My two-way trust with selective auth seems to behave opposite to a one-way trust
Solution 1:
You have to allow authentication on the computer objects you want to allow logins from the external domain. You can do it computer by computer, or you can set the permission in the OU that contains the computer objects.
What I would suggest is the following. In domain A create a local group, in domain B create a global group.
Make the global group in domain B a member of the local group in domain A.
Right-click on the ou containing the systems you want to allow and select properties. In the security tab, click advanced.
Add the domain local group and select Allowed to authenticate checkbox.
This will allow any users from domain b who are members of the global group, rights to sign into the systems you've designated.