Hi, ?? We have 3 AD2003 forests, A.com, B.com and C.com.? A forest trust B, and B trust C. Transitive is enabled. ? We use ntlm_auth to authenticate with AD. Set A.com as default domain. Only users in A.com and B.com can ntlm_auth success. All users in C.com return "No such user" error. ? Anything?miss configured in smb.conf ? ? A-02fb83:/usr/local/etc/smb$ cat smb.conf [global] ??????? workgroup =?A ??????? server string = Samba Server ??????? log file = /var/log/samba/%m.log ??????? max log size = 500 ??????? security = ads ??????? password server = 10.155.20.48 ??????? #Enable support for only NTLMv2 on the server ??????? encrypt passwords = yes ??????? lanman auth = no ??????? ntlm auth = no ??????? socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ??????? dns proxy = no ??????? template shell = /bin/bash ??????? winbind use default domain = yes ??????? winbind trusted domains only = no ??????? realm =?A.com ??????? machine password timeout = 2592000 ??????? debuglevel = 0 ? John ___________________________________________________________ ????????????????? http://card.mail.cn.yahoo.com/