[Filmo]

I'm new at this.

We have Tiger Server 10.4.4 and I'd like to set up LDAP so that the various machine can log into the server and share files.

I can't figure it out even after reading the shitty PDF documentation. It seems like to use LDAP, you have to set up a Kerberos realm, but you can't use Kerberos unless you run your own DNS as near as I can tell. The DNS documentation pretty much says don't run DNS unless you're an expert at it.

I'm not a DNS expert. We're a small company and I'd prefer to continue to use the DNS provided by our ISP.

Is it possible to set up LDAP service while still using our ISP's DNS server for primary DNS services?

How do I go about setting up a Kerberos realm? It seems like without Kerberos you can't do all the snazzy single-signon stuff.

Our current setup is

DSL Modem-> Router-> Router assigns 192.186.x.x Addresses to all machines (performs DHCP and NAT).

The OSX Server is currently at 192.168.1.120. Other machines on the network are 192.168.1.100->175

We have only one OS X server to dedicate to all service. We can't break any services out onto a seperate box.

Any help appreciated, even if it's pointing me to other URLS.

I

[Angus_D]

It certainly is possible to set up Open Directory without running your own DNS. I don't know what you read that made you think otherwise.

Just enable Open Directory in Server Admin, making it a master server. Then you should be able to bind to it using Directory Access on other machines.

[JLL]

But Kerberos and LDAP needs a perfect DNS setup and a static IP address. It has to be able to make resolve the hostname, but you could probably use /etc/hosts.

It's no problem having an internal DNS for local servers and machines, and to use your ISP's DNS for external lookups you can make a forward zone in named.conf.

The first thing you learn about troubleshooting Open Directory setups is that 9 out of 10 errors are DNS related.