[Samba] Error verifying trust

Steve Brandli steve at brandli.com
Sat Jul 16 18:36:22 UTC 2022 

I have two domains with an external trust between them.  Verifying the trust
from a domain1 controller using "samba-tool domain trust validate domain2
-U." returns "ERROR: Filed to find a writeable DC for domain 'DOMAIN2': The
object name is not found."  (See below.)  However, the same command from a
domain2 controller, "samba-tool domain trust validate domain1 -U.", does not
get the error.  Also, from the domain1 side, "samba-tool domain trust
validate domain.domain2.com -U." works fine.  How does samba-tool look up
the short domain name?

 

root at minister1:~# samba-tool domain trust validate brandlilaw
-Uadministrator at domain.brandlilaw.com
<mailto:-Uadministrator at domain.brandlilaw.com> 

LocalDomain Netbios[BRANDLI] DNS[domain.brandli.com]
SID[S-1-5-21-3237397562-3087105784-2935402547]

LocalTDO Netbios[BRANDLILAW] DNS[domain.brandlilaw.com]
SID[S-1-5-21-2136821272-1111453333-1140905514]

OK: LocalValidation: DC[\\temple2.domain.brandlilaw.com] CONNECTION[WERR_OK]
TRUST[WERR_OK] VERIFY_STATUS_RETURNED

OK: LocalRediscover: DC[\\temple2.domain.brandlilaw.com] CONNECTION[WERR_OK]

ERROR: Failed to find a writeable DC for domain 'BRANDLILAW': The object
name is not found.

 

root at minister1:~# samba-tool domain trust validate domain.brandlilaw.com
-Usteve at domain.brandli.com <mailto:-Usteve at domain.brandli.com> 

LocalDomain Netbios[BRANDLI] DNS[domain.brandli.com]
SID[S-1-5-21-3237397562-3087105784-2935402547]

LocalTDO Netbios[BRANDLILAW] DNS[domain.brandlilaw.com]
SID[S-1-5-21-2136821272-1111453333-1140905514]

OK: LocalValidation: DC[\\temple2.domain.brandlilaw.com] CONNECTION[WERR_OK]
TRUST[WERR_OK] VERIFY_STATUS_RETURNED

OK: LocalRediscover: DC[\\temple2.domain.brandlilaw.com] CONNECTION[WERR_OK]

RemoteDC Netbios[TEMPLE2] DNS[temple2.domain.brandlilaw.com]
ServerType[GC,LDAP,DS,KDC,TIMESERV,CLOSEST,WRITABLE,GOOD_TIMESERV,FULL_SECRE
T_DOMAIN_6]

Password for [steve at domain.brandli.com]:

Password for [steve at domain.brandli.com]:

OK: RemoteValidation: DC[\\bailiff1.domain.brandli.com] CONNECTION[WERR_OK]
TRUST[WERR_OK] VERIFY_STATUS_RETURNED

OK: RemoteRediscover: DC[\\bailiff1.domain.brandli.com] CONNECTION[WERR_OK]

 

root at temple2:~# samba-tool domain trust validate brandli
-Usteve at domain.brandli.com <mailto:-Usteve at domain.brandli.com> 

LocalDomain Netbios[BRANDLILAW] DNS[domain.brandlilaw.com]
SID[S-1-5-21-2136821272-1111453333-1140905514]

LocalTDO Netbios[BRANDLI] DNS[domain.brandli.com]
SID[S-1-5-21-3237397562-3087105784-2935402547]

OK: LocalValidation: DC[\\bailiff1.domain.brandli.com] CONNECTION[WERR_OK]
TRUST[WERR_OK] VERIFY_STATUS_RETURNED

OK: LocalRediscover: DC[\\bailiff1.domain.brandli.com] CONNECTION[WERR_OK]

RemoteDC Netbios[BAILIFF2] DNS[bailiff2.domain.brandli.com]
ServerType[GC,LDAP,DS,KDC,TIMESERV,CLOSEST,WRITABLE,GOOD_TIMESERV,FULL_SECRE
T_DOMAIN_6]

Password for [steve at domain.brandli.com]:

OK: RemoteValidation: DC[\\temple2.domain.brandlilaw.com]
CONNECTION[WERR_OK] TRUST[WERR_OK] VERIFY_STATUS_RETURNED

OK: RemoteRediscover: DC[\\temple2.domain.brandlilaw.com]
CONNECTION[WERR_OK]

 

Any help would be greatly appreciated!

 

                Steve

More information about the samba mailing list