We have a three-way Samba trust in our development environment. All three are using OpenLDAP and Samba 3.0.21. The LDAP database is shared for access to Posix/Samba user info. SID's are appropriately assigned to the users and machines with algorithmic RID's and the IDMAP table is preloaded with the SID-RID to UID mappings. This all works and was tested with assigning windows ACLs to shares with users from trusted domains. The problem is the following: ACDEV trusts DEVXP and DEVEX DEVXP trusts ACDEV and DEVEX DEVEX trusts ACDEV and DEVXP A machine INTDEV4 (INTDEV4$) joins ACDEV. INTDEV4 shows INTDEV4 (local machine), ACDEV, DEVEX and DEVXP as possible choices for logging in. Perfect. Three users are used for testing: billtest (sambaSID & sambaPrimaryGroupSID is in ACDEV) log on to ACDEV - YES log on to DEVXP - YES log on to DEVEX - YES edwartho (sambaSID & sambaPrimaryGroupSID is in DEVEX) log on to ACDEV - **NO** log on to DEVXP - YES log on to DEVEX - YES test1 (sambaSID & sambaPrimaryGroupSID is in DEVXP) log on to ACDEV - **NO** log on to DEVXP - YES log on to DEVEX - YES The error received for the **NO** is "The username and password provided...please check case...etc" log.smbd shows NT_STATUS_OK for checking the NT password, but a parse underflow later on (see snip below) If I change INTDEV4$ to have SID in DEVXP and join it to DEVXP: billtest (sambaSID & sambaPrimaryGroupSID is in ACDEV) log on to ACDEV - YES log on to DEVXP - **NO** log on to DEVEX - YES edwartho (sambaSID & sambaPrimaryGroupSID is in DEVEX) log on to ACDEV - YES log on to DEVXP - **NO** log on to DEVEX - YES test1 (sambaSID & sambaPrimaryGroupSID is in DEVXP) log on to ACDEV - YES log on to DEVXP - YES log on to DEVEX - YES I have the logs if someone wants to see, or is this expected behavior? <snip of billtest failure> [2005/12/29 17:01:08, 5] auth/auth.c:check_ntlm_password(294) check_ntlm_password: PAM Account for user [billtest] succeeded [2005/12/29 17:01:08, 2] auth/auth.c:check_ntlm_password(307) check_ntlm_password: authentication for user [billtest] -> [billtest] -> [bil ltest] succeeded ... [2005/12/29 17:01:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) 022c status : NT_STATUS_OK [2005/12/29 17:01:08, 5] rpc_server/srv_pipe.c:api_rpcTNP(2254) api_rpcTNP: called NETLOGON successfully [2005/12/29 17:01:08, 10] rpc_server/srv_pipe.c:api_rpcTNP(2263) api_rpcTNP: rpc input buffer underflow (parse error?) [2005/12/29 17:01:08, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 00fc : 8a e3 13 71 02 f4 36 71 01 40 04 00 01 00 00 00 [2005/12/29 17:01:08, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 920 [2005/12/29 17:01:08, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 320 [2005/12/29 17:01:08, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=7703 nwritten=336 Cheers, Bill