Hello, I've a trouble with my Samba (3.0.10-1.4E.11) on a RHEL4. This Samba was joined in a Windows AD Domain without problem. Bellow, an extract of the smb.conf (without the share) [global] workgroup = ONE realm = MYDOM.COM netbios aliases = srv0001 server string = SRV0001 / Intranet & Applications Server security = DOMAIN password server = PWDSRV01, PWDSRV02, PWDSRV03, * algorithmic rid base = 100000 pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No log level = 4 log file = /var/log/samba/%m.log max log size = 1000 debug pid = Yes debug uid = Yes max xmit = 65535 socket options = IPTOS_THROUGHPUT TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 add user script = /usr/sbin/useradd %u -g smbusers delete user script = /usr/sbin/userdel %u os level = 33 preferred master = No local master = No domain master = No dns proxy = No wins server = xx.xx.xx.xx yy.yy.yy.yy ldap ssl = no idmap uid = 100000-999999999 idmap gid = 100000-999999999 template shell = /bin/bash winbind separator = / winbind enable local accounts = Yes winbind use default domain = Yes winbind nested groups = Yes create mask = 0775 nt acl support = No printing = lprng print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j lppause command = lpc hold '%p' %j lpresume command = lpc release '%p' %j queuepause command = lpc stop '%p' queueresume command = lpc start '%p' This domain, ONE.MYDOM.COM has bidirectionnal relationships with other domains ... TWO.MYDOM.COM THREE.MYDOM.COM ...etc, ... When I ask a list of domains with "wbinfo -m", the result is : [root@srv0001 samba]# wbinfo -m SRV0001 BUILTIN TWO THREE FOUR FIVE . . . [root@srv0001 samba]# I see all the trusted domain, well, but I don't see the ONE domain ! A "wbinfo -g" command return me only trusted domains groups ... never groups of the primary "ONE" domain It seems that everything is working fine ... (see below) [root@srv0001 samba]# wbinfo -n ONE/user01 S-1-5-21-6776287-1952083785-2110791508-497344 User (1) [root@srv0001 samba]# wbinfo -S S-1-5-21-6776287-1952083785-2110791508-497344 100020 [root@srv0001 samba]# wbinfo -t checking the trust secret via RPC calls succeeded [root@srv0001 samba]# wbinfo -a ONE/user01%good_password plaintext password authentication succeeded challenge/response password authentication succeeded [root@srv0001 samba]# wbinfo -a ONE/user01%bad_password challenge/response password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc000006a) error messsage was: Wrong Password Could not authenticate user ONE/user01 with challenge/response [root@srv0001 samba]# Except accessing groups and users of the primary domain ONE ... and I need to access these groups to include them in ACLs When I try a "wbinfo -g", I see the following message in winbindd.log : [2008/11/04 11:30:25, 3, pid=22415, effective(0, 0), real(0, 0)] nsswitch/winbindd_group.c:get_sam_group_entries(536) get_sam_group_entries: could not enumerate domain groups! Error: NT_STATUS_ACCESS_DENIED Is it related ? Any help would be appreciated. Thanks a lot in advance and regards. Christian PIGNOL 04 73 67 48 65 Notice: This e-mail message, together with any attachments, contains information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station, New Jersey, USA 08889), and/or its affiliates (which may be known outside the United States as Merck Frosst, Merck Sharp & Dohme or MSD and in Japan, as Banyu - direct contact information for affiliates is available at http://www.merck.com/contact/contacts.html) that may be confidential, proprietary copyrighted and/or legally privileged. It is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please notify us immediately by reply e-mail and then delete it from your system.