387
387
and allows the open. If the user doesn't have permission to delete the file this will only be
388
388
discovered at close time, which is too late for the Windows user tools to display an error message
389
389
to the user. The symptom of this is files that appear to have been deleted "magically" re-appearing
390
on a Windows explorer refersh. This is an extremely advanced protocol option which should not
390
on a Windows explorer refresh. This is an extremely advanced protocol option which should not
391
391
need to be changed. This parameter was introduced in its final form in 3.0.21, an earlier version
392
392
with slightly different semantics was introduced in 3.0.20. That older version is not documented here.
393
393
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl check permissions</code></em> = <code class="literal">True</code>
951
951
tools will attempt to authenticate itself to servers using the
952
952
weaker LANMAN password hash. If disabled, only server which support NT
953
953
password hashes (e.g. Windows NT/2000, Samba, etc... but not
954
Windows 95/98) will be able to be connected from the Samba client.</p><p>The LANMAN encrypted response is easily broken, due to it's
954
Windows 95/98) will be able to be connected from the Samba client.</p><p>The LANMAN encrypted response is easily broken, due to its
955
955
case-insensitive nature, and the choice of algorithm. Clients
956
956
without Windows 95/98 servers are advised to disable
957
957
this option. </p><p>Disabling this option will also disable the <code class="literal">client plaintext auth</code> option</p><p>Likewise, if the <code class="literal">client ntlmv2
1026
1026
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537122"></a>
1028
1028
client signing (G)
1029
</h3></div></div></div><a class="indexterm" name="id2537123"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client offers or requires
1030
the server it talks to to use SMB signing. Possible values
1029
</h3></div></div></div><a class="indexterm" name="id2537123"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
1031
1030
are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
1032
1031
and <span class="emphasis"><em>disabled</em></span>.
1033
1032
</p><p>When set to auto, SMB signing is offered, but not enforced.
1035
1034
to disabled, SMB signing is not offered either.
1036
1035
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client signing</code></em> = <code class="literal">auto</code>
1038
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537177"></a>
1037
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537176"></a>
1040
1039
client use spnego (G)
1041
</h3></div></div></div><a class="indexterm" name="id2537178"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try
1040
</h3></div></div></div><a class="indexterm" name="id2537177"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try
1042
1041
to use Simple and Protected NEGOciation (as specified by rfc2478) with
1043
1042
supporting servers (including WindowsXP, Windows2000 and Samba
1044
1043
3.0) to agree upon an authentication
1045
1044
mechanism. This enables Kerberos authentication in particular.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client use spnego</code></em> = <code class="literal">yes</code>
1047
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537219"></a>
1046
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537218"></a>
1049
1048
cluster addresses (G)
1050
</h3></div></div></div><a class="indexterm" name="id2537220"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses
1049
</h3></div></div></div><a class="indexterm" name="id2537219"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses
1051
1050
nmbd will register with a WINS server. These addresses are not
1052
1051
necessarily present on all nodes simultaneously, but they will
1053
1052
be registered with the WINS server so that clients can contact
1057
1056
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cluster addresses</code></em> = <code class="literal">10.0.0.1 10.0.0.2 10.0.0.3</code>
1059
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537275"></a>
1058
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537274"></a>
1062
</h3></div></div></div><a class="indexterm" name="id2537276"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact
1061
</h3></div></div></div><a class="indexterm" name="id2537275"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact
1063
1062
ctdb for accessing its tdb files and use ctdb as a backend
1064
1063
for its messaging backend.
1065
1064
</p><p>Set this parameter to <code class="literal">yes</code> only if
1079
1078
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>comment</code></em> = <code class="literal">Fred's Files</code>
1081
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537398"></a>
1080
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537397"></a>
1083
1082
config backend (G)
1084
</h3></div></div></div><a class="indexterm" name="id2537399"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1083
</h3></div></div></div><a class="indexterm" name="id2537398"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1085
1084
This controls the backend for storing the configuration.
1086
1085
Possible values are <span class="emphasis"><em>file</em></span> (the default)
1087
1086
and <span class="emphasis"><em>registry</em></span>.
1153
1152
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>create mask</code></em> = <code class="literal">0775</code>
1155
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537763"></a>
1154
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537762"></a>
1158
</h3></div></div></div><a class="indexterm" name="id2537764"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p>
1157
</h3></div></div></div><a class="indexterm" name="id2537763"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p>
1159
1158
This stands for <span class="emphasis"><em>client-side caching policy</em></span>, and specifies how clients capable of offline
1160
1159
caching will cache the files in the share. The valid values are: manual, documents, programs, disable.
1192
1191
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups connection timeout</code></em> = <code class="literal">60</code>
1194
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537970"></a>
1193
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537969"></a>
1196
1195
cups options (S)
1197
</h3></div></div></div><a class="indexterm" name="id2537971"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1196
</h3></div></div></div><a class="indexterm" name="id2537970"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1198
1197
This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is
1199
1198
set to <code class="constant">cups</code>. Its value is a free form string of options
1200
1199
passed directly to the cups library.
1234
1233
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups server</code></em> = <code class="literal">mycupsserver:1631</code>
1236
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538166"></a>
1235
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538165"></a>
1239
</h3></div></div></div><a class="indexterm" name="id2538167"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer)
1238
</h3></div></div></div><a class="indexterm" name="id2538166"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer)
1240
1239
represents the number of minutes of inactivity before a connection
1241
1240
is considered dead, and it is disconnected. The deadtime only takes
1242
1241
effect if the number of open files is zero.</p><p>This is useful to stop a server's resources being
1249
1248
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deadtime</code></em> = <code class="literal">15</code>
1251
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538243"></a>
1250
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538242"></a>
1253
1252
debug class (G)
1254
</h3></div></div></div><a class="indexterm" name="id2538244"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1253
</h3></div></div></div><a class="indexterm" name="id2538243"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1255
1254
With this boolean parameter enabled, the debug class (DBGC_CLASS)
1256
1255
will be displayed in the debug header.
1303
1302
boolean parameter allows timestamping to be turned off.
1304
1303
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug timestamp</code></em> = <code class="literal">yes</code>
1306
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538550"></a>
1305
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538549"></a>
1309
</h3></div></div></div><a class="indexterm" name="id2538551"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1308
</h3></div></div></div><a class="indexterm" name="id2538550"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1310
1309
Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the
1311
1310
current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.
1419
1418
as rcs, where UNIX file ownership prevents changing file
1420
1419
permissions, and DOS semantics prevent deletion of a read only file.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete readonly</code></em> = <code class="literal">no</code>
1422
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539158"></a>
1421
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539157"></a>
1424
1423
delete share command (G)
1425
</h3></div></div></div><a class="indexterm" name="id2539159"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1424
</h3></div></div></div><a class="indexterm" name="id2539158"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1426
1425
Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
1427
1426
Manager. The <em class="parameter"><code>delete share command</code></em> is used to define an external
1428
1427
program or script which will remove an existing service definition from
1473
1472
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete user script</code></em> = <code class="literal">/usr/local/samba/bin/del_user %u</code>
1475
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539466"></a>
1474
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539465"></a>
1477
1476
delete veto files (S)
1478
</h3></div></div></div><a class="indexterm" name="id2539467"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to
1477
</h3></div></div></div><a class="indexterm" name="id2539466"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to
1479
1478
delete a directory that contains one or more vetoed directories
1480
1479
(see the <a class="link" href="smb.conf.5.html#VETOFILES" target="_top">veto files</a>
1481
1480
option). If this option is set to <code class="constant">no</code> (the default) then if a vetoed
1505
1504
By default this parameter is zero, meaning no caching will be done.
1506
1505
</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree cache time</code></em> = <code class="literal">dfree cache time = 60</code>
1508
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539624"></a>
1507
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539623"></a>
1510
1509
dfree command (S)
1511
</h3></div></div></div><a class="indexterm" name="id2539625"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1510
</h3></div></div></div><a class="indexterm" name="id2539624"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1512
1511
The <em class="parameter"><code>dfree command</code></em> setting should only be used on systems where a
1513
1512
problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may
1514
1513
occur with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore"
1594
1593
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory security mask</code></em> = <code class="literal">0700</code>
1596
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539978"></a>
1595
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539977"></a>
1598
1597
disable netbios (G)
1599
</h3></div></div></div><a class="indexterm" name="id2539979"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support
1598
</h3></div></div></div><a class="indexterm" name="id2539978"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support
1600
1599
in Samba. Netbios is the only available form of browsing in
1601
1600
all windows versions except for 2000 and XP. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Clients that only support netbios won't be able to
1602
1601
see your samba server when netbios support is disabled.
1603
1602
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable netbios</code></em> = <code class="literal">no</code>
1605
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540024"></a>
1604
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540023"></a>
1607
1606
disable spoolss (G)
1608
</h3></div></div></div><a class="indexterm" name="id2540025"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support
1607
</h3></div></div></div><a class="indexterm" name="id2540024"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support
1609
1608
for the SPOOLSS set of MS-RPC's and will yield identical behavior
1610
1609
as Samba 2.0.x. Windows NT/2000 clients will downgrade to using
1611
1610
Lanman style printing commands. Windows 9x/ME will be unaffected by
1659
1658
DNS name lookup requests, as doing a name lookup is a blocking
1660
1659
action.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dns proxy</code></em> = <code class="literal">yes</code>
1662
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540264"></a>
1661
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540263"></a>
1664
1663
domain logons (G)
1665
</h3></div></div></div><a class="indexterm" name="id2540265"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1664
</h3></div></div></div><a class="indexterm" name="id2540264"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1666
1665
If set to <code class="constant">yes</code>, the Samba server will
1667
1666
provide the netlogon service for Windows 9X network logons for the
1668
1667
<a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> it is in.
1723
1722
charset Samba should talk to DOS clients.
1724
1723
</p><p>The default depends on which charsets you have installed.
1725
1724
Samba tries to use charset 850 but falls back to ASCII in
1726
case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540628"></a>
1725
case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540627"></a>
1728
1727
dos filemode (S)
1729
</h3></div></div></div><a class="indexterm" name="id2540629"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide
1728
</h3></div></div></div><a class="indexterm" name="id2540628"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide
1730
1729
UNIX-like behavior where only the owner of a file/directory is
1731
1730
able to change the permissions on it. However, this behavior
1732
1731
is often confusing to DOS/Windows users. Enabling this parameter
1755
1754
this option causes the two timestamps to match, and Visual C++ is
1756
1755
happy.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetime resolution</code></em> = <code class="literal">no</code>
1758
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540748"></a>
1757
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540747"></a>
1760
1759
dos filetimes (S)
1761
</h3></div></div></div><a class="indexterm" name="id2540749"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a
1760
</h3></div></div></div><a class="indexterm" name="id2540748"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a
1762
1761
file they can change the timestamp on it. Under POSIX semantics,
1763
1762
only the owner of the file or root may change the timestamp. By
1764
1763
default, Samba runs with POSIX semantics and refuses to change the
1809
1808
Please read the extended description provided in the Samba HOWTO documentation.
1810
1809
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable privileges</code></em> = <code class="literal">yes</code>
1812
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540972"></a>
1811
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540971"></a>
1814
1813
encrypt passwords (G)
1815
</h3></div></div></div><a class="indexterm" name="id2540973"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords
1814
</h3></div></div></div><a class="indexterm" name="id2540972"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords
1816
1815
will be negotiated with the client. Note that Windows NT 4.0 SP3 and
1817
1816
above and also Windows 98 will by default expect encrypted passwords
1818
1817
unless a registry entry is changed. To use encrypted passwords in
1912
1911
ensures directories always predate their contents and an NMAKE build
1913
1912
will proceed as expected.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake directory create times</code></em> = <code class="literal">no</code>
1915
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541359"></a>
1914
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541358"></a>
1917
1916
fake oplocks (S)
1918
</h3></div></div></div><a class="indexterm" name="id2541360"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission
1917
</h3></div></div></div><a class="indexterm" name="id2541359"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission
1919
1918
from a server to locally cache file operations. If a server grants
1920
1919
an oplock (opportunistic lock) then the client is free to assume
1921
1920
that it is the only one accessing the file and it will aggressively
1931
1930
files read-write at the same time you can get data corruption. Use
1932
1931
this option carefully!</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake oplocks</code></em> = <code class="literal">no</code>
1934
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541443"></a>
1933
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541442"></a>
1936
1935
follow symlinks (S)
1937
</h3></div></div></div><a class="indexterm" name="id2541444"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1936
</h3></div></div></div><a class="indexterm" name="id2541443"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1938
1937
This parameter allows the Samba administrator to stop <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> from following symbolic links in a particular share. Setting this
1939
1938
parameter to <code class="constant">no</code> prevents any file or directory that is a symbolic link from being
1940
1939
followed (the user will get an error). This option is very useful to stop users from adding a symbolic
1944
1943
This option is enabled (i.e. <code class="literal">smbd</code> will follow symbolic links) by default.
1945
1944
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>follow symlinks</code></em> = <code class="literal">yes</code>
1947
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541513"></a>
1946
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541512"></a>
1949
1948
force create mode (S)
1950
</h3></div></div></div><a class="indexterm" name="id2541514"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
1949
</h3></div></div></div><a class="indexterm" name="id2541513"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
1951
1950
permissions that will <span class="emphasis"><em>always</em></span> be set on a
1952
1951
file created by Samba. This is done by bitwise 'OR'ing these bits onto
1953
1952
the mode bits of a file that is being created. The default for this parameter is (in octal)
1976
1975
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory mode</code></em> = <code class="literal">0755</code>
1978
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541661"></a>
1977
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541660"></a>
1980
1979
force directory security mode (S)
1981
</h3></div></div></div><a class="indexterm" name="id2541662"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
1980
</h3></div></div></div><a class="indexterm" name="id2541661"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
1982
1981
This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating
1983
1982
the UNIX permission on a directory using the native NT security dialog box.
2142
2141
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal">/usr/local/sbin/query_quota</code>
2144
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542490"></a>
2143
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542489"></a>
2146
2145
getwd cache (G)
2147
</h3></div></div></div><a class="indexterm" name="id2542491"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a
2146
</h3></div></div></div><a class="indexterm" name="id2542490"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a
2148
2147
caching algorithm will be used to reduce the time taken for getwd()
2149
2148
calls. This can have a significant impact on performance, especially
2150
2149
when the <a class="link" href="smb.conf.5.html#WIDESMBCONFOPTIONS" target="_top">wide smbconfoptions</a> parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = <code class="literal">yes</code>
2171
2170
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>guest account</code></em> = <code class="literal">ftp</code>
2173
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542658"></a>
2172
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542657"></a>
2175
2174
<a name="PUBLIC"></a>public
2176
</h3></div></div></div><a class="indexterm" name="id2542659"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542689"></a>
2175
</h3></div></div></div><a class="indexterm" name="id2542658"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542688"></a>
2179
2178
</h3></div></div></div><a class="indexterm" name="id2542690"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
2225
2224
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide files</code></em> = <code class="literal">
2226
2225
# no file are hidden</code>
2228
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543014"></a>
2227
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543013"></a>
2230
2229
hide special files (S)
2231
</h3></div></div></div><a class="indexterm" name="id2543015"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
2230
</h3></div></div></div><a class="indexterm" name="id2543014"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
2232
2231
This parameter prevents clients from seeing special files such as sockets, devices and
2233
2232
fifo's in directory listings.
2234
2233
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide special files</code></em> = <code class="literal">no</code>
2236
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543057"></a>
2235
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543056"></a>
2238
2237
hide unreadable (S)
2239
</h3></div></div></div><a class="indexterm" name="id2543058"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the
2238
</h3></div></div></div><a class="indexterm" name="id2543057"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the
2240
2239
existance of files that cannot be read. Defaults to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unreadable</code></em> = <code class="literal">no</code>
2242
2241
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543099"></a>
2247
2246
Defaults to off. Note that unwriteable directories are shown as usual.
2248
2247
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unwriteable files</code></em> = <code class="literal">no</code>
2250
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543144"></a>
2249
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543143"></a>
2252
2251
homedir map (G)
2253
</h3></div></div></div><a class="indexterm" name="id2543145"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
2252
</h3></div></div></div><a class="indexterm" name="id2543144"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
2254
2253
If <a class="link" href="smb.conf.5.html#NISHOMEDIR" target="_top">nis homedir</a> is <code class="constant">yes</code>, and <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting as a Win95/98 <em class="parameter"><code>logon server</code></em>
2255
2254
then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted.
2256
2255
At present, only the Sun auto.home map format is understood. The form of the map is:
2314
2313
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts allow</code></em> = <code class="literal">150.203.5. myhost.mynet.edu.au</code>
2316
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543629"></a>
2315
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543628"></a>
2318
2317
<a name="DENYHOSTS"></a>deny hosts
2319
</h3></div></div></div><a class="indexterm" name="id2543630"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543660"></a>
2318
</h3></div></div></div><a class="indexterm" name="id2543629"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543660"></a>
2322
2321
</h3></div></div></div><a class="indexterm" name="id2543661"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em>
2361
2360
for the backend defined by the <a class="link" href="smb.conf.5.html#IDMAPALLOCBACKEND" target="_top">idmap alloc backend</a>
2362
2361
parameter. Refer to the man page for each idmap plugin regarding
2363
2362
specific configuration details.
2364
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543912"></a>
2363
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543911"></a>
2366
2365
idmap backend (G)
2367
</h3></div></div></div><a class="indexterm" name="id2543913"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
2366
</h3></div></div></div><a class="indexterm" name="id2543912"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
2368
2367
The idmap backend provides a plugin interface for Winbind to use
2369
2368
varying backends to store SID/uid/gid mapping tables.
2385
2384
and ad (<a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a>).
2386
2385
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> = <code class="literal">tdb</code>
2388
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544084"></a>
2387
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544083"></a>
2390
2389
idmap cache time (G)
2391
</h3></div></div></div><a class="indexterm" name="id2544085"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2390
</h3></div></div></div><a class="indexterm" name="id2544084"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2392
2391
idmap interface will cache positive SID/uid/gid query results.
2393
2392
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap cache time</code></em> = <code class="literal">604800 (one week)</code>
2395
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544128"></a>
2394
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544127"></a>
2397
2396
idmap config (G)
2398
</h3></div></div></div><a class="indexterm" name="id2544129"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
2397
</h3></div></div></div><a class="indexterm" name="id2544128"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
2399
2398
The idmap config prefix provides a means of managing each trusted
2400
2399
domain separately. The idmap config prefix should be followed by the
2401
2400
name of the domain, a colon, and a setting specific to the chosen
2428
2427
idmap config CORP : backend = ad
2429
2428
idmap config CORP : range = 1000-999999
2430
</pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544261"></a>
2429
</pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544260"></a>
2432
2431
<a name="WINBINDGID"></a>winbind gid
2433
</h3></div></div></div><a class="indexterm" name="id2544262"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544292"></a>
2432
</h3></div></div></div><a class="indexterm" name="id2544261"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544292"></a>
2436
2435
</h3></div></div></div><a class="indexterm" name="id2544293"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>The idmap gid parameter specifies the range of group ids
2444
2443
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal">10000-20000</code>
2446
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544379"></a>
2445
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544378"></a>
2448
2447
idmap negative cache time (G)
2449
</h3></div></div></div><a class="indexterm" name="id2544380"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2448
</h3></div></div></div><a class="indexterm" name="id2544379"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2450
2449
idmap interface will cache negative SID/uid/gid query results.
2451
2450
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap negative cache time</code></em> = <code class="literal">120</code>
2548
2547
<a class="link" href="smb.conf.5.html#INITLOGONDELAYEDHOSTS" target="_top">init logon delayed hosts</a>.
2549
2548
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>init logon delay</code></em> = <code class="literal">100</code>
2551
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545023"></a>
2550
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545022"></a>
2554
</h3></div></div></div><a class="indexterm" name="id2545024"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default
2553
</h3></div></div></div><a class="indexterm" name="id2545023"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default
2555
2554
network interfaces list that Samba will use for browsing, name
2556
2555
registration and other NetBIOS over TCP/IP (NBT) traffic. By default Samba will query
2557
2556
the kernel for the list of all active interfaces and use any
2576
2575
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>interfaces</code></em> = <code class="literal">eth0 192.168.2.10/24 192.168.3.10/255.255.255.0</code>
2578
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545140"></a>
2577
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545139"></a>
2580
2579
invalid users (S)
2581
</h3></div></div></div><a class="indexterm" name="id2545141"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed
2580
</h3></div></div></div><a class="indexterm" name="id2545140"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed
2582
2581
to login to this service. This is really a <span class="emphasis"><em>paranoid</em></span>
2583
2582
check to absolutely ensure an improper setting does not breach
2584
2583
your security.</p><p>A name starting with a '@' is interpreted as an NIS
2611
2610
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>iprint server</code></em> = <code class="literal">MYCUPSSERVER</code>
2613
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545341"></a>
2612
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545340"></a>
2616
</h3></div></div></div><a class="indexterm" name="id2545342"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents
2615
</h3></div></div></div><a class="indexterm" name="id2545341"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents
2617
2616
the number of seconds between <em class="parameter"><code>keepalive</code></em>
2618
2617
packets. If this parameter is zero, no keepalive packets will be
2619
2618
sent. Keepalive packets, if sent, allow the server to tell whether
2646
2645
to a no-op on systems that no not have the necessary kernel support.
2647
2646
You should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel oplocks</code></em> = <code class="literal">yes</code>
2649
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545567"></a>
2648
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545566"></a>
2651
2650
lanman auth (G)
2652
</h3></div></div></div><a class="indexterm" name="id2545568"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
2651
</h3></div></div></div><a class="indexterm" name="id2545567"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
2653
2652
authenticate users or permit password changes
2654
2653
using the LANMAN password hash. If disabled, only clients which support NT
2655
2654
password hashes (e.g. Windows NT/2000 clients, smbclient, but not
2656
2655
Windows 95/98 or the MS DOS network client) will be able to
2657
connect to the Samba host.</p><p>The LANMAN encrypted response is easily broken, due to it's
2656
connect to the Samba host.</p><p>The LANMAN encrypted response is easily broken, due to its
2658
2657
case-insensitive nature, and the choice of algorithm. Servers
2659
2658
without Windows 95/98/ME or MS DOS clients are advised to disable
2660
2659
this option. </p><p>Unlike the <code class="literal">encrypt
2678
2677
performance by 10% with Windows 2000 clients. Defaults to on. Not as
2679
2678
tested as some other Samba code paths.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>large readwrite</code></em> = <code class="literal">yes</code>
2681
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545716"></a>
2680
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545715"></a>
2683
2682
ldap admin dn (G)
2684
</h3></div></div></div><a class="indexterm" name="id2545717"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>
2683
</h3></div></div></div><a class="indexterm" name="id2545716"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>
2685
2684
The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> defines the Distinguished Name (DN) name used by Samba to contact
2686
2685
the ldap server when retreiving user account information. The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> is used
2687
2686
in conjunction with the admin dn password stored in the <code class="filename">private/secrets.tdb</code>
2737
2736
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug threshold</code></em> = <code class="literal">5</code>
2739
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546046"></a>
2738
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546045"></a>
2741
2740
ldap delete dn (G)
2742
</h3></div></div></div><a class="indexterm" name="id2546047"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete
2741
</h3></div></div></div><a class="indexterm" name="id2546046"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete
2743
2742
operation in the ldapsam deletes the complete entry or only the attributes
2744
2743
specific to Samba.
2745
2744
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap delete dn</code></em> = <code class="literal">no</code>
2747
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546090"></a>
2746
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546089"></a>
2749
2748
ldap group suffix (G)
2750
</h3></div></div></div><a class="indexterm" name="id2546091"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is
2749
</h3></div></div></div><a class="indexterm" name="id2546090"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is
2751
2750
used for groups when these are added to the LDAP directory.
2752
2751
If this parameter is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix string is pre-pended to the
2753
2752
<a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = <code class="literal"></code>
2766
2765
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap idmap suffix</code></em> = <code class="literal">ou=Idmap</code>
2768
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546256"></a>
2767
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546255"></a>
2770
2769
ldap machine suffix (G)
2771
</h3></div></div></div><a class="indexterm" name="id2546257"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2770
</h3></div></div></div><a class="indexterm" name="id2546256"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2772
2771
It specifies where machines should be added to the ldap tree. If this parameter is unset, the value of
2773
2772
<a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix string is pre-pended to the
2774
2773
<a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.
2806
2805
The value is specified in milliseconds, the maximum value is 5000 (5 seconds).
2807
2806
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap replication sleep</code></em> = <code class="literal">1000</code>
2809
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546503"></a>
2808
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546502"></a>
2811
2810
ldapsam:editposix (G)
2812
</h3></div></div></div><a class="indexterm" name="id2546504"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2811
</h3></div></div></div><a class="indexterm" name="id2546503"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2813
2812
Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller
2814
2813
eliminating the need to set up custom scripts to add and manage the posix users and groups. This option
2815
2814
will instead directly manipulate the ldap tree to create, remove and modify user and group entries.
2888
2887
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:editposix</code></em> = <code class="literal">no</code>
2890
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546637"></a>
2889
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546636"></a>
2892
2891
ldapsam:trusted (G)
2893
</h3></div></div></div><a class="indexterm" name="id2546638"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
2892
</h3></div></div></div><a class="indexterm" name="id2546637"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
2894
2893
By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to
2895
2894
access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group
2896
2895
this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he
2908
2907
is easily achieved.
2909
2908
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:trusted</code></em> = <code class="literal">no</code>
2911
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546726"></a>
2910
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546725"></a>
2913
</h3></div></div></div><a class="indexterm" name="id2546726"></a><a name="LDAPSSLADS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
2914
use SSL when connecting to the ldap server using
2915
<span class="emphasis"><em>ads</em></span> methods.
2916
Rpc methods are not affected by this parameter. Please note, that
2917
this parameter won't have any effect if <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a>
2918
is set to <em class="parameter"><code>no</code></em>.
2919
</p><p>See <span class="refentrytitle">smb.conf</span>(5)
2920
for more information on <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a>.
2921
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl ads</code></em> = <code class="literal">no</code>
2923
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546811"></a>
2914
</h3></div></div></div><a class="indexterm" name="id2546727"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
2926
</h3></div></div></div><a class="indexterm" name="id2546812"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
2915
2927
use SSL when connecting to the ldap server
2916
2928
This is <span class="emphasis"><em>NOT</em></span> related to
2917
2929
Samba's previous SSL support which was enabled by specifying the
2918
2930
<code class="literal">--with-ssl</code> option to the
2919
2931
<code class="filename">configure</code>
2920
2932
script.</p><p>LDAP connections should be secured where possible. This may be
2921
done setting either this parameter to
2933
done setting <span class="emphasis"><em>either</em></span> this parameter to
2922
2934
<em class="parameter"><code>Start_tls</code></em>
2923
or by specifying <em class="parameter"><code>ldaps://</code></em> in
2935
<span class="emphasis"><em>or</em></span> by specifying <em class="parameter"><code>ldaps://</code></em> in
2924
2936
the URL argument of <a class="link" href="smb.conf.5.html#PASSDBBACKEND" target="_top">passdb backend</a>.</p><p>The <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a> can be set to one of
2925
2937
two values:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Off</code></em> = Never
2926
2938
use SSL when querying the directory.</p></li><li><p><em class="parameter"><code>start tls</code></em> = Use
2927
2939
the LDAPv3 StartTLS extended operation (RFC2830) for
2928
communicating with the directory server.</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = <code class="literal">start tls</code>
2940
communicating with the directory server.</p></li></ul></div><p>
2941
Please note that this parameter does only affect <span class="emphasis"><em>rpc</em></span>
2942
methods. To enable the LDAPv3 StartTLS extended operation (RFC2830) for
2943
<span class="emphasis"><em>ads</em></span>, set
2944
<a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl = yes</a>
2945
<span class="emphasis"><em>and</em></span>
2946
<a class="link" href="smb.conf.5.html#LDAPSSLADS" target="_top">ldap ssl ads = yes</a>.
2947
See <span class="refentrytitle">smb.conf</span>(5)
2948
for more information on <a class="link" href="smb.conf.5.html#LDAPSSLADS" target="_top">ldap ssl ads</a>.
2949
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = <code class="literal">start tls</code>
2930
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546858"></a>
2951
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547004"></a>
2932
2953
ldap suffix (G)
2933
</h3></div></div></div><a class="indexterm" name="id2546859"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
2954
</h3></div></div></div><a class="indexterm" name="id2547005"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
2934
2955
The ldap suffix will be appended to the values specified for the <a class="link" href="smb.conf.5.html#LDAPUSERSUFFIX" target="_top">ldap user suffix</a>,
2935
2956
<a class="link" href="smb.conf.5.html#LDAPGROUPSUFFIX" target="_top">ldap group suffix</a>, <a class="link" href="smb.conf.5.html#LDAPMACHINESUFFIX" target="_top">ldap machine suffix</a>, and the
2936
2957
<a class="link" href="smb.conf.5.html#LDAPIDMAPSUFFIX" target="_top">ldap idmap suffix</a>. Each of these should be given only a DN relative to the
2940
2961
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap suffix</code></em> = <code class="literal">dc=samba,dc=org</code>
2942
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546980"></a>
2963
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547126"></a>
2944
2965
ldap timeout (G)
2945
</h3></div></div></div><a class="indexterm" name="id2546981"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
2966
</h3></div></div></div><a class="indexterm" name="id2547127"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
2946
2967
This parameter defines the number of seconds that Samba should use as timeout for LDAP operations.
2947
2968
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap timeout</code></em> = <code class="literal">15</code>
2949
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547023"></a>
2970
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547169"></a>
2951
2972
ldap user suffix (G)
2952
</h3></div></div></div><a class="indexterm" name="id2547024"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2973
</h3></div></div></div><a class="indexterm" name="id2547170"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2953
2974
This parameter specifies where users are added to the tree. If this parameter is unset,
2954
2975
the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix
2955
2976
string is pre-pended to the <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.
2958
2979
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap user suffix</code></em> = <code class="literal">ou=people</code>
2960
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547104"></a>
2981
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547251"></a>
2962
2983
level2 oplocks (S)
2963
</h3></div></div></div><a class="indexterm" name="id2547106"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports
2984
</h3></div></div></div><a class="indexterm" name="id2547252"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports
2964
2985
level2 (read-only) oplocks on a share.</p><p>Level2, or read-only oplocks allow Windows NT clients
2965
2986
that have an oplock on a file to downgrade from a read-write oplock
2966
2987
to a read-only oplock once a second client opens the file (instead
2980
3001
parameter must be set to <code class="constant">yes</code> on this share in order for
2981
3002
this parameter to have any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>level2 oplocks</code></em> = <code class="literal">yes</code>
2983
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547211"></a>
3004
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547357"></a>
2985
3006
lm announce (G)
2986
</h3></div></div></div><a class="indexterm" name="id2547212"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce
3007
</h3></div></div></div><a class="indexterm" name="id2547358"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce
2987
3008
broadcasts that are needed by OS/2 clients in order for them to see
2988
3009
the Samba server in their browse list. This parameter can have three
2989
3010
values, <code class="constant">yes</code>, <code class="constant">no</code>, or
3000
3021
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = <code class="literal">yes</code>
3002
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547333"></a>
3023
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547480"></a>
3004
3025
lm interval (G)
3005
</h3></div></div></div><a class="indexterm" name="id2547334"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce
3026
</h3></div></div></div><a class="indexterm" name="id2547481"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce
3006
3027
broadcasts needed by OS/2 clients (see the
3007
3028
<a class="link" href="smb.conf.5.html#LMANNOUNCE" target="_top">lm announce</a> parameter) then this
3008
3029
parameter defines the frequency in seconds with which they will be
3013
3034
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm interval</code></em> = <code class="literal">120</code>
3015
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547418"></a>
3036
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547564"></a>
3017
3038
load printers (G)
3018
</h3></div></div></div><a class="indexterm" name="id2547419"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all
3039
</h3></div></div></div><a class="indexterm" name="id2547565"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all
3019
3040
printers in the printcap will be loaded for browsing by default.
3020
3041
See the <a class="link" href="smb.conf.5.html#PRINTERS" target="_top">printers</a> section for
3021
3042
more details.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>load printers</code></em> = <code class="literal">yes</code>
3023
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547474"></a>
3044
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547620"></a>
3025
3046
local master (G)
3026
</h3></div></div></div><a class="indexterm" name="id2547475"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser
3047
</h3></div></div></div><a class="indexterm" name="id2547621"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser
3027
3048
on a subnet. If set to <code class="constant">no</code> then <code class="literal">
3028
3049
nmbd</code> will not attempt to become a local master browser
3029
3050
on a subnet and will also lose in all browsing elections. By
3033
3054
will <span class="emphasis"><em>participate</em></span> in elections for local master browser.</p><p>Setting this value to <code class="constant">no</code> will cause <code class="literal">nmbd</code> <span class="emphasis"><em>never</em></span> to become a local
3034
3055
master browser.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>local master</code></em> = <code class="literal">yes</code>
3036
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547574"></a>
3057
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547720"></a>
3038
3059
<a name="LOCKDIR"></a>lock dir
3039
</h3></div></div></div><a class="indexterm" name="id2547575"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547606"></a>
3060
</h3></div></div></div><a class="indexterm" name="id2547721"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547752"></a>
3041
3062
lock directory (G)
3042
</h3></div></div></div><a class="indexterm" name="id2547607"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock
3063
</h3></div></div></div><a class="indexterm" name="id2547753"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock
3043
3064
files will be placed. The lock files are used to implement the
3044
3065
<a class="link" href="smb.conf.5.html#MAXCONNECTIONS" target="_top">max connections</a> option.
3050
3071
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lock directory</code></em> = <code class="literal">/var/run/samba/locks</code>
3052
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547684"></a>
3073
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547831"></a>
3055
</h3></div></div></div><a class="indexterm" name="id2547686"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be
3076
</h3></div></div></div><a class="indexterm" name="id2547832"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be
3056
3077
performed by the server in response to lock requests from the
3057
3078
client.</p><p>If <code class="literal">locking = no</code>, all lock and unlock
3058
3079
requests will appear to succeed and all lock queries will report
3062
3083
CDROM drives), although setting this parameter of <code class="constant">no</code>
3063
3084
is not really recommended even in this case.</p><p>Be careful about disabling locking either globally or in a
3064
3085
specific service, as lack of locking may result in data corruption.
3065
You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547760"></a>
3086
You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547906"></a>
3067
3088
lock spin count (G)
3068
</h3></div></div></div><a class="indexterm" name="id2547761"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
3089
</h3></div></div></div><a class="indexterm" name="id2547907"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
3069
3090
The functionality it contolled is now controlled by the parameter
3070
3091
<a class="link" href="smb.conf.5.html#LOCKSPINTIME" target="_top">lock spin time</a>.
3071
3092
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin count</code></em> = <code class="literal">0</code>
3073
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547816"></a>
3094
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547962"></a>
3075
3096
lock spin time (G)
3076
</h3></div></div></div><a class="indexterm" name="id2547817"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in microseconds that smbd should
3097
</h3></div></div></div><a class="indexterm" name="id2547963"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in microseconds that smbd should
3077
3098
keep waiting to see if a failed lock request can
3078
3099
be granted. This parameter has changed in default
3079
3100
value from Samba 3.0.23 from 10 to 200. The associated
3081
3102
no longer used in Samba 3.0.24. You should not need
3082
3103
to change the value of this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin time</code></em> = <code class="literal">200</code>
3084
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547874"></a>
3105
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548020"></a>
3087
</h3></div></div></div><a class="indexterm" name="id2547875"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3108
</h3></div></div></div><a class="indexterm" name="id2548021"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3088
3109
This option allows you to override the name of the Samba log file (also known as the debug file).
3090
3111
This option takes the standard substitutions, allowing you to have separate log files for each user or machine.
3091
3112
</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log file</code></em> = <code class="literal">/usr/local/samba/var/log.%m</code>
3093
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547926"></a>
3114
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548072"></a>
3095
3116
<a name="DEBUGLEVEL"></a>debuglevel
3096
</h3></div></div></div><a class="indexterm" name="id2547927"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547957"></a>
3117
</h3></div></div></div><a class="indexterm" name="id2548073"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548103"></a>
3099
</h3></div></div></div><a class="indexterm" name="id2547958"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
3120
</h3></div></div></div><a class="indexterm" name="id2548104"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
3100
3121
The value of the parameter (a astring) allows the debug level (logging level) to be specified in the
3101
3122
<code class="filename">smb.conf</code> file.
3102
3123
</p><p>This parameter has been extended since the 2.2.x
3108
3129
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">3 passdb:5 auth:10 winbind:2</code>
3110
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548191"></a>
3131
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548337"></a>
3112
3133
logon drive (G)
3113
</h3></div></div></div><a class="indexterm" name="id2548192"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3134
</h3></div></div></div><a class="indexterm" name="id2548338"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3114
3135
This parameter specifies the local path to which the home directory will be
3115
3136
connected (see <a class="link" href="smb.conf.5.html#LOGONHOME" target="_top">logon home</a>) and is only used by NT
3155
3176
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon home</code></em> = <code class="literal">\\remote_smb_server\%U</code>
3157
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548431"></a>
3178
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548577"></a>
3160
</h3></div></div></div><a class="indexterm" name="id2548432"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>
3181
</h3></div></div></div><a class="indexterm" name="id2548578"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>
3161
3182
This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are
3162
3183
stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming
3163
3184
profiles. To find out how to handle roaming profiles for Win 9X system, see the
3202
3223
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>logon path</code></em> = <code class="literal">\\%N\%U\profile</code>
3204
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548599"></a>
3225
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548745"></a>
3206
3227
logon script (G)
3207
</h3></div></div></div><a class="indexterm" name="id2548600"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3228
</h3></div></div></div><a class="indexterm" name="id2548746"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3208
3229
This parameter specifies the batch file (<code class="filename">.bat</code>) or NT command file
3209
3230
(<code class="filename">.cmd</code>) to be downloaded and run on a machine when a user successfully logs in. The file
3210
3231
must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended.
3236
3257
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon script</code></em> = <code class="literal">scripts\%U.bat</code>
3238
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548769"></a>
3259
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548915"></a>
3240
3261
lppause command (S)
3241
</h3></div></div></div><a class="indexterm" name="id2548770"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3262
</h3></div></div></div><a class="indexterm" name="id2548916"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3242
3263
executed on the server host in order to stop printing or spooling
3243
3264
a specific print job.</p><p>This command should be a program or script which takes
3244
3265
a printer name and job number to pause the print job. One way
3263
3284
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lppause command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p0</code>
3265
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548917"></a>
3286
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549063"></a>
3267
3288
lpq cache time (G)
3268
</h3></div></div></div><a class="indexterm" name="id2548918"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached
3289
</h3></div></div></div><a class="indexterm" name="id2549064"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached
3269
3290
for to prevent the <code class="literal">lpq</code> command being called too
3270
3291
often. A separate cache is kept for each variation of the <code class="literal">
3271
3292
lpq</code> command used by the system, so if you use different
3279
3300
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq cache time</code></em> = <code class="literal">10</code>
3281
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549036"></a>
3302
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549182"></a>
3283
3304
lpq command (S)
3284
</h3></div></div></div><a class="indexterm" name="id2549037"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3305
</h3></div></div></div><a class="indexterm" name="id2549183"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3285
3306
executed on the server host in order to obtain <code class="literal">lpq
3286
3307
</code>-style printer status information.</p><p>This command should be a program or script which
3287
3308
takes a printer name as its only parameter and outputs printer
3304
3325
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq command</code></em> = <code class="literal">/usr/bin/lpq -P%p</code>
3306
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549162"></a>
3327
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549308"></a>
3308
3329
lpresume command (S)
3309
</h3></div></div></div><a class="indexterm" name="id2549163"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3330
</h3></div></div></div><a class="indexterm" name="id2549309"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3310
3331
executed on the server host in order to restart or continue
3311
3332
printing or spooling a specific print job.</p><p>This command should be a program or script which takes
3312
3333
a printer name and job number to resume the print job. See
3319
3340
parameter is <code class="constant">SYSV</code>, in which case the default is:</p><p><code class="literal">lp -i %p-%j -H resume</code></p><p>or if the value of the <em class="parameter"><code>printing</code></em> parameter
3320
3341
is <code class="constant">SOFTQ</code>, then the default is:</p><p><code class="literal">qstat -s -j%j -r</code></p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpresume command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p2</code>
3322
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549315"></a>
3343
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549461"></a>
3324
3345
lprm command (S)
3325
</h3></div></div></div><a class="indexterm" name="id2549316"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3346
</h3></div></div></div><a class="indexterm" name="id2549462"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3326
3347
executed on the server host in order to delete a print job.</p><p>This command should be a program or script which takes
3327
3348
a printer name and job number, and deletes the print job.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name
3328
3349
is put in its place. A <em class="parameter"><code>%j</code></em> is replaced with
3340
3361
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lprm command</code></em> = <code class="literal"> determined by printing parameter</code>
3342
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549402"></a>
3363
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549548"></a>
3344
3365
machine password timeout (G)
3345
</h3></div></div></div><a class="indexterm" name="id2549403"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3366
</h3></div></div></div><a class="indexterm" name="id2549549"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3346
3367
If a Samba server is a member of a Windows NT Domain (see the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter) then periodically a running smbd process will try and change
3347
3368
the MACHINE ACCOUNT PASSWORD stored in the TDB called <code class="filename">private/secrets.tdb
3348
3369
</code>. This parameter specifies how often this password will be changed, in seconds. The default is one
3352
3373
and the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter.
3353
3374
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>machine password timeout</code></em> = <code class="literal">604800</code>
3355
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549490"></a>
3376
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549636"></a>
3357
3378
magic output (S)
3358
</h3></div></div></div><a class="indexterm" name="id2549491"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3379
</h3></div></div></div><a class="indexterm" name="id2549637"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3359
3380
This parameter specifies the name of a file which will contain output created by a magic script (see the
3360
3381
<a class="link" href="smb.conf.5.html#MAGICSCRIPT" target="_top">magic script</a> parameter below).
3361
3382
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>If two clients use the same <em class="parameter"><code>magic script
3365
3386
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic output</code></em> = <code class="literal">myfile.txt</code>
3367
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549574"></a>
3388
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549720"></a>
3369
3390
magic script (S)
3370
</h3></div></div></div><a class="indexterm" name="id2549575"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,
3391
</h3></div></div></div><a class="indexterm" name="id2549721"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,
3371
3392
if opened, will be executed by the server when the file is closed.
3372
3393
This allows a UNIX script to be sent to the Samba host and
3373
3394
executed on behalf of the connected user.</p><p>Scripts executed in this way will be deleted upon
3384
3405
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic script</code></em> = <code class="literal">user.csh</code>
3386
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549680"></a>
3407
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549826"></a>
3388
3409
mangled names (S)
3389
</h3></div></div></div><a class="indexterm" name="id2549681"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX
3410
</h3></div></div></div><a class="indexterm" name="id2549827"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX
3390
3411
should be mapped to DOS-compatible names ("mangled") and made visible,
3391
3412
or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a> for
3392
3413
details on how to control the mangling process.</p><p>If mangling is used then the mangling algorithm is as follows:</p><div class="itemizedlist"><ul type="disc"><li><p>The first (up to) five alphanumeric characters
3411
3432
from Windows/DOS and will retain the same basename. Mangled names
3412
3433
do not change between sessions.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangled names</code></em> = <code class="literal">yes</code>
3414
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549817"></a>
3435
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549963"></a>
3416
3437
mangle prefix (G)
3417
</h3></div></div></div><a class="indexterm" name="id2549818"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix
3438
</h3></div></div></div><a class="indexterm" name="id2549964"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix
3418
3439
characters from the original name used when generating
3419
3440
the mangled names. A larger value will give a weaker
3420
3441
hash and therefore more name collisions. The minimum
3425
3446
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangle prefix</code></em> = <code class="literal">4</code>
3427
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549883"></a>
3448
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550029"></a>
3429
3450
mangling char (S)
3430
</h3></div></div></div><a class="indexterm" name="id2549884"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as
3451
</h3></div></div></div><a class="indexterm" name="id2550030"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as
3431
3452
the <span class="emphasis"><em>magic</em></span> character in <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>. The
3432
3453
default is a '~' but this may interfere with some software. Use this option to set
3433
3454
it to whatever you prefer. This is effective only when mangling method is hash.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">~</code>
3435
3456
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">^</code>
3437
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549961"></a>
3458
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550107"></a>
3439
3460
mangling method (G)
3440
</h3></div></div></div><a class="indexterm" name="id2549962"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating
3461
</h3></div></div></div><a class="indexterm" name="id2550108"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating
3441
3462
the mangled names. Can take two different values, "hash" and
3442
3463
"hash2". "hash" is the algorithm that was used
3443
3464
used in Samba for many years and was the default in Samba 2.2.x "hash2" is
3449
3470
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling method</code></em> = <code class="literal">hash</code>
3451
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550028"></a>
3472
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550174"></a>
3453
3474
map acl inherit (S)
3454
</h3></div></div></div><a class="indexterm" name="id2550029"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'
3475
</h3></div></div></div><a class="indexterm" name="id2550175"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'
3455
3476
access control entry flags stored in Windows ACLs into an extended attribute
3456
3477
called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
3457
3478
on a platform that supports extended attributes (Linux and IRIX so far) and
3459
3480
POSIX ACL mapping code.
3460
3481
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map acl inherit</code></em> = <code class="literal">no</code>
3462
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550085"></a>
3483
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550238"></a>
3464
3485
map archive (S)
3465
</h3></div></div></div><a class="indexterm" name="id2550086"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3486
</h3></div></div></div><a class="indexterm" name="id2550239"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3466
3487
This controls whether the DOS archive attribute
3467
3488
should be mapped to the UNIX owner execute bit. The DOS archive bit
3468
3489
is set when a file has been modified since its last backup. One
3475
3496
<a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> for details.
3476
3497
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map archive</code></em> = <code class="literal">yes</code>
3478
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550160"></a>
3499
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550313"></a>
3481
</h3></div></div></div><a class="indexterm" name="id2550162"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>
3502
</h3></div></div></div><a class="indexterm" name="id2550314"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>
3482
3503
This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
3484
3505
Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> to be set such that the world execute
3485
3506
bit is not masked out (i.e. it must include 001). See the parameter <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a>
3487
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550218"></a>
3508
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550371"></a>
3489
3510
map read only (S)
3490
</h3></div></div></div><a class="indexterm" name="id2550219"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
3511
</h3></div></div></div><a class="indexterm" name="id2550372"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
3491
3512
This controls how the DOS read only attribute should be mapped from a UNIX filesystem.
3493
3514
This parameter can take three different values, which tell <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> how to display the read only attribute on files, where either
3512
3533
the <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> method. This may be useful for exporting mounted CDs.
3513
3534
</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>map read only</code></em> = <code class="literal">yes</code>
3515
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550375"></a>
3536
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550527"></a>
3518
</h3></div></div></div><a class="indexterm" name="id2550376"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>
3539
</h3></div></div></div><a class="indexterm" name="id2550528"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>
3519
3540
This controls whether DOS style system files should be mapped to the UNIX group execute bit.
3521
3542
Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> to be set such that the group
3523
3544
<a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> for details.
3524
3545
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map system</code></em> = <code class="literal">no</code>
3526
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550444"></a>
3547
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550597"></a>
3528
3549
map to guest (G)
3529
</h3></div></div></div><a class="indexterm" name="id2550445"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =
3550
</h3></div></div></div><a class="indexterm" name="id2550598"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =
3530
3551
security</a> modes other than <em class="parameter"><code>security = share</code></em>
3531
3552
and <em class="parameter"><code>security = server</code></em>
3532
3553
- i.e. <code class="constant">user</code>, and <code class="constant">domain</code>.</p><p>This parameter can take four different values, which tell
3569
3590
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>map to guest</code></em> = <code class="literal">Bad User</code>
3571
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550684"></a>
3592
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550837"></a>
3573
3594
max connections (S)
3574
</h3></div></div></div><a class="indexterm" name="id2550685"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.
3595
</h3></div></div></div><a class="indexterm" name="id2550838"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.
3575
3596
If <em class="parameter"><code>max connections</code></em> is greater than 0 then connections
3576
3597
will be refused if this number of connections to the service are already open. A value
3577
3598
of zero mean an unlimited number of connections may be made.</p><p>Record lock files are used to implement this feature. The lock files will be stored in
3580
3601
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = <code class="literal">10</code>
3582
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550770"></a>
3603
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550923"></a>
3584
3605
max disk size (G)
3585
</h3></div></div></div><a class="indexterm" name="id2550771"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit
3606
</h3></div></div></div><a class="indexterm" name="id2550924"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit
3586
3607
on the apparent size of disks. If you set this option to 100
3587
3608
then all shares will appear to be not larger than 100 MB in
3588
3609
size.</p><p>Note that this option does not limit the amount of
3597
3618
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max disk size</code></em> = <code class="literal">1000</code>
3599
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550862"></a>
3620
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551014"></a>
3601
3622
max log size (G)
3602
</h3></div></div></div><a class="indexterm" name="id2550863"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3623
</h3></div></div></div><a class="indexterm" name="id2551015"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3603
3624
This option (an integer in kilobytes) specifies the max size the log file should grow to.
3604
3625
Samba periodically checks the size and if it is exceeded it will rename the file, adding
3605
3626
a <code class="filename">.old</code> extension.
3609
3630
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max log size</code></em> = <code class="literal">1000</code>
3611
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550932"></a>
3632
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551085"></a>
3614
</h3></div></div></div><a class="indexterm" name="id2550933"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of
3635
</h3></div></div></div><a class="indexterm" name="id2551086"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of
3615
3636
outstanding simultaneous SMB operations that Samba tells the client
3616
3637
it will allow. You should never need to set this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max mux</code></em> = <code class="literal">50</code>
3618
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550975"></a>
3639
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551128"></a>
3620
3641
max open files (G)
3621
</h3></div></div></div><a class="indexterm" name="id2550976"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3642
</h3></div></div></div><a class="indexterm" name="id2551129"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3622
3643
open files that one <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> file
3623
3644
serving process may have open for a client at any one time. The
3624
3645
default for this parameter is set very high (10,000) as Samba uses
3626
3647
by the UNIX per-process file descriptor limit rather than
3627
3648
this parameter so you should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max open files</code></em> = <code class="literal">10000</code>
3629
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551036"></a>
3650
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551188"></a>
3631
3652
max print jobs (S)
3632
</h3></div></div></div><a class="indexterm" name="id2551037"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3653
</h3></div></div></div><a class="indexterm" name="id2551189"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3633
3654
jobs allowable in a Samba printer queue at any given moment.
3634
3655
If this number is exceeded, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will remote "Out of Space" to the client.
3635
3656
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max print jobs</code></em> = <code class="literal">1000</code>
3637
3658
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max print jobs</code></em> = <code class="literal">5000</code>
3639
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551106"></a>
3660
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551258"></a>
3641
3662
<a name="PROTOCOL"></a>protocol
3642
</h3></div></div></div><a class="indexterm" name="id2551107"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551139"></a>
3663
</h3></div></div></div><a class="indexterm" name="id2551260"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551291"></a>
3644
3665
max protocol (G)
3645
</h3></div></div></div><a class="indexterm" name="id2551140"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest
3666
</h3></div></div></div><a class="indexterm" name="id2551292"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest
3646
3667
protocol level that will be supported by the server.</p><p>Possible values are :</p><div class="itemizedlist"><ul type="disc"><li><p><code class="constant">CORE</code>: Earliest version. No
3647
3668
concept of user names.</p></li><li><p><code class="constant">COREPLUS</code>: Slight improvements on
3648
3669
CORE for efficiency.</p></li><li><p><code class="constant">LANMAN1</code>: First <span class="emphasis"><em>
3655
3676
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max protocol</code></em> = <code class="literal">LANMAN1</code>
3657
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551264"></a>
3678
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551416"></a>
3659
3680
max reported print jobs (S)
3660
</h3></div></div></div><a class="indexterm" name="id2551265"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>
3681
</h3></div></div></div><a class="indexterm" name="id2551418"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>
3661
3682
This parameter limits the maximum number of jobs displayed in a port monitor for
3662
3683
Samba printer queue at any given moment. If this number is exceeded, the excess
3663
3684
jobs will not be shown. A value of zero means there is no limit on the number of
3667
3688
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max reported print jobs</code></em> = <code class="literal">1000</code>
3669
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551332"></a>
3690
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551480"></a>
3671
3692
max smbd processes (G)
3672
</h3></div></div></div><a class="indexterm" name="id2551334"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended
3693
</h3></div></div></div><a class="indexterm" name="id2551482"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended
3673
3694
as a stopgap to prevent degrading service to clients in the event that the server has insufficient
3674
3695
resources to handle more than this number of connections. Remember that under normal operating
3675
3696
conditions, each user will have an <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> associated with him or her to handle connections to all
3678
3699
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max smbd processes</code></em> = <code class="literal">1000</code>
3680
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551414"></a>
3701
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551562"></a>
3682
3703
max stat cache size (G)
3683
</h3></div></div></div><a class="indexterm" name="id2551415"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any
3704
</h3></div></div></div><a class="indexterm" name="id2551563"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any
3684
3705
<em class="parameter"><code>stat cache</code></em> being used
3685
3706
to speed up case insensitive name mappings. It represents
3686
3707
the number of kilobyte (1024) units the stat cache can use.
3692
3713
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max stat cache size</code></em> = <code class="literal">100</code>
3694
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551483"></a>
3715
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551631"></a>
3697
</h3></div></div></div><a class="indexterm" name="id2551484"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'
3718
</h3></div></div></div><a class="indexterm" name="id2551632"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'
3698
3719
of NetBIOS names should be (in seconds) when <code class="literal">nmbd</code> is
3699
3720
requesting a name using either a broadcast packet or from a WINS server. You should
3700
3721
never need to change this parameter. The default is 3 days.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max ttl</code></em> = <code class="literal">259200</code>
3702
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551542"></a>
3723
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551690"></a>
3704
3725
max wins ttl (G)
3705
</h3></div></div></div><a class="indexterm" name="id2551543"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
3726
</h3></div></div></div><a class="indexterm" name="id2551691"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
3706
3727
(<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the maximum
3707
3728
'time to live' of NetBIOS names that <code class="literal">nmbd</code>
3708
3729
will grant will be (in seconds). You should never need to change this
3709
3730
parameter. The default is 6 days (518400 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max wins ttl</code></em> = <code class="literal">518400</code>
3711
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551614"></a>
3732
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551762"></a>
3714
</h3></div></div></div><a class="indexterm" name="id2551615"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size
3735
</h3></div></div></div><a class="indexterm" name="id2551763"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size
3715
3736
that will be negotiated by Samba. The default is 16644, which
3716
3737
matches the behavior of Windows 2000. A value below 2048 is likely to cause problems.
3717
3738
You should never need to change this parameter from its default value.
3720
3741
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max xmit</code></em> = <code class="literal">8192</code>
3722
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551677"></a>
3743
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551825"></a>
3724
3745
message command (G)
3725
</h3></div></div></div><a class="indexterm" name="id2551678"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the
3746
</h3></div></div></div><a class="indexterm" name="id2551826"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the
3726
3747
server receives a WinPopup style message.</p><p>This would normally be a command that would
3727
3748
deliver the message somehow. How this is to be done is
3728
3749
up to your imagination.</p><p>An example is:
3762
3783
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>message command</code></em> = <code class="literal">csh -c 'xedit %s; rm %s' &</code>
3764
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551887"></a>
3785
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552035"></a>
3766
3787
min print space (S)
3767
</h3></div></div></div><a class="indexterm" name="id2551888"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk
3788
</h3></div></div></div><a class="indexterm" name="id2552036"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk
3768
3789
space that must be available before a user will be able to spool
3769
3790
a print job. It is specified in kilobytes. The default is 0, which
3770
3791
means a user can always spool a print job.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min print space</code></em> = <code class="literal">0</code>
3772
3793
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min print space</code></em> = <code class="literal">2000</code>
3774
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551949"></a>
3795
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552097"></a>
3776
3797
min protocol (G)
3777
</h3></div></div></div><a class="indexterm" name="id2551950"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the
3798
</h3></div></div></div><a class="indexterm" name="id2552098"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the
3778
3799
lowest SMB protocol dialect than Samba will support. Please refer
3779
3800
to the <a class="link" href="smb.conf.5.html#MAXPROTOCOL" target="_top">max protocol</a>
3780
3801
parameter for a list of valid protocol names and a brief description
3787
3808
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min protocol</code></em> = <code class="literal">NT1</code>
3789
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552047"></a>
3810
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552196"></a>
3791
3812
min receivefile size (G)
3792
</h3></div></div></div><a class="indexterm" name="id2552048"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming
3813
</h3></div></div></div><a class="indexterm" name="id2552197"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming
3793
3814
SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will
3794
3815
be passed to any underlying kernel recvfile or splice system call (if there is no such
3795
3816
call Samba will emulate in user space). This allows zero-copy writes directly from network
3798
3819
normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be
3799
3820
nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</p><p>Note this option will have NO EFFECT if set on a SMB signed connection.</p><p>The default is zero, which diables this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min receivefile size</code></em> = <code class="literal">0</code>
3801
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552117"></a>
3822
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552277"></a>
3803
3824
min wins ttl (G)
3804
</h3></div></div></div><a class="indexterm" name="id2552118"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
3825
</h3></div></div></div><a class="indexterm" name="id2552278"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
3805
3826
when acting as a WINS server (<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the minimum 'time to live'
3806
3827
of NetBIOS names that <code class="literal">nmbd</code> will grant will be (in
3807
3828
seconds). You should never need to change this parameter. The default
3808
3829
is 6 hours (21600 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min wins ttl</code></em> = <code class="literal">21600</code>
3810
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552187"></a>
3831
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552348"></a>
3812
3833
msdfs proxy (S)
3813
</h3></div></div></div><a class="indexterm" name="id2552188"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a
3834
</h3></div></div></div><a class="indexterm" name="id2552349"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a
3814
3835
stand-in for another CIFS share whose location is specified by
3815
3836
the value of the parameter. When clients attempt to connect to
3816
3837
this share, they are redirected to the proxied share using
3818
3839
<a class="link" href="smb.conf.5.html#MSDFSROOT" target="_top">msdfs root</a> and <a class="link" href="smb.conf.5.html#HOSTMSDFS" target="_top">host msdfs</a>
3819
3840
options to find out how to set up a Dfs root share.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>msdfs proxy</code></em> = <code class="literal">\otherserver\someshare</code>
3821
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552265"></a>
3842
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552426"></a>
3824
</h3></div></div></div><a class="indexterm" name="id2552266"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the
3845
</h3></div></div></div><a class="indexterm" name="id2552427"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the
3825
3846
share as a Dfs root and allows clients to browse the
3826
3847
distributed file system tree rooted at the share directory.
3827
3848
Dfs links are specified in the share directory by symbolic
3829
3850
and so on. For more information on setting up a Dfs tree on
3830
3851
Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>msdfs root</code></em> = <code class="literal">no</code>
3832
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552320"></a>
3853
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552481"></a>
3834
3855
name cache timeout (G)
3835
</h3></div></div></div><a class="indexterm" name="id2552322"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before
3856
</h3></div></div></div><a class="indexterm" name="id2552482"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before
3836
3857
entries in samba's hostname resolve cache time out. If
3837
3858
the timeout is set to 0. the caching is disabled.
3838
3859
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>name cache timeout</code></em> = <code class="literal">660</code>
3840
3861
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name cache timeout</code></em> = <code class="literal">0</code>
3842
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552382"></a>
3863
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552542"></a>
3844
3865
name resolve order (G)
3845
</h3></div></div></div><a class="indexterm" name="id2552383"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba
3866
</h3></div></div></div><a class="indexterm" name="id2552543"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba
3846
3867
suite to determine what naming services to use and in what order
3847
3868
to resolve host names to IP addresses. Its main purpose to is to
3848
3869
control how netbios name resolution is performed. The option takes a space
3874
3895
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name resolve order</code></em> = <code class="literal">lmhosts bcast host</code>
3876
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552584"></a>
3897
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552744"></a>
3878
3899
netbios aliases (G)
3879
</h3></div></div></div><a class="indexterm" name="id2552585"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will
3900
</h3></div></div></div><a class="indexterm" name="id2552745"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will
3880
3901
advertise as additional names by which the Samba server is known. This allows one machine
3881
3902
to appear in browse lists under multiple names. If a machine is acting as a browse server
3882
3903
or logon server none of these names will be advertised as either browse server or logon
3887
3908
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios aliases</code></em> = <code class="literal">TEST TEST1 TEST2</code>
3889
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552650"></a>
3910
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552818"></a>
3891
3912
netbios name (G)
3892
</h3></div></div></div><a class="indexterm" name="id2552651"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
3913
</h3></div></div></div><a class="indexterm" name="id2552819"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
3893
3914
This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component
3894
3915
of the host's DNS name. If a machine is a browse server or logon server this name (or the first component of
3895
3916
the hosts DNS name) will be the name that these services are advertised under.
3903
3924
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios name</code></em> = <code class="literal">MYNAME</code>
3905
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552731"></a>
3926
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552899"></a>
3907
3928
netbios scope (G)
3908
</h3></div></div></div><a class="indexterm" name="id2552732"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will
3929
</h3></div></div></div><a class="indexterm" name="id2552900"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will
3909
3930
operate under. This should not be set unless every machine
3910
3931
on your LAN also sets this value.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>netbios scope</code></em> = <code class="literal"></code>
3912
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552774"></a>
3933
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552942"></a>
3914
3935
nis homedir (G)
3915
</h3></div></div></div><a class="indexterm" name="id2552775"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For
3936
</h3></div></div></div><a class="indexterm" name="id2552943"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For
3916
3937
UNIX systems that use an automounter, the user's home directory
3917
3938
will often be mounted on a workstation on demand from a remote
3918
3939
server. </p><p>When the Samba logon server is not the actual home directory
3931
3952
NIS system and the Samba server with this option must also
3932
3953
be a logon server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nis homedir</code></em> = <code class="literal">no</code>
3934
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552854"></a>
3955
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553022"></a>
3936
3957
nt acl support (S)
3937
</h3></div></div></div><a class="indexterm" name="id2552855"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map
3958
</h3></div></div></div><a class="indexterm" name="id2553023"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map
3938
3959
UNIX permissions into Windows NT access control lists. The UNIX
3939
3960
permissions considered are the the traditional UNIX owner and
3940
3961
group permissions, as well as POSIX ACLs set on any files or
3941
3962
directories. This parameter was formally a global parameter in
3942
3963
releases prior to 2.2.2.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt acl support</code></em> = <code class="literal">yes</code>
3944
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552909"></a>
3965
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553076"></a>
3947
</h3></div></div></div><a class="indexterm" name="id2552910"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
3968
</h3></div></div></div><a class="indexterm" name="id2553078"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
3948
3969
authenticate users using the NTLM encrypted password response.
3949
3970
If disabled, either the lanman password hash or an NTLMv2 response
3950
3971
will need to be sent by the client.</p><p>If this option, and <code class="literal">lanman
3952
3973
permited. Not all clients support NTLMv2, and most will require
3953
3974
special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ntlm auth</code></em> = <code class="literal">yes</code>
3955
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552973"></a>
3976
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553140"></a>
3957
3978
nt pipe support (G)
3958
</h3></div></div></div><a class="indexterm" name="id2552974"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether
3979
</h3></div></div></div><a class="indexterm" name="id2553142"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether
3959
3980
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow Windows NT
3960
3981
clients to connect to the NT SMB specific <code class="constant">IPC$</code>
3961
3982
pipes. This is a developer debugging option and can be left
3962
3983
alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt pipe support</code></em> = <code class="literal">yes</code>
3964
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553029"></a>
3985
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553196"></a>
3966
3987
nt status support (G)
3967
</h3></div></div></div><a class="indexterm" name="id2553030"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status
3988
</h3></div></div></div><a class="indexterm" name="id2553198"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status
3968
3989
support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone.
3969
3990
If this option is set to <code class="constant">no</code> then Samba offers
3970
3991
exactly the same DOS error codes that versions prior to Samba 2.2.3
3971
3992
reported.</p><p>You should not need to ever disable this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt status support</code></em> = <code class="literal">yes</code>
3973
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553090"></a>
3994
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553258"></a>
3975
3996
null passwords (G)
3976
</h3></div></div></div><a class="indexterm" name="id2553091"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>
3997
</h3></div></div></div><a class="indexterm" name="id2553259"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>
3978
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553144"></a>
3999
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553312"></a>
3980
4001
obey pam restrictions (G)
3981
</h3></div></div></div><a class="indexterm" name="id2553145"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support
4002
</h3></div></div></div><a class="indexterm" name="id2553313"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support
3982
4003
(i.e. --with-pam), this parameter will control whether or not Samba
3983
4004
should obey PAM's account and session management directives. The
3984
4005
default behavior is to use PAM for clear text authentication only
3988
4009
authentication mechanism needed in the presence of SMB password encryption.
3989
4010
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>obey pam restrictions</code></em> = <code class="literal">no</code>
3991
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553208"></a>
4012
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553382"></a>
3994
</h3></div></div></div><a class="indexterm" name="id2553209"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether
4015
</h3></div></div></div><a class="indexterm" name="id2553384"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether
3995
4016
connections with usernames not in the <em class="parameter"><code>user</code></em>
3996
4017
list will be allowed. By default this option is disabled so that a
3997
4018
client can supply a username to be used by the server. Enabling
4004
4025
will be just the service name, which for home directories is the
4005
4026
name of the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>only user</code></em> = <code class="literal">no</code>
4007
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553297"></a>
4028
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553471"></a>
4009
4030
oplock break wait time (G)
4010
</h3></div></div></div><a class="indexterm" name="id2553298"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4031
</h3></div></div></div><a class="indexterm" name="id2553472"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4011
4032
This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too
4012
4033
quickly when that client issues an SMB that can cause an oplock break request, then the network client can
4013
4034
fail and not respond to the break request. This tuning parameter (which is set in milliseconds) is the amount
4016
4037
DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
4017
4038
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock break wait time</code></em> = <code class="literal">0</code>
4019
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553352"></a>
4040
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553526"></a>
4021
4042
oplock contention limit (S)
4022
</h3></div></div></div><a class="indexterm" name="id2553353"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4043
</h3></div></div></div><a class="indexterm" name="id2553527"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4023
4044
This is a <span class="emphasis"><em>very</em></span> advanced <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> tuning option to improve the efficiency of the
4024
4045
granting of oplocks under multiple client contention for the same file.
4031
4052
DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
4032
4053
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock contention limit</code></em> = <code class="literal">2</code>
4034
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553434"></a>
4055
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553609"></a>
4037
</h3></div></div></div><a class="indexterm" name="id2553436"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4058
</h3></div></div></div><a class="indexterm" name="id2553610"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4038
4059
This boolean option tells <code class="literal">smbd</code> whether to
4039
4060
issue oplocks (opportunistic locks) to file open requests on this
4040
4061
share. The oplock code can dramatically (approx. 30% or more) improve
4053
4074
<a class="link" href="smb.conf.5.html#KERNELOPLOCKS" target="_top">kernel oplocks</a> parameter for details.
4054
4075
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplocks</code></em> = <code class="literal">yes</code>
4056
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553533"></a>
4077
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553707"></a>
4058
4079
os2 driver map (G)
4059
</h3></div></div></div><a class="indexterm" name="id2553534"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute
4080
</h3></div></div></div><a class="indexterm" name="id2553708"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute
4060
4081
path to a file containing a mapping of Windows NT printer driver
4061
4082
names to OS/2 printer driver names. The format is:</p><p><nt driver name> = <os2 driver name>.<device name></p><p>For example, a valid entry using the HP LaserJet 5
4062
4083
printer driver would appear as <code class="literal">HP LaserJet 5L = LASERJET.HP
4066
4087
details on OS/2 clients, please refer to chapter on other clients in the Samba3-HOWTO book.
4067
4088
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>os2 driver map</code></em> = <code class="literal"></code>
4069
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553600"></a>
4090
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553774"></a>
4072
</h3></div></div></div><a class="indexterm" name="id2553601"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
4093
</h3></div></div></div><a class="indexterm" name="id2553776"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
4073
4094
This integer value controls what level Samba advertises itself as for browse elections. The value of this
4074
4095
parameter determines whether <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> in the local broadcast area.
4075
4096
</p><p><span class="emphasis"><em>
4086
4107
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>os level</code></em> = <code class="literal">65</code>
4088
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553700"></a>
4109
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553874"></a>
4090
4111
pam password change (G)
4091
</h3></div></div></div><a class="indexterm" name="id2553701"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,
4112
</h3></div></div></div><a class="indexterm" name="id2553875"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,
4092
4113
this parameter, it is possible to use PAM's password change control
4093
4114
flag for Samba. If enabled, then PAM will be used for password
4094
4115
changes when requested by an SMB client instead of the program listed in
4096
4117
It should be possible to enable this without changing your
4097
4118
<a class="link" href="smb.conf.5.html#PASSWDCHAT" target="_top">passwd chat</a> parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = <code class="literal">no</code>
4099
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553772"></a>
4120
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553947"></a>
4101
4122
panic action (G)
4102
</h3></div></div></div><a class="indexterm" name="id2553774"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a
4123
</h3></div></div></div><a class="indexterm" name="id2553948"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a
4103
4124
system command to be called when either <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> or <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> crashes. This is usually used to
4104
4125
draw attention to the fact that a problem occurred.
4105
4126
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>panic action</code></em> = <code class="literal"></code>
4107
4128
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>panic action</code></em> = <code class="literal">"/bin/sleep 90000"</code>
4109
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553848"></a>
4130
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554023"></a>
4111
4132
paranoid server security (G)
4112
</h3></div></div></div><a class="indexterm" name="id2553849"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest
4133
</h3></div></div></div><a class="indexterm" name="id2554024"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest
4113
4134
users with a bad passowrd. When this option is enabled, samba will not
4114
4135
use a broken NT 4.x server as password server, but instead complain
4115
4136
to the logs and exit.
4117
4138
this check, which involves deliberatly attempting a
4118
4139
bad logon to the remote server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>paranoid server security</code></em> = <code class="literal">yes</code>
4120
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553900"></a>
4141
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554074"></a>
4122
4143
passdb backend (G)
4123
</h3></div></div></div><a class="indexterm" name="id2553901"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend
4144
</h3></div></div></div><a class="indexterm" name="id2554075"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend
4124
4145
will be used for storing user and possibly group information. This allows
4125
4146
you to swap between different storage mechanisms without recompile. </p><p>The parameter value is divided into two parts, the backend's name, and a 'location'
4126
4147
string that has meaning only to that particular backed. These are separated
4153
4174
passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"
4154
4175
</pre><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb backend</code></em> = <code class="literal">smbpasswd</code>
4156
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554057"></a>
4177
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554231"></a>
4158
4179
passdb expand explicit (G)
4159
</h3></div></div></div><a class="indexterm" name="id2554058"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4180
</h3></div></div></div><a class="indexterm" name="id2554232"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4160
4181
This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We
4161
4182
used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable
4162
4183
%G_osver% in which %G would have been substituted by the user's primary group.
4163
4184
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb expand explicit</code></em> = <code class="literal">no</code>
4165
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554104"></a>
4186
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554278"></a>
4167
4188
passwd chat debug (G)
4168
</h3></div></div></div><a class="indexterm" name="id2554105"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script
4189
</h3></div></div></div><a class="indexterm" name="id2554279"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script
4169
4190
parameter is run in <span class="emphasis"><em>debug</em></span> mode. In this mode the
4170
4191
strings passed to and received from the passwd chat are printed
4171
4192
in the <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> log with a
4178
4199
<a class="link" href="smb.conf.5.html#PAMPASSWORDCHANGE" target="_top">pam password change</a>
4179
4200
parameter is set. This parameter is off by default.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat debug</code></em> = <code class="literal">no</code>
4181
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554207"></a>
4202
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554382"></a>
4183
4204
passwd chat timeout (G)
4184
</h3></div></div></div><a class="indexterm" name="id2554208"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial
4205
</h3></div></div></div><a class="indexterm" name="id2554383"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial
4185
4206
answer from a passwd chat script being run. Once the initial answer is received
4186
4207
the subsequent answers must be received in one tenth of this time. The default it
4187
4208
two seconds.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat timeout</code></em> = <code class="literal">2</code>
4189
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554252"></a>
4210
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554427"></a>
4191
4212
passwd chat (G)
4192
</h3></div></div></div><a class="indexterm" name="id2554253"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>
4213
</h3></div></div></div><a class="indexterm" name="id2554428"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>
4193
4214
conversation that takes places between <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and the local password changing
4194
4215
program to change the user's password. The string describes a
4195
4216
sequence of response-receive pairs that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> uses to determine what to send to the
4221
4242
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd chat</code></em> = <code class="literal">"*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"</code>
4223
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554458"></a>
4244
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554632"></a>
4225
4246
passwd program (G)
4226
</h3></div></div></div><a class="indexterm" name="id2554459"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set
4247
</h3></div></div></div><a class="indexterm" name="id2554633"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set
4227
4248
UNIX user passwords. Any occurrences of <em class="parameter"><code>%u</code></em>
4228
4249
will be replaced with the user name. The user name is checked for
4229
4250
existence before calling the password changing program.</p><p>Also note that many passwd programs insist in <span class="emphasis"><em>reasonable
4245
4266
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd program</code></em> = <code class="literal">/bin/passwd %u</code>
4247
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554593"></a>
4268
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554767"></a>
4249
4270
password level (G)
4250
</h3></div></div></div><a class="indexterm" name="id2554594"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty
4271
</h3></div></div></div><a class="indexterm" name="id2554768"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty
4251
4272
with mixed-case passwords. One offending client is Windows for
4252
4273
Workgroups, which for some reason forces passwords to upper
4253
4274
case when using the LANMAN1 protocol, but leaves them alone when
4270
4291
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = <code class="literal">4</code>
4272
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554730"></a>
4293
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554904"></a>
4274
4295
password server (G)
4275
</h3></div></div></div><a class="indexterm" name="id2554731"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server
4296
</h3></div></div></div><a class="indexterm" name="id2554905"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server
4276
4297
or Active Directory domain controller with this option,
4277
4298
and using <code class="literal">security = [ads|domain|server]</code>
4278
it is possible to get Samba to
4299
it is possible to get Samba
4279
4300
to do all its username/password validation using a specific remote server.</p><p>This option sets the name or IP address of the password server to use.
4280
4301
New syntax has been added to support defining the port to use when connecting
4281
4302
to the server the case of an ADS realm. To define a port other than the
4333
4354
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">windc.mydomain.com:389 192.168.1.101 *</code>
4335
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555028"></a>
4356
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555203"></a>
4337
4358
<a name="DIRECTORY"></a>directory
4338
</h3></div></div></div><a class="indexterm" name="id2555030"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555060"></a>
4359
</h3></div></div></div><a class="indexterm" name="id2555204"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555234"></a>
4341
</h3></div></div></div><a class="indexterm" name="id2555061"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which
4362
</h3></div></div></div><a class="indexterm" name="id2555235"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which
4342
4363
the user of the service is to be given access. In the case of
4343
4364
printable services, this is where print data will spool prior to
4344
4365
being submitted to the host for printing.</p><p>For a printable service offering guest access, the service
4356
4377
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>path</code></em> = <code class="literal">/home/fred</code>
4358
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555164"></a>
4379
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555338"></a>
4360
4381
pid directory (G)
4361
</h3></div></div></div><a class="indexterm" name="id2555165"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
4382
</h3></div></div></div><a class="indexterm" name="id2555339"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
4362
4383
This option specifies the directory where pid files will be placed.
4363
4384
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">${prefix}/var/locks</code>
4365
4386
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">pid directory = /var/run/</code>
4367
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555224"></a>
4388
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555398"></a>
4369
4390
posix locking (S)
4370
</h3></div></div></div><a class="indexterm" name="id2555225"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
4391
</h3></div></div></div><a class="indexterm" name="id2555399"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
4371
4392
The <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
4372
4393
daemon maintains an database of file locks obtained by SMB clients. The default behavior is
4373
4394
to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are
4375
4396
method (e.g. NFS or local file access). You should never need to disable this parameter.
4376
4397
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>posix locking</code></em> = <code class="literal">yes</code>
4378
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555279"></a>
4399
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555453"></a>
4381
</h3></div></div></div><a class="indexterm" name="id2555280"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run
4402
</h3></div></div></div><a class="indexterm" name="id2555454"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run
4382
4403
whenever the service is disconnected. It takes the usual
4383
4404
substitutions. The command may be run as the root on some
4384
4405
systems.</p><p>An interesting example may be to unmount server
4387
4408
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>postexec</code></em> = <code class="literal">echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log</code>
4389
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555352"></a>
4410
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555526"></a>
4391
4412
preexec close (S)
4392
</h3></div></div></div><a class="indexterm" name="id2555353"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4413
</h3></div></div></div><a class="indexterm" name="id2555527"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4393
4414
This boolean option controls whether a non-zero return code from <a class="link" href="smb.conf.5.html#PREEXEC" target="_top">preexec</a>
4394
4415
should close the service being connected to.
4395
4416
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec close</code></em> = <code class="literal">no</code>
4397
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555407"></a>
4418
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555581"></a>
4399
4420
<a name="EXEC"></a>exec
4400
</h3></div></div></div><a class="indexterm" name="id2555408"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555438"></a>
4421
</h3></div></div></div><a class="indexterm" name="id2555582"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555613"></a>
4403
</h3></div></div></div><a class="indexterm" name="id2555439"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever
4424
</h3></div></div></div><a class="indexterm" name="id2555614"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever
4404
4425
the service is connected to. It takes the usual substitutions.</p><p>An interesting example is to send the users a welcome
4405
4426
message every time they log in. Maybe a message of the day? Here
4406
4427
is an example:</p><p>
4413
4434
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preexec</code></em> = <code class="literal">echo \"%u connected to %S from %m (%I)\" >> /tmp/log</code>
4415
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555547"></a>
4436
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555721"></a>
4417
4438
<a name="PREFEREDMASTER"></a>prefered master
4418
</h3></div></div></div><a class="indexterm" name="id2555548"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555580"></a>
4439
</h3></div></div></div><a class="indexterm" name="id2555722"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555754"></a>
4420
4441
preferred master (G)
4421
</h3></div></div></div><a class="indexterm" name="id2555581"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
4442
</h3></div></div></div><a class="indexterm" name="id2555756"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
4422
4443
This boolean parameter controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> is a preferred master browser for its workgroup.
4424
4445
If this is set to <code class="constant">yes</code>, on startup, <code class="literal">nmbd</code> will force
4433
4454
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preferred master</code></em> = <code class="literal">auto</code>
4435
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555673"></a>
4456
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555847"></a>
4437
4458
preload modules (G)
4438
</h3></div></div></div><a class="indexterm" name="id2555674"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should
4459
</h3></div></div></div><a class="indexterm" name="id2555848"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should
4439
4460
be loaded into smbd before a client connects. This improves
4440
4461
the speed of smbd when reacting to new connections somewhat. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal"></code>
4442
4463
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal">/usr/lib/samba/passdb/mysql.so</code>
4444
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555734"></a>
4465
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555908"></a>
4446
4467
<a name="AUTOSERVICES"></a>auto services
4447
</h3></div></div></div><a class="indexterm" name="id2555735"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555767"></a>
4468
</h3></div></div></div><a class="indexterm" name="id2555909"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555941"></a>
4450
</h3></div></div></div><a class="indexterm" name="id2555768"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be
4471
</h3></div></div></div><a class="indexterm" name="id2555942"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be
4451
4472
automatically added to the browse lists. This is most useful
4452
4473
for homes and printers services that would otherwise not be
4453
4474
visible.</p><p>
4459
4480
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload</code></em> = <code class="literal">fred lp colorlp</code>
4461
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555845"></a>
4482
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556019"></a>
4463
4484
preserve case (S)
4464
</h3></div></div></div><a class="indexterm" name="id2555846"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4485
</h3></div></div></div><a class="indexterm" name="id2556020"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4465
4486
This controls if new filenames are created with the case that the client passes, or if
4466
4487
they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>.
4468
4489
See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a> for a fuller discussion.
4469
4490
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preserve case</code></em> = <code class="literal">yes</code>
4471
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555912"></a>
4492
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556086"></a>
4473
4494
<a name="PRINTOK"></a>print ok
4474
</h3></div></div></div><a class="indexterm" name="id2555913"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555942"></a>
4495
</h3></div></div></div><a class="indexterm" name="id2556087"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556117"></a>
4477
</h3></div></div></div><a class="indexterm" name="id2555944"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then
4498
</h3></div></div></div><a class="indexterm" name="id2556118"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then
4478
4499
clients may open, write to and submit spool files on the directory
4479
4500
specified for the service. </p><p>Note that a printable service will ALWAYS allow writing
4480
4501
to the service path (user privileges permitting) via the spooling
4481
4502
of print data. The <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> parameter controls only non-printing access to
4482
4503
the resource.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printable</code></em> = <code class="literal">no</code>
4484
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556006"></a>
4505
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556180"></a>
4486
4507
printcap cache time (G)
4487
</h3></div></div></div><a class="indexterm" name="id2556007"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing
4508
</h3></div></div></div><a class="indexterm" name="id2556181"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing
4488
4509
subsystem is again asked for the known printers. If the value
4489
4510
is greater than 60 the initial waiting time is set to 60 seconds
4490
4511
to allow an earlier first rescan of the printing subsystem.
4495
4516
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap cache time</code></em> = <code class="literal">600</code>
4497
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556075"></a>
4518
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556249"></a>
4499
4520
<a name="PRINTCAP"></a>printcap
4500
</h3></div></div></div><a class="indexterm" name="id2556076"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556108"></a>
4521
</h3></div></div></div><a class="indexterm" name="id2556250"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556282"></a>
4502
4523
printcap name (G)
4503
</h3></div></div></div><a class="indexterm" name="id2556109"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4524
</h3></div></div></div><a class="indexterm" name="id2556283"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4504
4525
This parameter may be used to override the compiled-in default printcap name used by the server (usually
4505
4526
<code class="filename"> /etc/printcap</code>). See the discussion of the <a class="link" href="#PRINTERSSECT" title="The [printers] section">[printers]</a> section above for reasons why you might want to do this.
4536
4557
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap name</code></em> = <code class="literal">/etc/myprintcap</code>
4538
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556292"></a>
4559
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556466"></a>
4540
4561
print command (S)
4541
</h3></div></div></div><a class="indexterm" name="id2556293"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to
4562
</h3></div></div></div><a class="indexterm" name="id2556467"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to
4542
4563
a service, this command will be used via a <code class="literal">system()</code>
4543
4564
call to process the spool file. Typically the command specified will
4544
4565
submit the spool file to the host's printing subsystem, but there
4580
4601
and if SAMBA is compiled against libcups, any manually
4581
4602
set print command will be ignored.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>print command</code></em> = <code class="literal">/usr/local/samba/bin/myprintscript %p %s</code>
4583
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556568"></a>
4604
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556736"></a>
4585
4606
printer admin (S)
4586
</h3></div></div></div><a class="indexterm" name="id2556570"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
4607
</h3></div></div></div><a class="indexterm" name="id2556737"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
4587
4608
This lists users who can do anything to printers
4588
4609
via the remote administration interfaces offered
4589
4610
by MS-RPC (usually using a NT workstation).
4600
4621
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer admin</code></em> = <code class="literal">admin, @staff</code>
4602
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556638"></a>
4623
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556805"></a>
4604
4625
<a name="PRINTER"></a>printer
4605
</h3></div></div></div><a class="indexterm" name="id2556639"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556669"></a>
4626
</h3></div></div></div><a class="indexterm" name="id2556806"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556837"></a>
4607
4628
printer name (S)
4608
</h3></div></div></div><a class="indexterm" name="id2556670"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4629
</h3></div></div></div><a class="indexterm" name="id2556838"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4609
4630
This parameter specifies the name of the printer to which print jobs spooled through a printable service
4619
4640
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer name</code></em> = <code class="literal">laserwriter</code>
4621
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556757"></a>
4642
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556924"></a>
4624
</h3></div></div></div><a class="indexterm" name="id2556758"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status information is
4645
</h3></div></div></div><a class="indexterm" name="id2556926"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status information is
4625
4646
interpreted on your system. It also affects the default values for
4626
4647
the <em class="parameter"><code>print command</code></em>, <em class="parameter"><code>lpq command</code></em>, <em class="parameter"><code>lppause command </code></em>, <em class="parameter"><code>lpresume command</code></em>, and <em class="parameter"><code>lprm command</code></em> if specified in the
4627
4648
[global] section.</p><p>Currently nine printing styles are supported. They are
4638
4659
[printers]</a> section.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printing</code></em> = <code class="literal">Depends on the operating system, see
4639
4660
<code class="literal">testparm -v.</code></code>
4641
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556910"></a>
4662
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557078"></a>
4643
4664
printjob username (S)
4644
</h3></div></div></div><a class="indexterm" name="id2556911"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be
4665
</h3></div></div></div><a class="indexterm" name="id2557079"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be
4645
4666
passed to the printing system. Usually, the username is sent,
4646
4667
but in some cases, e.g. the domain prefix is useful, too.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%U</code>
4648
4669
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%D\%U</code>
4650
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556972"></a>
4671
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557139"></a>
4652
4673
private dir (G)
4653
</h3></div></div></div><a class="indexterm" name="id2556973"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory
4674
</h3></div></div></div><a class="indexterm" name="id2557140"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory
4654
4675
smbd will use for storing such files as <code class="filename">smbpasswd</code>
4655
4676
and <code class="filename">secrets.tdb</code>.
4656
4677
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>private dir</code></em> = <code class="literal">${prefix}/private</code>
4658
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557026"></a>
4679
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557193"></a>
4660
4681
profile acls (S)
4661
</h3></div></div></div><a class="indexterm" name="id2557027"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4682
</h3></div></div></div><a class="indexterm" name="id2557194"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4662
4683
This boolean parameter was added to fix the problems that people have been
4663
4684
having with storing user profiles on Samba shares from Windows 2000 or
4664
4685
Windows XP clients. New versions of Windows 2000 or Windows XP service
4686
4707
tree to the owning user.
4687
4708
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>profile acls</code></em> = <code class="literal">no</code>
4689
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557098"></a>
4710
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557277"></a>
4691
4712
queuepause command (S)
4692
</h3></div></div></div><a class="indexterm" name="id2557100"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4713
</h3></div></div></div><a class="indexterm" name="id2557278"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4693
4714
executed on the server host in order to pause the printer queue.</p><p>This command should be a program or script which takes
4694
4715
a printer name as its only parameter and stops the printer queue,
4695
4716
such that no longer jobs are submitted to the printer.</p><p>This command is not supported by Windows for Workgroups,
4700
4721
path in the command as the PATH may not be available to the
4701
4722
server.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queuepause command</code></em> = <code class="literal">disable %p</code>
4703
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557175"></a>
4724
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557354"></a>
4705
4726
queueresume command (S)
4706
</h3></div></div></div><a class="indexterm" name="id2557176"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4727
</h3></div></div></div><a class="indexterm" name="id2557355"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4707
4728
executed on the server host in order to resume the printer queue. It
4708
4729
is the command to undo the behavior that is caused by the
4709
4730
previous parameter (<a class="link" href="smb.conf.5.html#QUEUEPAUSECOMMAND" target="_top">queuepause command</a>).</p><p>This command should be a program or script which takes
4719
4740
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queueresume command</code></em> = <code class="literal">enable %p</code>
4721
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557278"></a>
4742
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557457"></a>
4724
</h3></div></div></div><a class="indexterm" name="id2557279"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
4745
</h3></div></div></div><a class="indexterm" name="id2557458"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
4725
4746
This is a list of users that are given read-only access to a service. If the connecting user is in this list
4726
4747
then they will not be given write access, no matter what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set
4727
4748
to. The list can include group names using the syntax described in the <a class="link" href="smb.conf.5.html#INVALIDUSERS" target="_top">invalid users</a>
4732
4753
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> = <code class="literal">mary, @students</code>
4734
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557378"></a>
4755
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557556"></a>
4737
</h3></div></div></div><a class="indexterm" name="id2557379"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users
4758
</h3></div></div></div><a class="indexterm" name="id2557558"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users
4738
4759
of a service may not create or modify files in the service's
4739
4760
directory.</p><p>Note that a printable service (<code class="literal">printable = yes</code>)
4740
4761
will <span class="emphasis"><em>ALWAYS</em></span> allow writing to the directory
4741
4762
(user privileges permitting), but only via spooling operations.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read only</code></em> = <code class="literal">yes</code>
4743
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557455"></a>
4764
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557633"></a>
4746
</h3></div></div></div><a class="indexterm" name="id2557456"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
4767
</h3></div></div></div><a class="indexterm" name="id2557634"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
4747
4768
will support the raw read SMB requests when transferring data
4748
4769
to clients.</p><p>If enabled, raw reads allow reads of 65535 bytes in
4749
4770
one packet. This typically provides a major performance benefit.
4752
4773
sizes, and for these clients you may need to disable raw reads.</p><p>In general this parameter should be viewed as a system tuning
4753
4774
tool and left severely alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read raw</code></em> = <code class="literal">yes</code>
4755
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557515"></a>
4776
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557693"></a>
4758
</h3></div></div></div><a class="indexterm" name="id2557516"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is
4779
</h3></div></div></div><a class="indexterm" name="id2557694"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is
4759
4780
used as the ADS equivalent of the NT4 <code class="literal">domain</code>. It
4760
4781
is usually set to the DNS name of the kerberos server.
4761
4782
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>realm</code></em> = <code class="literal"></code>
4763
4784
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>realm</code></em> = <code class="literal">mysambabox.mycompany.com</code>
4765
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557580"></a>
4786
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557758"></a>
4767
4788
registry shares (G)
4768
</h3></div></div></div><a class="indexterm" name="id2557581"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>
4789
</h3></div></div></div><a class="indexterm" name="id2557759"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>
4769
4790
This turns on or off support for share definitions read from
4770
4791
registry. Shares defined in <span class="emphasis"><em>smb.conf</em></span> take
4771
4792
precedence over shares with the same name defined in
4781
4802
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>registry shares</code></em> = <code class="literal">yes</code>
4783
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557666"></a>
4804
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557845"></a>
4785
4806
remote announce (G)
4786
</h3></div></div></div><a class="indexterm" name="id2557667"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4787
This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>to periodically announce itself
4807
</h3></div></div></div><a class="indexterm" name="id2557846"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4808
This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically announce itself
4788
4809
to arbitrary IP addresses with an arbitrary workgroup name.
4790
4811
This is useful if you want your Samba server to appear in a remote workgroup for
4807
4828
See the chapter on Network Browsing in the Samba-HOWTO book.
4808
4829
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote announce</code></em> = <code class="literal"></code>
4810
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557771"></a>
4831
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557950"></a>
4812
4833
remote browse sync (G)
4813
</h3></div></div></div><a class="indexterm" name="id2557772"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4834
</h3></div></div></div><a class="indexterm" name="id2557951"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4814
4835
This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically request
4815
4836
synchronization of browse lists with the master browser of a Samba
4816
4837
server that is on a remote segment. This option will allow you to
4842
4863
each network has its own WINS server.
4843
4864
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote browse sync</code></em> = <code class="literal"></code>
4845
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557884"></a>
4866
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558063"></a>
4847
4868
rename user script (G)
4848
</h3></div></div></div><a class="indexterm" name="id2557885"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4869
</h3></div></div></div><a class="indexterm" name="id2558064"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4849
4870
This is the full pathname to a script that will be run as root by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> under special circumstances described below.
4851
4872
When a user with admin authority or SeAddUserPrivilege rights renames a user (e.g.: from the NT4 User Manager
4863
4884
needs to change for other applications using the same directory.
4864
4885
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>rename user script</code></em> = <code class="literal">no</code>
4866
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557974"></a>
4887
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558153"></a>
4868
4889
reset on zero vc (G)
4869
</h3></div></div></div><a class="indexterm" name="id2557975"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4890
</h3></div></div></div><a class="indexterm" name="id2558154"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4870
4891
This boolean option controls whether an incoming session setup
4871
4892
should kill other connections coming from the same IP. This matches
4872
4893
the default Windows 2003 behaviour.
4886
4907
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>reset on zero vc</code></em> = <code class="literal">no</code>
4888
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558027"></a>
4909
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558206"></a>
4890
4911
restrict anonymous (G)
4891
</h3></div></div></div><a class="indexterm" name="id2558028"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and
4912
</h3></div></div></div><a class="indexterm" name="id2558207"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and
4892
4913
group list information is returned for an anonymous connection.
4893
4914
and mirrors the effects of the
4894
4915
</p><pre class="programlisting">
4911
4932
by setting <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok = yes</a> on any share.
4912
4933
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>restrict anonymous</code></em> = <code class="literal">0</code>
4914
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558111"></a>
4935
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558290"></a>
4916
4937
<a name="ROOT"></a>root
4917
</h3></div></div></div><a class="indexterm" name="id2558112"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558144"></a>
4938
</h3></div></div></div><a class="indexterm" name="id2558291"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558323"></a>
4919
4940
<a name="ROOTDIR"></a>root dir
4920
</h3></div></div></div><a class="indexterm" name="id2558145"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558176"></a>
4941
</h3></div></div></div><a class="indexterm" name="id2558324"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558355"></a>
4922
4943
root directory (G)
4923
</h3></div></div></div><a class="indexterm" name="id2558177"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.
4944
</h3></div></div></div><a class="indexterm" name="id2558356"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.
4924
4945
Change its root directory) to this directory on startup. This is
4925
4946
not strictly necessary for secure operation. Even without it the
4926
4947
server will deny access to files not in one of the service entries.
4944
4965
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>root directory</code></em> = <code class="literal">/homes/smb</code>
4946
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558307"></a>
4967
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558479"></a>
4948
4969
root postexec (S)
4949
</h3></div></div></div><a class="indexterm" name="id2558308"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4970
</h3></div></div></div><a class="indexterm" name="id2558480"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4950
4971
This is the same as the <em class="parameter"><code>postexec</code></em>
4951
4972
parameter except that the command is run as root. This is useful for
4952
4973
unmounting filesystems (such as CDROMs) after a connection is closed.
4953
4974
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root postexec</code></em> = <code class="literal"></code>
4955
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558356"></a>
4976
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558527"></a>
4957
4978
root preexec close (S)
4958
</h3></div></div></div><a class="indexterm" name="id2558357"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close
4979
</h3></div></div></div><a class="indexterm" name="id2558528"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close
4959
4980
</code></em> parameter except that the command is run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec close</code></em> = <code class="literal">no</code>
4961
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558404"></a>
4982
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558576"></a>
4963
4984
root preexec (S)
4964
</h3></div></div></div><a class="indexterm" name="id2558405"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4985
</h3></div></div></div><a class="indexterm" name="id2558577"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4965
4986
This is the same as the <em class="parameter"><code>preexec</code></em>
4966
4987
parameter except that the command is run as root. This is useful for
4967
4988
mounting filesystems (such as CDROMs) when a connection is opened.
4968
4989
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec</code></em> = <code class="literal"></code>
4970
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558452"></a>
4991
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558624"></a>
4972
4993
security mask (S)
4973
</h3></div></div></div><a class="indexterm" name="id2558453"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
4994
</h3></div></div></div><a class="indexterm" name="id2558625"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
4974
4995
This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the
4975
4996
UNIX permission on a file using the native NT security dialog box.
4990
5011
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security mask</code></em> = <code class="literal">0770</code>
4992
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558559"></a>
5013
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558730"></a>
4995
</h3></div></div></div><a class="indexterm" name="id2558560"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to
5016
</h3></div></div></div><a class="indexterm" name="id2558732"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to
4996
5017
Samba and is one of the most important settings in the <code class="filename">
4997
5018
smb.conf</code> file.</p><p>The option sets the "security mode bit" in replies to
4998
5019
protocol negotiations with <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to turn share level security on or off. Clients decide
5016
5037
want to mainly setup shares without a password (guest shares). This
5017
5038
is commonly used for a shared printer server. It is more difficult
5018
5039
to setup guest shares with <code class="literal">security = user</code>, see
5019
the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a>parameter for details.</p><p>It is possible to use <code class="literal">smbd</code> in a <span class="emphasis"><em>
5040
the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details.</p><p>It is possible to use <code class="literal">smbd</code> in a <span class="emphasis"><em>
5020
5041
hybrid mode</em></span> where it is offers both user and share
5021
level security under different <a class="link" href="smb.conf.5.html#NETBIOSALIASES" target="_top">NetBIOS aliases</a>. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><p>When clients connect to a share level security server they
5042
level security under different <a class="link" href="smb.conf.5.html#NETBIOSALIASES" target="_top">NetBIOS aliases</a>. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><p>When clients connect to a share level security server, they
5022
5043
need not log onto the server with a valid username and password before
5023
5044
attempting to connect to a shared resource (although modern clients
5024
5045
such as Windows 95/98 and Windows NT will send a logon request with
5098
5119
there is no way to reestablish it, and futher authentications to the
5099
5120
Samba server may fail (from a single client, till it disconnects).
5100
5121
</p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>From the client's point of
5101
view <code class="literal">security = server</code> is the
5122
view, <code class="literal">security = server</code> is the
5102
5123
same as <code class="literal">security = user</code>. It
5103
5124
only affects how the server deals with the authentication, it does
5104
5125
not in any way affect what the client sees.</p></div><p><span class="emphasis"><em>Note</em></span> that the name of the resource being
5117
5138
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security</code></em> = <code class="literal">DOMAIN</code>
5119
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559437"></a>
5140
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559615"></a>
5121
5142
server schannel (G)
5122
</h3></div></div></div><a class="indexterm" name="id2559438"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
5143
</h3></div></div></div><a class="indexterm" name="id2559616"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
5123
5144
This controls whether the server offers or even demands the use of the netlogon schannel.
5124
5145
<a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = no</a> does not offer the schannel, <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = auto</a> offers the schannel but does not enforce it, and <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = yes</a> denies access if the client is not able to speak netlogon schannel.
5125
5146
This is only the case for Windows NT4 before SP4.
5127
Please note that with this set to <code class="literal">no</code> you will have to apply the WindowsXP
5148
Please note that with this set to <code class="literal">no</code>, you will have to apply the WindowsXP
5128
5149
<code class="filename">WinXP_SignOrSeal.reg</code> registry patch found in the docs/registry subdirectory of the Samba distribution tarball.
5129
5150
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>server schannel</code></em> = <code class="literal">auto</code>
5131
5152
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server schannel</code></em> = <code class="literal">yes</code>
5133
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559553"></a>
5154
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559731"></a>
5135
5156
server signing (G)
5136
</h3></div></div></div><a class="indexterm" name="id2559554"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the server offers or requires
5137
the client it talks to to use SMB signing. Possible values
5157
</h3></div></div></div><a class="indexterm" name="id2559732"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
5138
5158
are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
5139
5159
and <span class="emphasis"><em>disabled</em></span>.
5140
5160
</p><p>When set to auto, SMB signing is offered, but not enforced.
5141
5161
When set to mandatory, SMB signing is required and if set
5142
5162
to disabled, SMB signing is not offered either.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>server signing</code></em> = <code class="literal">Disabled</code>
5144
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559614"></a>
5164
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559792"></a>
5146
5166
server string (G)
5147
</h3></div></div></div><a class="indexterm" name="id2559615"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print
5167
</h3></div></div></div><a class="indexterm" name="id2559793"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print
5148
5168
manager and next to the IPC connection in <code class="literal">net view</code>. It
5149
5169
can be any string that you wish to show to your users.</p><p>It also sets what will appear in browse lists next
5150
5170
to the machine name.</p><p>A <em class="parameter"><code>%v</code></em> will be replaced with the Samba
5154
5174
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server string</code></em> = <code class="literal">University of GNUs Samba Server</code>
5156
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559706"></a>
5176
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559883"></a>
5158
5178
set directory (S)
5159
</h3></div></div></div><a class="indexterm" name="id2559707"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5179
</h3></div></div></div><a class="indexterm" name="id2559884"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5160
5180
If <code class="literal">set directory = no</code>, then users of the
5161
5181
service may not use the setdir command to change directory.
5166
5186
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set directory</code></em> = <code class="literal">no</code>
5168
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559766"></a>
5188
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559943"></a>
5170
5190
set primary group script (G)
5171
</h3></div></div></div><a class="indexterm" name="id2559767"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a
5191
</h3></div></div></div><a class="indexterm" name="id2559944"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a
5172
5192
primary group in addition to the auxiliary groups. This script
5173
5193
sets the primary group in the unix userdatase when an
5174
5194
administrator sets the primary group from the windows user
5181
5201
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set primary group script</code></em> = <code class="literal">/usr/sbin/usermod -g '%g' '%u'</code>
5183
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559848"></a>
5203
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560025"></a>
5185
5205
set quota command (G)
5186
</h3></div></div></div><a class="indexterm" name="id2559849"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used
5206
</h3></div></div></div><a class="indexterm" name="id2560026"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used
5187
5207
whenever there is no operating system API available from the OS that
5188
5208
samba can use.</p><p>This option is only available if Samba was configured with the argument <code class="literal">--with-sys-quotas</code> or
5189
5209
on linux when <code class="literal">./configure --with-quotas</code> was used and a working quota api
5194
5214
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal">/usr/local/sbin/set_quota</code>
5196
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560011"></a>
5216
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560188"></a>
5198
5218
share modes (S)
5199
</h3></div></div></div><a class="indexterm" name="id2560012"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of
5219
</h3></div></div></div><a class="indexterm" name="id2560189"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of
5200
5220
the <em class="parameter"><code>share modes</code></em> during a file open. These
5201
5221
modes are used by clients to gain exclusive read or write access
5202
5222
to a file.</p><p>This is a deprecated option from old versions of
5208
5228
by default.</p><p>You should <span class="emphasis"><em>NEVER</em></span> turn this parameter
5209
5229
off as many Windows applications will break if you do so.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>share modes</code></em> = <code class="literal">yes</code>
5211
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560088"></a>
5231
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560265"></a>
5213
5233
short preserve case (S)
5214
</h3></div></div></div><a class="indexterm" name="id2560089"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
5234
</h3></div></div></div><a class="indexterm" name="id2560266"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
5215
5235
This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of
5216
5236
suitable length, are created upper case, or if they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>.
5217
5237
This option can be use with <a class="link" href="smb.conf.5.html#PRESERVECASE" target="_top">preserve case = yes</a> to permit long filenames
5218
5238
to retain their case, while short names are lowered.
5219
5239
</p><p>See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>short preserve case</code></em> = <code class="literal">yes</code>
5221
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560167"></a>
5241
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560345"></a>
5223
5243
show add printer wizard (G)
5224
</h3></div></div></div><a class="indexterm" name="id2560168"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support
5244
</h3></div></div></div><a class="indexterm" name="id2560346"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support
5225
5245
for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will
5226
5246
appear on Samba hosts in the share listing. Normally this folder will
5227
5247
contain an icon for the MS Add Printer Wizard (APW). However, it is
5239
5259
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This does not prevent the same user from having
5240
5260
administrative privilege on an individual printer.</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>show add printer wizard</code></em> = <code class="literal">yes</code>
5242
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560251"></a>
5262
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560428"></a>
5244
5264
shutdown script (G)
5245
</h3></div></div></div><a class="indexterm" name="id2560252"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by
5265
</h3></div></div></div><a class="indexterm" name="id2560429"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by
5246
5266
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that should
5247
5267
start a shutdown procedure.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>,
5248
5268
right, this command will be run as user.</p><p>The %z %t %r %f variables are expanded as follows:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>%z</code></em> will be substituted with the
5268
5288
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>shutdown script</code></em> = <code class="literal">/usr/local/samba/sbin/shutdown %m %t %r %f</code>
5270
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560404"></a>
5290
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560582"></a>
5272
5292
smb encrypt (S)
5273
</h3></div></div></div><a class="indexterm" name="id2560405"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an
5293
</h3></div></div></div><a class="indexterm" name="id2560583"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an
5274
5294
extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions.
5275
5295
SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt
5276
5296
and sign every request/response in a SMB protocol stream. When
5279
5299
to negotiate encryption and signing keys. Currently this is only
5280
5300
supported by Samba 3.2 smbclient, and hopefully soon Linux CIFSFS
5281
5301
and MacOS/X clients. Windows clients do not support this feature.
5282
</p><p>This controls whether the server offers or requires
5283
the client it talks to to use SMB encryption. Possible values
5302
</p><p>This controls whether the remote client is allowed or required to use SMB encryption. Possible values
5284
5303
are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
5285
5304
and <span class="emphasis"><em>disabled</em></span>. This may be set on a per-share
5286
5305
basis, but clients may chose to encrypt the entire session, not
5299
5318
When set to mandatory, SMB encryption is required and if set
5300
5319
to disabled, SMB encryption can not be negotiated.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb encrypt</code></em> = <code class="literal">auto</code>
5302
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560511"></a>
5321
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560688"></a>
5304
5323
smb passwd file (G)
5305
</h3></div></div></div><a class="indexterm" name="id2560512"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By
5324
</h3></div></div></div><a class="indexterm" name="id2560689"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By
5306
5325
default the path to the smbpasswd file is compiled into Samba.</p><p>
5307
5326
An example of use is:
5308
5327
</p><pre class="programlisting">
5311
5330
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb passwd file</code></em> = <code class="literal">${prefix}/private/smbpasswd</code>
5313
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560564"></a>
5332
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560741"></a>
5316
</h3></div></div></div><a class="indexterm" name="id2560565"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>
5335
</h3></div></div></div><a class="indexterm" name="id2560742"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>
5318
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560606"></a>
5337
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560783"></a>
5320
5339
socket address (G)
5321
</h3></div></div></div><a class="indexterm" name="id2560607"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what
5340
</h3></div></div></div><a class="indexterm" name="id2560784"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what
5322
5341
address Samba will listen for connections on. This is used to
5323
5342
support multiple virtual interfaces on the one server, each
5324
5343
with a different configuration.</p><p>Setting this option should never be necessary on usual Samba
5328
5347
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket address</code></em> = <code class="literal">192.168.2.20</code>
5330
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560676"></a>
5349
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560853"></a>
5332
5351
socket options (G)
5333
</h3></div></div></div><a class="indexterm" name="id2560677"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options
5352
</h3></div></div></div><a class="indexterm" name="id2560854"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options
5334
5353
to be used when talking with the client.</p><p>Socket options are controls on the networking layer
5335
5354
of the operating systems which allow the connection to be
5336
5355
tuned.</p><p>This option will typically be used to tune your Samba server
5359
5378
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket options</code></em> = <code class="literal">IPTOS_LOWDELAY</code>
5361
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560887"></a>
5380
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561064"></a>
5364
</h3></div></div></div><a class="indexterm" name="id2560888"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to
5383
</h3></div></div></div><a class="indexterm" name="id2561065"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to
5365
5384
speed up case insensitive name mappings. You should never need
5366
5385
to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>stat cache</code></em> = <code class="literal">yes</code>
5368
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560938"></a>
5387
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561115"></a>
5370
5389
store dos attributes (S)
5371
</h3></div></div></div><a class="indexterm" name="id2560939"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>
5390
</h3></div></div></div><a class="indexterm" name="id2561116"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>
5372
5391
If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or
5373
5392
READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such
5374
5393
as occurs with <a class="link" href="smb.conf.5.html#MAPHIDDEN" target="_top">map hidden</a> and <a class="link" href="smb.conf.5.html#MAPREADONLY" target="_top">map readonly</a>). When set, DOS
5380
5399
extended attributes to work, also extended attributes must be compiled into the Linux kernel.
5381
5400
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>store dos attributes</code></em> = <code class="literal">no</code>
5383
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561060"></a>
5402
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561237"></a>
5385
5404
strict allocate (S)
5386
</h3></div></div></div><a class="indexterm" name="id2561061"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of
5405
</h3></div></div></div><a class="indexterm" name="id2561238"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of
5387
5406
disk space allocation in the server. When this is set to <code class="constant">yes</code>
5388
5407
the server will change from UNIX behaviour of not committing real
5389
5408
disk storage blocks when a file is extended to the Windows behaviour
5395
5414
out of quota messages on systems that are restricting the disk quota
5396
5415
of users.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict allocate</code></em> = <code class="literal">no</code>
5398
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561130"></a>
5417
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561307"></a>
5400
5419
strict locking (S)
5401
</h3></div></div></div><a class="indexterm" name="id2561131"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
5420
</h3></div></div></div><a class="indexterm" name="id2561308"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
5402
5421
This is an enumerated type that controls the handling of file locking in the server. When this is set to <code class="constant">yes</code>,
5403
5422
the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on
5406
5425
When strict locking is set to Auto (the default), the server performs file lock checks only on non-oplocked files.
5407
5426
As most Windows redirectors perform file locking checks locally on oplocked files this is a good trade off for
5408
inproved performance.
5427
improved performance.
5410
5429
When strict locking is disabled, the server performs file lock checks only when the client explicitly asks for them.
5414
5433
<code class="literal">strict locking = no</code> is acceptable.
5415
5434
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict locking</code></em> = <code class="literal">Auto</code>
5417
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561209"></a>
5436
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561386"></a>
5419
5438
strict sync (S)
5420
</h3></div></div></div><a class="indexterm" name="id2561210"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer
5439
</h3></div></div></div><a class="indexterm" name="id2561388"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer
5421
5440
shell) seem to confuse flushing buffer contents to disk with doing
5422
5441
a sync to disk. Under UNIX, a sync call forces the process to be
5423
5442
suspended until the kernel has ensured that all outstanding data in
5431
5450
addition, this fixes many performance problems that people have
5432
5451
reported with the new Windows98 explorer shell file copies.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict sync</code></em> = <code class="literal">no</code>
5434
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561274"></a>
5453
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561451"></a>
5436
5455
svcctl list (G)
5437
</h3></div></div></div><a class="indexterm" name="id2561275"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd
5456
</h3></div></div></div><a class="indexterm" name="id2561452"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd
5438
5457
will use for starting and stopping Unix services via the Win32
5439
5458
ServiceControl API. This allows Windows administrators to
5440
5459
utilize the MS Management Console plug-ins to manage a
5448
5467
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>svcctl list</code></em> = <code class="literal">cups postfix portmap httpd</code>
5450
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561360"></a>
5469
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561541"></a>
5452
5471
sync always (S)
5453
</h3></div></div></div><a class="indexterm" name="id2561361"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls
5472
</h3></div></div></div><a class="indexterm" name="id2561542"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls
5454
5473
whether writes will always be written to stable storage before
5455
5474
the write call returns. If this is <code class="constant">no</code> then the server will be
5456
5475
guided by the client's request in each write call (clients can
5461
5480
<code class="constant">yes</code> in order for this parameter to have
5462
5481
any affect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>sync always</code></em> = <code class="literal">no</code>
5464
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561430"></a>
5483
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561612"></a>
5466
5485
syslog only (G)
5467
</h3></div></div></div><a class="indexterm" name="id2561432"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5486
</h3></div></div></div><a class="indexterm" name="id2561613"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5468
5487
If this parameter is set then Samba debug messages are logged into the system
5469
5488
syslog only, and not to the debug log files. There still will be some
5470
5489
logging to log.[sn]mbd even if <span class="emphasis"><em>syslog only</em></span> is enabled.
5471
5490
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog only</code></em> = <code class="literal">no</code>
5473
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561478"></a>
5492
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561660"></a>
5476
</h3></div></div></div><a class="indexterm" name="id2561479"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>
5495
</h3></div></div></div><a class="indexterm" name="id2561661"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>
5477
5496
This parameter maps how Samba debug messages are logged onto the system syslog logging levels.
5478
5497
Samba debug level zero maps onto syslog <code class="constant">LOG_ERR</code>, debug level one maps onto
5479
5498
<code class="constant">LOG_WARNING</code>, debug level two maps onto <code class="constant">LOG_NOTICE</code>,
5484
5503
logging to log.[sn]mbd even if <span class="emphasis"><em>syslog only</em></span> is enabled.
5485
5504
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog</code></em> = <code class="literal">1</code>
5487
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561548"></a>
5506
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561730"></a>
5489
5508
template homedir (G)
5490
</h3></div></div></div><a class="indexterm" name="id2561550"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5509
</h3></div></div></div><a class="indexterm" name="id2561731"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5491
5510
user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this
5492
5511
parameter to fill in the home directory for that user. If the
5493
5512
string <em class="parameter"><code>%D</code></em> is present it
5495
5514
string <em class="parameter"><code>%U</code></em> is present it
5496
5515
is substituted with the user's Windows NT user name.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>template homedir</code></em> = <code class="literal">/home/%D/%U</code>
5498
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561614"></a>
5517
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561796"></a>
5500
5519
template shell (G)
5501
</h3></div></div></div><a class="indexterm" name="id2561615"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5520
</h3></div></div></div><a class="indexterm" name="id2561797"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5502
5521
user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this
5503
parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561653"></a>
5522
parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561835"></a>
5505
5524
time offset (G)
5506
</h3></div></div></div><a class="indexterm" name="id2561654"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add
5525
</h3></div></div></div><a class="indexterm" name="id2561836"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add
5507
5526
to the normal GMT to local time conversion. This is useful if
5508
5527
you are serving a lot of PCs that have incorrect daylight
5509
5528
saving time handling.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">0</code>
5511
5530
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">60</code>
5513
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561713"></a>
5532
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561895"></a>
5515
5534
time server (G)
5516
</h3></div></div></div><a class="indexterm" name="id2561714"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows
5535
</h3></div></div></div><a class="indexterm" name="id2561896"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows
5517
5536
clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time server</code></em> = <code class="literal">no</code>
5519
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561764"></a>
5538
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561945"></a>
5521
5540
unix charset (G)
5522
</h3></div></div></div><a class="indexterm" name="id2561765"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine
5541
</h3></div></div></div><a class="indexterm" name="id2561946"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine
5523
5542
Samba runs on uses. Samba needs to know this in order to be able to
5524
5543
convert text to the charsets other SMB clients use.
5525
5544
</p><p>This is also the charset Samba will use when specifying arguments
5529
5548
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>unix charset</code></em> = <code class="literal">ASCII</code>
5531
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561830"></a>
5550
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562011"></a>
5533
5552
unix extensions (G)
5534
</h3></div></div></div><a class="indexterm" name="id2561831"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5553
</h3></div></div></div><a class="indexterm" name="id2562012"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5535
5554
implments the CIFS UNIX extensions, as defined by HP.
5536
5555
These extensions enable Samba to better serve UNIX CIFS clients
5537
5556
by supporting features such as symbolic links, hard links, etc...
5538
5557
These extensions require a similarly enabled client, and are of
5539
5558
no current use to Windows clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix extensions</code></em> = <code class="literal">yes</code>
5541
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561877"></a>
5560
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562059"></a>
5543
5562
unix password sync (G)
5544
</h3></div></div></div><a class="indexterm" name="id2561878"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5563
</h3></div></div></div><a class="indexterm" name="id2562060"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5545
5564
attempts to synchronize the UNIX password with the SMB password
5546
5565
when the encrypted SMB password in the smbpasswd file is changed.
5547
5566
If this is set to <code class="constant">yes</code> the program specified in the <em class="parameter"><code>passwd
5550
5569
old UNIX password (as the SMB password change code has no
5551
5570
access to the old password cleartext, only the new).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix password sync</code></em> = <code class="literal">no</code>
5553
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561938"></a>
5572
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562120"></a>
5555
5574
update encrypted (G)
5556
</h3></div></div></div><a class="indexterm" name="id2561939"></a><a name="UPDATEENCRYPTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
5575
</h3></div></div></div><a class="indexterm" name="id2562121"></a><a name="UPDATEENCRYPTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
5557
5576
This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed)
5558
5577
password in the smbpasswd file to be updated automatically as they log on. This option allows a site to
5559
5578
migrate from plaintext password authentication (users authenticate with plaintext password over the
5560
wire, and are checked against a UNIX account atabase) to encrypted password authentication (the SMB
5579
wire, and are checked against a UNIX account database) to encrypted password authentication (the SMB
5561
5580
challenge/response authentication mechanism) without forcing all users to re-enter their passwords via
5562
5581
smbpasswd at the time the change is made. This is a convenience option to allow the change over to encrypted
5563
5582
passwords to be made over a longer period. Once all users have encrypted representations of their passwords
5566
5585
In order for this parameter to be operative the <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords</a> parameter must
5567
5586
be set to <code class="constant">no</code>. The default value of <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords = Yes</a>. Note: This must be set to <code class="constant">no</code> for this <a class="link" href="smb.conf.5.html#UPDATEENCRYPTED" target="_top">update encrypted</a> to work.
5569
Note that even when this parameter is set a user authenticating to <code class="literal">smbd</code>
5588
Note that even when this parameter is set, a user authenticating to <code class="literal">smbd</code>
5570
5589
must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd)
5572
5591
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>update encrypted</code></em> = <code class="literal">no</code>
5574
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562056"></a>
5593
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562239"></a>
5576
5595
use client driver (S)
5577
</h3></div></div></div><a class="indexterm" name="id2562058"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/2000
5596
</h3></div></div></div><a class="indexterm" name="id2562240"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/2000
5578
5597
clients. It has no effect on Windows 95/98/ME clients. When
5579
5598
serving a printer to Windows NT/2000 clients without first installing
5580
5599
a valid printer driver on the Samba host, the client will be required
5595
5614
printed). </p><p>If this parameter is enabled for a printer, then any attempt
5596
5615
to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped
5597
5616
to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx()
5598
call to succeed. <span class="emphasis"><em>This parameter MUST not be able enabled
5617
call to succeed. <span class="emphasis"><em>This parameter MUST not be enabled
5599
5618
on a print share which has valid print driver installed on the Samba
5600
5619
server.</em></span></p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use client driver</code></em> = <code class="literal">no</code>
5602
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562137"></a>
5621
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562320"></a>
5604
5623
use kerberos keytab (G)
5605
</h3></div></div></div><a class="indexterm" name="id2562138"></a><a name="USEKERBEROSKEYTAB"></a><div class="variablelist"><dl><dt></dt><dd><p>
5624
</h3></div></div></div><a class="indexterm" name="id2562321"></a><a name="USEKERBEROSKEYTAB"></a><div class="variablelist"><dl><dt></dt><dd><p>
5606
5625
Specifies whether Samba should attempt to maintain service principals in the systems
5607
5626
keytab file for <code class="constant">host/FQDN</code> and <code class="constant">cifs/FQDN</code>.
5615
5634
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use kerberos keytab</code></em> = <code class="literal">False</code>
5617
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562206"></a>
5636
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562388"></a>
5620
</h3></div></div></div><a class="indexterm" name="id2562207"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can
5639
</h3></div></div></div><a class="indexterm" name="id2562389"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can
5621
5640
depend on mmap working correctly on the running system. Samba requires a coherent
5622
5641
mmap/read-write system memory cache. Currently only HPUX does not have such a
5623
5642
coherent cache, and so this parameter is set to <code class="constant">no</code> by
5626
5645
the tdb internal code.
5627
5646
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use mmap</code></em> = <code class="literal">yes</code>
5629
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562258"></a>
5648
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562440"></a>
5631
5650
username level (G)
5632
</h3></div></div></div><a class="indexterm" name="id2562259"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at
5651
</h3></div></div></div><a class="indexterm" name="id2562441"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at
5633
5652
the real UNIX username, as many DOS clients send an all-uppercase
5634
5653
username. By default Samba tries all lowercase, followed by the
5635
5654
username with the first letter capitalized, and fails if the
5645
5664
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username level</code></em> = <code class="literal">5</code>
5647
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562340"></a>
5666
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562522"></a>
5649
5668
username map script (G)
5650
</h3></div></div></div><a class="indexterm" name="id2562341"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the
5669
</h3></div></div></div><a class="indexterm" name="id2562523"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the
5651
5670
<a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a> parameter. This parameter
5652
5671
specifies and external program or script that must accept a single
5653
5672
command line option (the username transmitted in the authentication
5659
5678
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username map script</code></em> = <code class="literal">/etc/samba/scripts/mapusers.sh</code>
5661
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562416"></a>
5680
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562599"></a>
5663
5682
username map (G)
5664
</h3></div></div></div><a class="indexterm" name="id2562418"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
5683
</h3></div></div></div><a class="indexterm" name="id2562600"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
5665
5684
This option allows you to specify a file containing a mapping of usernames from the clients to the server.
5666
5685
This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows
5667
5686
machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they
5745
5764
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>username map</code></em> = <code class="literal">
5746
5765
# no username map</code>
5748
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562703"></a>
5767
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562878"></a>
5750
5769
<a name="USER"></a>user
5751
</h3></div></div></div><a class="indexterm" name="id2562704"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562735"></a>
5770
</h3></div></div></div><a class="indexterm" name="id2562880"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562910"></a>
5753
5772
<a name="USERS"></a>users
5754
</h3></div></div></div><a class="indexterm" name="id2562736"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562767"></a>
5773
</h3></div></div></div><a class="indexterm" name="id2562912"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562942"></a>
5757
</h3></div></div></div><a class="indexterm" name="id2562768"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited
5776
</h3></div></div></div><a class="indexterm" name="id2562943"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited
5758
5777
list, in which case the supplied password will be tested against
5759
5778
each username in turn (left to right).</p><p>The <em class="parameter"><code>username</code></em> line is needed only when
5760
5779
the PC is unable to supply its own username. This is the case
5793
5812
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username</code></em> = <code class="literal">fred, mary, jack, jane, @users, @pcgroup</code>
5795
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562937"></a>
5814
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563112"></a>
5797
5816
usershare allow guests (G)
5798
</h3></div></div></div><a class="indexterm" name="id2562938"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed
5817
</h3></div></div></div><a class="indexterm" name="id2563114"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed
5799
5818
to be accessed by non-authenticated users or not. It is the equivalent
5800
5819
of allowing people who can create a share the option of setting
5801
5820
<em class="parameter"><code>guest ok = yes</code></em> in a share
5802
definition. Due to the security sensitive nature of this the default
5821
definition. Due to its security sensitive nature, the default
5803
5822
is set to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare allow guests</code></em> = <code class="literal">no</code>
5805
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562990"></a>
5824
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563165"></a>
5807
5826
usershare max shares (G)
5808
</h3></div></div></div><a class="indexterm" name="id2562991"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares
5827
</h3></div></div></div><a class="indexterm" name="id2563166"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares
5809
5828
that are allowed to be created by users belonging to the group owning the
5810
5829
usershare directory. If set to zero (the default) user defined shares are ignored.
5811
5830
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare max shares</code></em> = <code class="literal">0</code>
5813
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563035"></a>
5832
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563210"></a>
5815
5834
usershare owner only (G)
5816
</h3></div></div></div><a class="indexterm" name="id2563036"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by
5835
</h3></div></div></div><a class="indexterm" name="id2563211"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by
5817
5836
a user defined shares must be owned by the user creating the
5818
5837
user defined share or not. If set to True (the default) then
5819
5838
smbd checks that the directory path being shared is owned by
5823
5842
regardless of who owns it.
5824
5843
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare owner only</code></em> = <code class="literal">True</code>
5826
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563085"></a>
5845
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563268"></a>
5828
5847
usershare path (G)
5829
</h3></div></div></div><a class="indexterm" name="id2563086"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the
5848
</h3></div></div></div><a class="indexterm" name="id2563269"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the
5830
5849
filesystem used to store the user defined share definition files.
5831
5850
This directory must be owned by root, and have no access for
5832
5851
other, and be writable only by the group owner. In addition the
5847
5866
In this case, only members of the group "power_users" can create user defined shares.
5848
5867
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare path</code></em> = <code class="literal">NULL</code>
5850
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563156"></a>
5869
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563339"></a>
5852
5871
usershare prefix allow list (G)
5853
</h3></div></div></div><a class="indexterm" name="id2563157"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
5872
</h3></div></div></div><a class="indexterm" name="id2563340"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
5854
5873
the root of which are allowed to be exported by user defined share definitions.
5855
If the pathname exported doesn't start with one of the strings in this
5856
list the user defined share will not be allowed. This allows the Samba
5874
If the pathname to be exported doesn't start with one of the strings in this
5875
list, the user defined share will not be allowed. This allows the Samba
5857
5876
administrator to restrict the directories on the system that can be
5858
5877
exported by user defined shares.
5866
5885
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix allow list</code></em> = <code class="literal">/home /data /space</code>
5868
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563228"></a>
5887
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563411"></a>
5870
5889
usershare prefix deny list (G)
5871
</h3></div></div></div><a class="indexterm" name="id2563230"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
5890
</h3></div></div></div><a class="indexterm" name="id2563412"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
5872
5891
the root of which are NOT allowed to be exported by user defined share definitions.
5873
5892
If the pathname exported starts with one of the strings in this
5874
5893
list the user defined share will not be allowed. Any pathname not
5885
5904
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix deny list</code></em> = <code class="literal">/etc /dev /private</code>
5887
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563303"></a>
5906
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563486"></a>
5889
5908
usershare template share (G)
5890
</h3></div></div></div><a class="indexterm" name="id2563304"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters
5891
such as path, guest ok etc. This parameter allows usershares to
5909
</h3></div></div></div><a class="indexterm" name="id2563487"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters
5910
such as path, guest ok, etc. This parameter allows usershares to
5892
5911
"cloned" from an existing share. If "usershare template share"
5893
5912
is set to the name of an existing share, then all usershares
5894
5913
created have their defaults set from the parameters set on this
5903
5922
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare template share</code></em> = <code class="literal">template_share</code>
5905
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563376"></a>
5924
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563559"></a>
5907
5926
use sendfile (S)
5908
</h3></div></div></div><a class="indexterm" name="id2563377"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>
5927
</h3></div></div></div><a class="indexterm" name="id2563560"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>
5909
5928
system call is supported by the underlying operating system, then some SMB read calls
5910
5929
(mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that
5911
5930
are exclusively oplocked. This may make more efficient use of the system CPU's
5914
5933
Windows 9x (using sendfile from Linux will cause these clients to fail).
5915
5934
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use sendfile</code></em> = <code class="literal">false</code>
5917
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563433"></a>
5936
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563616"></a>
5920
</h3></div></div></div><a class="indexterm" name="id2563434"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This variable controls controls whether samba will try
5939
</h3></div></div></div><a class="indexterm" name="id2563618"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This variable controls controls whether samba will try
5921
5940
to use Simple and Protected NEGOciation (as specified by rfc2478) with
5922
5941
WindowsXP and Windows2000 clients to agree upon an authentication mechanism.
5925
5944
implementation, there is no reason this should ever be
5926
5945
disabled.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use spnego</code></em> = <code class="literal">yes</code>
5928
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563483"></a>
5947
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563666"></a>
5930
5949
utmp directory (G)
5931
</h3></div></div></div><a class="indexterm" name="id2563484"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has
5950
</h3></div></div></div><a class="indexterm" name="id2563667"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has
5932
5951
been configured and compiled with the option <code class="literal">
5933
5952
--with-utmp</code>. It specifies a directory pathname that is
5934
5953
used to store the utmp or utmpx files (depending on the UNIX system) that
5941
5960
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>utmp directory</code></em> = <code class="literal">/var/run/utmp</code>
5943
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563561"></a>
5962
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563744"></a>
5946
</h3></div></div></div><a class="indexterm" name="id2563562"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
5965
</h3></div></div></div><a class="indexterm" name="id2563745"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
5947
5966
This boolean parameter is only available if Samba has been configured and compiled
5948
5967
with the option <code class="literal">--with-utmp</code>. If set to
5949
5968
<code class="constant">yes</code> then Samba will attempt to add utmp or utmpx records
5955
5974
to find this number. This may impede performance on large installations.
5956
5975
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>utmp</code></em> = <code class="literal">no</code>
5958
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563624"></a>
5977
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563807"></a>
5960
5979
valid users (S)
5961
</h3></div></div></div><a class="indexterm" name="id2563625"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>
5980
</h3></div></div></div><a class="indexterm" name="id2563808"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>
5962
5981
This is a list of users that should be allowed to login to this service. Names starting with
5963
5982
'@', '+' and '&' are interpreted using the same rules as described in the
5964
5983
<em class="parameter"><code>invalid users</code></em> parameter.
5975
5994
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>valid users</code></em> = <code class="literal">greg, @pcusers</code>
5977
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563715"></a>
5996
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563898"></a>
5980
</h3></div></div></div><a class="indexterm" name="id2563716"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is
5999
</h3></div></div></div><a class="indexterm" name="id2563899"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is
5981
6000
valid and thus can be used. When this parameter is set to false,
5982
6001
the share will be in no way visible nor accessible.
5986
6005
Samba uses this option internally to mark shares as deleted.
5987
6006
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>-valid</code></em> = <code class="literal">yes</code>
5989
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563765"></a>
6008
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563948"></a>
5992
</h3></div></div></div><a class="indexterm" name="id2563766"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
6011
</h3></div></div></div><a class="indexterm" name="id2563949"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
5993
6012
This is a list of files and directories that are neither visible nor accessible. Each entry in
5994
6013
the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?'
5995
6014
can be used to specify multiple files or directories as in DOS wildcards.
6021
6040
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>veto files</code></em> = <code class="literal">No files or directories are vetoed.</code>
6023
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563883"></a>
6042
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564066"></a>
6025
6044
veto oplock files (S)
6026
</h3></div></div></div><a class="indexterm" name="id2563884"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
6045
</h3></div></div></div><a class="indexterm" name="id2564068"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
6027
6046
This parameter is only valid when the <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
6028
6047
parameter is turned on for a share. It allows the Samba administrator
6029
6048
to selectively turn off the granting of oplocks on selected files that
6044
6063
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>veto oplock files</code></em> = <code class="literal">
6045
6064
# No files are vetoed for oplock grants</code>
6047
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563976"></a>
6066
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564160"></a>
6049
6068
<a name="VFSOBJECT"></a>vfs object
6050
</h3></div></div></div><a class="indexterm" name="id2563978"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564008"></a>
6069
</h3></div></div></div><a class="indexterm" name="id2564161"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564192"></a>
6052
6071
vfs objects (S)
6053
</h3></div></div></div><a class="indexterm" name="id2564010"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which
6072
</h3></div></div></div><a class="indexterm" name="id2564193"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which
6054
6073
are used for Samba VFS I/O operations. By default, normal
6055
6074
disk I/O operations are used but these can be overloaded
6056
6075
with one or more VFS objects. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>vfs objects</code></em> = <code class="literal"></code>
6058
6077
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>vfs objects</code></em> = <code class="literal">extd_audit recycle</code>
6060
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564068"></a>
6079
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564252"></a>
6063
</h3></div></div></div><a class="indexterm" name="id2564070"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label
6082
</h3></div></div></div><a class="indexterm" name="id2564253"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label
6064
6083
returned for a share. Useful for CDROMs with installation programs
6065
6084
that insist on a particular volume label.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>volume</code></em> = <code class="literal">
6066
6085
# the name of the share</code>
6068
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564112"></a>
6087
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564295"></a>
6071
</h3></div></div></div><a class="indexterm" name="id2564113"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links
6090
</h3></div></div></div><a class="indexterm" name="id2564296"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links
6072
6091
in the UNIX file system may be followed by the server. Links
6073
6092
that point to areas within the directory tree exported by the
6074
6093
server are always allowed; this parameter controls access only
6076
6095
effect on your server performance due to the extra system calls
6077
6096
that Samba has to do in order to perform the link checks.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wide links</code></em> = <code class="literal">yes</code>
6079
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564164"></a>
6098
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564347"></a>
6081
6100
winbind cache time (G)
6082
</h3></div></div></div><a class="indexterm" name="id2564165"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6101
</h3></div></div></div><a class="indexterm" name="id2564348"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6083
6102
seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will cache
6084
6103
user and group information before querying a Windows NT server
6087
6106
evaluated in real time unless the <a class="link" href="smb.conf.5.html#WINBINDOFFLINELOGON" target="_top">winbind offline logon</a> option has been enabled.
6088
6107
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind cache time</code></em> = <code class="literal">300</code>
6090
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564236"></a>
6109
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564419"></a>
6092
6111
winbind enum groups (G)
6093
</h3></div></div></div><a class="indexterm" name="id2564237"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
6112
</h3></div></div></div><a class="indexterm" name="id2564420"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
6094
6113
the enumeration of groups through the <code class="literal">setgrent()</code>,
6095
6114
<code class="literal">getgrent()</code> and
6096
6115
<code class="literal">endgrent()</code> group of system calls. If
6098
6117
<code class="constant">no</code>, calls to the <code class="literal">getgrent()</code> system
6099
6118
call will not return any data. </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off group enumeration may cause some programs to behave oddly. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum groups</code></em> = <code class="literal">no</code>
6101
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564326"></a>
6120
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564510"></a>
6103
6122
winbind enum users (G)
6104
</h3></div></div></div><a class="indexterm" name="id2564328"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be
6123
</h3></div></div></div><a class="indexterm" name="id2564511"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be
6105
6124
necessary to suppress the enumeration of users through the <code class="literal">setpwent()</code>,
6106
6125
<code class="literal">getpwent()</code> and
6107
6126
<code class="literal">endpwent()</code> group of system calls. If
6113
6132
full user list when searching for matching
6114
6133
usernames. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum users</code></em> = <code class="literal">no</code>
6116
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564420"></a>
6135
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564603"></a>
6118
6137
winbind expand groups (G)
6119
</h3></div></div></div><a class="indexterm" name="id2564421"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd
6138
</h3></div></div></div><a class="indexterm" name="id2564604"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd
6120
6139
will traverse when flattening nested group memberships
6121
6140
of Windows domain groups. This is different from the
6122
6141
<a class="link" href="smb.conf.5.html#WINBINDNESTEDGROUPS" target="_top">winbind nested groups</a> option
6128
6147
must perform the group unrolling and will be unable to answer
6129
6148
incoming NSS or authentication requests during this time.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind expand groups</code></em> = <code class="literal">1</code>
6131
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564489"></a>
6150
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564672"></a>
6133
6152
winbind nested groups (G)
6134
</h3></div></div></div><a class="indexterm" name="id2564490"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested
6153
</h3></div></div></div><a class="indexterm" name="id2564673"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested
6135
6154
groups. Nested groups are also called local groups or
6136
6155
aliases. They work like their counterparts in Windows: Nested
6137
6156
groups are defined locally on any machine (they are shared
6139
6158
global groups from any trusted SAM. To be able to use nested
6140
6159
groups, you need to run nss_winbind.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind nested groups</code></em> = <code class="literal">yes</code>
6142
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564539"></a>
6161
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564722"></a>
6144
6163
winbind normalize names (G)
6145
</h3></div></div></div><a class="indexterm" name="id2564540"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace
6164
</h3></div></div></div><a class="indexterm" name="id2564723"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace
6146
6165
whitespace in user and group names with an underscore (_) character.
6147
6166
For example, whether the name "Space Kadet" should be
6148
6167
replaced with the string "space_kadet".
6163
6182
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind normalize names</code></em> = <code class="literal">yes</code>
6165
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564617"></a>
6184
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564800"></a>
6167
6186
winbind nss info (G)
6168
</h3></div></div></div><a class="indexterm" name="id2564618"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name
6187
</h3></div></div></div><a class="indexterm" name="id2564801"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name
6169
6188
Service Information to construct a user's home directory and login shell.
6170
6189
Currently the following settings are available:
6188
6207
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind nss info</code></em> = <code class="literal">template sfu</code>
6190
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564736"></a>
6209
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564920"></a>
6192
6211
winbind offline logon (G)
6193
</h3></div></div></div><a class="indexterm" name="id2564738"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should
6212
</h3></div></div></div><a class="indexterm" name="id2564921"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should
6194
6213
allow to login with the <em class="parameter"><code>pam_winbind</code></em>
6195
6214
module using Cached Credentials. If enabled, winbindd will store user credentials
6196
6215
from successful logins encrypted in a local cache.
6199
6218
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind offline logon</code></em> = <code class="literal">true</code>
6201
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564806"></a>
6220
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564989"></a>
6203
6222
winbind reconnect delay (G)
6204
</h3></div></div></div><a class="indexterm" name="id2564807"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6223
</h3></div></div></div><a class="indexterm" name="id2564990"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6205
6224
seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will wait between
6206
6225
attempts to contact a Domain controller for a domain that is
6207
6226
determined to be down or not contactable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind reconnect delay</code></em> = <code class="literal">30</code>
6209
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564858"></a>
6228
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565042"></a>
6211
6230
winbind refresh tickets (G)
6212
</h3></div></div></div><a class="indexterm" name="id2564860"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets
6231
</h3></div></div></div><a class="indexterm" name="id2565043"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets
6213
6232
retrieved using the <em class="parameter"><code>pam_winbind</code></em> module.
6215
6234
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind refresh tickets</code></em> = <code class="literal">false</code>
6217
6236
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind refresh tickets</code></em> = <code class="literal">true</code>
6219
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564926"></a>
6238
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565109"></a>
6221
6240
winbind rpc only (G)
6222
</h3></div></div></div><a class="indexterm" name="id2564927"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6241
</h3></div></div></div><a class="indexterm" name="id2565110"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6223
6242
Setting this parameter to <code class="literal">yes</code> forces
6224
6243
winbindd to use RPC instead of LDAP to retrieve information from Domain
6226
6245
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind rpc only</code></em> = <code class="literal">no</code>
6228
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564974"></a>
6247
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565157"></a>
6230
6249
winbind separator (G)
6231
</h3></div></div></div><a class="indexterm" name="id2564975"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character
6250
</h3></div></div></div><a class="indexterm" name="id2565158"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character
6232
6251
used when listing a username of the form of <em class="replaceable"><code>DOMAIN
6233
6252
</code></em>\<em class="replaceable"><code>user</code></em>. This parameter
6234
6253
is only applicable when using the <code class="filename">pam_winbind.so</code>
6240
6259
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind separator</code></em> = <code class="literal">+</code>
6242
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565061"></a>
6261
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565245"></a>
6244
6263
winbind trusted domains only (G)
6245
</h3></div></div></div><a class="indexterm" name="id2565062"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6264
</h3></div></div></div><a class="indexterm" name="id2565246"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6246
6265
This parameter is designed to allow Samba servers that are members
6247
6266
of a Samba controlled domain to use UNIX accounts distributed via NIS,
6248
6267
rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
6253
6272
Refer to the <a class="citerefentry" href="idmap_nss.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_nss</span>(8)</span></a> man page for more information.
6254
6273
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind trusted domains only</code></em> = <code class="literal">no</code>
6256
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565128"></a>
6275
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565312"></a>
6258
6277
winbind use default domain (G)
6259
</h3></div></div></div><a class="indexterm" name="id2565130"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the
6278
</h3></div></div></div><a class="indexterm" name="id2565313"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the
6260
6279
<a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon should operate on users
6261
6280
without domain component in their username. Users without a domain
6262
6281
component are treated as is part of the winbindd server's own
6267
6286
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind use default domain</code></em> = <code class="literal">yes</code>
6269
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565201"></a>
6288
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565385"></a>
6272
</h3></div></div></div><a class="indexterm" name="id2565202"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this
6291
</h3></div></div></div><a class="indexterm" name="id2565386"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this
6273
6292
allows you to call an external program for all changes to the
6274
6293
WINS database. The primary use for this option is to allow the
6275
6294
dynamic update of external name resolution databases such as
6290
6309
addresses currently registered for that name. If this list is
6291
6310
empty then the name should be deleted.</p></li></ul></div><p>An example script that calls the BIND dynamic DNS update
6292
6311
program <code class="literal">nsupdate</code> is provided in the examples
6293
directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565308"></a>
6312
directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565491"></a>
6296
</h3></div></div></div><a class="indexterm" name="id2565309"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name
6315
</h3></div></div></div><a class="indexterm" name="id2565492"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name
6297
6316
queries on behalf of other hosts. You may need to set this
6298
6317
to <code class="constant">yes</code> for some older clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins proxy</code></em> = <code class="literal">no</code>
6300
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565362"></a>
6319
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565546"></a>
6302
6321
wins server (G)
6303
</h3></div></div></div><a class="indexterm" name="id2565364"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP
6322
</h3></div></div></div><a class="indexterm" name="id2565547"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP
6304
6323
address for preference) of the WINS server that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> should register with. If you have a WINS server on
6305
6324
your network then you should set this to the WINS server's IP.</p><p>You should point this at your WINS server if you have a
6306
6325
multi-subnetted network.</p><p>If you want to work in multiple namespaces, you can
6320
6339
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wins server</code></em> = <code class="literal">192.9.200.1 192.168.2.61</code>
6322
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565473"></a>
6341
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565656"></a>
6324
6343
wins support (G)
6325
</h3></div></div></div><a class="indexterm" name="id2565474"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should
6344
</h3></div></div></div><a class="indexterm" name="id2565657"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should
6326
6345
not set this to <code class="constant">yes</code> unless you have a multi-subnetted network and
6327
6346
you wish a particular <code class="literal">nmbd</code> to be your WINS server.
6328
6347
Note that you should <span class="emphasis"><em>NEVER</em></span> set this to <code class="constant">yes</code>
6329
6348
on more than one machine in your network.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins support</code></em> = <code class="literal">no</code>
6331
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565542"></a>
6350
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565726"></a>
6334
</h3></div></div></div><a class="indexterm" name="id2565543"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will
6353
</h3></div></div></div><a class="indexterm" name="id2565727"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will
6335
6354
appear to be in when queried by clients. Note that this parameter
6336
6355
also controls the Domain name used with
6337
6356
the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a>
6340
6359
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = <code class="literal">MYGROUP</code>
6342
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565615"></a>
6361
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565798"></a>
6344
6363
<a name="WRITABLE"></a>writable
6345
</h3></div></div></div><a class="indexterm" name="id2565616"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565646"></a>
6364
</h3></div></div></div><a class="indexterm" name="id2565799"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565830"></a>
6348
</h3></div></div></div><a class="indexterm" name="id2565647"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>
6367
</h3></div></div></div><a class="indexterm" name="id2565831"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>
6350
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565697"></a>
6369
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565881"></a>
6352
6371
write cache size (S)
6353
</h3></div></div></div><a class="indexterm" name="id2565698"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,
6372
</h3></div></div></div><a class="indexterm" name="id2565882"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,
6354
6373
Samba will create an in-memory cache for each oplocked file
6355
6374
(it does <span class="emphasis"><em>not</em></span> do this for
6356
6375
non-oplocked files). All writes that the client does not request
6368
6387
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>write cache size</code></em> = <code class="literal">262144
6369
6388
# for a 256k cache size per file</code>
6371
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565781"></a>
6390
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565964"></a>
6374
</h3></div></div></div><a class="indexterm" name="id2565782"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
6393
</h3></div></div></div><a class="indexterm" name="id2565965"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
6375
6394
This is a list of users that are given read-write access to a service. If the
6376
6395
connecting user is in this list then they will be given write access, no matter
6377
6396
what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set to. The list can
6387
6406
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>write list</code></em> = <code class="literal">admin, root, @staff</code>
6389
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565874"></a>
6408
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566057"></a>
6392
</h3></div></div></div><a class="indexterm" name="id2565875"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
6411
</h3></div></div></div><a class="indexterm" name="id2566058"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
6393
6412
will support raw write SMB's when transferring data from clients.
6394
6413
You should never need to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>write raw</code></em> = <code class="literal">yes</code>
6396
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565918"></a>
6415
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566101"></a>
6398
6417
wtmp directory (G)
6399
</h3></div></div></div><a class="indexterm" name="id2565919"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6418
</h3></div></div></div><a class="indexterm" name="id2566102"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6400
6419
This parameter is only available if Samba has been configured and compiled with the option <code class="literal">
6401
6420
--with-utmp</code>. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on
6402
6421
the UNIX system) that record user connections to a Samba server. The difference with the utmp directory is the fact
6421
6440
for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme
6422
6441
care when designing these sections. In particular, ensure that the permissions on spool directories are
6424
</p></div><div class="refsect1" lang="en"><a name="id2566052"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2566062"></a><h2>SEE ALSO</h2><p>
6425
<a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id2566142"></a><h2>AUTHOR</h2><p>
6443
</p></div><div class="refsect1" lang="en"><a name="id2566235"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2566246"></a><h2>SEE ALSO</h2><p>
6444
<a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id2566325"></a><h2>AUTHOR</h2><p>
6426
6445
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
6427
6446
by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.