When using 3.5.0pre1, the parameter "allow trusted domains = no" does not seem to have any effect. Issuing a "wbinfo --online-status" returns a list of all trusted domains, and the logs fill up with lots and lots of attempts to connect to trusted domains (which in our case are unreachable). When using the exact same configuration with 3.4.3, the parameter works as expected.
I can confirm this, we have allow trusted domains = no and wbinfo --online-status shows the trusted domain from our 3.4.5 clients, wbinfo --online-status does not show the trusted domain They both have the same configuration file.
I have just gotten another confirmation of this. Need to look into it...
After the commit 07fac35b3b1083e2fa596a62c8be18992c15d3ef , the function "source3/winbindd/winbindd_util.c:rescan_trusted_domains()" lacks the check for "lp_allow_trusted_domains()". See the correspond diffs: http://git.samba.org/?p=samba.git;a=commitdiff;h=07fac35b3b1083e2fa596a62c8be18992c15d3ef This check however was introduced previously in the commit 5aadfe29f07687fe47bcb23b36313e4fc6ada6ee , see http://git.samba.org/?p=samba.git;a=commitdiff;h=5aadfe29f07687fe47bcb23b36313e4fc6ada6ee It seems that "lp_allow_trusted_domains()" check should come back...
Created attachment 6383 [details] A patch which fixes issue for me This patch tryes to return the check. It fixes issues for me, but should be reviewed by more samba-skilled people.
Created attachment 6412 [details] git-am fix for 3.5.next Volker please assign to Karolin if you're happy with this. Jeremy.
Pushed patch to v3-5-test. Closing out bug report. Thanks!