[Samba] _Truly_ disabling trusted domains?
jra at samba.org
Mon Dec 22 19:07:43 GMT 2008
On Mon, Dec 22, 2008 at 07:41:52AM -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Michael Adam wrote:
> > Hi Nick,
> > Nick wrote:
> >> Is there a way to completely disable trusted domains in samba/winbind? Some
> >> of the trusted domains are inaccessible to the client machines, which causes
> >> winbind not to work due to all the timeouts/errors. I tried setting "allow
> >> trusted domains = no", but when looking at the debug logs it's obvious that
> >> winbind is still trying to look them up. It appears that winbind doesn't
> >> respect the "allow trusted domains" at all.
> > Hmmm, you are right: The manual page seems to promise too much
> > in the description of "allow trusted domain". In fact looking at
> > the code, it is a smbd-only option. It prevents smbd to perform
> > explicit requests (like authentication) for trusted domains, but
> > it does not prevent winbind from walking the list of trusted domains
> > and trying to establish a connection to each of them (for instance
> > when enumating users).
> Thought I had fixed this. Patch against 3.2 that should work is attached.
Pushed - thanks !
More information about the samba