diff options
-rw-r--r-- | WHATSNEW.txt | 1 | ||||
-rw-r--r-- | docs-xml/smbdotconf/winbind/winbindscantrusteddomains.xml | 6 | ||||
-rw-r--r-- | lib/param/loadparm.c | 2 | ||||
-rw-r--r-- | source3/param/loadparm.c | 2 |
4 files changed, 6 insertions, 5 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index aa4f76ae4d0..5034de66ad9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -129,6 +129,7 @@ smb.conf changes client use kerberos New desired client protection New default winbind use krb5 enterprise principals Changed Yes + winbind scan trusted domains Changed No KNOWN ISSUES diff --git a/docs-xml/smbdotconf/winbind/winbindscantrusteddomains.xml b/docs-xml/smbdotconf/winbind/winbindscantrusteddomains.xml index 31afdc92b53..12e94cb93f3 100644 --- a/docs-xml/smbdotconf/winbind/winbindscantrusteddomains.xml +++ b/docs-xml/smbdotconf/winbind/winbindscantrusteddomains.xml @@ -6,10 +6,10 @@ <para> This option only takes effect when the <smbconfoption name="security"/> option is set to <constant>domain</constant> or <constant>ads</constant>. - If it is set to yes (the default), winbindd periodically tries to scan for new + If it is set to yes, winbindd periodically tries to scan for new trusted domains and adds them to a global list inside of winbindd. The list can be extracted with <command>wbinfo --trusted-domains --verbose</command>. - This matches the behaviour of Samba 4.7 and older.</para> + Setting it to yes matches the behaviour of Samba 4.7 and older.</para> <para>The construction of that global list is not reliable and often incomplete in complex trust setups. In most situations the list is @@ -25,5 +25,5 @@ </para> </description> -<value type="default">yes</value> +<value type="default">no</value> </samba:parameter> diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 0bd5034174b..59ddc213156 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2653,7 +2653,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, "winbind separator", "\\"); lpcfg_do_global_parameter(lp_ctx, "winbind sealed pipes", "True"); - lpcfg_do_global_parameter(lp_ctx, "winbind scan trusted domains", "True"); + lpcfg_do_global_parameter(lp_ctx, "winbind scan trusted domains", "False"); lpcfg_do_global_parameter(lp_ctx, "require strong key", "True"); lpcfg_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR); lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 8db7e64210f..23ca2cafbed 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -817,7 +817,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL); Globals.winbind_refresh_tickets = false; Globals.winbind_offline_logon = false; - Globals.winbind_scan_trusted_domains = true; + Globals.winbind_scan_trusted_domains = false; Globals.idmap_cache_time = 86400 * 7; /* a week by default */ Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */ |