Aaron Browne
2008-Jun-24 06:11 UTC
[Samba] Samba 3.0.29 -> 3.0.30 Trust Relationship Failure
Recently built 3.0.30 for testing and cannot establish a Trust Relationship with our Windows 2003 domain controller. Joining the domain seems to work but shares are unavailable. Working backwards, I ended up identifying Samba 3.0.28a as a working build. Any version after that does not work. I did see two other posts that look similar in behaviour but not 100% sure if they are the same. Have reviewed release notes etc http://lists.samba.org/archive/samba/2008-May/141006.html http://lists.samba.org/archive/samba/2008-June/141128.html Short error log from 3.0.29 below. Cheers, Aaron ++++ CLIENT session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE ++++ SERVER [2008/06/24 11:23:49, 0] smbd/server.c:main(944) smbd version 3.0.29 started. Copyright Andrew Tridgell and the Samba Team 1992-2008 [2008/06/24 11:23:49, 0] param/loadparm.c:lp_do_parameter(3545) Global parameter guest account found in service section! [2008/06/24 11:23:49, 0] printing/pcap.c:pcap_cache_reload(159) Unable to open printcap file /etc/printcap for read! [2008/06/24 11:23:49, 0] printing/pcap.c:pcap_cache_reload(159) Unable to open printcap file /etc/printcap for read! [2008/06/24 11:23:49, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(241) startsmbfilepwent_internal: file /opt/samba/private/smbpasswd did not exist. File successfully created. [2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286) account_policy_get: tdb_fetch_uint32 failed for field 1 (min password length), returning 0 [2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286) account_policy_get: tdb_fetch_uint32 failed for field 2 (password history), returning 0 [2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286) account_policy_get: tdb_fetch_uint32 failed for field 3 (user must logon to change password), returning 0 [2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286) account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age), returning 0 [2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286) account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age), returning 0 [2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286) account_policy_get: tdb_fetch_uint32 failed for field 6 (lockout duration), returning 0 [2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286) account_policy_get: tdb_fetch_uint32 failed for field 7 (reset count minutes), returning 0 [2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286) account_policy_get: tdb_fetch_uint32 failed for field 8 (bad lockout attempt), returning 0 [2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286) account_policy_get: tdb_fetch_uint32 failed for field 9 (disconnect time), returning 0 [2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286) account_policy_get: tdb_fetch_uint32 failed for field 10 (refuse machine password change), returning 0 [2008/06/24 11:24:16, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC1 for domain WATER. [2008/06/24 11:24:16, 0] auth/auth_domain.c:connect_to_domain_password_server(119) connect_to_domain_password_server: unable to open the domain client session to machine DC1. Error was : NT_STATUS_ACCESS_DENIED. [2008/06/24 11:24:16, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC1 for domain WATER. [2008/06/24 11:24:16, 0] auth/auth_domain.c:connect_to_domain_password_server(119) connect_to_domain_password_server: unable to open the domain client session to machine DC1. Error was : NT_STATUS_ACCESS_DENIED. [2008/06/24 11:24:16, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC1 for domain WATER. [2008/06/24 11:24:16, 0] auth/auth_domain.c:connect_to_domain_password_server(119) connect_to_domain_password_server: unable to open the domain client session to machine DC1. Error was : NT_STATUS_ACCESS_DENIED. [2008/06/24 11:24:16, 0] auth/auth_domain.c:domain_client_validate(220) domain_client_validate: Domain password server not available.