Having issues with trusted domain scan if the primary domain is a tree-root but not the forest root.

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Jan 29 06:40:16 UTC 2019

On Mon, Jan 28, 2019 at 11:24:13PM +0000, Hemanth Thummala via samba-technical wrote:
> We were debugging an issue related to trusted domain scan. Samba
> file server is joined to a domain which is a tree root in the
> forest, but not the forest root. We have few forest trusts
> established at forest root level. When we try to scan the trusted
> domains, we were able to get all the domains with in the forest of
> our primary domain but nothing from other forests.

The fact alone that we scan trusted domains is a bug. This bug is on
it's way to be fixed. There have been some significant fixes in
winbind remove this dependency. In Samba 4.8 you have the "winbind
scan trusted domains" option which will be defaulted to "no" soon.
Please try with 4.8 and setting that to off. Your case might be a very
good testcase for this option, and we will deeply look at the bugs you
see when setting it to "no".

Regards, Volker

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-370000-0, mailto:kontakt at sernet.de
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de

More information about the samba-technical mailing list