I've got a 2008R2 server with a Samba3 ldap based trusted domain. From the Windows server it works fine (with a few hacks) I have a 3.6.6. (Debian Wheezy) samba joined to the AD domain as a member. wbinfo and getent on the member server show the AD users no problem but not the trusted domain. I'm not sure if this is actually supported. relevant parts of smb.conf idmap config * : backend = tdb idmap config * : range = 1000000-1999999 idmap config * : base_rid = 0 idmap config TRUSTED : backend = rid idmap config TRUSTED : range = 3000000-3999999 idmap config TRUSTED : base_rid = 0 idmap config AD : backend = rid idmap config AD : range = 2000000-2999999 idmap config AD : base_rid = 0 There is this interesting output: wbinfo -n TRUSTED\\nprice S-1-5-21-1423669638-2051222870-1230932851-13008 SID_USER (1) wbinfo -S S-1-5-21-1423669638-2051222870-1230932851-13008 3013008 So it looks like its working but wbinfo -u and getent passwd don't return anything for the trusted domain. Same for groups.