Solved: Samba share not accessible – Error NT_STATUS_NO_TRUST_SAM_ACCOUNT ?
Today we will see one of the most common issues with respect to samba where the share is not accessible.
To troubleshoot this, we will see how to proceed step by step.
1. Check out the samba config files difference if any issue with syntax.
[root@ngelinux001 ~]# cd /etc/samba [root@ngelinux001 samba]# ls -ltr total 73932 -rw-r-----. 1 root root 197295 Jan 19 09:24 smb.conf.19022022 -rw-r-----. 1 root root 197696 Jan 19 13:12 smb.conf_21012022 -rw-------. 1 root root 187030 Jan 24 09:35 nohup.out -rw-r-----. 1 root root 197720 Jan 27 20:24 smb.conf.28Jan2022 -rw-r-----. 1 root root 198184 Feb 1 18:25 smb.conf_bkp02022022 -rw-r-----. 1 root root 198294 Feb 9 10:10 smb.conf [root@ngelinux001 samba]# [root@ngelinux001 samba]# diff smb.conf smb.conf_bkp02022022
2. Check out samba service status.
[root@ngelinux001 samba]# service smb status smbd (pid 32674) is running... [root@ngelinux001 samba]# [root@ngelinux001 samba]# service nmb status nmbd (pid 1340) is running... [root@ngelinux001 samba]# service sssd status sssd is stopped
3. If non-prod server, you can try to restart the services, else skip to 5th step.
[root@ngelinux001 samba]# service smb restart Shutting down SMB services: [ OK ] Starting SMB services: [ OK ] [root@ngelinux001 samba]# service nmb restart Shutting down NMB services: [ OK ] Starting NMB services: [ OK ] [root@ngelinux001 samba]#
4. Check the usage on different partitions.
[root@ngelinux001 samba]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/rootvg-rootlv 25G 4.1G 20G 18% / tmpfs 3.9G 0 3.9G 0% /dev/shm /dev/sda1 97M 75M 18M 82% /boot /dev/mapper/rootvg-homelv 124M 8.1M 116M 7% /home /dev/mapper/rootvg-metronlv 1008M 35M 974M 4% /home/metron /dev/mapper/rootvg-tmplv 2.0G 68M 1.9G 4% /tmp /dev/mapper/rootvg-usrlv 2.5G 2.0G 403M 84% /usr /dev/mapper/rootvg-SElv 1008M 84M 925M 9% /usr/SE /dev/mapper/rootvg-ngelv 1008M 611M 398M 61% /usr/nge /dev/mapper/rootvg-stdlistlv 1008M 171M 838M 17% /usr/nge/nge/stdlist /dev/mapper/rootvg-varlv 4.0G 3.0G 780M 80% /var
5. Check out samba logs.
[root@ngelinux001 samba]# cd /var/log/samba/ [root@ngelinux001 samba]# ls -ltr total 4156 -rw-r-----. 1 root root 0 Jul 14 2016 cat drwx------. 5 root root 4096 Jul 15 2016 cores -rw-r--r--. 1 root root 15967 Feb 15 08:12 _.log -rw-r--r--. 1 root root 0 Feb 15 08:12 hjuser_10.96.29.163.log -rw-r--r--. 1 root root 410712 Feb 15 08:13 log.nmbd -rw-r--r--. 1 root root 4942 Feb 15 08:14 log.winbindd-idmap -rw-r--r--. 1 root root 298 Feb 15 08:14 log.smbd [root@ngelinux001 samba]# tail -40f log.smbd [2022/02/15 08:00:40, 0] smbd/server.c:1054(main) smbd version 3.6.23-53.el6_10 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2022/02/15 08:14:40, 0] smbd/server.c:1054(main) smbd version 3.6.23-53.el6_10 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 ^C [root@ngelinux001 samba]# ^C [root@ngelinux001 samba]# tail -40f log.winbindd-idmap [2022/02/14 10:27:15.287535, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 10:42:20.382402, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 11:37:02.792718, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 12:06:30.315953, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 12:25:59.818175, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 12:45:54.243494, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 12:48:18.386404, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 13:00:32.982175, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 13:18:27.142750, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 13:35:10.229145, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 13:39:17.587526, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 13:45:43.440890, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 14:08:17.059560, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 14:59:49.876027, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 16:02:30.520140, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 16:21:28.556203, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/14 16:54:39.143564, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config NT AUTHORITY [2022/02/14 20:48:18.392633, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config IN_NGEL [2022/02/15 08:00:40.950603, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config ngelinux001 [2022/02/15 08:14:40.864281, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config ngelinux001 ^C [root@ngelinux001 samba]# ^C
6. Try restarting winbind service
[root@ngelinux001 samba]# service winbind status winbindd (pid 1595) is running... [root@ngelinux001 samba]# service winbind restart Shutting down Winbind services: [ OK ] Starting Winbind services: [ OK ] [root@ngelinux001 samba]# service winbind stop Shutting down Winbind services: [ OK ] [root@ngelinux001 samba]# service winbind restart Shutting down Winbind services: [FAILED] Starting Winbind services: [ OK ]
7. Try accessing share again and if not accessible then open the log directory again.
8. And check out the logs with your IP address and ID.
[root@ngelinux001 samba]# cat sjuser_10.192.72.132.log [2022/02/14 08:38:54.033234, 1] smbd/service.c:1114(make_connection_snum) azuwvd00009-0 (10.192.72.132) connect to service GMXSITFU_GMX_OSB initially as user gmxadmin (uid=5252, gid=205) (pid 27406) [2022/02/14 08:39:04.579764, 1] smbd/service.c:1378(close_cnum) azuwvd00009-0 (10.192.72.132) closed connection to service GMXSITFU_GMX_OSB [2022/02/14 10:21:25.685668, 1] smbd/service.c:1114(make_connection_snum) azuwvd00009-0 (10.192.72.132) connect to service GMXSITFU_GMX_OSB initially as user gmxadmin (uid=5252, gid=205) (pid 3154) [2022/02/14 10:21:37.780088, 1] smbd/service.c:1378(close_cnum) azuwvd00009-0 (10.192.72.132) closed connection to service GMXSITFU_GMX_OSB [2022/02/15 08:16:44.872355, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server NGESMB02.in.ngel.NET for domain IN_NGEL. [2022/02/15 08:16:44.872974, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine NGESMB02.in.ngel.NET. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. [2022/02/15 08:16:44.878510, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server NGESMB02.in.ngel.NET for domain IN_NGEL. [2022/02/15 08:16:44.878707, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine NGESMB02.in.ngel.NET. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. [2022/02/15 08:16:44.883473, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server NGESMB02.in.ngel.NET for domain IN_NGEL. [2022/02/15 08:16:44.883656, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine NGESMB02.in.ngel.NET. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. [2022/02/15 08:16:44.884124, 0] auth/auth_domain.c:292(domain_client_validate) domain_client_validate: Domain password server not available. [2022/02/15 08:16:44.948689, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server NGESMB02.in.ngel.NET for domain IN_NGEL. [2022/02/15 08:16:44.948920, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine NGESMB02.in.ngel.NET. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. [2022/02/15 08:16:44.954387, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server NGESMB02.in.ngel.NET for domain IN_NGEL. [2022/02/15 08:16:44.954575, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine NGESMB02.in.ngel.NET. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. [2022/02/15 08:16:44.959342, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server NGESMB02.in.ngel.NET for domain IN_NGEL. [2022/02/15 08:16:44.959522, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine NGESMB02.in.ngel.NET. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. [2022/02/15 08:16:44.959906, 0] auth/auth_domain.c:292(domain_client_validate) domain_client_validate: Domain password server not available. [root@ngelinux001 samba]#
9. Here we can see the error w.r.t domain.
Hence we need to add the samba server back to AD domain with below command.
# net ads join -U adminuser
Once you add the server back to domain, the error should go away.