Given a setup with a forest and a child domain: example.com subdom.example.com When winbindd is joined as a domain member to the child domain, it tries to contact the child domain controller and then the forest root domain controller to discover trusted domains. Contacting the forest root domain controller fails, resulting in an error message in the winbindd log: [2016/10/07 15:10:38.203388, 1, pid=12113, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_util.c:352(trustdom_list_done) trustdom_list_done: Could not receive trusts for domain EXAMPLE The failure is due to the domain controller of the forest root rejecting the authentication on the netlogon pipe: [2016/10/07 15:10:38.203273, 1, pid=12128, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:3321(cm_connect_netlogon_transport) rpccli_setup_netlogon_creds failed for EXAMPLE, unable to setup NETLOGON credentials: NT_STATUS_NO_TRUST_SAM_ACCOUNT [2016/10/07 15:10:38.203298, 5, pid=12128, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:1578(trusted_domains) trusted_domains: Could not open a connection to EXAMPLE for PIPE_NETLOGON (NT_STATUS_NO_TRUST_SAM_ACCOUNT) [2016/10/07 15:10:38.203312, 3, pid=12128, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:168(winbindd_dual_list_trusted_domains) winbindd_dual_list_trusted_domains: trusted_domains returned NT_STATUS_UNSUCCESSFUL This also triggers an event in the domain controller event log: Event 3723, Netlogon The session setup from computer 'SANDRATTLER-VM4' failed because the security database does not contain a trust account 'SANDRATTLER-VM4$' referenced by the specified computer.
https://lists.samba.org/archive/samba-technical/2016-October/116602.html
This no longer occurs with Samba 4.6. Setting bugzilla to INVALID.