Hey all,
Question. I have two Mac OS X Server 10.6.4 installs. One is an Open Directory Master and Primary Domain Controller. Lets call it server1. The second, lets call it server2, is bound to the ODM via Directory Utility. The Computer ID entered in Directory Utility when server2 was bound to server1 was the default. The server’s host name, server2. Looking at the Computers tab in Workgroup Manger on server1 showed a record for server2$. I am able to log into server2 using accounts in server1’s directory. Great. All is well.
Next I tried to join server2 to server1’s domain. I did this in Server Admin’s SMB service’s General tab. Role: Domain Member and Computer Name: server2. This didn’t work. The SMB File Service Log showed:
[2010/07/16 09:15:51, 0, pid=48589] /SourceCache/samba/samba-235.4/samba/source/rpc_server/srv_netlog_nt.c:_net_auth_2(529)
_net_auth2: creds_server_check failed. Rejecting auth request from client SERVER2 machine account SERVER2$
[2010/07/16 09:15:52, 0, pid=48591] /SourceCache/samba/samba-235.4/samba/source/passdb/pdb_interface.c:pdb_default_create_user(391)
Could not get RID of fresh user
After a lot of trial and error I figured out that since server2 had already been bound to server1 with the name “server2” trying to use the same computer name to become a domain member was the problem. If I unbound server2, effectively deleting the computer record in server1’s directory, I could then join server2 to server1’s domain.
The Open Directory Administration guide for Mac OS X Server 10.6 states that when becoming a domain member “when practical” the computer name should match the server’s host name.
So, two questions. Can server2 be bound to server1 using the name “server2” AND join the PDC’s domain with the same name or should the names be different? If the latter, should the bound name or the domain member name be different from the server name?
.
.
Comments are closed