samba - Jun 2007 - Problem authenticating users with pam_winbind from trusted domain

Hi all,
 
i've got a problem in authenticating users from a trusted domain with
pam_winbind.
 
smb.conf is:
 
[global]
        workgroup = AAAAA
        server string = CC-Server (SMC CI, Samba %v, %h)
        security = DOMAIN
        machine password timeout = 0
        log file = /var/log/samba/log.%m
        log level = 3
        max log size = 1000
        debug pid = Yes
        debug uid = Yes
        name resolve order = wins lmhosts host
        deadtime = 5
        socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY
        load printers = No
        machine password timeout = 0
        os level = 0
        lm announce = No
        preferred master = No
        local master = No
        domain master = No
        browse list = No
        dns proxy = No
        wins server = XXX.XXX.XXX.XXX
        kernel oplocks = No
        ldap ssl = no
        utmp = Yes
        idmap uid = 200000-230000
        idmap gid = 50000-60000
        template homedir = /home/%U
        template shell = /bin/bash
        winbind separator = +
        winbind use default domain = Yes
        create mask = 0755
        hide dot files = No
        oplocks = No
        level2 oplocks = No
        dos filetime resolution = Yes
        fake directory create times = Yes
        printing = bsd
        host msdfs = no
        msdfs root = no
 
 
Users from domain AAAAA can login to this system with account (without domain)
and
their windows-password.  
 
But, when a user from domain BBBBB (which is trusted to AAAAA) tries to login he
always
fails (no mather if he tries with or without adding domain).
 
What am i doing wrong???
 
thanks for your help,
Christian
 
 

___________________________________________________________

        Christian Masopust                                                  

        SIEMENS AG  PSE SMC CI E CM 
        Tel:   +43 (0) 5 1707 26866
        E-mail: christian.masopust@siemens.com
        Addr: Austria, 1210 Vienna, Siemensstra?e 90-92, B. 33, Rm. 243
        

        Firma: Siemens Aktiengesellschaft ?sterreich, Rechtsform:
Aktiengesellschaft,
        Sitz: Wien, Firmenbuchnummer: FN 60562 m, 
        Firmenbuchgericht: Handelsgericht Wien, DVR 0001708 
        ___________________________________________________________

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Masopust, Christian wrote:
> Hi all,
>  
> i've got a problem in authenticating users from a trusted domain with
pam_winbind.
What samba version are you using? Also, please increase "log level" to
10, uncomment "max log size", repeat the auth attempt and sent the
winbind logfiles off-list.

Thanks,
Guenther

- --
G?nther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner@redhat.com
Samba Team                              gd@samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFGg82LSOk3aI7hFogRAgUqAJ49LzP55iQfUxM2FG3sIlDNWxI1uQCeLm2J
1bvX+Wl2fRMqxfA9BbXCJ44=wMT5
-----END PGP SIGNATURE-----