mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
64b720d284
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
26 lines
1.2 KiB
XML
26 lines
1.2 KiB
XML
<samba:parameter name="allow trusted domains"
|
|
context="G"
|
|
type="boolean"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>
|
|
This option only takes effect when the <smbconfoption name="security"/> option is set to
|
|
<constant>server</constant>, <constant>domain</constant> or <constant>ads</constant>.
|
|
If it is set to no, then attempts to connect to a resource from
|
|
a domain or workgroup other than the one which smbd is running
|
|
in will fail, even if that domain is trusted by the remote server
|
|
doing the authentication.</para>
|
|
|
|
<para>This is useful if you only want your Samba server to
|
|
serve resources to users in the domain it is a member of. As
|
|
an example, suppose that there are two domains DOMA and DOMB. DOMB
|
|
is trusted by DOMA, which contains the Samba server. Under normal
|
|
circumstances, a user with an account in DOMB can then access the
|
|
resources of a UNIX account with the same account name on the
|
|
Samba server even if they do not have an account in DOMA. This
|
|
can make implementing a security boundary difficult.</para>
|
|
</description>
|
|
|
|
<value type="default">yes</value>
|
|
</samba:parameter>
|