[Samba] Re: Error Joining a Domain

Doug VanLeuven roamdad at sonic.net
Sun Sep 16 12:25:49 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ian wrote:
> Hi,
> 
> Anyone have any idea to the problem below? Sorry if its already been answered.
> 
> Cheers
> Ian
> 
> On 9/11/07, Ian <barnracoon at gmail.com> wrote:
>> Hi,
>>
>> I am trying to join my FreeBSD machine to an AD domain and keep
>> getting the following error when joining the domain using samba 3.0.24
>> :
>>
>> Failed to set servicePrincipalNames. Please ensure that
>> the DNS domain of this server matches the AD domain,
>> Or rejoin with using Domain Admin credentials.
>> Disabled account for 'S058002' in realm 'DS1.AD.DOMAIN.COM'
>>
>> According to the AD guys the account is not disabled. Here is my smb.conf
>>
>> [global]
>> winbind separator=+
>> winbind cache time=10
>> workgroup=DOMAIN
>> realm=DS1.AD.DOMAIN.COM
>> security=ads
>> winbind uid=10000-20000
>> winbind gid=10000-20000
>> winbind use default domain=yes
>> client ntlmv2 auth=yes
>>
>> I am joining the domain with the following command:
>> /usr/local/bin/net ads join -S hostname.domain.com -w DOMAIN -U
>> username%password and thats what produces the error above.
>>
>> A couple of things regarding this that may or may not help.
>> 1.) I am using this exact same setup on another machine that is
>> running Samba (except that ones version is 3.0.21b) and it works
>> there.
>> 2.) The full hostname is not resolvable if you do an nslookup on both
>> machines, even though the older version connects fine.
>> 3.) I am using kerberos if that makes a difference - although it
>> issues me the ticket just fine!
>>
>> Anyone have any ideas as to what could be wrong?

Correctly resolving DNS records are becoming ever more critical to
proper operation of windows and cifs in general.  Been my experience if
DNS doesn't work all one has left is netbios name resolution from
broadcasts and wins, both of which are being phased out in preference to
DNS.  Make sure nslookup works.

/etc/resolv.conf - pointed at the right servers

A & PTR records for the machines in question.

Regards, Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFG7SDNFqWysr/jOHMRApyZAKDHKqInjEnn0zgio43613h/JxVVWACglC9l
beCIb6GqrwyrM9+9VRGZ92M=
=0fVL
-----END PGP SIGNATURE-----


More information about the samba mailing list