Could not join to Windows 2k3 domain: Failed to set servicePrincipalNames

05-16-2008, 12:21 PM

Hello!

I'm trying to join my Gentoo box to Windows 2003 domain and I need some help.

I've set up smb.conf,. krb5.conf, got a krb ticket, but I'm not able to join domain:

# net ads join -U admin@CORP.MY.DOMAIN -d2

[2008/05/16 16:13:11, 2] lib/interface.c:add_interface(81)
* added interface ip=192.168.5.21 bcast=192.168.5.255 nmask=255.255.255.0

admin@CORP.MY.DOMAIN's password:
[2008/05/16 16:13:13, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(613)
* Doing kerberos session setup
Using short domain name -- CORP
Failed to set servicePrincipalNames. Please ensure that

the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
[2008/05/16 16:13:13, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(613)
* Doing kerberos session setup
Deleted account for 'RUVRN-NIX01' in realm 'CORP.MY.DOMAIN'

Failed to join domain: Type or value exists
[2008/05/16 16:13:13, 2] utils/net.c:main(1036)
* return code = -1

smb.conf:
[global]
** workgroup = CORP
** realm = CORP.MY.DOMAIN

** server string = samba-%v
** printcap name = cups
** load printers = yes
** printing = cups
** log file = /var/log/samba/log.%m
** max log size = 50
** hosts allow = 192.168.1. 127.

** use sendfile = yes
* map to guest = bad user
** security = ads
* encrypt passwords = yes
** winbind use default domain = yes
** socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
** local master = no

** domain logons = no
** idmap uid = 10000-20000
* idmap gid = 10000-20000

* wins server = CORP.MY.DOMAIN
* wins proxy = no
* dns proxy = yes
* dos charset = 866

* unix charset = UTF-8

krb5.conf:
[libdefaults]
******* ticket_lifetime = 600
******* default_realm = CORP.MY.DOMAIN
******* default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5

******* default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5

[realms]
******* CORP.MY.DOMAIN = {
******* kdc = zaz.corp.my.domain:88

******* admin_server = zaz.corp.my.domain:749
******* }

[domain_realm]
******* .corp.my.domain = CORP.MY.DOMAIN

******* corp.my.domain = CORP.MY.DOMAIN
******* .my.domain = CORP.MY.DOMAIN

******* my.domain = CORP.MY.DOMAIN
******* corp = CORP.MY.DOMAIN
******* .corp = CORP.MY.DOMAIN

[logging]
******* kdc = SYSLOG
******* admin_server = SYSLOG
******* default = SYSLOG

[password_quality]
******* check_library = /usr/lib/sample_passwd_check.so
******* check_function = check_cracklib

installed packages:

net-fs/samba
**** Installed versions:* 3.0.28(14:37:31 05/16/08)(ads cups fam kernel_linux ldap pam python readline winbind -acl -async -automount -caps -doc -examples -ipv6 -linguas_ja -linguas_pl -quotas -selinux -swat -syslog)

[D] app-crypt/mit-krb5
**** Installed versions:* 1.6.3-r1(15:42:50 05/16/08)(-doc -ipv6 -krb4 -tcl)

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@CORP.MY.DOMAIN

Valid starting**** Expires*********** Service principal

05/16/08 15:54:41* 05/16/08 16:04:41* krbtgt/CORP.MY.DOMAIN@CORP.MY.DOMAIN
--
Vladimir Rusinov
Voronezh, Russia
UNIX Admin @ Murano Software