Given a setup with a forest and a child domain:
example.com
subdom.example.com

When winbindd is joined as a domain member to the child domain, it tries
to contact the child domain controller and then the forest root domain
controller to discover trusted domains. Contacting the forest root
domain controller fails, resulting in an error message in the winbindd log:

[2016/10/07 15:10:38.203388,  1, pid=12113, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_util.c:352(trustdom_list_done)
  trustdom_list_done: Could not receive trusts for domain EXAMPLE

The failure is due to the domain controller of the forest root rejecting
the authentication on the netlogon pipe:

[2016/10/07 15:10:38.203273,  1, pid=12128, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:3321(cm_connect_netlogon_transport)
  rpccli_setup_netlogon_creds failed for EXAMPLE, unable to setup NETLOGON credentials: NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2016/10/07 15:10:38.203298,  5, pid=12128, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:1578(trusted_domains)
  trusted_domains: Could not open a connection to EXAMPLE for PIPE_NETLOGON (NT_STATUS_NO_TRUST_SAM_ACCOUNT)
[2016/10/07 15:10:38.203312,  3, pid=12128, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:168(winbindd_dual_list_trusted_domains)
  winbindd_dual_list_trusted_domains: trusted_domains returned NT_STATUS_UNSUCCESSFUL

This also triggers an event in the domain controller event log:

Event 3723, Netlogon

The session setup from computer 'SANDRATTLER-VM4' failed because the security database does not contain a trust account 'SANDRATTLER-VM4$' referenced by the specified computer.