Enterprise backup in a heterogeneous network is a subject full of complications and restrictions. Issues such as filename & path structure, attributes and extended metadata always tend to complicate the subject to the extent where either …
In this article we will discuss some EI Capitan Mail app issues and provide some manual process to resolve them.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now