[Samba] Error verifying trust
Steve Brandli
steve at brandli.com
Sat Jul 16 18:36:22 UTC 2022
I have two domains with an external trust between them. Verifying the trust
from a domain1 controller using "samba-tool domain trust validate domain2
-U." returns "ERROR: Filed to find a writeable DC for domain 'DOMAIN2': The
object name is not found." (See below.) However, the same command from a
domain2 controller, "samba-tool domain trust validate domain1 -U.", does not
get the error. Also, from the domain1 side, "samba-tool domain trust
validate domain.domain2.com -U." works fine. How does samba-tool look up
the short domain name?
root at minister1:~# samba-tool domain trust validate brandlilaw
-Uadministrator at domain.brandlilaw.com
<mailto:-Uadministrator at domain.brandlilaw.com>
LocalDomain Netbios[BRANDLI] DNS[domain.brandli.com]
SID[S-1-5-21-3237397562-3087105784-2935402547]
LocalTDO Netbios[BRANDLILAW] DNS[domain.brandlilaw.com]
SID[S-1-5-21-2136821272-1111453333-1140905514]
OK: LocalValidation: DC[\\temple2.domain.brandlilaw.com] CONNECTION[WERR_OK]
TRUST[WERR_OK] VERIFY_STATUS_RETURNED
OK: LocalRediscover: DC[\\temple2.domain.brandlilaw.com] CONNECTION[WERR_OK]
ERROR: Failed to find a writeable DC for domain 'BRANDLILAW': The object
name is not found.
root at minister1:~# samba-tool domain trust validate domain.brandlilaw.com
-Usteve at domain.brandli.com <mailto:-Usteve at domain.brandli.com>
LocalDomain Netbios[BRANDLI] DNS[domain.brandli.com]
SID[S-1-5-21-3237397562-3087105784-2935402547]
LocalTDO Netbios[BRANDLILAW] DNS[domain.brandlilaw.com]
SID[S-1-5-21-2136821272-1111453333-1140905514]
OK: LocalValidation: DC[\\temple2.domain.brandlilaw.com] CONNECTION[WERR_OK]
TRUST[WERR_OK] VERIFY_STATUS_RETURNED
OK: LocalRediscover: DC[\\temple2.domain.brandlilaw.com] CONNECTION[WERR_OK]
RemoteDC Netbios[TEMPLE2] DNS[temple2.domain.brandlilaw.com]
ServerType[GC,LDAP,DS,KDC,TIMESERV,CLOSEST,WRITABLE,GOOD_TIMESERV,FULL_SECRE
T_DOMAIN_6]
Password for [steve at domain.brandli.com]:
Password for [steve at domain.brandli.com]:
OK: RemoteValidation: DC[\\bailiff1.domain.brandli.com] CONNECTION[WERR_OK]
TRUST[WERR_OK] VERIFY_STATUS_RETURNED
OK: RemoteRediscover: DC[\\bailiff1.domain.brandli.com] CONNECTION[WERR_OK]
root at temple2:~# samba-tool domain trust validate brandli
-Usteve at domain.brandli.com <mailto:-Usteve at domain.brandli.com>
LocalDomain Netbios[BRANDLILAW] DNS[domain.brandlilaw.com]
SID[S-1-5-21-2136821272-1111453333-1140905514]
LocalTDO Netbios[BRANDLI] DNS[domain.brandli.com]
SID[S-1-5-21-3237397562-3087105784-2935402547]
OK: LocalValidation: DC[\\bailiff1.domain.brandli.com] CONNECTION[WERR_OK]
TRUST[WERR_OK] VERIFY_STATUS_RETURNED
OK: LocalRediscover: DC[\\bailiff1.domain.brandli.com] CONNECTION[WERR_OK]
RemoteDC Netbios[BAILIFF2] DNS[bailiff2.domain.brandli.com]
ServerType[GC,LDAP,DS,KDC,TIMESERV,CLOSEST,WRITABLE,GOOD_TIMESERV,FULL_SECRE
T_DOMAIN_6]
Password for [steve at domain.brandli.com]:
OK: RemoteValidation: DC[\\temple2.domain.brandlilaw.com]
CONNECTION[WERR_OK] TRUST[WERR_OK] VERIFY_STATUS_RETURNED
OK: RemoteRediscover: DC[\\temple2.domain.brandlilaw.com]
CONNECTION[WERR_OK]
Any help would be greatly appreciated!
Steve
More information about the samba
mailing list