blob: 8354f8b8dad9368dec0b0163abb0b75ae78ad5f4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
<samba:parameter name="allow trusted domains"
context="G"
advanced="1" developer="1"
xmlns:samba="http://samba.org/common">
<listitem>
<para>This option only takes effect when the <link linkend="SECURITY">
<parameter moreinfo="none">security</parameter></link> option is set to
<constant>server</constant> or <constant>domain</constant>.
If it is set to no, then attempts to connect to a resource from
a domain or workgroup other than the one which smbd is running
in will fail, even if that domain is trusted by the remote server
doing the authentication.</para>
<para>This is useful if you only want your Samba server to
serve resources to users in the domain it is a member of. As
an example, suppose that there are two domains DOMA and DOMB. DOMB
is trusted by DOMA, which contains the Samba server. Under normal
circumstances, a user with an account in DOMB can then access the
resources of a UNIX account with the same account name on the
Samba server even if they do not have an account in DOMA. This
can make implementing a security boundary difficult.</para>
<para>Default: <command moreinfo="none">allow trusted domains = yes</command></para>
</listitem>
</samba:parameter>
|