Hi,
Anyone have any idea to the problem below? Sorry if its already been answered.
Cheers
Ian
On 9/11/07, Ian <barnracoon@gmail.com> wrote:> Hi,
>
> I am trying to join my FreeBSD machine to an AD domain and keep
> getting the following error when joining the domain using samba 3.0.24
> :
>
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> Disabled account for 'S058002' in realm 'DS1.AD.DOMAIN.COM'
>
> According to the AD guys the account is not disabled. Here is my smb.conf
>
> [global]
> winbind separator=+
> winbind cache time=10
> workgroup=DOMAIN
> realm=DS1.AD.DOMAIN.COM
> security=ads
> winbind uid=10000-20000
> winbind gid=10000-20000
> winbind use default domain=yes
> client ntlmv2 auth=yes
>
> I am joining the domain with the following command:
> /usr/local/bin/net ads join -S hostname.domain.com -w DOMAIN -U
> username%password and thats what produces the error above.
>
> A couple of things regarding this that may or may not help.
> 1.) I am using this exact same setup on another machine that is
> running Samba (except that ones version is 3.0.21b) and it works
> there.
> 2.) The full hostname is not resolvable if you do an nslookup on both
> machines, even though the older version connects fine.
> 3.) I am using kerberos if that makes a difference - although it
> issues me the ticket just fine!
>
> Anyone have any ideas as to what could be wrong?
>
> Thanks
> Ian
>