[Samba] _Truly_ disabling trusted domains?

Gerald (Jerry) Carter jerry at samba.org
Mon Dec 22 13:41:52 GMT 2008

Hash: SHA1

Michael Adam wrote:
> Hi Nick,
> Nick wrote:
>> Is there a way to completely disable trusted domains in samba/winbind?  Some
>> of the trusted domains are inaccessible to the client machines, which causes
>> winbind not to work due to all the timeouts/errors.  I tried setting "allow
>> trusted domains = no", but when looking at the debug logs it's obvious that
>> winbind is still trying to look them up.  It appears that winbind doesn't
>> respect the "allow trusted domains" at all.
> Hmmm, you are right: The manual page seems to promise too much
> in the description of "allow trusted domain". In fact looking at
> the code, it is a smbd-only option. It prevents smbd to perform
> explicit requests (like authentication) for trusted domains, but
> it does not prevent winbind from walking the list of trusted domains
> and trying to establish a connection to each of them (for instance
> when enumating users).

Thought I had fixed this.  Patch against 3.2 that should work is attached.

cheers, jerry
- --
Samba                                    ------- http://www.samba.org
Likewise Software          ---------  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Winbind-Honor-the-allow-trusted-domains-option-wh.patch
Type: text/x-patch
Size: 1169 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20081222/bf895426/0001-Winbind-Honor-the-allow-trusted-domains-option-wh.bin

More information about the samba mailing list