[Samba] checking trust secret failed for interdomain trust

Mon May 8 18:48:09 GMT 2006

Hi samba members,

I've searched through google, the archives and RTFM but I can't figure this out.
I've got a setup of two different offices with both their own samba PDC, wins, etc. Via OpenVPN i've set up an interdomain trust between the two domains (for now one way, but this will become two ways).
One domain is called PSW with bluemoon as PDC, the other PSWINDWG with redmoon as PDC. PSW is the trusted domain and PSWINDWG is the trusting domain. Both networks are on separate subnets and both PDC's are the domain master browsers for their own subnet/domain.

I added a trustaccount on redmoon with "net rpc trustdom add PSWINDWG <pw> -U<creds>"
I established the trust on redmoon with "net rpc trustdom establish PSW". This returns:
Could not connect to server BLUEMOON
Trust to domain PSW established

So far so good. net rpc trustdom list shows up ok on both servers. When trying to add a group of the PSW domain to a group of the PSWINDWG domain this does not work. I get an error NT_STATUS_ACCESS_DENIED
log.winbindd shows "get_trust_pw: could not fetch trust account password for my domain PSWINDWG".
wbinfo -u and -g on redmoon show all the users and groups of the PSW domain correctly and also wbinfo -m shows PSW as the trusted domain, but wbinfo -t returns

checking the trust seret via RPC calls failed
Error code was NT_STATUS_INTERNAL_ERROR (0xc00000e5)
Could not check secret

A nmap from both servers to the other showed UDP 137 and 138 and TCP 139 and 445 open, in both directions so that should not be the problem. NSCD is also not running on any of the two servers.
I am running samba 3.0.14a-Debian on both servers with a 2.6.8-2-386 kernel.

I have no idea where to look for the solution. If anybody could point me in the right direction that would be greatly appreciated! 

Oh, and I tried to post this message through the regular mailinglist,  but it keeps coming back because it was refused by /usr/bin/stopspam on the postfix mailserver of lists.samba.org. The message is completely the same, I wander why it is treated as spam.

Thanks,

Dolf.