At least in one case we had a MSRPC Bind failure issue that prevented us from successfully authenticating against the Windows Domain Controller on the LSARPC pipe and thus failing to create a trusts.
It is unclear why the Windows KDC failed to properly authenticate or requests, the exact same calls (and bind mode) were used against multiple other DCs without issues. A microsoft documentation response team person also investigated the issue (looking at the Windows source code) and couldn't really tell what happened. We filed this as a fluke and proceeded testing with the working Domain Controllers. We may want consider performing an explicit bind in future instead of relying on the underlying SMB protocol credentials in order to make the code more robust. Metze also suggested the enabling signing on the SMB connection may help.
This may be a samba bug, but if we can force the python bindings to perform an explicit RPC Bind (using NTLMSSP) instead of relying on an implict bind over SMB we should probably do it.
Changing 3.2 priority
Move all uncompleted tickets to next month bucket.
Possibly it is related to this:
Network access: Restrict anonymous access to Named Pipes and Shares http://technet.microsoft.com/en-us/library/cc778473%28v=ws.10%29.aspx
Agreed in triage to move to Pilsner.
Rename "trusts" component to "Trusts" to achieve correct sorting.
Metadata Update from @simo: - Issue assigned to someone - Issue set to the milestone: Future Releases
Login to comment on this ticket.