[Samba] Join a domain, Redhat 6, and servicePrincipalName

[Brandon Hume]

For a variety of reasons, our Redhat 6 boxes have primary DNS FQDNs that 
don't match our Win2008r2 AD deployment... the Linux boxes being in a 
variety of <hostname>.<subdomain>.<ourdomain> while the AD is 
ds.<ourdomain>.  This surprisingly doesn't cause us that much grief, so 
long as we're diligent about keeping our servicePrincipalNames 
maintained on the computer accounts in AD.

I'm working on a script, patterned after Sun's "adjoin.sh", that 
automatically register and join our Redhat boxes to the domain.  It 
creates the machine account via LDAP, and then joins the domain using 
"net ads join", and I let Samba generate the /etc/krb5.keytab.

Unfortunately, even if I pre-populate the servicePrincipalName when 
creating the machine account, "net ads join" will go in and replace it, 
putting in only the SPN corresponding to the domain and removing the 
HOST/<hostname>.<FQDN> already in there.  Is there any way to tell Samba 
to leave that alone, or to include some extra SPNs?  AD won't let me 
repair the SPNs afterward via LDAP calls.

Redhat 6 comes with Samba 3.5.6 by default, it seems.

As an alternative, I can "join" the machine to the domain myself, using 
kpasswd and ktutil to generate krb5.keytab.  How essential is it that 
Samba do it itself?  What "extras" get done?