[Samba] Samba AD domain trust account

Sami Hulkko sahulkko at gmail.com
Sat Feb 12 18:54:07 UTC 2022


I am trying to add domain trust account for additional kerberos domain 
in Samba AD DC with command:

net rpc trustdom add <domain_name> <passwd> 

What happens is that the account is created into ldap database and I can 
see it in Windows 11 machine

the command gives error message:

Could not set trust account password: NT_STATUS_ACCESS_DENIED

with command pdbedit -Lw <account_name>\$ i see:


the [NDU    ] should be [I ] according to some documentation.

My version of samba is: Version 4.13.17-Ubuntu

There is nothing on logs I could see of related to this incident. How 
should I debug this?

Sami Hulkko

More information about the samba mailing list