[Pkg-samba-maint] Bug#496569: Mirror image trust relationships
James Zuelow
James_Zuelow at ci.juneau.ak.us
Tue Sep 2 23:35:52 UTC 2008
You can close this bug.
We got ahold of one of the other domain admins and compared notes about
our configs.
You can recreate the problem by creating two domains:
Domain A, Forest B
Domain C, Forest D
For domain A, create an inbound non-transitive trust such that users in
Domain A are trusted in Domain C, but users from Domain C are not
trusted in Domain A.
For Domain C, create a similar trust so that users in Domain C are
trusted in Domain A, but users from Domain A are not trusted in Domain
C.
Now nobody trusts anyone but both domains think the other guy trusts
them.
(Yes, this was an actual situation, no I have no idea why it was set up
that way. It predates current admins.)
Winbind 3.0.30 handles this just fine.
Winbind 3.2.x breaks.
If for some reason you need this sort of trust setup, you can tell
winbind 3.2.x to use rpc only.
If you nuke the broken trust relationship, winbind works as advertised.
James
More information about the Pkg-samba-maint
mailing list