[Samba] How to restrict winbindd to access trusted domains
objects.
Gerald (Jerry) Carter
jerry at samba.org
Tue May 27 12:54:03 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dmitry wrote:
| What configuration should I provide to samba to limit
| it in it's own domain (ONLY DEP2) and prohibit any
| tries to resolve foreign (even trusted) DC's
| etc...
|
| My current samba ver: 3.0.23c_2,1 (port-build)
| My OS ver: FreeBSD 6.2-REL
| My current smb.conf:
| Load smb config files from /usr/local/etc/smb.conf
| Loaded services file OK.
| 'winbind separator = +' might cause problems with group membership.
| Server role: ROLE_DOMAIN_MEMBER
| [global]
| workgroup = DEP2
| realm = DEP2.CITY-XXI.INT
| server string = SZRouter.DEP2.CITY-XXI.INT
| interfaces = 10.1.9.0/24
| security = ADS
| auth methods = winbind
~ ^^^^^^^^^^^^^^^^^^^^^^
don't ever set this.
| allow trusted domains = No
~ ^^^^^^^^^^^^^^^^^^^^^^^^^^
This should be enough but I do remember a bug
regarding that parameter. Would you mind giving
3.0.29 a try and see if my memory id correct and
the bug has been fixed.
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIPARrIR7qMdg1EfYRAudWAKDJequJ5XHYHTWGreoWTH/XoOLTcACg19EF
RvH763H9RLnK/JpA3a0WZw8=
=yDuw
-----END PGP SIGNATURE-----
More information about the samba
mailing list