summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/security/allowtrusteddomains.xml
blob: ad84513417bbaabf6843c11687ee65c10dad5352 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<samba:parameter name="allow trusted domains"
                 context="G"
				 type="boolean"
                 advanced="1" developer="1"
		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
    <para>This option only takes effect when the <link linkend="SECURITY">
    <parameter moreinfo="none">security</parameter></link> option is set to 
    <constant>server</constant>,<constant>domain</constant> or <constant>ads</constant>.  
    If it is set to no, then attempts to connect to a resource from 
    a domain or workgroup other than the one which smbd is running 
    in will fail, even if that domain is trusted by the remote server 
    doing the authentication.</para>
		
    <para>This is useful if you only want your Samba server to 
    serve resources to users in the domain it is a member of. As 
    an example, suppose that there are two domains DOMA and DOMB.  DOMB 
    is trusted by DOMA, which contains the Samba server.  Under normal 
    circumstances, a user with an account in DOMB can then access the 
    resources of a UNIX account with the same account name on the 
    Samba server even if they do not have an account in DOMA.  This 
    can make implementing a security boundary difficult.</para>
</description>

<value type="default">yes</value>
</samba:parameter>