winbind should not abort on receiving NULL sid. Presently if the trusted domain has no SID, winbindd just aborts the session. This happens with MIT Kerberos realm added as trust to AD. This code change will make winbind skip NULL sid instead of aborting the request, winbind will process the remaining trusted domain SIDs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13914 Signed-off-by: Amit Kumar diff -up samba-4.10.4/source3/winbindd/winbindd_rpc.c.amit_patch samba-4.10.4/source3/winbindd/winbindd_rpc.c --- samba-4.10.4/source3/winbindd/winbindd_rpc.c.amit_patch 2019-05-28 01:27:23.223946791 +0530 +++ samba-4.10.4/source3/winbindd/winbindd_rpc.c 2019-05-28 01:30:00.375826959 +0530 @@ -958,24 +958,25 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX trust->dns_name = talloc_move(array, &dom_list_ex.domains[i].domain_name.string); if (dom_list_ex.domains[i].sid == NULL) { - DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->dns_name)); - return NT_STATUS_INVALID_NETWORK_RESPONSE; + DEBUG(0, ("Trusted Domain %s has no SID!\n", trust->dns_name)); + } else { + sid_copy(sid, dom_list_ex.domains[i].sid); } - sid_copy(sid, dom_list_ex.domains[i].sid); } else { trust->netbios_name = talloc_move(array, &dom_list.domains[i].name.string); trust->dns_name = NULL; if (dom_list.domains[i].sid == NULL) { - DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->netbios_name)); - return NT_STATUS_INVALID_NETWORK_RESPONSE; + DEBUG(0, ("Trusted Domain %s has no SID!\n", trust->netbios_name)); + } else { + sid_copy(sid, dom_list.domains[i].sid); } - - sid_copy(sid, dom_list.domains[i].sid); } - - trust->sid = sid; + if(sid != NULL) + trust->sid = sid; + else + trust->sid = NULL; } } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));