[Samba] _Truly_ disabling trusted domains?
Gerald (Jerry) Carter
jerry at samba.org
Mon Dec 22 13:41:52 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Adam wrote:
> Hi Nick,
>
> Nick wrote:
>> Is there a way to completely disable trusted domains in samba/winbind? Some
>> of the trusted domains are inaccessible to the client machines, which causes
>> winbind not to work due to all the timeouts/errors. I tried setting "allow
>> trusted domains = no", but when looking at the debug logs it's obvious that
>> winbind is still trying to look them up. It appears that winbind doesn't
>> respect the "allow trusted domains" at all.
>
> Hmmm, you are right: The manual page seems to promise too much
> in the description of "allow trusted domain". In fact looking at
> the code, it is a smbd-only option. It prevents smbd to perform
> explicit requests (like authentication) for trusted domains, but
> it does not prevent winbind from walking the list of trusted domains
> and trying to establish a connection to each of them (for instance
> when enumating users).
Thought I had fixed this. Patch against 3.2 that should work is attached.
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJT5kgIR7qMdg1EfYRAoZSAKDbR45MTOWwhuOcsTOJ4weMdfv9owCfUioL
bF4kwk9p/PjerzN8+il46p8=
=7fGD
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Winbind-Honor-the-allow-trusted-domains-option-wh.patch
Type: text/x-patch
Size: 1169 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20081222/bf895426/0001-Winbind-Honor-the-allow-trusted-domains-option-wh.bin
More information about the samba
mailing list