2 files changed, 19 insertions, 3 deletions

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index c9b2a52388..3aba824b0b 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1270,12 +1270,24 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 				d.domain_type = domains[i].trust_type;
 				d.domain_trust_attribs = domains[i].trust_attributes;
 			} else {
+				/* Look up the record in the cache */
+				struct winbindd_tdc_domain *parent;
+
 				DEBUG(10,("trusted_domains(ads):  Inheriting trust "
 					  "flags for domain %s\n", d.alt_name));				
+
+				parent = wcache_tdc_fetch_domain(NULL, domain->name);
+				if (parent) {
+					d.domain_flags = parent->trust_flags;
+					d.domain_type  = parent->trust_type;
+					d.domain_trust_attribs = parent->trust_attribs;
+				} else {
 				d.domain_flags = domain->domain_flags;				
 				d.domain_type  = domain->domain_type;
 				d.domain_trust_attribs = domain->domain_trust_attribs;
 			}
+				TALLOC_FREE(parent);
+			}
 
 			wcache_tdc_add_domain( &d );
 
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 70468b6bcd..cc12d4b7ea 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -500,9 +500,13 @@ void rescan_trusted_domains( void )
 	    ((now-last_trustdom_scan) < WINBINDD_RESCAN_FREQ) )
 		return;
 		
-	/* clear the TRUSTDOM cache first */
-
-	wcache_tdc_clear();
+	/* I use to clear the cache here and start over but that
+	   caused problems in child processes that needed the
+	   trust dom list early on.  Removing it means we
+	   could have some trusted domains listed that have been
+	   removed from our primary domain's DC until a full
+	   restart.  This should be ok since I think this is what
+	   Windows does as well. */
 
 	/* this will only add new domains we didn't already know about
 	   in the domain_list()*/