Currently we always map any incoming domain to our own domain in map_user_info_cracknames(), so that the winbind module is never used at all, e.g. we're DC of W4EDOM-L4.BASE with a forest trust to W2012R2-L4.BASE: [2017/03/22 10:09:54.268472, 3, pid=4724, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:271(auth_check_password_send) auth_check_password_send: Checking password for unmapped user [W2012R2-L4]\[administrator]@[UB1404-163] [2017/03/22 10:09:54.268496, 5, pid=4724, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth_util.c:57(map_user_info_cracknames) map_user_info_cracknames: Mapping user [W2012R2-L4]\[administrator] from workstation [UB1404-163] auth_check_password_send: mapped user is: [W4EDOM-L4]\[administrator]@[UB1404-163]
*** Bug 12811 has been marked as a duplicate of this bug. ***
Is this fixed by 236b24dfd29f1343c6de9a1e8c8baf3d2991244e in master for 4.7?
(In reply to Andrew Bartlett from comment #2) Yes, together with the sam_failtrusts module.
*** Bug 11833 has been marked as a duplicate of this bug. ***