In my domain i use 'winbind use default domain = yes'. I've also enabled ''offline logons'' following the samba wiki, and i've noted that (in 'smbcontrol winbind offline' mode): root@vdmsv1:~# wbinfo -K LNFFVG\\gaio Enter LNFFVG\gaio's password: plaintext kerberos password authentication for [LNFFVG\gaio] succeeded (requesting cctype: FILE) user_flgs: NETLOGON_CACHED_ACCOUNT credentials were put in: FILE:/tmp/krb5cc_0 root@vdmsv1:~# wbinfo -K gaio Enter gaio's password: plaintext kerberos password authentication for [gaio] succeeded (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0 eg, only using the domainful user ('LNFFVG\gaio') wbinfo reply adding 'user_flgs: NETLOGON_CACHED_ACCOUNT', using the short form no. I've done some auth test, and cached credentials works as expected, simply wbinfo reply in different way. Thanks.