[Samba] Problems with 3.0.4 PDC - Trust Relationship failed

Matthew Koster MKoster at intldata.ca
Wed Jun 23 18:40:08 GMT 2004

I have just set up Samba 3.0.4 from scratch, I am running Mandrake 10, and 
did not install its default 3.0.2a.  When I try and jpoin a domain, 
everything works right up to the add user portion.

>From the XP machine I am able to complete the following steps

1. Enter windws username and domain information
2. Add the machine name to the domain (it is created on the linux box, and 
entered into samba automaticaly)
3. Enter root username and password to join the domain
4. Add The following user - User name & Domain name
5. Here is where it comes up with the error, when I select the type of user, 
it tells me "The User could not be added because the following error has 
occured:  The trust relationship between this workstation and the primary 
domain failed"

The name of the machine is registerd with samba as machine$, so the trust 
should be there (it is with 3.0.2a)

I disabled SignOrSeal within windows, etc.  It works fine with 3.0.2a with 
the same smb.conf file, (attached below).  I do not know what is going 

My samba log shows the following each time I try to add the user...

[2004/06/03 14:37:28, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(786)
  api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
[2004/06/03 14:37:29, 0] smbd/service.c:make_connection_snum(591)
  '/root/tmp' does not exist or is not a direcotry, when connecting to 

Now the Set user info error does not occure each and every time, however the 
/root/tmp does, now /root/tmp exists, and I have set it to both default 
permissions and world writable, neither works.

My SMB.CONF file

# Samba config file created using SWAT
# from (
# Date: 2004/06/21 11:37:31
# Global parameters

   log file = /var/log/samba/log.%m
   passwd chat timeout = 10
   ldap ssl = no
   add group script = /usr/sbin/groupadd -r %g
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   delete group script = /usr/sbin/groupdel %g
   add user to group script = /usr/bin/gpasswd -a %u %g
   logon drive = H:
   delete user from group script = /usr/bin/gpasswd -d %u %g
   domain master = Yes
   encrypt passwords = yes
   printer admin = @adm
   dns proxy = No
   netbios name = TESTSERVER1
   server string = Koster PDC Test
   printing = cups
   logon script = netlogon.bat
   default = homes
   workgroup = KOSTERTEST
   os level = 62
   add user script = /usr/sbin/useradd -n -g users -d /dev/null -s 
/bin/false -m %u
   printcap name = cups
   add machine script = /usr/sbin/adduser -n -g machines -c Machine -d 
/dev/null -s /bin/false -M %u
   delete user script = /usr/sbin/userdel %u
   max log size = 50
   domain logons = Yes
   logon path =

   comment = All Printers
   path = /var/spool/samba
   create mask = 0700
   guest ok = Yes
   printable = Yes
   print command = lpr-cups -P %p -o raw %s -r # using client side printer 
   browseable = No

   path = /var/lib/samba/printers
   write list = @adm, root
   inherit permissions = Yes
   guest ok = Yes

   comment = PDF Generator (only valid users)
   path = /var/tmp
   printable = Yes
   print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I 
"%J" &

   comment = Network Logon Service
   path = /home/samba/netlogon
   write list = @admins
   browsable = no
   browseable = no
   writeable = yes

Please help... All I want is for the change passwords to work after the MS 
Secrity patch (Like I said 3.0.2a works perfect EXCEPT for the password 
change, well it works if I remove the security patch, but I want it to work 
with the patch installed and for that to happen I need 3.0.4 to work.)


Matthew Koster
Customer Support Technician
International Datacasting Corporation
613-596-4120 ext 254

This message, and the documents attached hereto, is intended only for the
addressee and may contain privileged or confidential information.  Any
unauthorized disclosure is strictly prohibited.  If you have received this
message in error, please notify us immediately so that we may correct our
internal records.  Please then delete the original message.  Thank you.

More information about the samba mailing list