Bug 14447 - winbind no longer ignores trusts with selective-auth when scanning forests
Summary: winbind no longer ignores trusts with selective-auth when scanning forests
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-22 13:02 UTC by Isaac Boukris
Modified: 2020-07-28 11:08 UTC (History)
5 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Isaac Boukris 2020-07-22 13:02:28 UTC
In bug #14130 (d78c87e665e2O) we changed rescan_forest_trusts() to ignore new irrelevant lsa attributes (such as tgt-delegation), but by that we also stopped filtering out trusts with the CROSS_ORGANIZATION attribute, which can cause authentication failure causing winbind to retry intensively.

See also:
https://bugzilla.redhat.com/show_bug.cgi?id=1859426
Comment 1 Isaac Boukris 2020-07-22 13:06:14 UTC
wip patch at:
https://gitlab.com/samba-team/samba/-/merge_requests/1476
Comment 2 Isaac Boukris 2020-07-28 11:01:24 UTC
Leaving as is, see reasoning in the MR above.