Bug 6966 - "allow trusted domains = no" not respected in winbind
Summary: "allow trusted domains = no" not respected in winbind
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.5.0pre1
Hardware: x86 Linux
: P3 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2009-12-04 11:06 UTC by Nick (550-5.1.1 The email account that you tried to reach does not exist)
Modified: 2011-04-19 19:16 UTC (History)
4 users (show)

See Also:

A patch which fixes issue for me (608 bytes, patch)
2011-04-06 16:31 UTC, Dmitry Butskoy
no flags Details
git-am fix for 3.5.next (1.35 KB, patch)
2011-04-18 21:15 UTC, Jeremy Allison
vl: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Nick (550-5.1.1 The email account that you tried to reach does not exist) 2009-12-04 11:06:00 UTC
When using 3.5.0pre1, the parameter "allow trusted domains = no" does not seem to have any effect.  Issuing a "wbinfo --online-status" returns a list of all trusted domains, and the logs fill up with lots and lots of attempts to connect to trusted domains (which in our case are unreachable).

When using the exact same configuration with 3.4.3, the parameter works as expected.
Comment 1 Andrew Tranquada 2010-03-24 08:41:09 UTC
I can confirm this, we have
allow trusted domains = no
wbinfo --online-status shows the trusted domain

from our 3.4.5 clients, wbinfo --online-status does not show the trusted domain They both have the same configuration file.
Comment 2 Michael Adam 2010-07-23 02:17:36 UTC
I have just gotten another confirmation of this.
Need to look into it...
Comment 3 Dmitry Butskoy 2011-04-06 16:28:09 UTC
After the commit  07fac35b3b1083e2fa596a62c8be18992c15d3ef , the function
"source3/winbindd/winbindd_util.c:rescan_trusted_domains()" lacks the check for "lp_allow_trusted_domains()".

See the correspond diffs:

This check however was introduced previously in the commit  5aadfe29f07687fe47bcb23b36313e4fc6ada6ee ,
see http://git.samba.org/?p=samba.git;a=commitdiff;h=5aadfe29f07687fe47bcb23b36313e4fc6ada6ee

It seems that "lp_allow_trusted_domains()" check should come back...
Comment 4 Dmitry Butskoy 2011-04-06 16:31:26 UTC
Created attachment 6383 [details]
A patch which fixes issue for me

This patch tryes to return the check. It fixes issues for me, but should be reviewed by more samba-skilled people.
Comment 5 Jeremy Allison 2011-04-18 21:15:13 UTC
Created attachment 6412 [details]
git-am fix for 3.5.next

Volker please assign to Karolin if you're happy with this.
Comment 6 Karolin Seeger 2011-04-19 19:16:14 UTC
Pushed patch to v3-5-test.
Closing out bug report.