Frank Cusack wrote:
Actually I am talking about AD sites and not just using that term
generically. I've never used sites before, so don't know too much
about them, but my understanding is they are simply a load balancing
device and not a hierarchichal part of the domain topology per se.
It just would be convenient for me if they could be made to be part
of the topology and I wouldn't have to have multiple domains in the
forest.
Agreed, AD sites are a load-balancing / load-direction device, to encourage
systems to use servers that are "near" them.
You can structure your hierarchy so that it also reflects nearness, but
that would be completely independent of the "site" mechanism.
I suspect that if you move the DC to dc1.XYZ.COM it will relieve the
indigestion. If convenient, it's worth trying. (I don't think that's
the _answer_, but it might be a workaround.) The nature of the bug is
that kclient (and maybe smbadm join too) assumes that the DC is directly
under the domain, not under a subdomain, superdomain, peer, or whatever.
It's going to be more convenient for me to create the child subdomain
LOC.XYZ.COM so I guess I'll have to suck it up. Maybe it won't matter
in the end anyway (having multiple domains), as apparently users can
belong in the parent domain without a problem as far as windows is
concerned. Hopefully the solaris cifs server is ok with that ...
It should be.
Whatever you do, (a) please keep us informed of the results and (b) I
suggest that you try to minimize the differences between where you'd like
to be and where you have to go to work around problems. We *do* want to
fix problems, and when we do fix them it'd be nice if you could migrate
back to your preferred configuration.
Well that is interesting. The server fqdn is in a subdomain but the
domain name, the kerberos realm and the SRV records are all in the
parent domain.
That's consistent with the bug I saw in kclient.
For sure Windows supports hostnames in different DNS domain names than
their AD domain names (I think they call it disjoint names) but I guess
this isn't a common configuration and not well tested on the unix side
of things.
Yes.
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
