[Samba] Trusted NT domains won't connect

[Dan Tremitiere]

Hi all,

I've been struggling with this problem for quite some time, and I'm
hoping someone will have an answer for me.  I'm trying to use Samba to
authenticate against a campus-wide NT domain setup.  As such, I can't
change any of the details of the NT domain.

The NT domains are set up as follows:

                +-----> USER1
                |
     MACHINES <-+-----> USER2
                |
                +-----> USER3

Machines join the MACHINES domain, using a username (let's call it
"addmachine") and password set aside for this purpose.  USER1, USER2,
and USER3 are trusted by MACHINES, and all user accounts are created in
these three domains.

I've got smbd and winbindd running under Samba 3.0.2a1.  Issuing

    net join -S PDCNAME -Uaddmachine%password

returns

    Joined domain MACHINES.

Issuing wbinfo -m at this point will return:

    USER1
    USER2
    USER3

(MACHINES is absent.)

Issuing wbinfo --sequence, however, returns:

USER1 : DISCONNECTED
USER2 : DISCONNECTED
USER3 : DISCONNECTED
MACHINES : 75917

Try as I might, I have never gotten Samba to connect to the USER1-3
domains.  What am I doing wrong?  The global section of my smb.conf 
(minus comments) is
below.

My apologies if this is a duplicate post; I tried posting it to 
linux.samba but
that seems to just be a mail -> news gateway.

     Dan


smb.conf:
[global]

workgroup = MACHINES
server string = myservername

log file = /var/log/samba/log.%m
max log size = 50

security = domain
password server = PDC

encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

dns proxy = no

winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes