Hi I have a rhel4 es running on x86_64 with samba-3.0.25b.  I am also using winbind.

I have joined my samba box to the AD domain without a problem.  I can wbinfo -u, -g, -m, -t succesfully.  I can getent passwd and group.  I can log in as an AD user and chhange permissions to AD users and groups on files and folders.

My AD domain has a two way trust with my NT4 domain.

I can su to a NT4 user and AD user as root on the samba box.

From the login prompt I can login to an AD user by supplying username and password - the only thing I can not do is login as an NT4 user without su'ing from root.  The problem seems to be with authentication.

I joined the domain using 'net ads join'.

my smb.conf
[global]
   workgroup = AD
   realm = AD.FOOBAR.COM
   netbios name = RHELSAMBA
   server string = Samba TEST server
   interfaces = eth0
   security = ads
   password server = AD_DC
   client NTLMv2 auth = Yes
   client lanman auth = No
   client plaintext auth = No
   log level = 1
   log file = /var/log/samba/%m.log
   max log size = 0
   smb ports = 139
   name resolve order = wins bcast hosts
   preferred master = No
   local master = No
   domain master = No
   winbind separator = +
   dns proxy = No
   wins server = X.X.X.X
   winbind enum users = yes
   winbind enum groups = yes
   idmap uid = 10000-65000
   idmap gid = 10000-65000
   template homedir = /home/WINUsers/%D/%U
   template shell = /bin/bash
   winbind use default domain = no

When I try to log in as NT4 user the log file states

pam_winbind(su): request failed: Trusted domain failure, PAM error was System error (4), NT error was NT_STATUS_TRUSTED_DOMAIN_FAILURE

We have a load of AD users and a load of NT users and I need to be able to authenticate both lots.  Can anyone give me any pointers as to what I am doing wrong?

Many thanks

------------------------------------------
Somethings come from nothing, nothing seems to come from somethings - SFA - Guerilla

roycrom :)