[Samba] _Truly_ disabling trusted domains?
obnox at samba.org
Mon Dec 22 21:24:34 GMT 2008
Jeremy Allison wrote:
> On Mon, Dec 22, 2008 at 07:41:52AM -0600, Gerald (Jerry) Carter wrote:
> > Michael Adam wrote:
> > >
> > > Nick wrote:
> > >> Is there a way to completely disable trusted domains in samba/winbind? Some
> > >> of the trusted domains are inaccessible to the client machines, which causes
> > >> winbind not to work due to all the timeouts/errors. I tried setting "allow
> > >> trusted domains = no", but when looking at the debug logs it's obvious that
> > >> winbind is still trying to look them up. It appears that winbind doesn't
> > >> respect the "allow trusted domains" at all.
> > >
> > > Hmmm, you are right: The manual page seems to promise too much
> > > in the description of "allow trusted domain". In fact looking at
> > > the code, it is a smbd-only option. It prevents smbd to perform
> > > explicit requests (like authentication) for trusted domains, but
> > > it does not prevent winbind from walking the list of trusted domains
> > > and trying to establish a connection to each of them (for instance
> > > when enumating users).
> > Thought I had fixed this. Patch against 3.2 that should work is attached.
> Pushed - thanks !
I didn't have time yet to take care of it.
Cheers - Michael
Michael Adam <ma at sernet.de> <obnox at samba.org>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 206 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20081222/2f3cd5b8/attachment.bin
More information about the samba