How to ignore trusted domains completely?
Dmitry Butskoy
buc at odusz.so-cdu.ru
Fri Oct 12 12:01:33 GMT 2007
Dmitry Butskoy wrote:
> Gerald (Jerry) Carter wrote:
>> Dmitry Butskoy wrote:
>>
>>> Our AD has several trusted domains. These domains are reported to
>>> winbind daemon, and then winbind tries to contact the correspond DCs.
>>> The "allow trusted domains = no" does not affect winbind in this
>>> context.
>>>
>>
>> That would be a BUG IMO. Where still talking about the 3.0.26a
>> installation with idmap_rid correct?
>>
> Yep.
>
>> Looking at the code, it appears that disabling trusted domains
>> regressed. Not sure when.
>>
>
> Maybe in "nsswitch/winbindd.c:process_loop()" -- run
> "rescan_trusted_domains()" conditionally?
>
> I can do any pre-tests if needed. Hint me what to try.
Well,
After I have commented out "rescan_trusted_domains()" in
"nsswitch/winbindd.c:process_loop()", all became fine!
No more need for "name resolve order = NULL" hack.
A lot of strange log reports (something related to some schannel
failures) are gone. I had plans to ask the maillist about it, but I now
have nothing to ask. :)
It seems that "rescan_trusted_domains()" should be conditionally
switchable off, either by "allow trusted domains = no", or by own
special config variable (bool or list).
~buc
More information about the samba-technical
mailing list