[Samba] Failed to join domain: failed to set machine spn: Constraint violation

Mon Dec 15 17:41:20 GMT 2008

Hey Jerry,

I'm aware of that.  Due the restrictions placed within our AD environment, even users who have access to create computer objects don't have access to update the SPN or the host DNS name (AD record).

Additionally, my point was more; would it be possible to turn off the DNS update process by means of flag, rather than compile time option.

Regards,
Alex

-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Sent: 15 December 2008 16:50
To: Alex Green
Cc: Guenther Deschner; samba at lists.samba.org
Subject: Re: [Samba] Failed to join domain: failed to set machine spn: Constraint violation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Green wrote:
> Found the issue:
>
> Validate Write for DNS and SPN were not set.
>
> However it now fails on DNS Update; I'm presuming
> this is because we're not using AD Integrated DNS (MS-DNS).
> Could this not be an option flag to disable DNS updates
> in this scenario?

Those attributes and perms have nothing to do with DNS.  You
need full access rights to the computer object to join a machine
with a DNS name outside of the AD realm name.  That's what the
"validated write" means.

cheers, jerry
- --
=====================================================================
Samba                                    ------- http://www.samba.org
Likewise Software          ---------  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJRoS5IR7qMdg1EfYRAq/nAKDa3GwgMI1SzbyuU6UBAKR/r2X/7ACdFAaj
Y5yzmHfOBD89pu0YXA5Y3fg=
=J1Lb
-----END PGP SIGNATURE-----