[Samba] Failed to set servicePrincipalNames (driving me insane!)

Dominic Marks dom at helenmarks.co.uk
Thu May 17 09:05:23 GMT 2007 

List,

I've searched extensively on this issue and I understand that it is
related to having an incorrectly set hostname. The problem is I have made
the changes and I still cannot get one specific machine to join to AD.

I have successfully used the process on six other hosts with no issues.

Some information:

LON01330# hostname
LON01330.COMPANY.NET

==============================

LON01330# cat /etc/krb5.conf
[libdefaults]
        default_realm = COMPANY.NET

[realms]
COMPANY.NET = {
        kdc = tcp/dc.company.net
        admin_server = tcp/dc.company.net

==============================

Kerberos is working.

LON01330# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: USER at COMPANY.NET

  Issued           Expires          Principal
May 17 09:50:43  May 17 19:50:43  krbtgt/COMPANY.NET at COMPANY.NET

==============================

There is nothing in my hosts file:

LON01330# grep -e '^[^#]' /etc/hosts
::1                     localhost localhost.my.domain
127.0.0.1               localhost localhost.my.domain

==============================

LON01330# cat /usr/local/etc/smb.conf
[global]
   workgroup = COMPANY
   realm = COMPANY.NET
   netbios name = LON01330
   security = ADS
   allow trusted domains = yes
   idmap uid = 3000-30000
   idmap gid = 3000-30000
   template homedir = /home/%D/%U
   template shell = /bin/tcsh
   winbind cache time = 3600
   winbind separator = +
   winbind nested groups = yes
   client use spnego = yes
   domain master = no
   password server = dc.company.net
   syslog = 1
   syslog only = yes
   log level = 1
   socket options = TCP_NODELAY

==============================

The user account I am using is not a Domain Administrator, but has
sufficient rights to add Computers to AD. I have used the same account for
many other Computer accounts (Windows & UNIX) with no problems. I am
forward-creating the Computer account in the appropriate OU prior to
executing 'net ads join [...]'.

Something *must* be different to the other systems that work, but I cannot
see what it might be. Is there something else I can do which will give
more specific information on the problem?

PS>>

This system was happily connected to 'Domain A' prior to this, and I am
attempting to move it to 'Domain B'. For a while there was a trust
relationship between them and I was logging on to 'Domain B' successfully
although my DC was in 'Domain A'. Now the trust is gone and I can't join
to 'Domain B' at all.

Thanks
Dominic

More information about the samba mailing list