sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-25 17:57:42 +03:00
Code

docs-xml: Disable winbind scan trusted domains by default

Browse Source 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
Andreas Schneider 2021-06-18 10:11:06 +02:00 committed by Andreas Schneider
parent 106c2b3977
commit 3e0fbc79b9
4 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
WHATSNEW.txt
View File

@ -129,6 +129,7 @@ smb.conf changes
client use kerberos New desired
client protection New default
winbind use krb5 enterprise principals Changed Yes
winbind scan trusted domains Changed No
KNOWN ISSUES

6
docs-xml/smbdotconf/winbind/winbindscantrusteddomains.xml
View File

@ -6,10 +6,10 @@
<para>
This option only takes effect when the <smbconfoption name="security"/> option is set to
<constant>domain</constant> or <constant>ads</constant>.
If it is set to yes (the default), winbindd periodically tries to scan for new
If it is set to yes, winbindd periodically tries to scan for new
trusted domains and adds them to a global list inside of winbindd.
The list can be extracted with <command>wbinfo --trusted-domains --verbose</command>.
This matches the behaviour of Samba 4.7 and older.</para>
Setting it to yes matches the behaviour of Samba 4.7 and older.</para>
<para>The construction of that global list is not reliable and often
incomplete in complex trust setups. In most situations the list is
@ -25,5 +25,5 @@
</para>
</description>
<value type="default">yes</value>
<value type="default">no</value>
</samba:parameter>

2
lib/param/loadparm.c
View File

@ -2653,7 +2653,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "winbind separator", "\\");
lpcfg_do_global_parameter(lp_ctx, "winbind sealed pipes", "True");
lpcfg_do_global_parameter(lp_ctx, "winbind scan trusted domains", "True");
lpcfg_do_global_parameter(lp_ctx, "winbind scan trusted domains", "False");
lpcfg_do_global_parameter(lp_ctx, "require strong key", "True");
lpcfg_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR);
lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR);

2
source3/param/loadparm.c
View File

@ -817,7 +817,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
Globals.winbind_refresh_tickets = false;
Globals.winbind_offline_logon = false;
Globals.winbind_scan_trusted_domains = true;
Globals.winbind_scan_trusted_domains = false;
Globals.idmap_cache_time = 86400 * 7; /* a week by default */
Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */