Hi! My organization has a number of branch offices with separate domain for each of them. All these domains are based on one large NSS LDAP tree, each domain based on separate subtree in it. One domain defined as "main" domain and should have trust with all other domains. But unix user names for trust accounts are the same as trusting domain name, so in case with my setup (one unix accounts database) when some site wishes to trust domain that already established trust with some other domain, will fail, because domain trust account already exists. Here is example: DOM1 has trusts with DOM2 (so unix users dom1$ and dom2$ exists) DOM3 tries to trust DOM1 and will fail (because user dom1$ exists) Is there any way to avoid this problem with my setup? Note that I cannot make separate NSS LDAP tree for each site... Personally I see only one solution: I should write patch that will change samba behaviour for that domain trust accounts to be called on base of trusting AND trusted domain (i.e. "trust_dom1_dom2$")... My samba version is 3.0.20a. -- Nikita.