This option only takes effect when the option is set to
server,domain or ads.
If it is set to no, then attempts to connect to a resource from
a domain or workgroup other than the one which smbd is running
in will fail, even if that domain is trusted by the remote server
doing the authentication.
This is useful if you only want your Samba server to
serve resources to users in the domain it is a member of. As
an example, suppose that there are two domains DOMA and DOMB. DOMB
is trusted by DOMA, which contains the Samba server. Under normal
circumstances, a user with an account in DOMB can then access the
resources of a UNIX account with the same account name on the
Samba server even if they do not have an account in DOMA. This
can make implementing a security boundary difficult.
yes