I tried the suggested solution and i still run into the same issue (Further searching in the Samba list led me to another thread where the same solution was proposed, don't know whether that worked for the thread originator)
wsa29:] net ads join -s /etc/samba/smb.conf -Uolympus olympus's password: Using short domain name -- CHILD1 Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Disabled account for 'WSA29' in realm 'CHILD1.AD.WGA' After I execute the above command, I see that my system is listed in the AD server 'Computer' list but has a red 'x' symbol to indicate that it is disabled. However if I execute the command 'net ads status -s /etc/samba/smb.conf -Uolympus' after the 'net ads join' command, I am able to retrieve status information properly. -Raj > -----Original Message----- > From: Jean-Vincent BAYARRI [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 08, 2006 12:22 AM > To: Raj Pagaku > Cc: samba@lists.samba.org > Subject: Re: [Samba] Samba v3.0.23c + FreeBSD 6.1 - Failed to set > servicePrincipalNames > > Hi, > > I also run FreeBSD 6.1 (and also experience a lot of trouble with > version 3.0.23c...) > > For your problem you should check your /etc/hosts. > It must have the "CHILD1.AD.WGA" as fqdn for your IP like this: > > xxx.xxx.xxx.xxx CHILD1.AD.WGA CHILD1 alias1 alias2 ... aliasN > > Le Tue, Nov 07, 2006 at 02:56:29PM -0800, Raj Pagaku a écrit : > > Hello, > > > > We recently upgraded to the latest Samba3 version v3.0.23c. If the Samba > > system and the AD belong to the same domain, I am able to perform a 'net > > ads join' by supplying either a 'Domain Admins' or a 'Domain Users' > > credential. > > > > However if the Samba system and the AD belong to different domain, I can > > perform the 'net ads join' by supplying a 'Domain Admins' credential but > > not a user belonging to 'Domain Users'. If the user belongs only to the > > 'Domain Users', I get the 'Failed to set servicePrincipalNames' error. > > > > Samba System domain = WGA > > AD Server domain = CHILD1.AD.WGA > > > > wsa29:] winbindd -V > > Version 3.0.23c > > > > wsa29:] hostname > > wsa29.wga > > > > wsa29:] klist > > Credentials cache: FILE:/tmp/krb5cc_0 > > Principal: [EMAIL PROTECTED] > > > > Issued Expires Principal > > Nov 7 14:31:19 Nov 8 00:31:19 krbtgt/[EMAIL PROTECTED] > > Nov 7 14:32:07 Nov 8 00:31:19 [EMAIL PROTECTED] > > > > wsa29:] cat smb.conf > > [global] > > workgroup = CHILD1 > > server string = Samba Server > > load printers = yes > > log file = /var/log/samba.log.%m > > lock directory = /var/run/locks > > pid directory = /var/run/locks > > max log size = 100 > > security = ads > > password server = child1-server.child1.ad.wga > > realm = CHILD1.AD.WGA > > encrypt passwords = yes > > smb passwd file = /usr/local/samba/lib/smbpasswd > > socket options = TCP_NODELAY > > dns proxy = no > > winbind uid = 10000-20000 > > winbind gid = 10000-20000 > > winbind enum users = yes > > winbind enum groups = yes > > > > wsa29:] net ads join -s /etc/samba/smb.conf -Uadministrator > > administrator's password: > > Using short domain name -- CHILD1 > > Joined 'WSA29' to realm 'CHILD1.AD.WGA' > > > > wsa29:] net ads join -s /etc/samba/smb.conf -Uolympus > > olympus's password: > > Using short domain name -- CHILD1 > > Failed to set servicePrincipalNames. Please ensure that > > the DNS domain of this server matches the AD domain, > > Or rejoin with using Domain Admin credentials. > > Disabled account for 'WSA29' in realm 'CHILD1.AD.WGA' > > > > Here the user 'administrator' belongs to 'Domain Admins' and the user > > 'olympus' belongs to 'Domain Users'. > > > > Shouldn't I be able to use a 'Domain Users' account to perform the 'net > > ads join' operation in 3.0.23c? Or is this restricted to both Samba > > system and AD server being on the same domain? > > > > Thanks in advance > > > > -Raj > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- > ************************************************************************** > * > * Jean-Vincent BAYARRI Ingénieur système & réseau > * > * Service Informatique Laboratoire Central des Ponts et Chaussées > * > * 58, boulevard Lefebvre 75732 PARIS CEDEX 15 > * > * Tel 01 40 43 51 70 Fax 01 56 56 16 99 > * > ************************************************************************** > * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
