samba - Sep 2006 - samba 3.0.23 integrating with Active Directory + Failed to set ServicePrincipalNames

Hi all

I have a linux server with RHEL 4.0 ES with Samba 3.0.23c . I am trying to
integrate it with our Windows 2003 Active directory.
our Windows domain is EXAMPLE.COM and netbios name of the server is
EXAMPLE. The hostname of our Active directory is lesl-dom.
when we are joining to the domain we are getting the following error.
##########################################################
[root@linuxads samba-3c]# /usr/local/samba-3c/bin/net ads join
-UAdministrator
Administrator's password:
Using short domain name -- EXAMPLE
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Disabled account for 'LINUXADS' in realm 'EXAMPLE.COM'
##########################################################

linuxads is the hostname of the linux machine where samba-3.0.23c is
installed.

my krb5.conf is
########################################################
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = EXAMPLE.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 EXAMPLE.COM = {
  kdc = 10.129.149.4
  admin_server = 10.129.149.4
  default_domain = EXAMPLE.COM
 }

 EXAMPLE.COM = {
kdc = 10.129.149.4
 }

[domain_realm]
 .example.com = EXAMPLE.COM
 .example.com = EXAMPLE.COM

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
############################################################

my smb.conf is
##########################################################
[global]
        workgroup = LOCUZHYD
        realm = LOCUZHYD.COM
        server string = Linux Additional Domain Controller
        security = ADS
        log level = 10
        log file = /usr/local/samba-3c/var/smbd.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        preferred master = No
        dns proxy = No
        template shell = /bin/bash
        cups options = raw

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No
##########################################################

please guide me

Regards
Niranjan

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/23/2006 10:54 AM, mallapadi niranjan escreveu:
> Hi all
> 
> I have a linux server with RHEL 4.0 ES with Samba 3.0.23c . I am trying to
> integrate it with our Windows 2003 Active directory.
> our Windows domain is EXAMPLE.COM and netbios name of the server is
> EXAMPLE. The hostname of our Active directory is lesl-dom.
> when we are joining to the domain we are getting the following error.
> ##########################################################
> [root@linuxads samba-3c]# /usr/local/samba-3c/bin/net ads join
> -UAdministrator
> Administrator's password:
> Using short domain name -- EXAMPLE
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> Disabled account for 'LINUXADS' in realm 'EXAMPLE.COM'
> ##########################################################
	So, the default question should be: "is your DNS
domain matching the AD domain"?

[...]


	Kind regards,

- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFInWfCj65ZxU4gPQRApBAAJ9ECKmlpWi6zUR9p3Io/r7XK9ThCACeI7ln
4g0SvZcZoe1ltDK8EZsFiBU=yLPj
-----END PGP SIGNATURE-----

I'm not sure if you've already had a response on this.. but I think I
might know the solution

I was having similar issues with getting samba (on my RHEL4 box) to
talk to my AD network. After lots of rechecking network settings and
hostname settings, I discovered that samba was throwing up the error
because the SMBD, NMBD and WINBINDD daemons were not running on the
redhat box. Once they were started, the machine connected straight
away, when I issued the "net ads join..." command

Hope that helps you out

PD

On 23/09/06, mallapadi niranjan <niranjan.ashok@gmail.com>
wrote:
> Hi all
>
> I have a linux server with RHEL 4.0 ES with Samba 3.0.23c . I am trying to
> integrate it with our Windows 2003 Active directory.
> our Windows domain is EXAMPLE.COM and netbios name of the server is
> EXAMPLE. The hostname of our Active directory is lesl-dom.
> when we are joining to the domain we are getting the following error.
> ##########################################################
> [root@linuxads samba-3c]# /usr/local/samba-3c/bin/net ads join
> -UAdministrator
> Administrator's password:
> Using short domain name -- EXAMPLE
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> Disabled account for 'LINUXADS' in realm 'EXAMPLE.COM'
> ##########################################################
>
> linuxads is the hostname of the linux machine where samba-3.0.23c is
> installed.
>
> my krb5.conf is
> ########################################################
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
>  default_realm = EXAMPLE.COM
>  dns_lookup_realm = false
>  dns_lookup_kdc = false
>  ticket_lifetime = 24h
>  forwardable = yes
>
> [realms]
>  EXAMPLE.COM = {
>   kdc = 10.129.149.4
>   admin_server = 10.129.149.4
>   default_domain = EXAMPLE.COM
>  }
>
>  EXAMPLE.COM = {
> kdc = 10.129.149.4
>  }
>
> [domain_realm]
>  .example.com = EXAMPLE.COM
>  .example.com = EXAMPLE.COM
>
> [kdc]
>  profile = /var/kerberos/krb5kdc/kdc.conf
>
> [appdefaults]
>  pam = {
>    debug = false
>    ticket_lifetime = 36000
>    renew_lifetime = 36000
>    forwardable = true
>    krb4_convert = false
>  }
> ############################################################
>
> my smb.conf is
> ##########################################################
> [global]
>         workgroup = LOCUZHYD
>         realm = LOCUZHYD.COM
>         server string = Linux Additional Domain Controller
>         security = ADS
>         log level = 10
>         log file = /usr/local/samba-3c/var/smbd.log
>         max log size = 50
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         printcap name = /etc/printcap
>         preferred master = No
>         dns proxy = No
>         template shell = /bin/bash
>         cups options = raw
>
> [homes]
>         comment = Home Directories
>         read only = No
>         browseable = No
>
> [printers]
>         comment = All Printers
>         path = /var/spool/samba
>         printable = Yes
>         browseable = No
> ##########################################################
>
> please guide me
>
> Regards
> Niranjan
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>