openldap and active directory trust relationship

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Hi !
I have a Mac os X server 10.3.6 with openldap set up already with user
accounts,
and a kerberos REALM associated wich is the server complete name in Uppercase
under "mydomain.pt".
I have also a Win2k3 Server enterprise edition with user accounts for wich
I've created the "win.mydomain.pt".
What I want to do, is use both domains to authenticate users from XP pro
workstations
through a Trust Relationship between windows domain and kerberos realm
like the reference to trust relationships in
http://www.microsoft.com/TECHNET/p [...] .mspx#ECAA

What I did:

1 - windows (dc) - ksetup /addkdc MAC.MYDOMAIN.PT mac.mydomain.pt
2 - windows (dc) - create the trust (I've tried all kinds of trust,
bidirectional, etc)

3 - windows (workstations) - ksetup /addkdc MAC.MYDOMAIN.PT mac.mydomain.pt
and a new domain (kerberos type) appears on the login window

4 - Open Directory (kdc)
addprinc krbtgt/WIN.MYDOMAIN.PT@MAC.MYDOMAIN.PT
addprinc krbtgt/MAC.MYDOMAIN.PT@WIN.MYDOMAIN.PT
I've used the same passwords on the last 2 commands and on the trust
to avoid problems.

Supposely windows should trust mac os x server kdc to authenticate users, and
both mac and win server have user accounts.

Unfortunally this isn't working
I've also noted that in certain documentation, it's necessary to create
user mappings from the windows domain to the kerberos domain, wich is
something
that I don't want, because this envolves account duplication, and I want to
use
or one server or another to authenticate.
Is this possible ? If so, what am I doing wrong in my procedure ?
Thank you very much
Best regards

David