[Samba] Restricting winbind to the default domain

Etienne Goyer etienne.goyer at videotron.ca
Tue May 17 15:37:15 GMT 2005


I want to use winbind in conjunction with nsswitch in a pretty large AD.
 I would like winbind to only map users in the default domain.  As it
is, winbind map users in other trusted domain of the AD too, which is
*not* what I want.

I am not sure I made myself very clear, so here is an example.  Let's
say I have an AD called ACME.COM.  There are the domains PROD.ACME.COM
and ADMIN.ACME.COM in this AD.  I made my Samba server join the
PROD.ACME.COM domain.  When I have nsswitch.conf configured correctly,
"getent passwd@ return all the users in both domains.  I would prefer it
return only users in the PROD.ACME.COM domain, and not those in
ADMIN.ACME.COM.  Is that possible ?

I know about "winbind enum users" and "winbind enum groups", but this is
not what I want.  I do not want account outside the default domain to be
valid on my this server for services other than Samba.

I am running Samba 3.0.10 on RHEL 4.

Thanks a lot !

Etienne Goyer

More information about the samba mailing list