[Samba] Message "Couldn't verify trusting domain account. Error was NT_STATUS_LOGON_FAILURE" while attempting "net rpc trustdom establish domain_B"

Andrew Oates andrew.oates at ironbox.com.au
Wed Sep 14 05:33:22 GMT 2005 

This is a little of a new experience for me, I am a bit of a novice. I 
have usually been able to stumble around documentation and other mailing 
lists to figure out problems, unfortunately I have struck and issue that 
has me going around in circles ...

I have set up a VPN between three locations using openvpn (device = tun 
), two satellite locations (referred to as B & C) talking to a central 
location (refereed to as A) All machines are running a fairly standard 
release of Redhat 9.0 and Samba 3.0.20. I am now trying to a domain 
trust relationship established between each of these sites. When I 
establish a trust from one of the satellite locations it appears to work ...

*net rpc trustdom establish domain_A*
Could not connect to server A
Trust to domain DOMAIN_A established

but from the central location I get the error message

*net rpc trustdom establish domain_B*
Could not connect to server B
[2005/09/14 11:14:21, 0] utils/net_rpc.c:rpc_trustdom_establish(4917)
Couldn't verify trusting domain account. Error was NT_STATUS_UNSUCCESSFUL

I found I can duplicate the above error message if I type in an 
incorrect password on one of the satellite computers (B & C) when 
connecting, but I am sure passwords etc are correct.

Another symptom is that listing the trusted domains on computer A shows
Trusted domains list:
none
Trusting domains list:
DOMAIN_B         domain controller is not responding
DOMAIN_C        domain controller is not responding

I do not have WINS browsing working across domain as yet, but do not 
think that is an issue as net lookup (host / dc / master) all give the 
correct answer.

I do see some interesting entries in /var/log/messages like ...

nmbd[13580]: [2005/09/14 11:48:44, 0] 
nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(488)
nmbd[13580]:   get_domain_master_name_node_status_fail:
nmbd[13580]:   Doing a node status request to the domain master browser 
at IP 10.1.3.1 failed.
nmbd[13580]:   Cannot get workgroup name.
nmbd[13580]: [2005/09/14 11:48:44, 0] 
nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(488)
nmbd[13580]:   get_domain_master_name_node_status_fail:
nmbd[13580]:   Doing a node status request to the domain master browser 
at IP 10.1.5.1 failed.
nmbd[13580]:   Cannot get workgroup name.
 nmbd[13580]: [2005/09/14 11:48:44, 0] 
nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(488)
nmbd[13580]:   get_domain_master_name_node_status_fail:
nmbd[13580]:   Doing a node status request to the domain master browser 
at IP 10.2.1.1 failed.
nmbd[13580]:   Cannot get workgroup name.

where,
10.1.3.1 = B
10.1.5.1 = C
10.2.1.1 = tun0 IP address

What other information / tests can I try?

Thanks in advance for looking at this problem ... Andrew

More information about the samba mailing list