[Samba] Failed to set servicePrincipalNames (driving me insane!)

Thu May 17 12:56:45 GMT 2007

Hi

I had a similar problem and adding

IP   FULLQUALLIFIEDHOSTNAME SHORTHOSTNAME

to /etc/hosts solves the problem in my case

see

https://bugzilla.samba.org/show_bug.cgi?id=4497

regards

Hansjörg


Dominic Marks schrieb:
> List,
>
> I've searched extensively on this issue and I understand that it is
> related to having an incorrectly set hostname. The problem is I have made
> the changes and I still cannot get one specific machine to join to AD.
>
> I have successfully used the process on six other hosts with no issues.
>
> Some information:
>
> LON01330# hostname
> LON01330.COMPANY.NET
>
> ==============================
>
> LON01330# cat /etc/krb5.conf
> [libdefaults]
>         default_realm = COMPANY.NET
>
> [realms]
> COMPANY.NET = {
>         kdc = tcp/dc.company.net
>         admin_server = tcp/dc.company.net
>
> ==============================
>
> Kerberos is working.
>
> LON01330# klist
> Credentials cache: FILE:/tmp/krb5cc_0
>         Principal: USER at COMPANY.NET
>
>   Issued           Expires          Principal
> May 17 09:50:43  May 17 19:50:43  krbtgt/COMPANY.NET at COMPANY.NET
>
> ==============================
>
> There is nothing in my hosts file:
>
> LON01330# grep -e '^[^#]' /etc/hosts
> ::1                     localhost localhost.my.domain
> 127.0.0.1               localhost localhost.my.domain
>
> ==============================
>
> LON01330# cat /usr/local/etc/smb.conf
> [global]
>    workgroup = COMPANY
>    realm = COMPANY.NET
>    netbios name = LON01330
>    security = ADS
>    allow trusted domains = yes
>    idmap uid = 3000-30000
>    idmap gid = 3000-30000
>    template homedir = /home/%D/%U
>    template shell = /bin/tcsh
>    winbind cache time = 3600
>    winbind separator = +
>    winbind nested groups = yes
>    client use spnego = yes
>    domain master = no
>    password server = dc.company.net
>    syslog = 1
>    syslog only = yes
>    log level = 1
>    socket options = TCP_NODELAY
>
> ==============================
>
> The user account I am using is not a Domain Administrator, but has
> sufficient rights to add Computers to AD. I have used the same account for
> many other Computer accounts (Windows & UNIX) with no problems. I am
> forward-creating the Computer account in the appropriate OU prior to
> executing 'net ads join [...]'.
>
> Something *must* be different to the other systems that work, but I cannot
> see what it might be. Is there something else I can do which will give
> more specific information on the problem?
>
> PS>>
>
> This system was happily connected to 'Domain A' prior to this, and I am
> attempting to move it to 'Domain B'. For a while there was a trust
> relationship between them and I was logging on to 'Domain B' successfully
> although my DC was in 'Domain A'. Now the trust is gone and I can't join
> to 'Domain B' at all.
>
> Thanks
> Dominic
>