summaryrefslogtreecommitdiffstats
path: root/docs-xml/smbdotconf/security/allowtrusteddomains.xml
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
commit4f5791ebd03eaec1c7da0865a383175b05102712 (patch)
tree8ce7b00f7a76baa386372422adebbe64510812d4 /docs-xml/smbdotconf/security/allowtrusteddomains.xml
parentInitial commit. (diff)
downloadsamba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz
samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs-xml/smbdotconf/security/allowtrusteddomains.xml')
-rw-r--r--docs-xml/smbdotconf/security/allowtrusteddomains.xml25
1 files changed, 25 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/allowtrusteddomains.xml b/docs-xml/smbdotconf/security/allowtrusteddomains.xml
new file mode 100644
index 0000000..3617210
--- /dev/null
+++ b/docs-xml/smbdotconf/security/allowtrusteddomains.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="allow trusted domains"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ This option only takes effect when the <smbconfoption name="security"/> option is set to
+ <constant>server</constant>, <constant>domain</constant> or <constant>ads</constant>.
+ If it is set to no, then attempts to connect to a resource from
+ a domain or workgroup other than the one which smbd is running
+ in will fail, even if that domain is trusted by the remote server
+ doing the authentication.</para>
+
+ <para>This is useful if you only want your Samba server to
+ serve resources to users in the domain it is a member of. As
+ an example, suppose that there are two domains DOMA and DOMB. DOMB
+ is trusted by DOMA, which contains the Samba server. Under normal
+ circumstances, a user with an account in DOMB can then access the
+ resources of a UNIX account with the same account name on the
+ Samba server even if they do not have an account in DOMA. This
+ can make implementing a security boundary difficult.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>