Saturday, October 25, 2008

"Failed to set servicePrincipalNames" Samba error

I was trying to join a Samba server to an Active Directory domain with a standard command:

net -U administrator ads join

Unexpectedly, the command failed with the following message:

Failed to set servicePrincipalNames. 
Please ensure that the DNS domain of this server matches the AD domain, 
Or rejoin with using Domain Admin credentials.
Disabled account for 'SERVERNAME' in realm 'DOMAIN' 

I was puzzled, since DNS domain name was correct, and I was using Domain Admin credentials.

After some searching, I came upon an advice here to check /etc/hosts. And indeed, the file contained an entry created by my distribution (Fedora) setup process which looked like:


SERVER_IP_ADDRESS SERVERNAME

Where SERVERNAME was a short name (without domain). Changing it to

SERVER_IP_ADDRESS SERVERNAME.DOMAIN

or just removing it resolved the issue. Rather weird.