Hello, I've the Following Domain Forresttrust: array: struct netr_DomainTrust netbios_name : * netbios_name : 'FOREST_ROOT' dns_name : * dns_name : 'forest_root.net' trust_flags : 0x00000022 (34) 0: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : NETR_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000048 (72) 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 1: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST 1: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL sid : * sid : S-1-5-21-xxxxxxxxxx-xxxxxxxxx-xxxxxxxxxx guid : 00000000-0000-0000-0000-000000000000 As you can see this is an Foresttrust which is treaten as external. This is the reason why this Forest will not be scanned for subdomains in "rescan_forest_trusts()": (...) if ( (flags & NETR_TRUST_FLAG_INBOUND) && (type == NETR_TRUST_TYPE_UPLEVEL) && (attribs == NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) ) { /* add the trusted domain if we don't know about it */ (...) to scan an forest which is treaten as external the following may be better: (...) if ( (flags & NETR_TRUST_FLAG_INBOUND) && (type == NETR_TRUST_TYPE_UPLEVEL) && (attribs & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) ) { /* add the trusted domain if we don't know about it */ (...) maybe "trust_is_transitive()" and "get_trust_type()" should also be modified. I've written a little patch which may help.
Created attachment 5363 [details] may fix the foresttrust-problem
Created attachment 5364 [details] may fix the foresttrust-problem
Created attachment 5368 [details] winbind-patch loading up an old (wrong) version of the patch - sorry
Thanks a lot for providing the patch! Any volunteer for patch review?