WHATSNEW: document changed wbinfo -m --verbose output
Ralph Böhme
slow at samba.org
Thu Mar 1 13:14:34 UTC 2018
On Thu, Mar 01, 2018 at 12:16:32PM +0100, Stefan Metzmacher wrote:
> Am 01.03.2018 um 12:13 schrieb Ralph Böhme via samba-technical:
> > Hi!
> >
> > Another WHATSNEW for 4.8.
> >
> > Please review&push if happy. Thanks!
>
> Looks good, but I would add a note that
> the Routed domains on a domain member may not be complete
> and auto learned during the runtime.
added. Updated version attached.
Please review&push if happy. Thanks!
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG Key Fingerprint: FAE2 C608 8A24 2520 51C5 59E4 AA1E 9B71 2639 9E46
-------------- next part --------------
From b9d885b78aa0a9185abfad5b356707bacd641618 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Thu, 1 Mar 2018 12:10:56 +0100
Subject: [PATCH] WHATSNEW: document changed wbinfo -m --verbose output
Signed-off-by: Ralph Boehme <slow at samba.org>
---
WHATSNEW.txt | 44 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index e7ea164b32e..d17b7861daa 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -27,6 +27,10 @@ smbclient reparse point symlink parameters reversed
See the more detailed description below.
+Changed trusted domains listing with wbinfo -m --verbose
+--------------------------------------------------------
+
+See the more detailed description below.
NEW FEATURES/CHANGES
====================
@@ -195,6 +199,46 @@ domain members to make use of the trust.
not supported. It's possible to create such a trust,
but the KDC and winbindd ignore them.
+Changed trusted domains listing with wbinfo -m --verbose
+--------------------------------------------------------
+
+The trust properties printed by wbinfo -m --verbose have been changed to
+correctly reflect the view of the system where wbinfo is executed.
+
+The trust type field in particular can show additional values that correctly
+reflect the type of the trust: "Local" for the local SAM and BUILTIN,
+"Workstation" for a workstation trust to the primary domain, "RWDC" for the SAM
+on a AD DC, "RODC" for the SAM on a read-only DC, "PDC" for the SAM on a
+NT4-style DC, "Forest" for a AD forest trust and "External" for quarantined,
+external or NT4-style trusts.
+
+Indirect trusts are shown as "Routed" including the routing domain.
+
+Example, on a AD DC (SDOM1):
+
+Domain Name DNS Domain Trust Type Transitive In Out
+BUILTIN Local
+SDOM1 sdom1.site RWDC
+WDOM3 wdom3.site Forest Yes No Yes
+WDOM2 wdom2.site Forest Yes Yes Yes
+SUBDOM31 subdom31.wdom3.site Routed (via WDOM3)
+SUBDOM21 subdom21.wdom2.site Routed (via WDOM2)
+
+Same setup, on a member of WDOM2:
+
+Domain Name DNS Domain Trust Type Transitive In Out
+BUILTIN Local
+TITAN Local
+WDOM2 wdom2.site Workstation Yes No Yes
+WDOM1 wdom1.site Routed (via WDOM2)
+WDOM3 wdom3.site Routed (via WDOM2)
+SUBDOM21 subdom21.wdom2.site Routed (via WDOM2)
+SDOM1 sdom1.site Routed (via WDOM2)
+SUBDOM11 subdom11.wdom1.site Routed (via WDOM2)
+
+The list of trusts may be incomplete and additional domains may appear as
+"Routed" if a user of an unknown domain is successfully authenticated.
+
VirusFilter VFS module
----------------------
--
2.13.6
More information about the samba-technical
mailing list