About adding a new 'winbind:allow domains' parameter

Samuel Cabrero scabrero at samba.org
Thu Oct 3 16:37:58 UTC 2019

On Wed, Oct 02, 2019 at 05:57:52PM +0200, Stefan Metzmacher via samba-technical wrote:
> What is the reason have just a manual specified subset of the trusted
> domains?
> I'd actually like to get rid of all this hacks and just trust our dc.

Because some users are currently using the documented parameter
'winbind:ignore domains', and when new domains are added to AD they have
to be added to this setting too. It is just a usability improvement.

But let me ask, why the 'ignore domains' option exists in first place?
The documentation says it "can avoid the overhead of resources from
attempting to login to DCs that should not be communicated with" but
from your reply I am not sure if this is still a valid assertion.

Samuel Cabrero                       scabrero at samba.org
Samba Team                                www.samba.org
GPG:  D7D6 E259 F91C F0B3 2E61 1239 3655 6EC9 7051 0856

More information about the samba-technical mailing list