[Samba] Failed to join domain: failed to set machine spn: Constraint violation

Mon Dec 15 18:31:53 GMT 2008

:)... it's this non-fatal error that our uses are getting confused about and it's this that I was asking for the cli option for...

-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Sent: 15 December 2008 18:16
To: Alex Green
Cc: samba at lists.samba.org
Subject: Re: [Samba] Failed to join domain: failed to set machine spn: Constraint violation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Green wrote:
> Hey Jerry,
>
> I'm aware of that.  Due the restrictions placed within our AD
> environment, even users who have access to create computer
> objects don't have access to update the SPN or the
> host DNS name (AD record).
>
> Additionally, my point was more; would it be possible to turn
> off the DNS update process by means of flag, rather than
> compile time option.

Youu confused me by saying "DNS update".  Assuming now you mean
just updating the dNSHostName and SPN attributes.  This is always
required in order to support Krb5 authentication.  This is exactly
what Windows XP does.

The DDNS update you are asking about (i.e. the--with-dnsupdate option)
has nothing to do with setting the attributes.  If the DDNS update fails,
it is not fatal.  You only get a warning.

cheers, jerry
- --
=====================================================================
Samba                                    ------- http://www.samba.org
Likewise Software          ---------  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJRp7FIR7qMdg1EfYRAp/rAKC5IVsTNBNzIxE62FL5QaYfqMKzWQCfQxW8
GxpmNokZm3stFwqgHrFiC8g=
=SEGF
-----END PGP SIGNATURE-----