winbind scan trusted domains

This option only takes effect when the option is set to
domain or ads.
If it is set to yes (the default), winbindd periodically tries to scan for new
trusted domains and adds them to a global list inside of winbindd.
The list can be extracted with wbinfo --trusted-domains --verbose.
This matches the behaviour of Samba 4.7 and older.

The construction of that global list is not reliable and often
incomplete in complex trust setups. In most situations the list is
not needed any more for winbindd to operate correctly.
E.g. for plain file serving via SMB using a simple idmap setup
with autorid, tdb or ad.
However some more complex setups require the list, e.g.
if you specify idmap backends for specific domains.
Some pam_winbind setups may also require the global list.

If you have a setup that doesn't require the global list, you should set

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

winbind scan trusted domains
Registry PathSoftware\Policies\Samba\smb_conf\winbind scan trusted domains
Value Namewinbind scan trusted domains
Default Value1
True Value1
False Value0


Administrative Templates (Computers)