The Samba-Bugzilla – Bug 3823
winbindd trusted domain list incomplete (changed since 3.0.21c)
Last modified: 2006-06-07 08:41:29 UTC
I have a multi-domain AD setup with a top level RABOTEST.COM domain and four trusted domains EU.RABOTEST.COM, AM.RABOTEST.COM, AP.RABOTEST.COM and OC.RABOTEST.COM. I join a Samba to EU.RABOTEST.COM and run winbindd in ADS mode with idmap_ad.
In version 3.0.21c the list of trusted domains displayed by wbinfo -m was all five domains. In 3.0.23rc1 it is only RABOTEST.COM.
The DS_DOMAIN_IN_FOREST flag has been dropped from the rpccli_ds_enum_domain_trusts call in winbindd_ads.c (but not from the call in rpcclient/cmd_ds.c, where the symbolic value is not used, btw. This means that in 3.0.23rc1 winbindd and rpcclient currently give you different 'trusted domains' lists.)
It looks like this is a deliberate fix for something (winbindd_ads.c revision 13164 26th Jan 2006?)
I'd really like the original functionality back again, if possible. We expect to be able to join machines to one regional domain and yet accept users that are registered in another.
Fixed with r16080. Please test and reopen if it is still an issue.
Thanks, this is exactly the fix that I had applied locally.