I have successfully, well somewhat successfully, joined a native Windows 2003 Active Directory domain as a domain member. The "home" domain has a two-way trust relationship with another domain in the same Forest. The Samba server can provide proper access to any object within it's "home" domain, however, I am having difficulty providing access to the Samba server share(s) to objects in the trusted domain. The getent passwd and getent group commands appear to work fine for the "home" domain, but are failing to list trusted domain objects. The wbinfo -u and wbinfo -g commands work fine and list the objects of the "home" domain, but nothing for the trusted domain. The wbinfo -m will not work and produces the following error within the /var/log/samba/winbindd.log file: RTP+vanderce RTP+Vandivl RTP+Vandivlt RTP+vangorr RTP+VEACHJL RTP+Villiaem RTP+Voat RTP+Vogeljs RTP+Wagnerwl RTP+Walkerjv RTP+Wardensd RTP+Watkinrm RTP+Wayh RTP+Weathett RTP+Wedekise RTP+Weekscn RTP+Weissbj RTP+Westsk RTP+Wheelekt RTP+whitakja RTP+Whitela RTP+Whitesje RTP+Wiedmamm RTP+wigginrs RTP+wilkiesm RTP+WILKINVM RTP+Willetjb RTP+Williabt RTP+Williajm RTP+WILLIAJN RTP+Williak4 RTP+Williaka RTP+Williapc RTP+Willias2 RTP+willifja RTP+Willitag RTP+Wilsondd RTP+winburja RTP+Wintroma RTP+WITTEWS RTP+woodal RTP+Woodroma RTP+Wootenns RTP+Wrightar RTP+wrightwr RTP+Wudelj RTP+Wurstdl RTP+Wyckoff RTP+xerox012 RTP+Yangs RTP+yelvermy RTP+Yocumh RTP+youngera RTP+Youngmd RTP+Younteo RTP+YUANJ RTP+yudeenv RTP+Yunkerrm RTP+zamunda RTP+zelenine RTP+Zhitoves RTP+Zimmersa RTP+Zinntb [root@wilbids01 samba]# ll total 4052 -rw-r--r-- 1 root root 694249 May 2 08:42 adgroup3.txt -rw-r--r-- 1 root root 1354945 May 2 10:10 adusers2.txt -rw-r--r-- 1 root root 248530 May 2 13:21 adusers3.txt -rw-r--r-- 1 root root 1354553 Apr 29 07:46 adusers.txt -rw-r--r-- 1 root root 20 Jan 3 22:09 lmhosts -rw------- 1 root root 8192 May 2 12:55 secrets.tdb -rw------- 1 root root 8192 Apr 18 10:48 secrets.tdb.bak -rw-r--r-- 1 root root 14107 May 2 14:13 smb.conf -rw-r--r-- 1 root root 11550 Apr 20 10:47 smb.conf.adwork -rw-r--r-- 1 root root 14131 Apr 29 10:18 smb.conf.bak -rw-r--r-- 1 root root 14054 Apr 28 17:12 smb.conf.latest -rw-r--r-- 1 root root 11245 Apr 18 15:11 smb.conf.work -rw------- 1 root root 101 Apr 18 18:11 smbpasswd -rw-r--r-- 1 root root 97 Apr 18 14:15 smbusers -rw-r--r-- 1 root root 40003 Apr 29 07:47 wbinfo-g.txt -rw-r--r-- 1 root root 130 Apr 28 15:53 wbinfo-m.txt -rw-r--r-- 1 root root 311912 Apr 29 07:48 wbinfo-u.txt [root@wilbids01 samba]# rm adusers3.txt rm: remove regular file `adusers3.txt'? y [root@wilbids01 samba]# getent group >> adgroup2.txt [root@wilbids01 samba]# ll total 3944 -rw-r--r-- 1 root root 135253 May 2 14:47 adgroup2.txt -rw-r--r-- 1 root root 694249 May 2 08:42 adgroup3.txt -rw-r--r-- 1 root root 1354945 May 2 10:10 adusers2.txt -rw-r--r-- 1 root root 1354553 Apr 29 07:46 adusers.txt -rw-r--r-- 1 root root 20 Jan 3 22:09 lmhosts -rw------- 1 root root 8192 May 2 12:55 secrets.tdb -rw------- 1 root root 8192 Apr 18 10:48 secrets.tdb.bak -rw-r--r-- 1 root root 14107 May 2 14:13 smb.conf -rw-r--r-- 1 root root 11550 Apr 20 10:47 smb.conf.adwork -rw-r--r-- 1 root root 14131 Apr 29 10:18 smb.conf.bak -rw-r--r-- 1 root root 14054 Apr 28 17:12 smb.conf.latest -rw-r--r-- 1 root root 11245 Apr 18 15:11 smb.conf.work -rw------- 1 root root 101 Apr 18 18:11 smbpasswd -rw-r--r-- 1 root root 97 Apr 18 14:15 smbusers -rw-r--r-- 1 root root 40003 Apr 29 07:47 wbinfo-g.txt -rw-r--r-- 1 root root 130 Apr 28 15:53 wbinfo-m.txt -rw-r--r-- 1 root root 311912 Apr 29 07:48 wbinfo-u.txt [root@wilbids01 samba]# getent passwd >> adusers3.txt [root@wilbids01 samba]# ll total 4252 -rw-r--r-- 1 root root 135253 May 2 14:47 adgroup2.txt -rw-r--r-- 1 root root 694249 May 2 08:42 adgroup3.txt -rw-r--r-- 1 root root 1354945 May 2 10:10 adusers2.txt -rw-r--r-- 1 root root 307732 May 2 14:47 adusers3.txt -rw-r--r-- 1 root root 1354553 Apr 29 07:46 adusers.txt -rw-r--r-- 1 root root 20 Jan 3 22:09 lmhosts -rw------- 1 root root 8192 May 2 12:55 secrets.tdb -rw------- 1 root root 8192 Apr 18 10:48 secrets.tdb.bak -rw-r--r-- 1 root root 14107 May 2 14:13 smb.conf -rw-r--r-- 1 root root 11550 Apr 20 10:47 smb.conf.adwork -rw-r--r-- 1 root root 14131 Apr 29 10:18 smb.conf.bak -rw-r--r-- 1 root root 14054 Apr 28 17:12 smb.conf.latest -rw-r--r-- 1 root root 11245 Apr 18 15:11 smb.conf.work -rw------- 1 root root 101 Apr 18 18:11 smbpasswd -rw-r--r-- 1 root root 97 Apr 18 14:15 smbusers -rw-r--r-- 1 root root 40003 Apr 29 07:47 wbinfo-g.txt -rw-r--r-- 1 root root 130 Apr 28 15:53 wbinfo-m.txt -rw-r--r-- 1 root root 311912 Apr 29 07:48 wbinfo-u.txt [root@wilbids01 samba]# rm adusers3.txt rm: remove regular file `adusers3.txt'? y [root@wilbids01 samba]# ll total 3944 -rw-r--r-- 1 root root 135253 May 2 14:47 adgroup2.txt -rw-r--r-- 1 root root 694249 May 2 08:42 adgroup3.txt -rw-r--r-- 1 root root 1354945 May 2 10:10 adusers2.txt -rw-r--r-- 1 root root 1354553 Apr 29 07:46 adusers.txt -rw-r--r-- 1 root root 20 Jan 3 22:09 lmhosts -rw------- 1 root root 8192 May 2 12:55 secrets.tdb -rw------- 1 root root 8192 Apr 18 10:48 secrets.tdb.bak -rw-r--r-- 1 root root 14107 May 2 14:13 smb.conf -rw-r--r-- 1 root root 11550 Apr 20 10:47 smb.conf.adwork -rw-r--r-- 1 root root 14131 Apr 29 10:18 smb.conf.bak -rw-r--r-- 1 root root 14054 Apr 28 17:12 smb.conf.latest -rw-r--r-- 1 root root 11245 Apr 18 15:11 smb.conf.work -rw------- 1 root root 101 Apr 18 18:11 smbpasswd -rw-r--r-- 1 root root 97 Apr 18 14:15 smbusers -rw-r--r-- 1 root root 40003 Apr 29 07:47 wbinfo-g.txt -rw-r--r-- 1 root root 130 Apr 28 15:53 wbinfo-m.txt -rw-r--r-- 1 root root 311912 Apr 29 07:48 wbinfo-u.txt [root@wilbids01 samba]# wbinfo -m Could not list trusted domains [root@wilbids01 samba]# net ads info LDAP server: 172.17.90.16 LDAP server name: wildc01 Realm: AMERICAS.PPDI.LOCAL Bind Path: dc=AMERICAS,dc=PPDI,dc=LOCAL LDAP port: 389 Server time: Mon, 02 May 2005 14:48:38 GMT KDC server: 172.17.90.16 Server time offset: 37 [root@wilbids01 samba]# kinit aawellssh@AMERICAS.PPDI.LOCAL Password for aawellssh@AMERICAS.PPDI.LOCAL: [root@wilbids01 samba]# cd / [2005/05/02 14:54:45, 3] libads/sasl.c:ads_sasl_spnego_bind(211) name wildc01#20 found. [2005/05/02 14:54:45, 10] libsmb/namequery.c:remove_duplicate_addrs2(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2005/05/02 14:54:45, 4] libsmb/namequery.c:get_dc_list(1406) get_dc_list: returning 1 ip addresses in an ordered list [2005/05/02 14:54:45, 4] libsmb/namequery.c:get_dc_list(1407) get_dc_list: 172.17.90.16:389 [2005/05/02 14:54:45, 5] libads/ldap.c:ads_try_connect(85) ads_try_connect: trying ldap server '172.17.90.16' port 389 [2005/05/02 14:54:45, 3] libads/ldap.c:ads_connect(247) Connected to LDAP server 172.17.90.16 [2005/05/02 14:54:45, 3] libads/ldap.c:ads_server_info(2432) got ldap server name wildc01@AMERICAS.PPDI.LOCAL, using bind path: dc=AMERICAS,dc=PPDI,dc=LOCAL [2005/05/02 14:54:45, 4] libads/ldap.c:ads_server_info(2438) time offset is 37 seconds [2005/05/02 14:54:45, 4] libads/sasl.c:ads_sasl_bind(447) [2005/05/02 14:54:45, 5] libsmb/namecache.c:namecache_fetch(201) name wildc01#20 found. [2005/05/02 14:54:45, 10] libsmb/namequery.c:remove_duplicate_addrs2(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2005/05/02 14:54:45, 4] libsmb/namequery.c:get_dc_list(1406) get_dc_list: returning 1 ip addresses in an ordered list [2005/05/02 14:54:45, 4] libsmb/namequery.c:get_dc_list(1407) get_dc_list: 172.17.90.16:389 [2005/05/02 14:54:45, 5] libads/ldap.c:ads_try_connect(85) ads_try_connect: trying ldap server '172.17.90.16' port 389 [2005/05/02 14:54:45, 3] libads/ldap.c:ads_connect(247) Connected to LDAP server 172.17.90.16 [2005/05/02 14:54:45, 3] libads/ldap.c:ads_server_info(2432) got ldap server name wildc01@AMERICAS.PPDI.LOCAL, using bind path: dc=AMERICAS,dc=PPDI,dc=LOCAL [2005/05/02 14:54:45, 4] libads/ldap.c:ads_server_info(2438) time offset is 37 seconds [2005/05/02 14:54:45, 4] libads/sasl.c:ads_sasl_bind(447) Found SASL mechanism GSS-SPNEGO [2005/05/02 14:54:45, 3] libads/sasl.c:ads_sasl_spnego_bind(204) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2005/05/02 14:54:45, 3] libads/sasl.c:ads_sasl_spnego_bind(204) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2005/05/02 14:54:45, 3] libads/sasl.c:ads_sasl_spnego_bind(204) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2005/05/02 14:54:45, 3] libads/sasl.c:ads_sasl_spnego_bind(204) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2005/05/02 14:54:45, 3] libads/sasl.c:ads_sasl_spnego_bind(211) ads_sasl_spnego_bind: got server principal name =wildc01$@AMERICAS.PPDI.LOCAL [2005/05/02 14:54:45, 3] libsmb/clikrb5.c:ads_krb5_mk_req(382) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2005/05/02 14:54:45, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain AMERICAS failed: Cannot read password [2005/05/02 14:54:45, 1] nsswitch/winbindd_util.c:init_domain_list(327) Could not fetch sid for our domain AMERICAS [2005/05/02 14:54:45, 1] nsswitch/winbindd_misc.c:winbindd_list_trusted_domains(118) winbindd_list_trusted_domains: could not refresh trusted domain list [2005/05/02 14:54:45, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/05/02 14:54:45, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 0 bytes. Need 1824 more for a full request. [2005/05/02 14:54:45, 5] nsswitch/winbindd.c:winbind_client_read(477) Thanks, Svn ______________________________________________________________________ This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient or a person responsible for delivering this transmission to the intended recipient, you are hereby notified that you must not read this transmission and that any disclosure, copying, printing, distribution or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner.