Cannot logon to Ubuntu server using trusted domain AD credentials

I've got an AD domain joined Ubuntu 22.04 server. I need to be able to logon to it using credentials from a trusted domain that is attached to the AD domain that the server is a member of. Logon is not working using the trusted domain credentials. The following packages are installed: winbind, krb5-user, sssd-ad, samba The domains are domain1.org and domain2.local. domain1.org is the domain that my server is joined to, and domain2.local is the trusted domain. I can log on using domain1.org creds, and all the following commands work: ping domain1.org ping domain2.local id someuser@domain1.org id someuser@domain2.local wbinfo -i someuser@domain1.org wbinfo -i someuser@domain2.local wbinfo -n someuser@domain2.local net cache flush wbinfo --sid-to-uid I am not able to logon to this Ubuntu server using domain2.local creds. I do have a Rocky Linux server that is set up pretty much the same way as this one, and I *am* able to logon using domain2.local creds. Here are the samba, sssd, nsswitch, and krb5 configs: /etc/samba/smb.conf [global] workgroup = DOMAIN1 realm = DOMAIN1.ORG netbios name = MYTEST security = ads server signing = mandatory client signing = mandatory client lanman auth = no min protocol = SMB2 client min protocol = SMB2 client max protocol = SMB3 restrict anonymous = 2 os level = 0 preferred master = no local master = no domain master = no kerberos method = secrets and keytab load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes template homedir = /home/%D/%U template shell = /bin/bash map acl inherit = yes nt acl support = yes inherit acls = Yes acl group control = yes log level = 10 max log size = 10 log file = /var/log/samba/samba.log winbind use default domain = yes idmap config * : range = 1100-65534 idmap config * : backend = tdb idmap config * : backend = autorid idmap config * : range = 1000000-999999999 /etc/sssd/conf.d/sssd.conf [sssd] config_file_version = 2 domains = DOMAIN1.ORG reconnection_retries = 3 services = nss, pam, ssh, autofs [domain/DOMAIN1.ORG] #debug_level = 9 ad_hostname = mytest.domain1.org id_provider = ad auth_provider = ad access_provider = ad override_homedir = /home/%d/%u default_shell = /bin/bash cache_credentials = True krb5_store_password_if_offline = True krb5_realm = DOMAIN1.ORG fallback_homedir = /home/%u/%d ad_domain = domain1.org use_fully_qualified_names = False case_sensitive = False ad_gpo_ignore_unreadable = True dyndns_update = true dyndns_refresh_interval = 43200 ad_update_samba_machine_account_password = True [nss] filter_users = root [pam] reconnection_retries = 3 offline_credentials_expiration = 2 offline_failed_login_attempts = 3 offline_failed_login_delay = 5 /etc/nsswitch.conf passwd: files winbind systemd sss group: files winbind systemd sss shadow: files sss gshadow: files hosts: files resolve dns networks: files protocols: db files services: db files sss ethers: db files rpc: db files netgroup: nis sss automount: sss /etc/krb5.conf [logging] default = FILE:/var/log/krb5.log [libdefaults] default_realm = DOMAIN1.ORG dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true udp_preference_limit = 1 I appreciate any and all comments and/or assistance. Thanks!