Hi, I am having a problem with "security = domain" and users trying to log in from trusted AD domains. I was wondering if I can get some more information here on how it is actually supposed to work. Does Samba need to talk directly to the controller of the trusted domain? That sort of thing. I can't find a good explanation in the standard documentation. I see in the logs that Samba server is unable to find trusted domain information and maps the user from trusted domain to a local one. How is the trusted domain list normally populated? Please note that there's no "security = ADS" or winbindd in the picture. All the AD domains are related by the implicit AD trusts since they are in the same domain tree. I remember this working fine with versions 2.x.x, but it may have involved explicit trusts between AD domains. Thanks!