Setting up Mac OS X.4 Server as a PDC?

[mlcdigital]

This is stressing me out…
I installed Mac OS X.4 Server 8 times so far trying to get it to work as a PDC so I can bind WinXP clients to it.
Once; I was able to get it to work once but then I made a tweak in the config and blew it up.
I’ve followed the steps I did the one time I got the Mac OS X.4 Server running as a true PDC but I can’t replicate the results.
This is what I’ve done when it worked for a short amount of time. I’ve repeated these steps with failed results.
Installed the OS on an Xserver (I’ve done it locally and remotely) enabling 1 NIC with DHCP then ran all updates and patches.
Once fully patched setup NIC with static IP and pointed first DNS server to its IP.
Setup DNS and tested forward and reverse name resolution.
Setup DHCP and tested a client to see if DNS resolved correctly.
Setup OpenDirectory as Master and rebooted the server.
Tested on Mac OS X.4 client that Kerberos and OpenDirectory are working 100%.
Enabled AFP then rebooted the server.
Under Windows set it as PDC changed the Description (File and Print Server), Name (FileServer), Domain (SOMETHING), and enabled WINS.
Then started the service and rebooted.
Once, I was able to bind to the domain using a WinXP machine; once. I bound to the domain both ways VIA clicking Change or the Network ID wizard under My Computer Properties. I’ve even ipconfig/flushdns, ipconfig/release, ipconfig/renew, forced the WinXP client to enable NetBIOS over TCP/IP.
I’m going crazy because this isn’t making any logical sense.
I can build a Samba machine using a very stripped down command line only install of Linux but I can’t using Apple’s pretty graphic interface.

[mlcdigital]

Here is the server’s /etc/smb.conf file…
[code][global]
encrypt passwords = yes
workgroup = SOMETHING
display charset = UTF-8-MAC
security = user
deadtime = 5
guest account = unknown
add machine script = /usr/bin/opendirectorypdbconfig -c create_computer_account -r %u -n “/LDAPv3/127.0.0.1”
add user script = /usr/bin/opendirectorypdbconfig -c create_user_account -r %u -n “/LDAPv3/127.0.0.1”
client ntlmv2 auth = no
preferred master = yes
defer sharing violations = no
allow trusted domains = no
netbios name = FileServer
lanman auth = YES
vfs objects = darwin_acls
wins support = yes
brlm = yes
max smbd processes = 0
server string = File and Print Server
logon drive = H:
os level = 20
domain logons = yes
passdb backend = opendirectorysam guest
dos charset = CP437
unix charset = UTF-8-MAC
auth methods = guest opendirectory
local master = yes
domain master = yes
map to guest = Never
use spnego = yes
printer admin = @admin, @staff
logon path = %Nprofiles%u
ntlm auth = YES
log level = 0
[Public]
vfs objects = darwin_acls
map archive = no
path = /Shared Items/Public
read only = no
inherit permissions = no
comment = macosx
create mask = 0644
guest ok = 0
directory mask = 0755
[homes]
root preexec = /usr/sbin/inituser %U
read only = no
comment = User Home Directories
browseable = no
create mode = 0750
[profiles]
oplocks = yes
path = /Users/Profiles
read only = no
strict locking = no
browseable = no
[printers]
printable = yes
path = /tmp
[netlogon]
oplocks = yes
path = /etc/netlogon
strict locking = no
browseable = no
write list = @admin
[Groups]
vfs objects = darwin_acls
map archive = no
path = /Groups
read only = no
inherit permissions = no
comment = macosx
create mask = 0644
guest ok = 0
directory mask = 0755
[Users]
vfs objects = darwin_acls
map archive = no
path = /Users
read only = no
inherit permissions = no
comment = macosx
create mask = 0644
guest ok = 0
directory mask = 0755
[/code]
When I try to join the domain via My Computer > Properties > Computer Name > Change or My Computer > Properties > Computer Name > Network ID I get these errors.
[code]The domain name SOMETHING might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain SOMETHING:

The error was: “DNS name does not exist.”
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.SOMETHING

Common causes of this error include the following:

– The DNS SRV record is not registered in DNS.

– One or more of the following zones do not include delegation to its child zone:

SOMETHING
. (the root zone)

For information about correcting this problem, click Help.[/code]
So then I go under my TCP/IP properties and force NetBIOS over TCP/IP but I still get the same error.
I have set Windows service role from PDC to Standalone and Stop/Start Service. Then changed the roll from Standalone to PDC and Stop/Start Service. I’ve also changed the roll and did a cold restart to the server.
I’ve not only cold restarted the server after most of the config changes I’ve also restarted the WinXP client after making changes to the server and/or client..

[Anonymous]

I have read on another post that the workgroup/domain name cannot match the DNS domain name of the server. So, if your domain is example.com, that cannot be used for the windows workgroup nor domain. You would need to use just “example”. IF the DNS domain and the windows domain names match, then the server does a DNS SRV record lookup. OSX doesn’t support those records (at least via the GUI).

[Author]

Posts