samba - Apr 2010 - Unable to join domain: failed to set machine spn

Hi Samba mailing list,

I'm having trouble setting up samba as an AD member at a remote site.
While I've joined a few samba servers to AD before I'm getting the
following error message when I try to join this domain:

  Failed to join domain: failed to set machine spn: Operations error


I am running samba version 3.4.5-0.47 on Fedora and the AD is on Windows
server 2003.
I'm not finding much with searching for this exact error condition,
except one old mailing list post [1]. I've run 'net ads join' with
debugging turned up, but nothing seemed relevant except for the
final error summary:


  [2010/04/06 15:54:43,  3] libsmb/clikrb5.c:729(ads_krb5_mk_req)
    ads_krb5_mk_req: server marked as OK to delegate to, building forwardable
TGT
  [2010/04/06 15:54:43, 10] libsmb/clikrb5.c:896(get_krb5_smb_session_key)
    Got KRB5 session key of length 16
  [2010/04/06 15:54:43,  1] libnet/libnet_join.c:1903(libnet_Join)
    libnet_Join:
        libnet_JoinCtx: struct libnet_JoinCtx
            out: struct libnet_JoinCtx
                account_name             : NULL
                netbios_domain_name      : 'FBAR'
                dns_domain_name          : 'foobar.net'
                forest_name              : 'foobar.net'
                dn                       : NULL
                domain_sid               : *
                    domain_sid               :
S-1-5-12-8483489348-1903232839-566522115
              modified_config          : 0x00 (0)
              error_string             : 'failed to set machine spn:
Operations error'
              domain_is_ad             : 0x01 (1)
              result                   : WERR_GENERAL_FAILURE
  [2010/04/06 15:54:43, 10] intl/lang_tdb.c:138(lang_tdb_init)
    lang_tdb_init: /usr/lib/samba/C.msg: No such file or directory
  [2010/04/06 15:54:43,  2] utils/net.c:779(main)
    return code = -1
  Failed to join domain: failed to set machine spn: Operations error


Can anyone point me in the right direction? I'm not sure what
area to start looking at to debug this particualar error.

I've attached my config files, edited for privacy.

Thanks for your time,

John


[1] http://markmail.org/message/tcb6ib2ovqomxmqa

-------------- next part --------------

[global]
    load printers = no
    disable spoolss = yes
    show add printer wizard = no
    printing = BSD
    printcap name = /dev/null
    log level = 0


    security = ads
    realm = FOOBAR.NET
    workgroup = FBAR
    password server = MYAD1.FOOBAR.NET

    idmap uid = 400000-800000
    idmap gid = 400000-800000
    idmap backend = rid
    allow trusted domains = no
    winbind enum groups = yes
    winbind enum users = yes


[files]
    path = /mnt/unity/now
    comment = Public File Share
    read only = no
    browseable = yes
    nt acl support = yes
    map acl inherit = yes
    delete readonly = yes
    wide links = no


    vfs objects = acl_xattr
    inherit acls = yes
    inherit permissions = yes
    dos filemode = yes

-------------- next part --------------

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = FOOBAR.NET
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 FOOBAR.NET = {
  
  kdc = myad1.foobar.net
  
  default_domain = foobar.net
 }

 EXAMPLE.COM = {
  kdc = kerberos.example.com:88
  admin_server = kerberos.example.com:749
  default_domain = example.com
 }

[domain_realm]
 .example.com = EXAMPLE.COM
 example.com = EXAMPLE.COM

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

On Tuesday 06 April 2010 19:48:37 John Mulligan wrote:
> Hi Samba mailing list,
> 
> I'm having trouble setting up samba as an AD member at a remote site.
> While I've joined a few samba servers to AD before I'm getting the
> following error message when I try to join this domain:
> 
>   Failed to join domain: failed to set machine spn: Operations error
> 
Hi again.  I'm just trying to bump my original message to hopefully see if 
anyone missed it the first time. I'm still stuck on this problem and
don't
know if I should concentrate on the samba side or the domain controller side 
of debugging this issue.

Thank you all for your time.