Re: [Samba] How to restrict winbindd to access trusted domains objects.
- Date: Tue, 27 May 2008 07:54:03 -0500
- From: "Gerald (Jerry) Carter" <jerry@xxxxxxxxx>
- Subject: Re: [Samba] How to restrict winbindd to access trusted domains objects.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dmitry wrote:
| What configuration should I provide to samba to limit
| it in it's own domain (ONLY DEP2) and prohibit any
| tries to resolve foreign (even trusted) DC's
| etc...
|
| My current samba ver: 3.0.23c_2,1 (port-build)
| My OS ver: FreeBSD 6.2-REL
| My current smb.conf:
| Load smb config files from /usr/local/etc/smb.conf
| Loaded services file OK.
| 'winbind separator = +' might cause problems with group membership.
| Server role: ROLE_DOMAIN_MEMBER
| [global]
| workgroup = DEP2
| realm = DEP2.CITY-XXI.INT
| server string = SZRouter.DEP2.CITY-XXI.INT
| interfaces = 10.1.9.0/24
| security = ADS
| auth methods = winbind
~ ^^^^^^^^^^^^^^^^^^^^^^
don't ever set this.
| allow trusted domains = No
~ ^^^^^^^^^^^^^^^^^^^^^^^^^^
This should be enough but I do remember a bug
regarding that parameter. Would you mind giving
3.0.29 a try and see if my memory id correct and
the bug has been fixed.
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIPARrIR7qMdg1EfYRAudWAKDJequJ5XHYHTWGreoWTH/XoOLTcACg19EF
RvH763H9RLnK/JpA3a0WZw8=
=yDuw
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba