Hi all, I want to let linux server join ad by using a trust ad's child domain user, but failed with error. below is my env and what I have try I have 3 domain controller: test.com,demo.com and chn.demo.com test.com with demo.com is two way trust. and chn.demo.com is the child domain of demo.com demo at demo.com chn at chn.demo.com can join ad member to test.com I have tested demo at demo.com chn at chn.demo.com let win server join the test.com domain all is ok. but when I do this under linux(centos7) via winbind(samba-winbind-4.2.10-7.el7_2.x86_64) demo at demo.com is ok, but chn at chn.demo.com just can't work. success: [root at test01 ~]# net ads join -U demo at demo.com%Test123 Using short domain name -- TEST Joined 'TEST01' to dns domain 'test.com' with error: [root at test01 ~]# net ads join -U chn at chn.demo.com%Test123 Failed to join domain: failed to lookup DC info for domain 'TEST.COM' over rpc: Logon failure [root at test01 ~]# net ads join -U chn\\chn%Demo123 kerberos_kinit_password chn at TEST.COM failed: Client not found in Kerberos database Failed to join domain: failed to connect to AD: Client not found in Kerberos database Is anybody know weather I miss something ? or how to use child domains user join ad via winbind? thanks Firxiao