[Samba] Unable to join domain: failed to set machine spn
John Mulligan
phlogistonjohn at asynchrono.us
Tue Apr 6 17:48:37 MDT 2010
Hi Samba mailing list,
I'm having trouble setting up samba as an AD member at a remote site.
While I've joined a few samba servers to AD before I'm getting the
following error message when I try to join this domain:
Failed to join domain: failed to set machine spn: Operations error
I am running samba version 3.4.5-0.47 on Fedora and the AD is on Windows
server 2003.
I'm not finding much with searching for this exact error condition,
except one old mailing list post [1]. I've run 'net ads join' with
debugging turned up, but nothing seemed relevant except for the
final error summary:
[2010/04/06 15:54:43, 3] libsmb/clikrb5.c:729(ads_krb5_mk_req)
ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2010/04/06 15:54:43, 10] libsmb/clikrb5.c:896(get_krb5_smb_session_key)
Got KRB5 session key of length 16
[2010/04/06 15:54:43, 1] libnet/libnet_join.c:1903(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'FBAR'
dns_domain_name : 'foobar.net'
forest_name : 'foobar.net'
dn : NULL
domain_sid : *
domain_sid : S-1-5-12-8483489348-1903232839-566522115
modified_config : 0x00 (0)
error_string : 'failed to set machine spn: Operations error'
domain_is_ad : 0x01 (1)
result : WERR_GENERAL_FAILURE
[2010/04/06 15:54:43, 10] intl/lang_tdb.c:138(lang_tdb_init)
lang_tdb_init: /usr/lib/samba/C.msg: No such file or directory
[2010/04/06 15:54:43, 2] utils/net.c:779(main)
return code = -1
Failed to join domain: failed to set machine spn: Operations error
Can anyone point me in the right direction? I'm not sure what
area to start looking at to debug this particualar error.
I've attached my config files, edited for privacy.
Thanks for your time,
John
[1] http://markmail.org/message/tcb6ib2ovqomxmqa
-------------- next part --------------
[global]
load printers = no
disable spoolss = yes
show add printer wizard = no
printing = BSD
printcap name = /dev/null
log level = 0
security = ads
realm = FOOBAR.NET
workgroup = FBAR
password server = MYAD1.FOOBAR.NET
idmap uid = 400000-800000
idmap gid = 400000-800000
idmap backend = rid
allow trusted domains = no
winbind enum groups = yes
winbind enum users = yes
[files]
path = /mnt/unity/now
comment = Public File Share
read only = no
browseable = yes
nt acl support = yes
map acl inherit = yes
delete readonly = yes
wide links = no
vfs objects = acl_xattr
inherit acls = yes
inherit permissions = yes
dos filemode = yes
-------------- next part --------------
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = FOOBAR.NET
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
FOOBAR.NET = {
kdc = myad1.foobar.net
default_domain = foobar.net
}
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
More information about the samba
mailing list