Joining AD domain fails: "Failed to set servicePrincipalNames.
[...] Type or value exists"
Kurt Pfeifle
kurt.pfeifle at infotec.com
Fri Jun 22 15:20:29 GMT 2007
Hi, list,
I'm having a problem to join a current Debian Sid/unstable system
(running Samba 3.0.25a) to an AD domain (where the DC is a Windows
2003 Server with SP2):
-----------------------------------------------------------------
root at pdfserver:/etc/samba# net ads join -W infotecsys.de -S dc -U Administrator
Administrator's password:
Using short domain name -- INFOTECSYS
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'PDFMAKER' in realm 'INFOTECSYS.DE'
Failed to join domain: Type or value exists
-----------------------------------------------------------------
The "kinit"-command had returned without any error message:
root at pdfserver:/etc/samba# kinit Administrator at INFOTECSYS.DE
Password for Administrator at INFOTECSYS.DE:
I can't see what is wrong, and my Google search did not turn up any
working cure. Here are the bits from my configurations which may be
important:
-----------------------------------------------------------------
root at pdfserver:/etc/samba# hostname -f
pdfserver.infotecsys.de
-----------------------------------------------------------------
root at pdfserver:/etc/samba# hostname -s
pdfserver
-----------------------------------------------------------------
root at pdfserver:/etc/samba# hostname
pdfserver.infotecsys.de
-----------------------------------------------------------------
root at pdfserver:/etc/samba# nslookup dc.infotecsys.de
Server: 10.162.2.3
Address: 10.162.2.3#53
Name: dc.infotecsys.de
Address: 10.162.2.3
-----------------------------------------------------------------
root at pdfserver:/etc/samba# nslookup 10.162.2.3
Server: 10.162.2.3
Address: 10.162.2.3#53
3.2.162.10.in-addr.arpa name = dc.infotecsys.de.
-----------------------------------------------------------------
root at pdfserver:/etc/pam.d# host 10.162.2.3
Name: dc.infotecsys.de
Address: 10.162.2.3
Aliases: dc
-----------------------------------------------------------------
root at pdfserver:/etc/samba# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at INFOTECSYS.DE
Valid starting Expires Service principal
06/22/07 14:00:43 06/23/07 00:00:46 krbtgt/INFOTECSYS.DE at INFOTECSYS.DE
renew until 06/23/07 14:00:43
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
-----------------------------------------------------------------
root at pdfserver:/etc/samba# head -n 7 smb.conf
[global]
realm = INFOTECSYS.DE
security = ADS
workgroup = INFOTECSYS
password server = dc.infotecsys.de
netbios name = PDFMAKER
server string = %h
-----------------------------------------------------------------
root at pdfserver:/etc/samba# head -n 7 /etc/krb5.conf
[libdefaults]
default_realm = INFOTECSYS.DE
[realms]
INFOTECSYS.DE = {
kdc = dc.infotecsys.de
admin_server = dc.infotecsys.de
}
-----------------------------------------------------------------
root at pdfserver:/etc/samba# head -n 3 /etc/hosts
10.162.7.11 pdfserver.infotecsys.de pdfserver
127.0.0.1 localhost
10.162.2.3 dc.infotecsys.de dc
-----------------------------------------------------------------
root at pdfserver:/etc/samba# cat /etc/resolv.conf
search infotecsys.de infotec.de
nameserver 10.162.2.3
-----------------------------------------------------------------
* Samba packages are versioned 3.0.25a-1
* krb5 (MIT) packages are versioned 1.6.dfsg.1-4
* The ADS DC is a Windows 2003 Server with Service Pack 2
Does anybody see some obvious config problem?
(And 2 bonus questions: what does the message "Type or value exists"
try to tell me? Does the response from the "klist" command ["You have
no tickets cached"] indicate any potential problem?)
Thanks in advance for looking into this!
Kurt
---
Infotec Deutschland GmbH
Hedelfingerstrasse 58
D-70327 Stuttgart
Telefon +49 711 4017-0, Fax +49 711 4017-5752
www.infotec.com
Geschaeftsfuehrer: Elmar Karl Josef Wanderer, Frank Grosch, Heinz-Josef Jansen
Sitz der Gesellschaft: Stuttgart, Handelsregister HRB Stuttgart 20398
Der Inhalt dieser E-Mail ist vertraulich und ist nur für den Empfänger bestimmt. Falls Sie nicht der angegebene Empfänger sind oder falls diese E-Mail irrtümlich an Sie adressiert wurde, verständigen Sie bitte den Absender sofort und löschen Sie die E-Mail sodann. Das unerlaubte Veröffentlichen, Kopieren sowie die unbefugte Übermittlung komplett oder in Teilen sind nicht gestattet.Private Ansichten und Meinungen sind, wenn nicht ausdrücklich erklärt, die des Autors und nicht die der Infotec Deutschland GmbH oder deren verantwortliche Direktoren und Angestellte. Eine Haftung für Schäden oder Verlust von Daten durch den Gebrauch dieser Email oder deren Anhänge wird ausgeschlossen.
Weitere Informationen erhalten Sie im Internet unter www.infotec.com oder in jeder Infotec Niederlassung.
This E-Mail is for the exclusive use of the recipient and may contain information which is confidential. Any disclosure, distribution or copying of this communication, in whole or in part, is not permitted. Any views or opinions presented are those of the author and (unless otherwise specifically stated) do not represent those of Infotec Deutschland GmbH or their directors or officers; none of whom are responsible for any reliance placed on the information contained herein. Although reasonable precautions have been taken to ensure that no viruses are present, all liability is excluded for any loss or damage arising from the use of this email or attachments.
For further information please see our website at www.infotec.com or refer to any Infotec office.
More information about the samba-technical
mailing list