I was under the impression (perhaps falsely) that this version of Samba would include a config option to set the default domain stripped by winbind. I am talking about having, instad of "winbind use default domain = yes" you would be able to specify "winbind strip domain = CORP" (or something similiar). This would be an extremely useful option to have, especcially as you guys are now successfully (I've tested it!) supporting passing authentication data through one way trusts.
The stripped domain is always the primary domain of the host.
There are no plans to change this.
I understand how it currently works but, with one way trust authentication in 3.2, I think it deserves some looking at. The reason I say this is that if a machine belongs to a leaf domain that trusts a larger central domain (through a one way trust), the likelyhood is that most of the users and groups are going to be members of the trusted domain and that the leaf domain will only contain a small ammount of locally supported machines.
Anyway, I put this in as an enhancement because I know it would be pretty useful. Thanks for the response, and I'll keep crossing my fingers.
It would be handy to have such an option for those operating with multiple domains. If you have strip domain option pointing to DOM1 DOM2, then you could attempt a lookup for the first domain, and if unsuccessful, attempt for the second.
The current default domain option has caused too much trouble already.
Not fixing this.