将 ZFS/Solaris 加入 Windows AD 2003/2008 域

我有一位客户尝试将他新更新的 ZFS/Solaris 框加入我的 Windows AD 2003/2008 域。以下是他使用的命令和他收到的错误；

Console:
root@xxx:/etc/inet# smbadm join -u USER DOMAIN
After joining DOMAIN the smb service will be restarted automatically.Would you like to continue? [no]: yes
Enter domain password:
Joining DOMAIN ... this may take a minute ...
failed to join DOMAIN: UNSUCCESSFUL
Please refer to the system log for more information.

From /var/adm/messages:
Sep 22 10:12:00 xxx smbd[593]: [ID 702911 daemon.error] smbrdr_exchange[116]: failed (-3)
Sep 22 10:12:01 xxx smbd[593]: [ID 232655 daemon.notice] ldap_modify: Insufficient access
Sep 22 10:12:01 xxx smbd[593]: [ID 898201 daemon.notice] Unable to set the TRUSTED_FOR_DELEGATION userAccountControl flag on the machine account in Active Directory.  Please refer to the Troubleshooting guide for more information.
Sep 22 10:12:01 xxx smbd[593]: [ID 526780 daemon.notice] Failed to establish NETLOGON credential chain
Sep 22 10:12:01 xxx smbd[593]: [ID 871254 daemon.error] smbd: failed joining DOMAIN (UNSUCCESSFUL)