[Samba] winbind join ad via trust domain's user

[Fay zhang]

Hi all,
I want to let linux server join ad by using a trust ad's child domain user,
but failed with error.
below is my env and what I have try

I have 3 domain controller: test.com,demo.com and chn.demo.com

test.com with demo.com is two way trust. and chn.demo.com is the child
domain of demo.com

 demo at demo.com chn at chn.demo.com can  join ad member to test.com

I have tested demo at demo.com chn at chn.demo.com let win server  join the
test.com domain  all is ok.

but when I do this under linux(centos7) via
winbind(samba-winbind-4.2.10-7.el7_2.x86_64)  demo at demo.com is ok,
but chn at chn.demo.com just can't work.

success:
[root at test01 ~]# net ads join -U demo at demo.com%Test123
Using short domain name -- TEST
Joined 'TEST01' to dns domain 'test.com'


with error:
[root at test01 ~]# net ads join -U chn at chn.demo.com%Test123
Failed to join domain: failed to lookup DC info for domain 'TEST.COM' over
rpc: Logon failure
[root at test01 ~]# net ads join -U chn\\chn%Demo123
kerberos_kinit_password chn at TEST.COM failed: Client not found in Kerberos
database
Failed to join domain: failed to connect to AD: Client not found in
Kerberos database


Is anybody know weather  I miss something ? or how to use  child domains
user join ad via winbind?


thanks
Firxiao