Commit 8a2bbba5cd0862ac196739c1e52385f7be1e3836 added a call to find_domain_from_name_noinit() to winbindd in a critical authentication codepath that is triggered with getpwsid which causes authentication failure with users from trusted domains that are not in the trusted domain list.
Commit 1ce165a73350e802500c32435dbefe3639340435 in master fixed this particular problematic use of find_domain_from_name_noinit(), but the real underlying problem is the use of a trusted-domain list in the first place.
But as 4.7 contains a backport of 8a2bbba5cd0862ac196739c1e52385f7be1e3836, we should backport 1ce165a73350e802500c32435dbefe3639340435 as well.
Created attachment 13834 [details]
Patch for 4.7 cherry-picked from master
(In reply to Ralph Böhme from comment #1)
Pushed to autobuild-v4-7-test.
Pushed to v4-7-test.
Closing out bug report.