I have a test environment running Fedora 8 and Samba 3.0.28a on two PDC's and one Domain Member. I have a DOM-A PDC with a ldap backend, running winbind. I have a DOM-B PDC with a ldap backend, running winbind. The two domains have trusts both ways. I also have a domain member called TESTSERVER joined to the DOM-A domain, running winbind. I was running 3.0.28 on TESTSERVER and I could do "getent passwd" and see accounts from both domains. Since installing 3.0.28a on all servers I only see accounts from DOM-A domain when issuing the "getent passwd" , and the message in the log.winbindd is [2008/03/11 15:13:01, 5] passdb/secrets.c:get_trust_pw_clear(720) get_trust_pw_clear: could not fetch clear text trust account password for domain DOM-B I have an idmap entry in my ldap backend on DOM-A for users in DOM-B. My smb.conf on TESTSERVER is: [global] workgroup = DOM-A security = DOMAIN update encrypted = Yes map to guest = Bad User username map = /etc/samba/smbusers log level = passdb:5 auth:10 winbind:2 load printers = No preferred master = No local master = No dns proxy = No wins server = 100.10.10.31 ldap admin dn = cn=admin,dc=lufkin,dc=com ldap group suffix = ou=CP_groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=CP_comps ldap suffix = dc=lufkin,dc=com ldap ssl = no ldap user suffix = ou=People idmap domains = DOM-A idmap alloc backend = ldap template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes idmap alloc config:ldap_url = ldap://192.168.70.151/ idmap alloc config:ldap_base_dn = ou=idmap,dc=lufkin,dc=com idmap alloc config:ldap_user_dn = cn=admin,dc=lufkin,dc=com idmap alloc config:range = 50000-500000 idmap config DOM-A:ldap_url = ldap://192.168.70.151 idmap config DOM-A:range = 50000-500000 idmap config DOM-A:ldap_user_dn = cn=admin,dc=lufkin,dc=com idmap config DOM-A:ldap_base_dn = ou=idmap,dc=lufkin,dc=com idmap config DOM-A:backend = ldap idmap config DOM-A:default = yes ldapsam:trusted = yes ldapsam:editposix = yes [homes] comment = Home Directories read only = No create mask = 0775 force create mode = 0775 directory mask = 0775 force directory mode = 0775 browseable = No [testshare] path = /home/test-share valid users = DOM-B+travis, DOM-A+mikec write list = DOM-B+travis, DOM-A+mikec Any help would be appreciated. template shell = /bin/bash winbind separator = +