Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Samba as PDC: "The trust relationship ... failed" *from the beginning*

24 Jan 2013   #1

Business 64
Samba as PDC: "The trust relationship ... failed" *from the beginning*


When I try a net logon from Windows 7 64-bit Business (don't have any other Windows machines), I get "The trust relationship between this workstation and the primary domain failed". The discussion I've found around the Web regarding this error message seems to be only in the context of the 30 day password expiry issue, where the solution is to simply rejoin the domain. Unfortunately, I have this problem *always*, and rejoining does not help. I have not been able to do a net login at all, from the first time I tried. At the same time, there's no problem accessing the Samba shares by going to \\SMB in Windows Explorer and logging in with the same user accounts.

# smbstatus 
Samba version 3.6.7-48.12.1-2831-SUSE-SL12.2-x86_64
The LAN is on 172.16. and the Samba machine is also the LAN's DNS server; not using LDAP.

We had been using Samba for simple file sharing, with no domain functionality enabled, and with the Windows machines on the network configured as members of the workgroup. We recently decided to set Samba as a PDC and support roaming profiles, and have been blocked by this trust error.

I made some changes to smb.conf, which can be seen here:

The profiles directory was chmod 2775 and its group changed from root to users. The netlogon directory is 755. Initially, in smb.conf the name resolve order was starting with dns, but Windows 7 kept giving me an error about not finding the domain when I tried to change from workgroup to domain, so I took that out and set wins as the first item in the list.

# cat /etc/samba/smbusers: 
root = administrator Administrator admin 
nobody = guest pcguest smbguest
I added root to smbpasswd. I also executed the following:

net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512 type=d 
net groupmap add ntgroup="Domain Users"  unixgroup=users rid=513 type=d 
net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d 
net rpc rights grant -U root "URBASE\Domain Admins"  SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege  SeDiskOperatorPrivilege SeRemoteShutdownPrivilege
The Windows machines are configured as specified on (that is, I only edited DomainCompatibilityMode and DNSNameResolutionRequired). Changing from workgroup to domain and rebooting, then trying to log in with one of the SMB users gives me the "The trust relationship between this workstation and the primary domain failed" error. I can only log into the local machine account. If, instead of changing from workgroup to domain directly, I try to use the network ID wizard, it eventually leads to the same error when it tries to set up the domain user. Looking at /etc/samba/smbpasswd, the machine account shows up there so the add machine script seems to be working; however,

# tail /var/log/samba/log.smbd 
[2013/01/23 14:26:16.350332, 0]  rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) 
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting  auth request from client BRIX machine account BRIX$ 
[2013/01/23 14:26:16.352562, 0]  rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) 
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting  auth request from client BRIX machine account BRIX$ 
[2013/01/23 14:37:22.518159, 0]  rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) 
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting  auth request from client BRIX machine account BRIX$
Why is it not working? I don't know how to troubleshoot this. I've tried removing the machine from the domain then taking it out of smbpasswd and the Unix accounts, and then rejoining, but same errors. I tried manually adding the IP address in the Windows machine's WINS setting, but it doesn't make a difference.

One thing I'm unsure of is the DNS suffixes thing which seems to be mentioned on some sites in association with this. In the Windows clients, under "Append these DNS suffixes (in order)" we've normally had as suffix the DNS master zone for the LAN, which is different from the domain name in smb.conf -- if that matters at all given joining the domain should be using WINS instead of DNS for name resolution. I tried adding the domain in there anyway, but it doesn't help.

Can anyone kindly help? I've asked on a couple of other forums but to no avail...


Brought in a new Windows 7 64-bit machine and that one works... So it seems to be a Windows configuration issue, but what other settings could possibly cause this authentication failure? The new machine is a recent clean install and uses MSE as antivirus, whereas the older workstations use AVG and Ad-Aware. But I doubt the antivirus could cause the difference. And I don't see any difference in the network configuration of the machines. Any suggestions? I can't simply replace all Windows clients on our network...

My System SpecsSystem Spec
25 Jan 2013   #2

Windows 7 Ult, Windows 8.1 Pro,

It may help to manually add the Domain's DNS server IP's to the IPv4 properties of the network adaptor you are trying to connect with.

Have you tried.
Control Panel - Administrative Tools - Local Security Policy

Local Policies - Security Options

Network security: LAN Manager authentication level
Set to Send LM & NTLM responses only

Set the Minimum session security for NTLM SSP
Disable Require 128-bit encryption

The A/V's can be very problematic.
My System SpecsSystem Spec

 Samba as PDC: "The trust relationship ... failed" *from the beginning*

Thread Tools

Similar help and support threads
Thread Forum
The trust relationship between this workstation and the primary domain
Hi, i hope anybody can help me about this error under Windows Server Standard SP2 and some of my client pc always showing "The trust relationship between this workstation and primary domain". it happens to in my company always so if anyone could help me to solve this problem it will be much...
General Discussion
The Trust relationship between the workstation and Domain Failed -Win7
Hi all, Over the last week or so, we have experienced an epidemic of Windows 7 PCs displaying the message "The trust relationship between this workstation and the primary domain has failed". We have had to manually unjoin and rejoin over 140+ PCs in the last week alone, however some of...
Network & Sharing
"Failed-Virus scan failed" error when making downloads on chrome
I have actually been getting this error for the past month, at least since March 29th. I've made several attempts to work around it but to no avail. It appears that there is an error with the other browsers as well. I have searched for solutions for this for several weeks, none of which fit my...
Browsers & Mail
Time service issues causing Domain trust relationship to be broken
We have a select group of approximately 20+ domain computers having the same issue when they boot their computer in the mornings. The time changes back to the exact time when they shutdown the evening before. It appears that it begins to complete an incomplete shutdown, but users stating they are...
Network & Sharing
Workstation Giving logon errors. "The trust relationship"
Hi, i have a set of office computers linked to the main local Domain server. Its been a while now that some computers has been giving logon errors telling me "The security database on the server does not have a computer account for this workstation trust relationship". I could only temporarily fix...
Network & Sharing
trust relationship bet. this workstation & the primary domain failed
Hello, I need help again. We have several computers withWin7 Ent and Pro 64 and 32 bit. :confused:. For some i-dont-know reason, it showed 'the trust relationship between this workstation & the primary domain failed' when we login. It happened few times already. The issue is resolved if we...
Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:48.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App