Fix "winbind:ignore domains" (!1753) · Merge requests · The Samba Team / Samba

Ralph Böhme requested to merge samba-team/devel/samba:slow-winbind-ignore-domains into master Jan 12, 2021

"winbind:ignore domains" stopped working a while ago due to the commits that removed the parameter "map untrusted to domain" in Samba 4.8 cf commits 443984b8 and especially e7bc23e4.

As a side note, even in older version "winbind:ignore domains" was only effective for NTLM authentication. The NTLM auth code uses the trusted domain list as part of the code the implements "map untrusted to domain" and this is the part where auth will fail is a domain is blacklisted.

https://bugzilla.samba.org/show_bug.cgi?id=14602

Edited Jan 20, 2021 by Ralph Böhme

Admin message

Fix "winbind:ignore domains"

Merge request reports