From 8f8a9f01909ba29e2b781310baeeaaddc3f15f0d Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Tue, 22 Apr 2008 10:09:40 -0500 Subject: Moving docs tree to docs-xml to make room for generated docs in the release tarball. (This used to be commit 9f672c26d63955f613088489c6efbdc08b5b2d14) --- .../smbdotconf/security/allowtrusteddomains.xml | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 docs-xml/smbdotconf/security/allowtrusteddomains.xml (limited to 'docs-xml/smbdotconf/security/allowtrusteddomains.xml') diff --git a/docs-xml/smbdotconf/security/allowtrusteddomains.xml b/docs-xml/smbdotconf/security/allowtrusteddomains.xml new file mode 100644 index 0000000000..57bf1d2422 --- /dev/null +++ b/docs-xml/smbdotconf/security/allowtrusteddomains.xml @@ -0,0 +1,26 @@ + + + + This option only takes effect when the option is set to + server, domain or ads. + If it is set to no, then attempts to connect to a resource from + a domain or workgroup other than the one which smbd is running + in will fail, even if that domain is trusted by the remote server + doing the authentication. + + This is useful if you only want your Samba server to + serve resources to users in the domain it is a member of. As + an example, suppose that there are two domains DOMA and DOMB. DOMB + is trusted by DOMA, which contains the Samba server. Under normal + circumstances, a user with an account in DOMB can then access the + resources of a UNIX account with the same account name on the + Samba server even if they do not have an account in DOMA. This + can make implementing a security boundary difficult. + + +yes + -- cgit