There has changed a lot in the last year, especially with 10.3.5.

I figured out some steps, but at the end I run into an error that may depend on other reasons. Maybe others are interested and can check that too.
The first you need for an Trust (oneway – NT trusts MacOSX) is a machine account with a password for the trust and the interdomain-flag [I] on the MacOSX-Server.

In 10.3.5(!) there is a path to a new binary added to the smb.conf.

add machine script = /usr/bin/opendirectorypdbconfig -c create_computer_account -r %u -n “/LDAPv3/127.0.0.
1″

This programm has no manpage and is IMHO undocumented, but if you call it without any parms, it will give some help.
So I played a bit and added a machine account including a password with this tool. The option -p is not documented for machine accounts, but it works.

I used:
opendirectorypdbconfig -c create_computer_account -r TrustingDomainname$ -p password -n “/LDAPv3/127.0.0.
1″

(The TrustingDomainname must be written in capital letters and must be followed by a “$” for machine account)

Then you have to change the [W]-flag in the account to [I]. The easiest way to that may be the detailed view in the WGM.

After that you can open the User Manager for Domains and add the trust in the Policies Menu. Type in the name of the MacOSX
Domain and the password you provided.

After that you should get an “domain relationship successfully established” message.

In my case I got this message but it didn’t work after all. That may depend on that lack of an clean WINS-Server installation. Both Server must use the same WINS-Server, otherwise it will not work.
Happily the old NT-Server is aged, misconfigured and faulty. I can’t change the WINS-Server at time.

Maybe others have more luck with this.