When winbindd (as NT4 PDC/BDC) tries to connect trusted domains via
SMB, but it's not possible to use the trust account for SMB connections.
So we try to use the local machine account. But NT4 PDC/BDC
are not self joined, so we don't have a local machine account.
Winbindd falls back to anonymous credentials, but then fails
internally because we require signing, which is not possible
with anonymous credentials.
I think the fix should be using only anonymous SMB connections
and require schannel authentication, which means SAMR is not