[Samba] unreachable trusted domains in enterprise environment

Gerald (Jerry) Carter jerry at samba.org
Tue Nov 29 15:42:41 GMT 2005

Hash: SHA1

Donald, Alan wrote:

| Basically what we would like to do is ensure that
| any ADS/Kerberos/LDAP traffic follow the 'sites and services'
| definition we have setup. That is, the ADS/LDAP/Kerberos
| traffic does not leave our office and only attempts to use
| our local DC for any queries. We'd also like to ignore
| (or use) a list of domains we specify. I did try setting
| the password server, but I think it is only for
| security = Domain type configurations (?).

No.  password server is used for 'security = ads' as well.

If you don't want any of the trusted domains, you can
set 'allow trusted domains = no'.  That's about the best
solution I can give you right now.

You might also want to test 3.0.21rc1 as we've done
some more winbindd improvemnts.

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"There's an anonymous coward in all of us."               --anonymous
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list