samba - Jul 2006 - Failed to set servicePrincipalNames (Samba+Solaris 10+NISplus+ADS+DNS)

When joining our Solaris 10 Samba 3.0.23 system to ADS via...

# /usr/local/samba/bin/net ads join -U Administrator
Administrator's password:

Using short domain name -- ULS
Failed to set servicePrincipalNames. Only NTLM authentication will be 
possible.
Please ensure that the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Joined 'KRAKEN' to realm 'ULS.NT.PITT.EDU'


Our Unix system FQDNS name is kraken.library.pitt.edu
Our Windows ADS realm is ULS.NT.PITT.EDU.
Our Active Directory DNS Tree starts at NT.PITT.EDU as we (Pitt) did not 
want to integrate the existing DNS tree with the Active Directory DNS 
Tree. An Option that is defined by Microsoft.

We can not put our UNIX system under the Active Directory Tree as it 
exists in a Solaris NIS+ configuration where the other UNIX systems are 
located in the library.pitt.edu DNS Tree.

Thus neither setting the DNS domain to the AD domain or vise versa is 
possible. 

My question is - given this setup what problems will we run into?

Thanks for any info.

Brian Gregg.

 -- 
 
+--------------------------------+------------------------------+
| Brian D. Gregg                 |                              |
| Systems Analyst                |                              |
| University Library System      |                              |
| University of Pittsburgh       |    e-mail:  bdgregg@pitt.edu |
| 7500 Thomas Blvd.              |     voice:      412-244-7507 |
| Pittsburgh, PA 15208           |       fax:      412-244-7515 |
+--------------------------------+------------------------------+
| Member:                                                       |
| ASNP - Association of Storage Networking Professionals        |
+---------------------------------------------------------------+

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian,
> # /usr/local/samba/bin/net ads join -U Administrator
> Administrator's password:
> 
> Using short domain name -- ULS
> Failed to set servicePrincipalNames. Only NTLM authentication 
> will be possible.
> Please ensure that the DNS domain of this server matches 
> the AD domain, Or rejoin with using Domain Admin credentials.
> Joined 'KRAKEN' to realm 'ULS.NT.PITT.EDU'
>  
> Our Unix system FQDNS name is kraken.library.pitt.edu
> Our Windows ADS realm is ULS.NT.PITT.EDU.
> Our Active Directory DNS Tree starts at NT.PITT.EDU as 
> we (Pitt) did not want to integrate the existing DNS
> tree with the Active Directory DNS Tree. An Option
> that is defined by Microsoft.
> 
> We can not put our UNIX system under the Active Directory 
> Tree as it exists in a Solaris NIS+ configuration where
> the other UNIX systems are located in the library.pitt.edu DNS
> Tree.
> 
> Thus neither setting the DNS domain to the AD domain 
> or vise versa is possible.  My question is - given this
> setup what problems will we run into?
Please send me a level 10 debug log from 'net ads join'.
You should be able to do this as a Domain Admin.
And please make sure that your /etc/hosts is not broken.





cheers, jerry
====================================================================Samba       
------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEwC8MIR7qMdg1EfYRAsLrAKCTe0ltb1r+h14i3Xz7DxWPr/4ejwCeL6Gr
WbDrAHMvCgI3hum3q8smu9w=DaC3
-----END PGP SIGNATURE-----