WHATSNEW: document changed wbinfo -m --verbose output

Ralph Böhme slow at samba.org
Thu Mar 1 13:14:34 UTC 2018 

On Thu, Mar 01, 2018 at 12:16:32PM +0100, Stefan Metzmacher wrote:
> Am 01.03.2018 um 12:13 schrieb Ralph Böhme via samba-technical:
> > Hi!
> > 
> > Another WHATSNEW for 4.8.
> > 
> > Please review&push if happy. Thanks!
> 
> Looks good, but I would add a note that
> the Routed domains on a domain member may not be complete
> and auto learned during the runtime.

added. Updated version attached.

Please review&push if happy. Thanks!

-slow

-- 
Ralph Boehme, Samba Team       https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG Key Fingerprint: FAE2 C608 8A24 2520 51C5  59E4 AA1E 9B71 2639 9E46
-------------- next part --------------
From b9d885b78aa0a9185abfad5b356707bacd641618 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Thu, 1 Mar 2018 12:10:56 +0100
Subject: [PATCH] WHATSNEW: document changed wbinfo -m --verbose output

Signed-off-by: Ralph Boehme <slow at samba.org>
---
 WHATSNEW.txt | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index e7ea164b32e..d17b7861daa 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -27,6 +27,10 @@ smbclient reparse point symlink parameters reversed
 
 See the more detailed description below.
 
+Changed trusted domains listing with wbinfo -m --verbose
+--------------------------------------------------------
+
+See the more detailed description below.
 
 NEW FEATURES/CHANGES
 ====================
@@ -195,6 +199,46 @@ domain members to make use of the trust.
   not supported. It's possible to create such a trust,
   but the KDC and winbindd ignore them.
 
+Changed trusted domains listing with wbinfo -m --verbose
+--------------------------------------------------------
+
+The trust properties printed by wbinfo -m --verbose have been changed to
+correctly reflect the view of the system where wbinfo is executed.
+
+The trust type field in particular can show additional values that correctly
+reflect the type of the trust: "Local" for the local SAM and BUILTIN,
+"Workstation" for a workstation trust to the primary domain, "RWDC" for the SAM
+on a AD DC, "RODC" for the SAM on a read-only DC, "PDC" for the SAM on a
+NT4-style DC, "Forest" for a AD forest trust and "External" for quarantined,
+external or NT4-style trusts.
+
+Indirect trusts are shown as "Routed" including the routing domain.
+
+Example, on a AD DC (SDOM1):
+
+Domain Name DNS Domain          Trust Type  Transitive  In   Out
+BUILTIN                         Local
+SDOM1       sdom1.site          RWDC
+WDOM3       wdom3.site          Forest      Yes         No   Yes
+WDOM2       wdom2.site          Forest      Yes         Yes  Yes
+SUBDOM31    subdom31.wdom3.site Routed (via WDOM3)
+SUBDOM21    subdom21.wdom2.site Routed (via WDOM2)
+
+Same setup, on a member of WDOM2:
+
+Domain Name DNS Domain          Trust Type  Transitive  In   Out
+BUILTIN                         Local
+TITAN                           Local
+WDOM2       wdom2.site          Workstation Yes         No   Yes
+WDOM1       wdom1.site          Routed (via WDOM2)
+WDOM3       wdom3.site          Routed (via WDOM2)
+SUBDOM21    subdom21.wdom2.site Routed (via WDOM2)
+SDOM1       sdom1.site          Routed (via WDOM2)
+SUBDOM11    subdom11.wdom1.site Routed (via WDOM2)
+
+The list of trusts may be incomplete and additional domains may appear as
+"Routed" if a user of an unknown domain is successfully authenticated.
+
 VirusFilter VFS module
 ----------------------
 
-- 
2.13.6

More information about the samba-technical mailing list