| blob | 63363d26070ef195f47cb0e5e4ceceeafa7540cd |
1 <samba:parameter name="allow trusted domains"
2 context="G"
3 advanced="1" developer="1"
4 xmlns:samba="http://samba.org/common">
5 <listitem>
6 <para>This option only takes effect when the <link linkend="SECURITY">
7 <parameter moreinfo="none">security</parameter></link> option is set to
8 <constant>server</constant> or <constant>domain</constant>.
9 If it is set to no, then attempts to connect to a resource from
10 a domain or workgroup other than the one which <ulink url="smbd.8.html">smbd</ulink> is running
11 in will fail, even if that domain is trusted by the remote server
12 doing the authentication.</para>
14 <para>This is useful if you only want your Samba server to
15 serve resources to users in the domain it is a member of. As
16 an example, suppose that there are two domains DOMA and DOMB. DOMB
17 is trusted by DOMA, which contains the Samba server. Under normal
18 circumstances, a user with an account in DOMB can then access the
19 resources of a UNIX account with the same account name on the
20 Samba server even if they do not have an account in DOMA. This
21 can make implementing a security boundary difficult.</para>
23 <para>Default: <command moreinfo="none">allow trusted domains = yes</command></para>
25 </listitem>
26 </samba:parameter>