Mac OS X binding to AD domain ending in .local
I am attempting to bind several Mac OS X (10.4 10.5 & 10.6) notebooks to my ".local" domain hosted by a Windows Server 2008 AD Domain Controller. According to apple, there should be no problem with this as long as the DNS server is "properly" configured with the required SOA record for the top level domain "local". (Ref: http://support.apple.com/kb/HT3473) My question is how do I properly add this zone to my DNS server? I have a single server as the domain controller and DNS server.
I have tried to create a forward lookup zone (local) that shows SOA and NS as my DNS server and a Host (A) with the IP address of the server, these are all 3 have the name (same as parent folder). Still the MacBooks show the domain as not responding.
And yes, I am new to configuring DNS zones. Any help would be greatly appreciated!
According to the apple support article it will work if you can configure the DNS server. Of course they don't offer any suggestions as to how to setup that configuration. I would prefer to not have to reconfigure the domain. Would be ok if this were a new setup, but it's not.
I wound up using the free version of Centrify and using their AD Check to discover there was an issue with time on the secondary DNS. Once I corrected that, I was able to connect the iMacs to the domain successfully, using the IP address rather than
domain.local - though I suspect at that point it wouldn't have mattered, as I'd used the IP address before unsuccessfully.
So lesson learned: check the time involved with everything. Noting this hear for future generations.
Similar Messages
-
Domains ending in .local are no longer accessible under Yosemite
Yesterday, on Mavericks, I was able to access our lan's local debian server which runs dnsmasq and serves out sites that have domains like web1.debbox.local. Today, on Yosemite, they are not accessible. The mac is unable to ping servers that end with .local
The debian server is my primary DNS, which upstreams to my router [just fine]. So normal domain resolution is working, just not .local.
The sites are available on other computers not running Yosemite or MacOS.The "local" TLD is reserved for Bonjour and always has been, though the reservation hasn't been enforced. Yosemite enforces it. Unicast domain names ending in .local will not be resolved.
-
Apple TV mirroring issues even with Mac mini,airport extreme bought at the end of last year,and an iPad 2
I have the same issue with ATV3 and iPhone 4S. Everything works properly, no buffering issues when watching netflix, vimeo, youtube BUT when I try mirroring even a small 15sec iPhone movie it stutters and buffers and results to a choppy playback..same with larger mp4 files such as 1-1.5GB, buffers forever and never plays, I just re-encoded the same movie to 700MB and plays perfectly..
Why Apple, why?..so close..I can accept the bigger movie files issue, but not being able to playback properly an iPhone movie is funny..I recorded a movie with lower bitrate through Filmic Pro (Economy mode, up to 16Mbps)
and plays properly.
Is there an upcoming software update going to solve the problem or is it hardware related and therefore not fixable.
Please don't reply with a network related answer, by 2012 we know how to set up our networks and everything else runs flawlessly.
I'll apreciate a fast answer, we love Apple, but if it can't play an iphone movie (or a high quality movie from iTunes) it's just not up to my standards.
Thanks again.
JP -
Mac OS X Leopard hates my domain address (apparently)
I've had my Mac since December and up until a few weeks ago it had no problem going to any of the websites I own. Problem now is that it refuses to go to them if I use my actual domain address. The sites are blogs that I bought domain names for, but the bookmarks I have had all along no longer work and neither does typing in the actual domain address, BUT if I type in the much longer blogspot-style address my Mac will then connect. My domain server says it's a problem with my ISP, but that doesn't make sense since I can connect with my Windows PC without issue. Why won't my Mac go to my domain names anymore???
Er, that should look like:
{quote:title=dig andmenshallcallitblog.com +trace}
; <<>> DiG 9.2.4 <<>> andmenshallcallitblog.com +trace
;; global options: printcmd
. 503490 IN NS J.ROOT-SERVERS.NET.
. 503490 IN NS K.ROOT-SERVERS.NET.
. 503490 IN NS L.ROOT-SERVERS.NET.
. 503490 IN NS M.ROOT-SERVERS.NET.
. 503490 IN NS A.ROOT-SERVERS.NET.
. 503490 IN NS B.ROOT-SERVERS.NET.
. 503490 IN NS C.ROOT-SERVERS.NET.
. 503490 IN NS D.ROOT-SERVERS.NET.
. 503490 IN NS E.ROOT-SERVERS.NET.
. 503490 IN NS F.ROOT-SERVERS.NET.
. 503490 IN NS G.ROOT-SERVERS.NET.
. 503490 IN NS H.ROOT-SERVERS.NET.
. 503490 IN NS I.ROOT-SERVERS.NET.
;; Received 420 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
com. 172800 IN NS H.GTLD-SERVERS.NET.
com. 172800 IN NS I.GTLD-SERVERS.NET.
com. 172800 IN NS J.GTLD-SERVERS.NET.
com. 172800 IN NS K.GTLD-SERVERS.NET.
com. 172800 IN NS L.GTLD-SERVERS.NET.
com. 172800 IN NS M.GTLD-SERVERS.NET.
com. 172800 IN NS A.GTLD-SERVERS.NET.
com. 172800 IN NS B.GTLD-SERVERS.NET.
com. 172800 IN NS C.GTLD-SERVERS.NET.
com. 172800 IN NS D.GTLD-SERVERS.NET.
com. 172800 IN NS E.GTLD-SERVERS.NET.
com. 172800 IN NS F.GTLD-SERVERS.NET.
com. 172800 IN NS G.GTLD-SERVERS.NET.
;; Received 499 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 15 ms
andmenshallcallitblog.com. 172800 IN NS ns45.domaincontrol.com.
andmenshallcallitblog.com. 172800 IN NS ns46.domaincontrol.com.
;; Received 127 bytes from 192.54.112.30#53(H.GTLD-SERVERS.NET) in 87 ms
andmenshallcallitblog.com. 3600 IN A 64.202.189.170
andmenshallcallitblog.com. 3600 IN NS ns45.domaincontrol.com.
andmenshallcallitblog.com. 3600 IN NS ns46.domaincontrol.com.
;; Received 111 bytes from 208.109.78.91#53(ns45.domaincontrol.com) in 88 ms
{quote}
And a simple lookup with dig:
{quote:title=dig andmenshallcallitblog.com}
; <<>> DiG 9.2.4 <<>> andmenshallcallitblog.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13078
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;andmenshallcallitblog.com. IN A
;; ANSWER SECTION:
andmenshallcallitblog.com. 1446 IN A 64.202.189.170
;; AUTHORITY SECTION:
andmenshallcallitblog.com. 1446 IN NS ns45.domaincontrol.com.
andmenshallcallitblog.com. 1446 IN NS ns46.domaincontrol.com.
;; ADDITIONAL SECTION:
ns45.domaincontrol.com. 2248 IN A 208.109.78.91
ns46.domaincontrol.com. 2248 IN A 208.109.255.23
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug 5 17:26:43 2008
;; MSG SIZE rcvd: 143
{quote}
It seems that the short-form is the address of a service that provides an HTTP redirect for you, so it will only work when using HTTP, and not if you have a plugin (like an Ad blocker or something) that will prevent the redirect. There's no native feature in OS X that would prevent the redirect -- unless it timed out at your ISP and your ISP gave you a bogus page rather than failed the lookup. If that's the case, you probably need to clear your browser cache. -
How to add a Mac Mini device to the windows domain
Hi,
I want to add my Mac Mini machine to a windows domain. Is it possible to add it? I have tried but it is not working. It asks for Client ID While joining to a windows domain. I have given MAC address, IP address and hostname of Windows server but it is not working. Please do help me out to sort out the issue.
Regards,
Ram_LiviaHi BDAqua,
Why should we create a user again? The point is I am going to join this Mac Mini to a windows domain controller. Windows domain controller means a centralized database of an organization. It is communicating with my Domain controller. But the issue is it is not founding my domain node while joining to a domain. Please find the attached screen shots for your reference. If you have worked on this please send me step by step configuration. -
Anyone else having problems accessing domains in safari ending in .local?
Hi,
Any URL I tap into safari which ends in .local e.g. my company network machine.company.local fails. I seem to recollect having the same problem on OS X years ago but the resolution was editing some file which is obviously not going to happen on my itouch. The only way I've found around this is to tap in the IP address instead of the machine name. Any ideas how to fix on a an IPT.
ThanksThere issue I was referring to in my previous post is detailed here:
http://the.taoofmac.com/space/Mac%20OS%20X/DNS%20and%20.local
titled "Did you know Mac OS X has problems with *.local DNS records?"
Don't know whether this helps anyone identify the problem. -
Domain users and local users can't login to reporting service web environment
Hello,
We installed reporting services at one of our customers but aren't able to use domain users to login. We've tried to login with a domain user, a local user but both aren't working. We set the proper permissions for the users on the reports folders.
We can only login with the buildin/administrator account on the local url: http://servername/reports
How can we allow login with domain users on other report manager url's?Below link may be helpful,
http://social.msdn.microsoft.com/Forums/sqlserver/en-US/623da309-21fa-42a8-905f-1424144a347d/setting-up-a-user-in-ssrs?forum=sqlreportingservices
Regards, RSingh -
SCCM 2012 - How to add domain id to local administrator group of all clients
SCCM 2012 - How to add domain id to local administrator group of all clients
Hi,
i have a domain id sccmadmin which is a part of domain admins group too.
Need to add this ID to the local administrators group of all clients. How do I do this? Please help!Hi ,
you need to choose the second option .
First option will remove all the domains users from the local administrator group available in all the PC'S .Then local administrator group will only have the users updated on the members list present in group policy.
Note : Local admins accounts on the local administrators groups will not be removed.
Second option will add the newly created group to the local administrator group in all the PC'S and it will not remove the existing members in the local administrators group.
Step 1 : Just try to create one new group for SCCM management .
Step 2 : Then add the SCCM account to that group.
Step 3 : Then please create a new group policy on that just choose the second option.On that option just add the newly created group to be an member of administrator group in all the PC'S
Why i have asked you to create a new group ?
Because in second option , we don't have a option to add a individual user .
Once you have created a group policy it will like below snap.
As an additional i will tell how to find the newly created group policy is applying to computer objects or not ans also i will tell you how to force update the group policy
1.gpresult /r ----> To find the which group policy is applying on user and computer object .
2.rsop.msc ----> There you can able to find the change has been applied or not .
3.gpupdate /force -----> Forcefully updating the group policy in a client machine
4.In gpmc.msc there is one option called group policy results .That option will be used for centralized management to find the policies that are applied to a user and computer account.
5.Just check the event viewer in all the PC'S for group policy related events.
Most importantly you need to make sure all the computer accounts are placed in an ou ,where the newly created group policy is applying and also make sure that OU doesn't contain any inheritance block.
Please feel free to reply me if you have any queries.
Thanks & Regards S.Nithyanandham -
Difference between AD domain user and local user
Hello, I think the title is self explanatory. I am trying to figure out difference between AD domain user and local user. SAP Help wasnt very helpful.
Thanks.Hi,
It's about where the user accounts are kept. Domain users are users that are entered into the domain users group on a domain controller. These domain users can be centrally managed at the server. Whereas the local users are the users created in the local system.
In BPC, you can select users from either of them or in combination as well. However, If you want to make change in the local user credentials, you need to login to the system in which the user has been created and make the changes there. On the other hand, changes to domain users can be made from any domain connected machine with the right software and the necessary rights. The changes only need to be made once.
Hope this helps. -
To change a domain installation to local installation
Hi,
To give you a little background,
We currently have two instance of SAP R/3 running on a server, ECC 5.0, 6.0, Oracle, on Windows.
Our organization was recently acquired by another company, because of this we had to go for a domain change.
To change the domain, system copy is procedure used. I have used the R3load procedure to
perform an export of the existing systems.
While this was happening, I am also working on another issue, with SAP's support, for this purpose, the said server
is currently in a DMZ to be exposed to SAP's support. According to our network guys, we do not have domain controllers
in DMZ, the server has to be a workgroup(if I understand it correctly, its local authentication). To enable this I would have
to use the export I had taken to do a local installation. This is just until the issue gets resolved, once that is done, server
will be moved out of DMZ and into the domain again. At which point, I would have to redo everything back into the new
domain.
This local installation has to be performed on the same server, by uninstalling the current SAP installation.
I have read several posts, regarding database copy, database restore. I am a little confused.
Below is a post where Markus suggests, database copy,
Re: Copying a Domain installed SAP System to Local Installed SAP System.
My questions are,
1. Even though I am fairly confident, the export was a success, Can I use the existing database setup, since
it is on the same server?
2. If I have to uninstall the existing system, it is my understanding that I would install the central instance as
a local installation and restore the db, How do I restore database for Oracle? I have looked for a relevant doc,
unsuccessfully.
3. The issue that I am working on with SAP's support, is related to webservices, where in we are trying to call
an external webservice from SAP, I am a little skeptical, if the functionality would remain the same after a local
installation, can somebody shed some light on this as well?
Thanks,
VishnuHi dude!
To answer to the main question here: you are right, the supported method to change a domain (and this would include a change from domain to local installation or vice-versa) is, as you already know, to perform a system copy ( homogeneous system copy if the platform remains unchanged under the conditions of [note 547314|https://service.sap.com/sap/support/notes/547314]). You can refer to [SAP note 1233320|https://service.sap.com/sap/support/notes/1233320] to get further details.
However, let me explain that an export with R3trans is not necessary if the system copy is an homogeneous one. Using a database-specific procedure (e.g. attaching the MS SQL Server database files to another SQL Server engine) is faster by far. You can search for notes on the suitable procedure specific for your database (these will be in the component BC-DB-*, e.g. BC-DB-ORA for Oracle databases). Suggestion: look for "system copy" or "database copy" in the BC-DB-ORA component for your particular case.
In order to get further information on all this, please check [System Copy and Migration homepage on the SAP Developer Network (SDN)|System Copy and Migration]. In that page you will find also a direct link to the [Installation Guides|http://service.sap.com/instguidesnw]; the link is referred as System Copy Guides, from which you should follow your SAP release (e.g. SAP NetWeaver 7.0 (2004s)), then press the link plan and install (under the Installation section)
and finally, navigate to the section in which the PDF System Copy guides are (in this example, press 2 - Installation - SAP NetWeaver Systems to display the guides, and download e.g. the +System Copy for SAP Systems Based on NW 7.0 SR3 ABAP + Java+).
If you read the System Copy PDF document very carefully and do not dismiss to check the referred notes, this will be as easy as a pie!
Cheers!! -
Binding Mac OS X to Active Directory Domain
Question 1:
I've just binding a Mac (Windows File Service) to a W2K3 Domain controller. After that I will configure the Mac share point using W2K3 Domain's account. From Mac Workgroup Manager I can't find the Active Directory account, the opposite from W2K3 Explorer I can't adding Active Directory users or groups to Mac sharing object. Do I missed some steps for Active Directory Binding?
Question 2:
Why I can't unbind my Mac (Windows File Service) from W2K3 Active Directory clearly? I should using Force Unbind, after that I cannot rebinding againt to that Active Directory. Is there any missing of my Mac component or driver?thought I might add...
i keep getting folders in Trash aswell named recovered, there are a couple of them. I think this may be if the machine is dropping off the network. (but not sure)
different models Mac OS X (10.4.8) -
IWeb, Dot Mac, family packs... and Domain names???
I'm a volunteer involved with recreational trails and historical preservation organizations in a rural area. I've been talking with the leadership of these (not-well-funded) organizations for some time about the benefits of establishing web sites for each organization. (Publicizing accomplishments, generating awareness of issues, soliciting support, improving communication, etc.)
Prior to the recent MacWorld SF Expo, I was looking (very warily) at some of the pay-services out there where you can pay so much a month (or a year) for a web-hosting service which would supposedly offer a domain name of choice, server space, and other services. Of course, with this I would have to learn how to use a web design app like GoLive CS or DreamWeaver MX. I'm not opposed to that. Web-based tutorial services like Lynda.com make it more possible than ever before. Still, I was wary about getting my "bang for the buck"; the combination of my time and the hard-won funding of these organizations resulted in wavering enthusiasm.
Along comes Apple's iLife 2006 and the offering of a new Dot Mac Family Pack. Looking over the possibilities, there's something to be said for combining iLife '06 with a Dot Mac Family Pack. If Steve Jobs' hype is to be believed, I could put up nice little web-sites for a decent price and have all kinds of technological possibilities for the future. (If anyone wants to post a podcast, it can be done. Posting pictures of volunteer work and developing issues can be a major breakthrough for awareness and support.)
I'm still concerned about some lingering issues, though. Some of these other web-hosting services offer the means of securing and using your own domain name (i.e., your-organization.org) for a web-site URL and even several e-mail addresses using that same domain name. Still, if I split a Dot Mac Family Pack five ways, that's $36 per site. That's quite a savings over $100+ per year per site that these hosting services were asking. How tough is it to get a domain name, and how much does it cost?Walt,
Getting a domain name is easy enough, as long as you can come up with one that isn't already taken. You can secure a domain name on sites like GoDaddy.com for less than $10 a year, and it gets cheaper as you secure it for more years at a time. GoDaddy also offers free domain forwarding, meaning: you can have your www.brandnewdomainname.com point to your .Mac url (which will read something complex like http://web.mac.com/username/iWeb/somethingorother). If you don't want the complex .Mac url to show in the browser's address field when people visit your page, GoDaddy will mask it for you for free too. Then, it will just say www.brandnewdomainname.com on every page on that site. If you want each page on each of your sites to have its own easy url, say www.brandnewdomainname.com/about or www.brandnewdomainname.com/contact, you'll have to host with GoDaddy or some other site and pay the price.
If you decide to go with the iLife 06/.Mac combo, the family pack may not be the best thing for you. Have a look at this .Mac page:
http://www.mac.com/1/currencytable.html
For $20 more, you can get twice the server space (4GB), and I think that also includes a lot more bandwidth per month than the family pack, but I am not sure about that. For $30 less, you have the same amount of space as the family pack. What you don't have is the 4 additional e-mail addresses. You can purchase those separately for $10 a year, or, you can use up to 5 free e-mail aliases per account. The drawback to aliases is that messages sent to them will all end up in the main account's inbox, which may or may not work for you --perhaps only if all the e-mails are intended for the webmaster and that is you for all these sites. Of course, you could always list individual non-.Mac e-mail addresses on a contact page, and probably turn them into hyperlinks so that if people click on them, their e-mail app will open a new e-mail addressed to that person. May not be the most elegant way to do it, but if you're trying to save money, maybe it's good enough.
With a regular (non-family pack) .Mac account, you also are not forced to split your server space five ways evenly -- you can host as many sites on one .Mac account as your server space will allow. The main headache for you will be the urls to each individual page of all these sites. If you are picky about them and what exactly they look like, .Mac may not be your thing. Not yet at least. It has the ease of use, but you pay for that in other ways. There's always a trade-off...
Hope that helps a little. -
Mobile Account on Second Partition - Mac with AD Bind
We've recently started binding our Macs into Active Directory and are using our associates' network credentials to login. Our Macs are setup with two partitions - one for the OS and Apps and one for the associates home folders. A modified MCX setting creates a home folder on the secondary partition the first time they login.
My problem is that the associate accounts appear as "External" instead of "Mobile" in System Preferences and our preference would be that the accounts remain "Mobile". If I let the MCX settings create the Mobile account on the OS partition in /Users, it stays a Mobile account. From there we can manually move the home folder and point the account to the secondary partition and it remains a Mobile account.
So I'm looking for advice on deploying a home folder to a secondary partition and having it appear as "Mobile" rather than "External". Thanks!That just the way it is.....
-
Using existing .Mac pages in iWeb to personal domain
I've tried to find a way to take my existing .Mac pages and move them to my new domain. I made these pages way back when .Mac first started. Does anyone know if it's possible to bring in your existing .Mac pages, then change them to a personal domain?
Message was edited by: PupCan't be done, as iWeb cannot import anything.
If you have a MobileMe account, then it should be possible to move your homepage and place it in the Sites folder on your iDisk. -
BIND appends my domain to remote host names when querying
I'm running BIND v9.3.0 on Solaris 8.
All the zone files, named.conf, resolv.conf etc seem to be properly
configured.
I get normal name resolution for hosts located inside my v-lan.
Sendmail works inside my v-lan.
However, when I try to hit an internet site outside of my v-lan it
won't resolv.
So, setting nslookup to debug mode, I did a lookup of a remote host.
The result is that, when my local dns is queried, the host name alone
is used, like its supposed to
i.e.
;;res_nmkquery(QUERY, hostname, IN A)
This is a remote host so, obviously, my DNS has no record of it, so it
tries the remote server. This is where the problem comes in. When
the remote server is queried, my domain gets appended to the host
name:
i.e.
;;res_nmkquery(QUERY, hostname.MYDOMAIN, IN A)
Since the host does not reside in my domain, obviously this fully
qualified domain name will never resolve because it isn't correct.
How do I make it stop????!!!!!I notice the following error logs in server :
EXCH.xxxx.org.xx in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default Frontend EXCH with a FQDN parameter of EXCH.xxxx.org.xx. If the connector's FQDN is not specified, the computer's
FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft
Exchange Transport service has access to the certificate key.
What this issues,
Maybe you are looking for
-
ITunes. exe - Corrupt file message run chkdsk..
What is a chkdsk utility? How do I get to it?
-
Getting errors when creating physical standby.
Hello All, i am getting following error when i creating a physical standby for production, i used below command to do it duplicate target database to standby dorecover; after some time it throwed this error. Oracle Error: ORA-01547: warning: RECOVER
-
Problem with reurn link to page.in IE but works fine in Firefox
Here is the site..almost ready for publication http://www.matriley.com/glensite/index.html 1) Go to properties for sale 2)Choose a suberb 3)click on a property with a video 4) watch the crazy video if you like 5) Click go back to properties ^) Yes th
-
Audio Meters "peak indicator" gets stuck after prolonged use of Premiere Pro CC.
Does anyone else have this issue? After using Premiere for a while (maybe an hour or so straight) the audio meters peak indicator will not reset when you start/stop. What do I mean? If your audio level peaks or goes into the red, it stays there like
-
Tiles and run-time expressions
I use an in-house developed library similar to Struts Tiles. Consider this line <put name='header' value='header.jsp'/>. At run-time it will send header.jsp to web browser. I need to select a specific .jsp using a flag like <put name='header' value='