<samba:parameter name="allow trusted domains" context="G" type="boolean" advanced="1" developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> This option only takes effect when the <smbconfoption name="security"/> option is set to <constant>server</constant>, <constant>domain</constant> or <constant>ads</constant>. If it is set to no, then attempts to connect to a resource from a domain or workgroup other than the one which smbd is running in will fail, even if that domain is trusted by the remote server doing the authentication.</para> <para>This is useful if you only want your Samba server to serve resources to users in the domain it is a member of. As an example, suppose that there are two domains DOMA and DOMB. DOMB is trusted by DOMA, which contains the Samba server. Under normal circumstances, a user with an account in DOMB can then access the resources of a UNIX account with the same account name on the Samba server even if they do not have an account in DOMA. This can make implementing a security boundary difficult.</para> </description> <value type="default">yes</value> </samba:parameter>