Announcement

Collapse
No announcement yet.

Windows 2000 Domain controller authentication

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Windows 2000 Domain controller authentication

    I work at a university it dept where windows 2000 isn't yet supported (unless you're a prof and scream a lot).
    Sooner or later someone will ask me help with setting up a windows 2000 domain controller. So looking forward I install windows 2000 server as a domain controller so see whats what.
    The only problem I have during setup is that the machine wants to register itself in the dns which our network doesn't cater for. If it tries the unix server will reject this request. I so told it not to do this. The next question was the type of authentican I wanted either just a win2k network or a mixed network and I chose mixed as theres one win98 machine and a nt4 as well as w2k machine that I wish to put into the domain.
    I created a new domain let it chug away and rebooted when prompted. Windows 98 and NT connect happily to the domain but the win2k is still probably trying to do it now. I've gone home and left it just to see if it gives up by morning. I can then see the error logs.
    However I suspect that problem is to do with the type of authentician that windoze 2k uses. I say this because looking at the user manager the username is say for example jbloggs@shef.ac.uk if you look at the full description. This leads me back to the dns that it wanted to register in. I haven't set the dns server up as another dns server isn't permitted on our network (So I'm told).
    Has any else got experiance of win2k to win2k domain.
    The server has a fixed ip address with all the appropiate entries for wins etc. So what we've basically got is.

    Microsoft client
    microsoft file and print sharing
    tcp/ip

    The domain and computer name is unique so it isn't clashing with anything.
    Chief Lemon Buyer no more Linux sucks but not as much
    Weather nut and sad git.

    My Weather Page
    Tags: None
  • #2
    W2K AD requires the dynamic host update RFC in your DNS server. The W2K DNS server implements this RFC. You would need to upgrade your existing DNS servers since they won't let you install your own.
    <TABLE BGCOLOR=Red><TR><TD><Font-weight="+1"><font COLOR=Black>The world just changed, Sep. 11, 2001</font></Font-weight></TR></TD></TABLE>

    Comment

    • #3
      Not much point looking in the logs. Thanks for the info. I sense trouble ahead.
      I think a friend of my decided to play a joke on me as when I came back to the machine this morning it had booted to the network and although I had administrator privilges I couldn't take it out of the domain or change any of the networking components user names or passwords. Grr.
      Chief Lemon Buyer no more Linux sucks but not as much
      Weather nut and sad git.

      My Weather Page

      Comment

      • #4
        Around six months ago I implimented a Win2k AD network.
        Moved the company away from SBS & NT4 servers and went totally Win2k (except for a few LINUX servers)
        If there is one thing I learnt during the whole process it's how important DNS is.
        Without a correctly functioning DNS server you have so many problems, things will just never work.
        It's ironic that MS have suddenly embrassed DNS after forcing WINS on us for so long.
        Why wont your guys let you install another DNS server?
        If it's just for testing, then install it onto one of the Win2k DC's.
        In all honesty your network people need never know, it's not as if a DNS server broadcasts itself.
        Also, as none of the workstations will know about it they wont start trying to use it for name resolution.
        It cost one penny to cross, or one hundred gold pieces if you had a billygoat.
        Trolls might not be quick thinkers but they don't forget in a hurry, either

        Comment

        • #5
          Offically I ain't supposed to go anywhere near win2k so I'm just working on my own. I know sometime in the near future some prof will cause stink when they setup a domain and it doesn't work. I'll be then expected to sort it out without any training etc. At least I know the answer why plus the fact we ain't going to support the feature in the future.
          Apparently there a workaround this problem but I don't know how.
          Chief Lemon Buyer no more Linux sucks but not as much
          Weather nut and sad git.

          My Weather Page

          Comment

          • #6
            Pit,

            You will need to set up a dns server that supports registering srv records for the Active Dir., there is no way around it. Win2k looks in dns for Active Directory-servers (Domain controllers).If it's just for testing you could set one up on your DC, it will have no effect on the existing network/domain(s).

            If I undertand correctly you have already setup a win2k domain, so maybe your dc already has the dns service running on it. If not install it. The DC, member servers and clients in your Win2k domain should all have there dns server-entries pointing to your dc /dns server (as log as they are win2k machines, you don't need to do this for win98/ nt4 because they don't care about Active Directory).

            If your win2k clients use dhcp you can use the option to override the dns server assignment in the tcp/ip properties. To still be able to resolve dns names outside your own win2k domain you can try enabling dns forwarding on your dc/dns server. You probably don't even want to this but it should do the trick if you want to.


            As for mixed/native mode: For your purpose it's probably best to leave the domain in mixed mode. In mixed you can still add NT4 backup domain controllers (which I imagine you want to experiment with) and it may save you some log on troubles.

            It doesn't matter for your win98/ nt4 clients or members servers if you are running in mixed or native mode, just for NT4 bdc's. Native mode does have some extra features however, but probably none are really important to you.

            Win2k uses the Active Dir. to look up user names.But in turn to find the Active Dir. win2k uses dns.

            Comment

            • #7
              Erm.. forget about the dns forwarding remark, it may show up in log files or something. You obviously don't want that

              Grtz,
              Ed

              [This message has been edited by EdSki (edited 18 March 2001).]

              Comment

              • #8
                Edski thanks for the info but I'm leaving well alone now until the powers that be update our network. At least I know it won't work.
                One interesting side effect of the screwy authentication business is that I lost all "in effect" admin rights to my NT4 machine and my win2k machine.
                Although I was still down as admin according to machines concerned I couldn't create accounts or remove the machines from the domain or alter anything that needed admin rights. In the end I had re-install both machines from scratch.
                Chief Lemon Buyer no more Linux sucks but not as much
                Weather nut and sad git.

                My Weather Page

                Comment

                Previous template Next
                Working...
                X