[Samba] Restricting winbind to the default domain

Michael Gasch gasch at eva.mpg.de
Wed May 18 06:41:50 GMT 2005

Etienne Goyer wrote:
> Greetings,
> I want to use winbind in conjunction with nsswitch in a pretty large AD.
>  I would like winbind to only map users in the default domain.  As it
> is, winbind map users in other trusted domain of the AD too, which is
> *not* what I want.
> I am not sure I made myself very clear, so here is an example.  Let's
> say I have an AD called ACME.COM.  There are the domains PROD.ACME.COM
> and ADMIN.ACME.COM in this AD.  I made my Samba server join the
> PROD.ACME.COM domain.  When I have nsswitch.conf configured correctly,
> "getent passwd@ return all the users in both domains.  I would prefer it
> return only users in the PROD.ACME.COM domain, and not those in
> ADMIN.ACME.COM.  Is that possible ?
> I know about "winbind enum users" and "winbind enum groups", but this is
> not what I want.  I do not want account outside the default domain to be
> valid on my this server for services other than Samba.
> I am running Samba 3.0.10 on RHEL 4.
> Thanks a lot !
> Etienne Goyer
please have a look at "allow trusted domains"

Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution
Deutscher Platz 6
D-04103 Leipzig

Phone: 49 (0)341 - 3550 137

More information about the samba mailing list