[Samba] Limit winbind to a certain Domain

Lukas Barth lists at tinloaf.de
Thu Nov 20 21:39:58 GMT 2008

Hi all,

I've been using Samba v.3.0.24 (the version included in current Debian
etch) and have now upgraded to latest Samba (3.2.4). In both versions i
have the same problem:

I'm using Samba as a domain member in a domain, let's say "C.B.A" (with
"C" being the short name for this domain). There are other domains in
the tree, like "D.B.A" and "E.B.A".

Now I set up kerberos, joined the domain, all went smoothly, but when I
test it with wbinfo -u or -g, it fetches me all user accounts (or
groups) not just from C.B.A but from all the domains in the tree - and
half of the time this will run in some sort of a timeout, since die PDCs
for the other domains are connected over a somewhat slow line. *If* it
succeeds I can see a lot of lines like "D.B.A/username" - not what I
want. A "wbinfo --domain=C -u" does exactly what i want to be the
default operation.

Now i tried setting "allow trusted domains = no" in smb.conf, but this
seems to have no effect. Using google I found several postings etc.
saying that "allow trusted domains" has been removed somewhere around
3.0.24, that was the reason I upgraded (I hoped this would have been

So how do I archive this with Samba 3.2.4 or 3.0.24? 3.0.24 would be
even nicer than 3.2.4 since this would mean that I could use the package
manager to keep Samba up-to-date (or what debian considers to be
up-to-date ;-))

Thanks in advance!


More information about the samba mailing list