[Samba] NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC

shridhar shetty shridhar.sanjeeva at gmail.com
Wed Oct 12 16:08:23 UTC 2016

Hi Team,

I am facing problem with the trust relation which tends to break when there
is temporary network connection break between a AD and samba server.

Steps for reproducing the issue
1. Join a machine to a domain with AD server: xxx.xxx.com
2. Check the output of "wbinfo -t". Exits with a success.
3. Now remove connection to AD server xxx.xxx.com i.e Unable to ping AD
etc. Here "wbinfo -t" exits with a failure.
4. Then Bring back the connection to AD. "wbinfo -t" still exits with a
failure even when the AD server in online.
5. Only option left is to rejoin the machine to a domain.

Can you help us fix this. I tried too many things and am running out of
ideas. Would appreciate any kind of pointers. Thanks

SAMBA version: Version 4.2.3
SAMBA server OS: Centos 7
SELINUX: disabled

Below is my smb.conf file.
security = user
interfaces = em1 lo
bind interfaces only = yes
kerberos method = secrets and keytab
workgroup = XXX
netbios name = inmusbackup01
server string = FILE SERVER
realm = XXX.XXX.COM

#Winbindd configuration
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /home/%U
template shell = /bin/bash
winbind refresh tickets = yes

#Setting Security level
security = ads
encrypt passwords = yes

host msdfs = no
#This shows the user his home directory in File Server. Every logged in
user see his own home directory
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
server services = winbindd

log file = /var/log/samba/samba.log
log level = 3
max log size = 500
load printers = no
cups options = raw
disable spoolss = yes
printcap name = /dev/null

wbinfo -t output
checking the trust secret for domain EIGI via RPC calls failed
error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc000018b)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret

More information about the samba mailing list