Let XP Join Your Tiger Domain

I’ve had a number of people ask me what the problem is with XP machines joining a Windows domain that is hosted on an OS X Tiger-based PDC. Personally, I never ran into any problems…until now.

I set up a test machine running OS X Server 10.4, and immediately got it up to 10.4.1. I made it an OD master, got Kerberos running, and set up Windows services. Tried to join my test XP box (read: game machine) to the domain. I immeditely got rejected: “Windows can’t find the SRV record for the domain radiotope.com…”.

After some quick packet traces and studying, here’s what’s going on:

Win2K boxes really want to join an AD domain. So bad do they want this, that they ask for the DNS SRV records first. If your Samba Windows domain name is the same as your DNS domain, this fails, and that’s the end. When handed a ‘real’ domain name (something with a registered TLD), XP will search for SRV records in DNS.

On the other hand, if your Windows domain name is different than your DNS name, you’re golden: Windows can’t find the domain and it falls back to using NetBIOS to figure everything out (which, incidentally, Samba excels at).

In the first scenario, you could add all of the SRV records to DNS yourself, but that’s really a bit of a pain. Plus, you can’t add SRV records through Apple’s Server Admin software. The second scenario just works. It would be really nice if upon failing to find the proper SRV records Windows would fall back to the old-style lookups. Is that too much to ask?

So, to get this working, if your DNS domain is “example.com” do not name your Windows domain “example.com”. Name it “EXAMPLE” and watch Win2K boxes join with no problem.

Of course, this is not an ideal solution, and Apple could help out by building in the SRV records for us. In reality, we’re going to have to deal with this at some point since pure NT-style domains are going the way of the Dodo.

So - what’s your Windows Domain Name?