Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2637: Samba messages about "Could not receive trustdoms"

12 April,16 at 11:10 AM

Question:
 
There is a recurring error every 5 minutes in /var/log/samba/log.winbindd:
 
winbindd/winbindd_util.c:289(trustdom_recv) Could not receive trustdoms
 
There is no additional info on these messages - What do they mean?
 
Answer:
 
Samba scans for trusted domains in 3 places in the code:
 
1) The first scan asks a DC in its local domain to enumerate the trusts within the forest - this should succeed.
 
2) The second scan requires samba to contact a DC in the root of the local forest and ask about other forest trusts. This may fail if access to the root domain of the forest is blocked by a firewall.
 
3) If the second scan succeeds, then the third scan is a series of scans where samba attempts to contact a DC in the root of trusted forests to enumerate the domains they trust (transitive forest trusts). Some or all of these forests may be firewalled.
 
Check to see if a firewall is blocking any of these scenarios. 
 
Note that this is a level 1 log, so it will show up under normal conditions:
 
DEBUG(1, ("Could not receive trustdoms\n"));
 
There is an undocumented smb.conf parameter that tells samba to stop attempting trust lookups based on the NTLM domain name
 
winbind:ignore domains = NTLMDom1 NTLMDom2...
 
Examples of it being used:
http://www.livingonthecloud.net/2009/07/samba-squid-and-active-directory.html
http://boardreader.com/thread/Samba_Winbind_issue_connecting_to_trust_fnfgX8pbf.html
(All links are provided as courtesy)

Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy.  Customers should contact the vendor if there are any further questions

Related Articles

 articleKB-2346: Cannot access samba share after upgrading Centrify DC and Centrify Samba articleKB-6842: Overview of the steps to upgrade or migrate from Centrify-enabled Samba to stock Samba with Centrify Adbindproxy articleKB-1570: Access Denied to samba share when 'force user' defined articleKB-8867: Solaris Samba not able to connect with NT_STATUS_CONNECTION_DISCONNECTED and krb5_kt_start_seq_get failed (No such file or directory) error articleKB-1771: Unable to read/write to a NFS/Samba share when user is more than 16 groups articleKB-1589: Unable to access Samba shares after tdb limit is reached articleKB-6041: How to show current license type in use by adclient articleKB-1827: Samba server stop responding when AD user belongs to more than 16 AD groups articleKB-6040: How to change the license type in use after adclient successful joined to the AD?