I have just setup a new installation of SLES and OES, running a samba setup as a PDC, but am getting the error, "The trust relationship between this workstation and the primary domain failed" after windows workstations join the samba domain.

The windows work stations are able to connect to the domain, and the workstation objects created in eDirectory, but once you reboot the machine and try to login to the domain with an eDirectory account you just get the trust error.

below is the configuration of the server, any help would be most appreciated

SLES Server
SUSE Linux Enterprise Server 11 (x86_64)

Novell Open Enterprise Server 2015 (x86_64)
VERSION = 2015.1

Samba version
novell-oes-samba 3.6.3_OES-76.7.1

Samba Config
workgroup = domain
server string = domain desc
# Replaced by OES Install: " passdb backend = tdbsam"
passdb backend = NDS_ldapsam:ldaps://IP:636
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
#include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
username map = /etc/samba/smbusers
client ipc signing = auto
resolve order = wins lmhosts hosts
remote announce = IP/domain
NDS_ldapsam:trusted = yes
allow trusted domains = yes
winbind trusted domains only = Yes
netbios name = domain-W
ldap admin dn = cn=name,o=unit
ldap suffix = o=unit
ldap machine suffix = ou=Samba Computers
ldap group suffix = ou=Samba Groups
ldap passwd sync = on
ldap ssl = no
security = user
encrypt passwords = yes
use sendfile = no
server string = auto
logon path =
logon home =
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
wins support = Yes
add machine script = /usr/bin/namuseradd -a 'cn=name,o=unit' -w 'secret' -x 'ou=Samba Computers,o=unit' -s /bin/false -d /dev/null -c 'Samba Machine Account' -g 'cn=Domain Computers,ou=Samba Groups,o=unit' '%u'

comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes