New User and AD Question
McNutt, Justin M.
McNuttJ at missouri.edu
Wed Mar 2 18:35:19 CET 2011
> Disjoint namespace is the term used if you have DNS names for windows
> active directory members which are anything other than:
>
> samaccountname.<AD domain>
>
> So, if you give your hosts DNS hostnames of:
>
> samaccountname.dept.<AD domain>
>
> ...this is a disjoint namespace. This is a supported configuration in
> principle - AD itself and most of the Microsoft tools work just fine -
> but in practice you'll find an awful lot of 3rd party stuff out there
> assumes that the AD domain starts at the first "." in the hostname, and
> will break if it doesn't.
>
> This makes me sad, since the underlying protocols at AD is built on
> (DNS, Kerberos, LDAP) have plenty of mechanisms for doing the mapping
> properly. They're just not used.
Okay. Fortunately, we're not doing that. "Missouri.edu" is not an AD domain. "Col.missouri.edu" however, is. So a dnps-caplap-4.col.missouri.edu is a computer named dnps-caplap-4 in the col.missouri.edu AD domain.
So the "first dot" assumption should work IF you take "col.missouri.edu" as the domain, rather than just "COL" (that which is between the first two dots).
--J
More information about the Freeradius-Users
mailing list