[Samba] unreachable trusted domains in enterprise environment
Gerald (Jerry) Carter
jerry at samba.org
Tue Nov 29 15:42:41 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Donald, Alan wrote:
| Basically what we would like to do is ensure that
| any ADS/Kerberos/LDAP traffic follow the 'sites and services'
| definition we have setup. That is, the ADS/LDAP/Kerberos
| traffic does not leave our office and only attempts to use
| our local DC for any queries. We'd also like to ignore
| (or use) a list of domains we specify. I did try setting
| the password server, but I think it is only for
| security = Domain type configurations (?).
No. password server is used for 'security = ads' as well.
If you don't want any of the trusted domains, you can
set 'allow trusted domains = no'. That's about the best
solution I can give you right now.
You might also want to test 3.0.21rc1 as we've done
some more winbindd improvemnts.
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"There's an anonymous coward in all of us." --anonymous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDjHbxIR7qMdg1EfYRAhJ1AKCOl8W7B+8V6fpF3FPXR0qG8TOsiQCgh1kF
X9p/JombMR01WYYWDAI4gZk=
=A7vr
-----END PGP SIGNATURE-----
More information about the samba
mailing list