[Pkg-samba-maint] Bug#496569: Mirror image trust relationships

James Zuelow James_Zuelow at ci.juneau.ak.us
Tue Sep 2 23:35:52 UTC 2008

You can close this bug.

We got ahold of one of the other domain admins and compared notes about
our configs.

You can recreate the problem by creating two domains:

Domain A, Forest B

Domain C, Forest D

For domain A, create an inbound non-transitive trust such that users in
Domain A are trusted in Domain C, but users from Domain C are not
trusted in Domain A.

For Domain C, create a similar trust so that users in Domain C are
trusted in Domain A, but users from Domain A are not trusted in Domain

Now nobody trusts anyone but both domains think the other guy trusts

(Yes, this was an actual situation, no I have no idea why it was set up
that way.  It predates current admins.)

Winbind 3.0.30 handles this just fine.

Winbind 3.2.x breaks.

If for some reason you need this sort of trust setup, you can tell
winbind 3.2.x to use rpc only.

If you nuke the broken trust relationship, winbind works as advertised.


More information about the Pkg-samba-maint mailing list