[Samba] Restricting winbind to the default domain
gasch at eva.mpg.de
Wed May 18 06:41:50 GMT 2005
Etienne Goyer wrote:
> I want to use winbind in conjunction with nsswitch in a pretty large AD.
> I would like winbind to only map users in the default domain. As it
> is, winbind map users in other trusted domain of the AD too, which is
> *not* what I want.
> I am not sure I made myself very clear, so here is an example. Let's
> say I have an AD called ACME.COM. There are the domains PROD.ACME.COM
> and ADMIN.ACME.COM in this AD. I made my Samba server join the
> PROD.ACME.COM domain. When I have nsswitch.conf configured correctly,
> "getent passwd@ return all the users in both domains. I would prefer it
> return only users in the PROD.ACME.COM domain, and not those in
> ADMIN.ACME.COM. Is that possible ?
> I know about "winbind enum users" and "winbind enum groups", but this is
> not what I want. I do not want account outside the default domain to be
> valid on my this server for services other than Samba.
> I am running Samba 3.0.10 on RHEL 4.
> Thanks a lot !
> Etienne Goyer
please have a look at "allow trusted domains"
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution
Deutscher Platz 6
Phone: 49 (0)341 - 3550 137
More information about the samba