Bug 3823 - winbindd trusted domain list incomplete (changed since 3.0.21c)
winbindd trusted domain list incomplete (changed since 3.0.21c)
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.23
All Linux
: P3 regression
: none
Assigned To: Guenther Deschner
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-05 04:33 UTC by Bob Gautier (550 Unknown Recipient)
Modified: 2006-06-07 08:41 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bob Gautier (550 Unknown Recipient) 2006-06-05 04:33:01 UTC
I have a multi-domain AD setup with a top level RABOTEST.COM domain and four trusted domains EU.RABOTEST.COM, AM.RABOTEST.COM, AP.RABOTEST.COM and OC.RABOTEST.COM.  I join a Samba to EU.RABOTEST.COM and run winbindd in ADS mode with idmap_ad.

In version 3.0.21c the list of trusted domains displayed by wbinfo -m was all five domains.  In 3.0.23rc1 it is only RABOTEST.COM.

The DS_DOMAIN_IN_FOREST flag has been dropped from the rpccli_ds_enum_domain_trusts call in winbindd_ads.c (but not from the call in rpcclient/cmd_ds.c, where the symbolic value is not used, btw.  This means that in 3.0.23rc1 winbindd and rpcclient currently give you different 'trusted domains' lists.)

It looks like this is a deliberate fix for something (winbindd_ads.c revision 13164 26th Jan 2006?)

I'd really like the original functionality back again, if possible.  We expect to be able to join machines to one regional domain and yet accept users that are registered in another.
Comment 1 Guenther Deschner 2006-06-07 08:07:50 UTC
Fixed with r16080. Please test and reopen if it is still an issue.
Comment 2 Bob Gautier (550 Unknown Recipient) 2006-06-07 08:41:29 UTC
Thanks, this is exactly the fix that I had applied locally.