1 files changed, 25 insertions, 0 deletions

diff --git a/docs-xml/smbdotconf/security/allowtrusteddomains.xml b/docs-xml/smbdotconf/security/allowtrusteddomains.xml
new file mode 100644
index 0000000..3617210
--- /dev/null
+++ b/docs-xml/smbdotconf/security/allowtrusteddomains.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="allow trusted domains"
+                 context="G"
+                 type="boolean"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>
+    This option only takes effect when the <smbconfoption name="security"/> option is set to 
+    <constant>server</constant>, <constant>domain</constant> or <constant>ads</constant>.  
+    If it is set to no, then attempts to connect to a resource from 
+    a domain or workgroup other than the one which smbd is running 
+    in will fail, even if that domain is trusted by the remote server 
+    doing the authentication.</para>
+		
+    <para>This is useful if you only want your Samba server to 
+    serve resources to users in the domain it is a member of. As 
+    an example, suppose that there are two domains DOMA and DOMB.  DOMB 
+    is trusted by DOMA, which contains the Samba server.  Under normal 
+    circumstances, a user with an account in DOMB can then access the 
+    resources of a UNIX account with the same account name on the 
+    Samba server even if they do not have an account in DOMA.  This 
+    can make implementing a security boundary difficult.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>