If your Ubuntu host is authenticating against an Active Directory Domain Controller, you may find there are multiple subdomains or transitive trusts visible. Which is not a problem in most cases – but if your host is in a subnet where a connection to these other subdomain or transitive trust domains is not possible, you can experience long delays until a timeout period is reached by the SMB client.
To get a list of all the visible domains, including transitive trusts:
wbinfo -m
If you want to disable access to these domains, add or update the following two lines in the [global] section of your smb.conf file:
allow trusted domains = No winbind:ignore domains = DOMAINTOBLOCK1 DOMAINTOBLOCK2
And then restart your winbind and samba services.
You can check the online status of the available domains with:
wbinfo --online-status
And now a check of the available domains should also exclude the transitive trusts.
wbinfo -m
REFERENCES
https://www.samba.org/samba/docs/man/manpages/wbinfo.1.html
http://linux-training.be/storage/ch24.html#idp55650960
http://ram.kossboss.com/samba-disabling-trusted-domains-specific-ones/