[Samba] Samba 3.0.29 -> 3.0.30 Trust Relationship Failure

Aaron Browne gopodge at gmail.com
Tue Jun 24 06:11:40 GMT 2008


Recently built 3.0.30 for testing and cannot establish a Trust Relationship
with our Windows 2003 domain controller. Joining
the domain seems to work but shares are unavailable. Working backwards, I
ended up identifying Samba 3.0.28a
as a working build. Any version after that does not work.

I did see two other posts that look similar in behaviour but not 100% sure
if they are the same. Have reviewed release notes etc

http://lists.samba.org/archive/samba/2008-May/141006.html

http://lists.samba.org/archive/samba/2008-June/141128.html

Short error log from 3.0.29 below.

Cheers,
Aaron

++++ CLIENT

session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE

++++ SERVER

[2008/06/24 11:23:49, 0] smbd/server.c:main(944)
 smbd version 3.0.29 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2008
[2008/06/24 11:23:49, 0] param/loadparm.c:lp_do_parameter(3545)
 Global parameter guest account found in service section!
[2008/06/24 11:23:49, 0] printing/pcap.c:pcap_cache_reload(159)
 Unable to open printcap file /etc/printcap for read!
[2008/06/24 11:23:49, 0] printing/pcap.c:pcap_cache_reload(159)
 Unable to open printcap file /etc/printcap for read!
[2008/06/24 11:23:49, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(241)
 startsmbfilepwent_internal: file /opt/samba/private/smbpasswd did not
exist. File successfully created.
[2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286)
 account_policy_get: tdb_fetch_uint32 failed for field 1 (min password
length), returning 0
[2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286)
 account_policy_get: tdb_fetch_uint32 failed for field 2 (password history),
returning 0
[2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286)
 account_policy_get: tdb_fetch_uint32 failed for field 3 (user must logon to
change password), returning 0
[2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286)
 account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password
age), returning 0
[2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286)
 account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password
age), returning 0
[2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286)
 account_policy_get: tdb_fetch_uint32 failed for field 6 (lockout duration),
returning 0
[2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286)
 account_policy_get: tdb_fetch_uint32 failed for field 7 (reset count
minutes), returning 0
[2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286)
 account_policy_get: tdb_fetch_uint32 failed for field 8 (bad lockout
attempt), returning 0
[2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286)
 account_policy_get: tdb_fetch_uint32 failed for field 9 (disconnect time),
returning 0
[2008/06/24 11:23:49, 1] lib/account_pol.c:account_policy_get(286)
 account_policy_get: tdb_fetch_uint32 failed for field 10 (refuse machine
password change), returning 0
[2008/06/24 11:24:16, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641)
 cli_rpc_pipe_open_schannel: failed to get schannel session key from server
DC1 for domain WATER.
[2008/06/24 11:24:16, 0]
auth/auth_domain.c:connect_to_domain_password_server(119)
 connect_to_domain_password_server: unable to open the domain client session
to machine DC1. Error was : NT_STATUS_ACCESS_DENIED.
[2008/06/24 11:24:16, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641)
 cli_rpc_pipe_open_schannel: failed to get schannel session key from server
DC1 for domain WATER.
[2008/06/24 11:24:16, 0]
auth/auth_domain.c:connect_to_domain_password_server(119)
 connect_to_domain_password_server: unable to open the domain client session
to machine DC1. Error was : NT_STATUS_ACCESS_DENIED.
[2008/06/24 11:24:16, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641)
 cli_rpc_pipe_open_schannel: failed to get schannel session key from server
DC1 for domain WATER.
[2008/06/24 11:24:16, 0]
auth/auth_domain.c:connect_to_domain_password_server(119)
 connect_to_domain_password_server: unable to open the domain client session
to machine DC1. Error was : NT_STATUS_ACCESS_DENIED.
[2008/06/24 11:24:16, 0] auth/auth_domain.c:domain_client_validate(220)
 domain_client_validate: Domain password server not available.


More information about the samba mailing list