[Samba] Samba AD domain trust account

Sami Hulkko sahulkko at gmail.com
Sat Feb 12 18:54:07 UTC 2022


Hi,

I am trying to add domain trust account for additional kerberos domain 
in Samba AD DC with command:

net rpc trustdom add <domain_name> <passwd> 
-UAdministrator%<administrator_password>

What happens is that the account is created into ldap database and I can 
see it in Windows 11 machine

the command gives error message:

Could not set trust account password: NT_STATUS_ACCESS_DENIED

with command pdbedit -Lw <account_name>\$ i see:

<account_name>$:3000052:NO 
PASSWORDXXXXXXXXXXXXXXXXXXXXX:2D2C9A3DC21D9CAFD008D1232D77B9D0:[NDU 
]:LCT-6207FF7A:

the [NDU    ] should be [I ] according to some documentation.

My version of samba is: Version 4.13.17-Ubuntu

There is nothing on logs I could see of related to this incident. How 
should I debug this?

-- 
Sami Hulkko




More information about the samba mailing list