OK Found the answer
I had added a netbios name to the samba box and this somehow (im not
sure of the details, guessing a bit here) broke the trust. Even after
removing the extra name and changing it back to the original it was
broken - rejoining via rpc failed and the 2k3 log showed access denied.
Tried to reset the machine account in AD, this did not work
Changed hostname of samba box, deleted old name from AD, rejoined,
everything ok!
Hamish wrote:
> Hello
> I am a bit lost with a problem here, I have samba 3.0.2a on a suse 9
> i386 box, samba installed from suse rpm.
> It is (was) joined to a 2003 AD domain. I had a pdf printer that was
> working yesterday and not working this morning.
>
> Changes made between yesterday and this morning:
> added "Netbios name = filetest2"
> removed netbios name
> AD admin password changed (I dont think this will affect samba?)
>
> When I run wbinfo -t it returns:
> checking the trust secret via RPC calls failed
> error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc000018b)
> Could not check secret
>
> I tried to rejoin the domain:
> net join -S domserver -U Administrator
> This returned:
> realm must be set in in smb.conf for ADS join to succeed. (the 2k3 box
> does not use kerberos)
> ADS join did not work, falling back to RPC...
> Joined domain MYDOMAIN.
>
> I have security =domain
>
> As i said, it was working yesterday (i cant believe i said that, sorry
> and support people!) so there must be something small, or a change on
> the 2k3 server... any ideas?
>
> Thanks again