[Samba] Samba AD - Trust Relationship error.

Rowland Penny rpenny at samba.org
Tue Nov 28 18:55:37 UTC 2017 

On Tue, 28 Nov 2017 13:23:11 -0500
subscriptions <subscriptions at renuecomputers.com> wrote:

> On 11/28/2017 01:02 PM, Rowland Penny via samba wrote:
> > On Tue, 28 Nov 2017 12:24:55 -0500
> > subscriptions via samba<samba at lists.samba.org>  wrote:
> >
> >> Hello all,
> >>
> >> I am not really new to samba but I am new to running a samba AD and
> >> AD in general. I have a client that I will be changing over to a
> >> new server running samba 4.6.7 and running as an AD. I did a test
> >> run on the new server connected to the workstations and on one
> >> workstation I ran into this error message:
> >>
> >> "The security database on the server does not have a computer
> >> account for this workstation trust relationship"
> >>
> >> I know that in Windows its pretty easy to solve by using the SBS
> >> Standard console. However, How would one fix this issue that I
> >> assume would be done with samba-tools somehow? Perhaps anyone can
> >> guide me to a resource discussing this? Im not looking for a
> >> step-by-step hand hold session here. Just basic info on where to
> >> start looking and the basics.
> >>
> >> This is one of about 13 workstations and was the only one that
> >> experienced this issue.
> >>
> >> Appreciate the feedback in advance,
> >>
> >> jdegraw
> >>
> >>
> > Sounds like a dns problem, can you share a bit more info on how you
> > have set up your Samba AD domain, It will also help if you post your
> > smb.conf.
> >
> > Rowland
> >
> Hello Rowland,
> 
> 
> Here is my smb.conf file. I compiled it myself from samba.org and 
> followed their instructions for setup of the AD. Everything else
> seems to work out as far as I can tell for now. This will be
> replacing a SBS 2011 server.
> 
> My initial thought was that there must be some
> 
> Im using the internal DNS on samba as this is just about 13
> workstations.
> 
> 
> Centos7.4
> 
> Samba 4.6.7
> 
> # Global parameters
> [global]
>      netbios name = SD2
>      realm = SD.LOCAL

I take it you missed the warning about using '.local' as the TLD,
either re-provision Samba with a different TLD or remove avahi if it is
installed.

>      workgroup = SD
>      dns forwarder = 75.75.75.75
>      server role = active directory domain controller
>      idmap_ldb:use rfc2307 = yes
> 
> # Lets allow windows permissions on shares -NOT NEEDED BUT SAVED
> # vfs objects = acl_xattr
> # map acl inherit = yes
> # store dos attributes = yes

'NOT NEEDED' is an understatement, 'DEFINITELY SHOULDN'T BE IN A DC
SMB.CONF' is nearer the point ;-)

> 
> [netlogon]
>      path = /usr/local/samba/var/locks/sysvol/sd.local/scripts
>      read only = No
> 
> [sysvol]
>      path = /usr/local/samba/var/locks/sysvol
>      read only = No
> 
> [DATA]
> path = /mnt/data
> readonly = no
> 
> [MIGRATE]
> path = /opt/icewarp
> readonly = no

'readonly' should be 'read only'

Do the clients use the DC as their nameserver ? 

Rowland

More information about the samba mailing list