problem with dns, kerberos, homedirectories

A

admiondemand

Registered
hi everybody,
after days of trial-and-error maybe somebody here can help. this forum has helped me a lot, but maybe i am cross-eyed right now. and yes, i searched the forums and read everything i found.

situation:
OS: MAC OS X server 10.3.8 on G5
various clients, all of them OSX 10.3.8 except one PC

i want to be able to automount the home- and groupdirectories, via nfs if possible. kerberos is not yet running. i understand that kerberos relies on a flwless dns configuration.

i set up a local domain named laeis on the server.

/var/named/1.168.192.in-addr.arpa.zone
Code: 
$TTL 86400
1.168.192.in-addr.arpa. SOA     server1.laeis.  admin.laeis.    ( 
        2005032305      ;serial
        3h              ;refresh
        1h              ;retry
        1w              ;expiry
        1h      )       ;minimum
1.168.192.in-addr.arpa.         IN      NS      server1.laeis.  
1                               IN      PTR     router.laeis    
3                               IN      PTR     server1.laeis   
4                               IN      PTR     server2.laeis   
101                             IN      PTR     mac01.laeis     
102                             IN      PTR     mac02.laeis     
103                             IN      PTR     mac03.laeis     
104                             IN      PTR     mac04.laeis     
105                             IN      PTR     mac05.laeis     
106                             IN      PTR     mac06.laeis     
107                             IN      PTR     mac07.laeis     
108                             IN      PTR     mac08.laeis     
109                             IN      PTR     mac09.laeis     
110                             IN      PTR     mac10.laeis     
111                             IN      PTR     mac11.laeis     
201                             IN      PTR     pc01.laeis



/var/named/laeis.zone
Code: 
$TTL 86400
laeis.  SOA     server1.laeis.  admin.laeis.    ( 
        2005032305      ;    serial
                3h      ;    refresh
                1h      ;    retry
                1w      ;    expiry
                1h       ) ;    minimum
laeis.          IN      NS      server1.laeis.
router          IN      A       192.168.1.1
server1         IN      A       192.168.1.3
server2         IN      A       192.168.1.4
mac01           IN      A       192.168.1.101
mac02           IN      A       192.168.1.102
mac03           IN      A       192.168.1.103
mac04           IN      A       192.168.1.104
mac05           IN      A       192.168.1.105
mac06           IN      A       192.168.1.106
mac07           IN      A       192.168.1.107
mac08           IN      A       192.168.1.108
mac09           IN      A       192.168.1.109
mac10           IN      A       192.168.1.110
mac11           IN      A       192.168.1.111
pc01            IN      A       192.168.1.201


first thing that makes me wonder is: if i launch the workgroup manager, the titlebar reads
Code: 
workgroup manager: server1.laeis.1.168.192.in-addr.arpa


also if i ssh the server i get the following warning before connecting:
Code: 
reverse mapping checking getaddrinfo for server1.laeis.1.168.192.in-addr.arpa failed - POSSIBLE BREAKIN ATTEMPT!



that looks like non-working reverse mapping to me, right?

pleas check my dns setting above and tell me if i overlooked a dot or two!

thanks in advance!
 
Yeah, the last part is your reverse mapping failing. You can see how your DNS is being resolved by using the host command in the terminal:

host 192.168.1.1
host mac1

Both will resolve back and forth for you. I'll take a closer look at this a bit later for you, but why NFS sharing? Its the least secure of all the methods. If you have macs, why not use AFP and then SMB for your one win client?
 
nfs because we have a 10 client version here and i have 11 macs. tendency is there will be no more macs, so 500 bucks for one license? sounds pretty expensive to me.

i know if i share users and groups folders via nfs this limit does not apply.

if all fails we will connect via afp anyway.
 
Code: 
mac11:~ admin$ host 192.168.1.3
3.1.168.192.in-addr.arpa domain name pointer server1.laeis.1.168.192.in-addr.arpa.
mac11:~ admin$ host server1    
server1.laeis has address 192.168.1.3
 
Code: 
$TTL 86400
1.168.192.in-addr.arpa. SOA     server1.laeis.  admin.laeis.    (
2005032307      ; serial
        3h      ; refresh
        1h      ; retry
        1w      ; expiry
        1h       ) ; minimum
1.168.192.in-addr.arpa. IN      NS      server1.laeis.
1                       IN      PTR     router.laeis.
3                       IN      PTR     server1.laeis.
4                       IN      PTR     server2.laeis.
101                     IN      PTR     mac01.laeis.
102                     IN      PTR     mac02.laeis.
103                     IN      PTR     mac03.laeis.
104                     IN      PTR     mac04.laeis.
105                     IN      PTR     mac05.laeis.
106                     IN      PTR     mac06.laeis.
107                     IN      PTR     mac07.laeis.
108                     IN      PTR     mac08.laeis.
109                     IN      PTR     mac09.laeis.
110                     IN      PTR     mac10.laeis.
111                     IN      PTR     mac11.laeis.
201                     IN      PTR     pc01.laeis.

please note the trailing dots.
the output of command host changed:
Code: 
server1:~ admin$ host 192.168.1.3
3.1.168.192.in-addr.arpa domain name pointer server1.laeis.

alas, kdc-service is still stopped. ssh still outputs same warning message. WGM still shows funny hostname in titlebar.

going to dig the net for local cache flushing, maybe restart the client?
 
You must log in or register to reply here.
Back
Top