Problem: A user in EMEA can't log into their AD bound Mac. After investigation it is found that a duplicate name exists in another forest (North America). We have been working around this by renaming one of the accounts.
Possible solution (being tested now): from a command line on the user's machine type disconfigad –namespace domain name and then log in with domain\shortname
See this link for more details: http://archive.netbsd.se/?ml=macos-x-server&a=2008-09&t=8621106
Wednesday, April 29, 2009
Incorrect host names on Mac clients
As many of you are no doubt aware the Mac hostname displayed on the client and in the DNS Name field of ARD are more than likely incorrect. For example, your Mac might be named ldntam-DMX1234 but you get a hostname of OSLggk-DXP5678 or some other random name. This is a problem for applications such as LANDesk which need accurate DNS names associated to IPs.
After much research and many discussions with Apple we have finally received this definitive reply:
“Mac OS X 10.5 clients do not update PTR (reverse) records. The 10.5 Mac
clients will register an A record and the DHCP server must register
the Mac's PTR record. If a PTR record already exists with the IP
address that a Mac has, the Mac will be given the hostname of the
previous PTR record. That is why scavenging and choosing the option
to discard A and PTR records when the lease is deleted is necessary.”
DHCP servers can be configured to either update A and PTR records only if requested by clients or to always update DNS A and PRT records. The problem with the later method is that the server, rather than the client, will own the record and the client’s ACL is not included in the DNS object’s security list. This can cause problems if the client goes to another location, if the DHCP server is changed or if the A and PTR records are not released properly (which happens a lot).
It is also highly recommended that DHCP servers NOT reside on domain controllers. In such a configuration (DHCP and DNS on the same server) MS recommends using an account with DNS credentials to update the DNS records to ensure the integrity of Dynamic DNS updates.
According to Apple, Snow Leopard should have the ability to dynamically update PTR records.
After much research and many discussions with Apple we have finally received this definitive reply:
“Mac OS X 10.5 clients do not update PTR (reverse) records. The 10.5 Mac
clients will register an A record and the DHCP server must register
the Mac's PTR record. If a PTR record already exists with the IP
address that a Mac has, the Mac will be given the hostname of the
previous PTR record. That is why scavenging and choosing the option
to discard A and PTR records when the lease is deleted is necessary.”
DHCP servers can be configured to either update A and PTR records only if requested by clients or to always update DNS A and PRT records. The problem with the later method is that the server, rather than the client, will own the record and the client’s ACL is not included in the DNS object’s security list. This can cause problems if the client goes to another location, if the DHCP server is changed or if the A and PTR records are not released properly (which happens a lot).
It is also highly recommended that DHCP servers NOT reside on domain controllers. In such a configuration (DHCP and DNS on the same server) MS recommends using an account with DNS credentials to update the DNS records to ensure the integrity of Dynamic DNS updates.
According to Apple, Snow Leopard should have the ability to dynamically update PTR records.
Subscribe to:
Posts (Atom)