When trying to execute "net ads join", I was getting the following message: "Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials." A couple of tips to troubleshoot this problem: 1. Do a kinit username@KERBEROS.REALM so that you can get a ticket opened and not have to authenticate each time you try this. 2. Make sure that "hostname --fqdn" returns the same fully-qualified domain name as the account you're trying to add. 3. For me, I had a second line in /etc/hosts that was messing things up. 127.0.0.1 had the right samba1.domain.com name, but a secondary interface just had samba1. 4. add "-d 10" to the command line to print debugging information. I found the following line: name_to_fqdn: lookup for SAMBA1 -> SAMBA1. INSTEAD OF: name_to_fqdn: lookup for SAMBA1 -> SAMBA1.domain.com. Which was my clue that even though hostname --fqdn was returning the right thing (samba1.domain.com), the name_to_fqdn function was getting a different fqdn returned. 5. I also had to mess with /etc/nsswitch.conf - I previously had hosts resolving as "files wins dns", and switching to just "files dns" fixed the problem. I'd sure love to find some good documentation on hostnames - it seems that different functions resolve in different ways. In particular, /etc/hosts is a real mess since it allows fqdn's and non-fqdn's, and apparently reads the hostname from various addresses belonging to the local machine. There seems to be something just not right about having a line 127.0.0.1 hostname hostname.domain.com and then having the system just pick one to be its hostname. Also, I should mention for anyone who doesn't know it (you probably already figured it out if you got here) that Kerberos is case-sensitive, and at least Windows expects all CAPS for DOMAIN.COM. Annoying, but I'm sure there's some reason for it... Anyway, I hope this info saves somebody else the pain I've been through.... Jeremy