[Samba] NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC
shridhar shetty
shridhar.sanjeeva at gmail.com
Wed Oct 12 16:08:23 UTC 2016
Hi Team,
I am facing problem with the trust relation which tends to break when there
is temporary network connection break between a AD and samba server.
Steps for reproducing the issue
1. Join a machine to a domain with AD server: xxx.xxx.com
2. Check the output of "wbinfo -t". Exits with a success.
3. Now remove connection to AD server xxx.xxx.com i.e Unable to ping AD
etc. Here "wbinfo -t" exits with a failure.
4. Then Bring back the connection to AD. "wbinfo -t" still exits with a
failure even when the AD server in online.
5. Only option left is to rejoin the machine to a domain.
Can you help us fix this. I tried too many things and am running out of
ideas. Would appreciate any kind of pointers. Thanks
SAMBA version: Version 4.2.3
SAMBA server OS: Centos 7
SELINUX: disabled
Below is my smb.conf file.
--------------------------------------------
[global]
security = user
interfaces = em1 lo
bind interfaces only = yes
kerberos method = secrets and keytab
workgroup = XXX
netbios name = inmusbackup01
server string = FILE SERVER
realm = XXX.XXX.COM
#Winbindd configuration
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /home/%U
template shell = /bin/bash
winbind refresh tickets = yes
#Setting Security level
security = ads
encrypt passwords = yes
host msdfs = no
#This shows the user his home directory in File Server. Every logged in
user see his own home directory
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
server services = winbindd
log file = /var/log/samba/samba.log
log level = 3
max log size = 500
load printers = no
cups options = raw
disable spoolss = yes
printcap name = /dev/null
--------------------------------------------
wbinfo -t output
---
checking the trust secret for domain EIGI via RPC calls failed
error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc000018b)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret
---
More information about the samba
mailing list