net ads join fails with servicePrincipalNames errors We have a server: a-really-long-hostname.example.com In the server's smb.conf file, we have: netbios name = LONGHOST Our AD domain is AD.EXAMPLE.COM; our workgroup is NETSERVICES. Attempting to join the AD domain fails, even if a Domain Admin credentials are used: $ net ads join Using short domain name -- NETSERVICES Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Disabled account for 'LONGHOST' in realm 'AD.EXAMPLE.COM' Through trial and error, we discovered that if we comment out the "netbios name" setting in the smb.conf file and change the hostname of the server to: longhost.example.com ...then the "net ads join" command succeeds with no errors or warnings. So, some combination of these conditions causes badness: 1. The domain of the client doesn't match the AD domain. 2. The first component of the client's FQDN is greater than 15 characters. 3. The client's netbios name differs from the first component its FQDN. If this isn't a known issue, we can attempt to pin down the exact circumstances that cause the problem...
This is a known limitation currently. You cannot join a Samba host to an AD domain when netbios name != hostname. I'll fix properly for 3.0.26.
SPN creation has been reworked a while ago