Add new framework for smb.conf(5). Please read README before trying to compile.

[Samba/gebeck_regimport.git] / docs / docbook / smbdotconf / security / allowtrusteddomains.xml

<samba:parameter xmlns:samba="http://samba.org/common">
                <term><anchor id="ALLOWTRUSTEDDOMAINS"/>allow trusted domains (G)</term>
                <listitem><para>This option only takes effect when the <link linkend="SECURITY"><parameter moreinfo="none">security</parameter></link> option is set to 
                <constant>server</constant> or <constant>domain</constant>.  
                If it is set to no, then attempts to connect to a resource from 
                a domain or workgroup other than the one which <ulink url="smbd.8.html">smbd</ulink> is running 
                in will fail, even if that domain is trusted by the remote server 
                doing the authentication.</para>
                
                <para>This is useful if you only want your Samba server to 
                serve resources to users in the domain it is a member of. As 
                an example, suppose that there are two domains DOMA and DOMB.  DOMB 
                is trusted by DOMA, which contains the Samba server.  Under normal 
                circumstances, a user with an account in DOMB can then access the 
                resources of a UNIX account with the same account name on the 
                Samba server even if they do not have an account in DOMA.  This 
                can make implementing a security boundary difficult.</para>

                <para>Default: <command moreinfo="none">allow trusted domains = yes</command></para>

                </listitem>
                </samba:parameter>