About adding a new 'winbind:allow domains' parameter

Samuel Cabrero scabrero at samba.org
Wed Oct 9 10:27:34 UTC 2019

On Fri, Oct 04, 2019 at 07:08:26AM -0400, Jim McDonough via samba-technical wrote:
> On 10/4/19 5:50 AM, Andreas Schneider via samba-technical wrote:
> >> On Wed, Oct 02, 2019 at 05:57:52PM +0200, Stefan Metzmacher via
> >> samba-technical wrote:
> >>> I'd actually like to get rid of all this hacks and just trust our dc.
> > 
> > In the past we tried to communicate with the DC direclty. We had a child 
> > running for each domain member. The assumptions we had date back to NT4 style 
> > domain controllers. In the meantime we know we can only talk to our primary 
> > trust to authenticate users and the DC will route the request for us.
> Actually, even with the NT domain controllers, this was technically the
> wrong thing to do.  It just happens to work if you have two-way trusts.
>  So really this was before we had protocol information and were
> investigating it ourselves.

Thanks a lot for your responses, definitely adding it is not the way to

Samuel Cabrero                       scabrero at samba.org
Samba Team                                www.samba.org
GPG:  D7D6 E259 F91C F0B3 2E61 1239 3655 6EC9 7051 0856

More information about the samba-technical mailing list