The wiki indicates this should be possible. I tried a cross forest trust. s4 server is server1.ad.this.com, 2008 server is test-ad2008-vm.domain.that.com. Samba domain works, can join workstations, add shares, etc. Using bind for DNS #samba-tool domain trust create domain.that.com --type=external --direction=incoming --create-location=local New Outgoing Trust Password: Retype Outgoing Trust Password: LocalDomain Netbios[AD] DNS[ad.this.com] SID[S-1-5-21-3250756934-4054970792-2360139714] RemoteDC Netbios[TEST-AD2008-VM] DNS[test-ad2008-vm.domain.that.com] ServerType[PDC,GC,LDAP,DS,KDC,TIMESERV,CLOSEST,WRITABLE,GOOD_TIMESERV,FULL_SECRET_DOMAIN_6,ADS_WEB_SERVICE] Password for [administrator at AD.THIS.COM]: Segmentation fault I changed the dns on both servers os that they can see each other (stub domain on windows, secondary zone on bind on samba) Samba is 4.4rc3 compiled on Jessie 64 bit. Am i doing this wrong? Probably. Will retry with 4.3.x