~ubuntu-branches/ubuntu/maverick/samba/maverick-security
» Revision
68
: docs/htmldocs/manpages/smb.conf.5.html
« back to all changes in this revision
Viewing changes to docs/htmldocs/manpages/smb.conf.5.html
- browse files at revision 68
- compare with another revision
- download diff
- download tarball
- view history from revision 68
- Committer: Bazaar Package Importer
- Author(s): Steve Langasek
- Date: 2009-03-03 22:02:23 UTC
- mfrom: (0.28.1 squeeze)
- Revision ID: james.westby@ubuntu.com-20090303220223-3bdlm2d9fwx1p1ye
Tags: 2:3.3.1-1ubuntu1
* Merge from Debian unstable (LP: #337094), remaining changes:
+ debian/patches/VERSION.patch:
- setup SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/smb.conf:
- add "(Samba, Ubuntu)" to server string.
- comment out the default [homes] share, and add a comment about
"valid users = %S" to show users how to restrict access to
\\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are
allowed to create public shares in addition to authenticated
ones.
- add map to guest = Bad user, maps bad username to guest access.
+ debian/samba-common.config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksambapasswd.awk:
- Do not add user with UID less than 1000 to smbpasswd.
+ debian/control:
- Make libwbclient0 replace/conflict with hardy's likewise-open.
- Don't build against ctdb.
+ debian/rules:
- enable "native" PIE hardening.
+ Add ufw integration:
- Created debian/samba.ufw.profile
- debian/rules, debian/samba.dirs, debian/samba.files: install
profile
- debian/control: have samba suggest ufw
* Dropped changes, merged in Debian:
+ debian/libpam-smbpass.pam-config, debian/libpam-smbpass.postinst,
debian/libpam-smbpass.prerm, debian/libpam-smbpass.files,
debian/rules:
- Make libpam-smbpasswd depend on libpam-runtime to allow
libpam-smbpasswd for auto-configuration.
+ debian/control:
- Provide a config block for the new PAM framework to auto-configure
itself
+ debian/samba.postinst:
- When populating the new sambashare group, it is not an error
if the user simply does not exist; test for this case and let
the install continue instead of aborting.
+ debian/winbind.files:
- include additional files
+ debian/patches/VERSION.patch:
- setup SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/smb.conf:
- add "(Samba, Ubuntu)" to server string.
- comment out the default [homes] share, and add a comment about
"valid users = %S" to show users how to restrict access to
\\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are
allowed to create public shares in addition to authenticated
ones.
- add map to guest = Bad user, maps bad username to guest access.
+ debian/samba-common.config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksambapasswd.awk:
- Do not add user with UID less than 1000 to smbpasswd.
+ debian/control:
- Make libwbclient0 replace/conflict with hardy's likewise-open.
- Don't build against ctdb.
+ debian/rules:
- enable "native" PIE hardening.
+ Add ufw integration:
- Created debian/samba.ufw.profile
- debian/rules, debian/samba.dirs, debian/samba.files: install
profile
- debian/control: have samba suggest ufw
* Dropped changes, merged in Debian:
+ debian/libpam-smbpass.pam-config, debian/libpam-smbpass.postinst,
debian/libpam-smbpass.prerm, debian/libpam-smbpass.files,
debian/rules:
- Make libpam-smbpasswd depend on libpam-runtime to allow
libpam-smbpasswd for auto-configuration.
+ debian/control:
- Provide a config block for the new PAM framework to auto-configure
itself
+ debian/samba.postinst:
- When populating the new sambashare group, it is not an error
if the user simply does not exist; test for this case and let
the install continue instead of aborting.
+ debian/winbind.files:
- include additional files
- files added:
- debian/patches/fix_wrong_gnu_ld_version_check.patch
- source/pidl
- source/pidl/lib
- source/pidl/lib/Parse
- source/pidl/lib/Parse/Pidl
- source/pidl/lib/Parse/Pidl/Samba3
- source/pidl/lib/Parse/Pidl/Samba4
- source/pidl/lib/Parse/Pidl/Samba4/COM
- source/pidl/lib/Parse/Pidl/Samba4/NDR
- source/pidl/lib/Parse/Pidl/Wireshark
- source/pidl/lib/Parse/Yapp
- source/pidl/tests
- files removed:
- source/lib/netapi/examples/Makefile
- files modified:
- .gitignore
added
removed
docs/htmldocs/manpages/smb.conf.5.html
387
387
and allows the open. If the user doesn't have permission to delete the file this will only be
388
388
discovered at close time, which is too late for the Windows user tools to display an error message
389
389
to the user. The symptom of this is files that appear to have been deleted "magically" re-appearing
390
on a Windows explorer refersh. This is an extremely advanced protocol option which should not
390
on a Windows explorer refresh. This is an extremely advanced protocol option which should not
391
391
need to be changed. This parameter was introduced in its final form in 3.0.21, an earlier version
392
392
with slightly different semantics was introduced in 3.0.20. That older version is not documented here.
393
393
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl check permissions</code></em> = <code class="literal">True</code>
951
951
tools will attempt to authenticate itself to servers using the
952
952
weaker LANMAN password hash. If disabled, only server which support NT
953
953
password hashes (e.g. Windows NT/2000, Samba, etc... but not
954
Windows 95/98) will be able to be connected from the Samba client.</p><p>The LANMAN encrypted response is easily broken, due to it's
954
Windows 95/98) will be able to be connected from the Samba client.</p><p>The LANMAN encrypted response is easily broken, due to its
955
955
case-insensitive nature, and the choice of algorithm. Clients
956
956
without Windows 95/98 servers are advised to disable
957
957
this option. </p><p>Disabling this option will also disable the <code class="literal">client plaintext auth</code> option</p><p>Likewise, if the <code class="literal">client ntlmv2
1026
1026
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537122"></a>
1027
1027
1028
1028
client signing (G)
1029
</h3></div></div></div><a class="indexterm" name="id2537123"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client offers or requires
1030
the server it talks to to use SMB signing. Possible values
1029
</h3></div></div></div><a class="indexterm" name="id2537123"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
1031
1030
are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
1032
1031
and <span class="emphasis"><em>disabled</em></span>.
1033
1032
</p><p>When set to auto, SMB signing is offered, but not enforced.
1035
1034
to disabled, SMB signing is not offered either.
1036
1035
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client signing</code></em> = <code class="literal">auto</code>
1037
1036
</em></span>
1038
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537177"></a>
1037
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537176"></a>
1039
1038
1040
1039
client use spnego (G)
1041
</h3></div></div></div><a class="indexterm" name="id2537178"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try
1040
</h3></div></div></div><a class="indexterm" name="id2537177"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try
1042
1041
to use Simple and Protected NEGOciation (as specified by rfc2478) with
1043
1042
supporting servers (including WindowsXP, Windows2000 and Samba
1044
1043
3.0) to agree upon an authentication
1045
1044
mechanism. This enables Kerberos authentication in particular.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client use spnego</code></em> = <code class="literal">yes</code>
1046
1045
</em></span>
1047
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537219"></a>
1046
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537218"></a>
1048
1047
1049
1048
cluster addresses (G)
1050
</h3></div></div></div><a class="indexterm" name="id2537220"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses
1049
</h3></div></div></div><a class="indexterm" name="id2537219"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses
1051
1050
nmbd will register with a WINS server. These addresses are not
1052
1051
necessarily present on all nodes simultaneously, but they will
1053
1052
be registered with the WINS server so that clients can contact
1056
1055
</em></span>
1057
1056
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cluster addresses</code></em> = <code class="literal">10.0.0.1 10.0.0.2 10.0.0.3</code>
1058
1057
</em></span>
1059
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537275"></a>
1058
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537274"></a>
1060
1059
1061
1060
clustering (G)
1062
</h3></div></div></div><a class="indexterm" name="id2537276"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact
1061
</h3></div></div></div><a class="indexterm" name="id2537275"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact
1063
1062
ctdb for accessing its tdb files and use ctdb as a backend
1064
1063
for its messaging backend.
1065
1064
</p><p>Set this parameter to <code class="literal">yes</code> only if
1078
1077
</em></span>
1079
1078
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>comment</code></em> = <code class="literal">Fred's Files</code>
1080
1079
</em></span>
1081
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537398"></a>
1080
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537397"></a>
1082
1081
1083
1082
config backend (G)
1084
</h3></div></div></div><a class="indexterm" name="id2537399"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1083
</h3></div></div></div><a class="indexterm" name="id2537398"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1085
1084
This controls the backend for storing the configuration.
1086
1085
Possible values are <span class="emphasis"><em>file</em></span> (the default)
1087
1086
and <span class="emphasis"><em>registry</em></span>.
1152
1151
</em></span>
1153
1152
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>create mask</code></em> = <code class="literal">0775</code>
1154
1153
</em></span>
1155
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537763"></a>
1154
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537762"></a>
1156
1155
1157
1156
csc policy (S)
1158
</h3></div></div></div><a class="indexterm" name="id2537764"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p>
1157
</h3></div></div></div><a class="indexterm" name="id2537763"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p>
1159
1158
This stands for <span class="emphasis"><em>client-side caching policy</em></span>, and specifies how clients capable of offline
1160
1159
caching will cache the files in the share. The valid values are: manual, documents, programs, disable.
1161
1160
</p><p>
1191
1190
</em></span>
1192
1191
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups connection timeout</code></em> = <code class="literal">60</code>
1193
1192
</em></span>
1194
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537970"></a>
1193
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537969"></a>
1195
1194
1196
1195
cups options (S)
1197
</h3></div></div></div><a class="indexterm" name="id2537971"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1196
</h3></div></div></div><a class="indexterm" name="id2537970"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1198
1197
This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is
1199
1198
set to <code class="constant">cups</code>. Its value is a free form string of options
1200
1199
passed directly to the cups library.
1233
1232
</em></span>
1234
1233
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups server</code></em> = <code class="literal">mycupsserver:1631</code>
1235
1234
</em></span>
1236
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538166"></a>
1235
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538165"></a>
1237
1236
1238
1237
deadtime (G)
1239
</h3></div></div></div><a class="indexterm" name="id2538167"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer)
1238
</h3></div></div></div><a class="indexterm" name="id2538166"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer)
1240
1239
represents the number of minutes of inactivity before a connection
1241
1240
is considered dead, and it is disconnected. The deadtime only takes
1242
1241
effect if the number of open files is zero.</p><p>This is useful to stop a server's resources being
1248
1247
</em></span>
1249
1248
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deadtime</code></em> = <code class="literal">15</code>
1250
1249
</em></span>
1251
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538243"></a>
1250
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538242"></a>
1252
1251
1253
1252
debug class (G)
1254
</h3></div></div></div><a class="indexterm" name="id2538244"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1253
</h3></div></div></div><a class="indexterm" name="id2538243"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1255
1254
With this boolean parameter enabled, the debug class (DBGC_CLASS)
1256
1255
will be displayed in the debug header.
1257
1256
</p><p>
1269
1268
Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> must be on for this to have an effect.
1270
1269
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug hires timestamp</code></em> = <code class="literal">no</code>
1271
1270
</em></span>
1272
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538349"></a>
1271
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538348"></a>
1273
1272
1274
1273
debug pid (G)
1275
1274
</h3></div></div></div><a class="indexterm" name="id2538350"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1303
1302
boolean parameter allows timestamping to be turned off.
1304
1303
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug timestamp</code></em> = <code class="literal">yes</code>
1305
1304
</em></span>
1306
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538550"></a>
1305
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538549"></a>
1307
1306
1308
1307
debug uid (G)
1309
</h3></div></div></div><a class="indexterm" name="id2538551"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1308
</h3></div></div></div><a class="indexterm" name="id2538550"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1310
1309
Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the
1311
1310
current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.
1312
1311
</p><p>
1381
1380
designed to enable Samba to more correctly emulate Windows.
1382
1381
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>defer sharing violations</code></em> = <code class="literal">True</code>
1383
1382
</em></span>
1384
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538929"></a>
1383
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538928"></a>
1385
1384
1386
1385
delete group script (G)
1387
1386
</h3></div></div></div><a class="indexterm" name="id2538930"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
1419
1418
as rcs, where UNIX file ownership prevents changing file
1420
1419
permissions, and DOS semantics prevent deletion of a read only file.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete readonly</code></em> = <code class="literal">no</code>
1421
1420
</em></span>
1422
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539158"></a>
1421
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539157"></a>
1423
1422
1424
1423
delete share command (G)
1425
</h3></div></div></div><a class="indexterm" name="id2539159"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1424
</h3></div></div></div><a class="indexterm" name="id2539158"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1426
1425
Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
1427
1426
Manager. The <em class="parameter"><code>delete share command</code></em> is used to define an external
1428
1427
program or script which will remove an existing service definition from
1472
1471
</em></span>
1473
1472
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete user script</code></em> = <code class="literal">/usr/local/samba/bin/del_user %u</code>
1474
1473
</em></span>
1475
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539466"></a>
1474
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539465"></a>
1476
1475
1477
1476
delete veto files (S)
1478
</h3></div></div></div><a class="indexterm" name="id2539467"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to
1477
</h3></div></div></div><a class="indexterm" name="id2539466"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to
1479
1478
delete a directory that contains one or more vetoed directories
1480
1479
(see the <a class="link" href="smb.conf.5.html#VETOFILES" target="_top">veto files</a>
1481
1480
option). If this option is set to <code class="constant">no</code> (the default) then if a vetoed
1505
1504
By default this parameter is zero, meaning no caching will be done.
1506
1505
</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree cache time</code></em> = <code class="literal">dfree cache time = 60</code>
1507
1506
</em></span>
1508
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539624"></a>
1507
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539623"></a>
1509
1508
1510
1509
dfree command (S)
1511
</h3></div></div></div><a class="indexterm" name="id2539625"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1510
</h3></div></div></div><a class="indexterm" name="id2539624"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1512
1511
The <em class="parameter"><code>dfree command</code></em> setting should only be used on systems where a
1513
1512
problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may
1514
1513
occur with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore"
1593
1592
</em></span>
1594
1593
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory security mask</code></em> = <code class="literal">0700</code>
1595
1594
</em></span>
1596
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539978"></a>
1595
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539977"></a>
1597
1596
1598
1597
disable netbios (G)
1599
</h3></div></div></div><a class="indexterm" name="id2539979"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support
1598
</h3></div></div></div><a class="indexterm" name="id2539978"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support
1600
1599
in Samba. Netbios is the only available form of browsing in
1601
1600
all windows versions except for 2000 and XP. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Clients that only support netbios won't be able to
1602
1601
see your samba server when netbios support is disabled.
1603
1602
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable netbios</code></em> = <code class="literal">no</code>
1604
1603
</em></span>
1605
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540024"></a>
1604
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540023"></a>
1606
1605
1607
1606
disable spoolss (G)
1608
</h3></div></div></div><a class="indexterm" name="id2540025"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support
1607
</h3></div></div></div><a class="indexterm" name="id2540024"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support
1609
1608
for the SPOOLSS set of MS-RPC's and will yield identical behavior
1610
1609
as Samba 2.0.x. Windows NT/2000 clients will downgrade to using
1611
1610
Lanman style printing commands. Windows 9x/ME will be unaffected by
1617
1616
<span class="emphasis"><em>Be very careful about enabling this parameter.</em></span>
1618
1617
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable spoolss</code></em> = <code class="literal">no</code>
1619
1618
</em></span>
1620
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540075"></a>
1619
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540074"></a>
1621
1620
1622
1621
display charset (G)
1623
1622
</h3></div></div></div><a class="indexterm" name="id2540076"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>
1659
1658
DNS name lookup requests, as doing a name lookup is a blocking
1660
1659
action.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dns proxy</code></em> = <code class="literal">yes</code>
1661
1660
</em></span>
1662
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540264"></a>
1661
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540263"></a>
1663
1662
1664
1663
domain logons (G)
1665
</h3></div></div></div><a class="indexterm" name="id2540265"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1664
</h3></div></div></div><a class="indexterm" name="id2540264"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1666
1665
If set to <code class="constant">yes</code>, the Samba server will
1667
1666
provide the netlogon service for Windows 9X network logons for the
1668
1667
<a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> it is in.
1723
1722
charset Samba should talk to DOS clients.
1724
1723
</p><p>The default depends on which charsets you have installed.
1725
1724
Samba tries to use charset 850 but falls back to ASCII in
1726
case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540628"></a>
1725
case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540627"></a>
1727
1726
1728
1727
dos filemode (S)
1729
</h3></div></div></div><a class="indexterm" name="id2540629"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide
1728
</h3></div></div></div><a class="indexterm" name="id2540628"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide
1730
1729
UNIX-like behavior where only the owner of a file/directory is
1731
1730
able to change the permissions on it. However, this behavior
1732
1731
is often confusing to DOS/Windows users. Enabling this parameter
1755
1754
this option causes the two timestamps to match, and Visual C++ is
1756
1755
happy.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetime resolution</code></em> = <code class="literal">no</code>
1757
1756
</em></span>
1758
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540748"></a>
1757
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540747"></a>
1759
1758
1760
1759
dos filetimes (S)
1761
</h3></div></div></div><a class="indexterm" name="id2540749"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a
1760
</h3></div></div></div><a class="indexterm" name="id2540748"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a
1762
1761
file they can change the timestamp on it. Under POSIX semantics,
1763
1762
only the owner of the file or root may change the timestamp. By
1764
1763
default, Samba runs with POSIX semantics and refuses to change the
1786
1785
1787
1786
enable asu support (G)
1788
1787
</h3></div></div></div><a class="indexterm" name="id2540867"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product
1789
require some special accomodations such as creating a builting [ADMIN$]
1788
require some special accomodations such as creating a builtin [ADMIN$]
1790
1789
share that only supports IPC connections. The has been the default
1791
1790
behavior in smbd for many years. However, certain Microsoft applications
1792
1791
such as the Print Migrator tool require that the remote server support
1809
1808
Please read the extended description provided in the Samba HOWTO documentation.
1810
1809
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable privileges</code></em> = <code class="literal">yes</code>
1811
1810
</em></span>
1812
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540972"></a>
1811
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540971"></a>
1813
1812
1814
1813
encrypt passwords (G)
1815
</h3></div></div></div><a class="indexterm" name="id2540973"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords
1814
</h3></div></div></div><a class="indexterm" name="id2540972"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords
1816
1815
will be negotiated with the client. Note that Windows NT 4.0 SP3 and
1817
1816
above and also Windows 98 will by default expect encrypted passwords
1818
1817
unless a registry entry is changed. To use encrypted passwords in
1847
1846
DMBs. The second enhancement consists of a regular randomised browse
1848
1847
synchronization with all currently known DMBs.</p><p>You may wish to disable this option if you have a problem with empty
1849
1848
workgroups not disappearing from browse lists. Due to the restrictions
1850
of the browse protocols these enhancements can cause a empty workgroup
1849
of the browse protocols, these enhancements can cause a empty workgroup
1851
1850
to stay around forever which can be annoying.</p><p>In general you should leave this option enabled as it makes
1852
1851
cross-subnet browse propagation much more reliable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enhanced browsing</code></em> = <code class="literal">yes</code>
1853
1852
</em></span>
1912
1911
ensures directories always predate their contents and an NMAKE build
1913
1912
will proceed as expected.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake directory create times</code></em> = <code class="literal">no</code>
1914
1913
</em></span>
1915
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541359"></a>
1914
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541358"></a>
1916
1915
1917
1916
fake oplocks (S)
1918
</h3></div></div></div><a class="indexterm" name="id2541360"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission
1917
</h3></div></div></div><a class="indexterm" name="id2541359"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission
1919
1918
from a server to locally cache file operations. If a server grants
1920
1919
an oplock (opportunistic lock) then the client is free to assume
1921
1920
that it is the only one accessing the file and it will aggressively
1931
1930
files read-write at the same time you can get data corruption. Use
1932
1931
this option carefully!</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake oplocks</code></em> = <code class="literal">no</code>
1933
1932
</em></span>
1934
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541443"></a>
1933
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541442"></a>
1935
1934
1936
1935
follow symlinks (S)
1937
</h3></div></div></div><a class="indexterm" name="id2541444"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1936
</h3></div></div></div><a class="indexterm" name="id2541443"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1938
1937
This parameter allows the Samba administrator to stop <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> from following symbolic links in a particular share. Setting this
1939
1938
parameter to <code class="constant">no</code> prevents any file or directory that is a symbolic link from being
1940
1939
followed (the user will get an error). This option is very useful to stop users from adding a symbolic
1944
1943
This option is enabled (i.e. <code class="literal">smbd</code> will follow symbolic links) by default.
1945
1944
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>follow symlinks</code></em> = <code class="literal">yes</code>
1946
1945
</em></span>
1947
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541513"></a>
1946
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541512"></a>
1948
1947
1949
1948
force create mode (S)
1950
</h3></div></div></div><a class="indexterm" name="id2541514"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
1949
</h3></div></div></div><a class="indexterm" name="id2541513"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
1951
1950
permissions that will <span class="emphasis"><em>always</em></span> be set on a
1952
1951
file created by Samba. This is done by bitwise 'OR'ing these bits onto
1953
1952
the mode bits of a file that is being created. The default for this parameter is (in octal)
1975
1974
</em></span>
1976
1975
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory mode</code></em> = <code class="literal">0755</code>
1977
1976
</em></span>
1978
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541661"></a>
1977
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541660"></a>
1979
1978
1980
1979
force directory security mode (S)
1981
</h3></div></div></div><a class="indexterm" name="id2541662"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
1980
</h3></div></div></div><a class="indexterm" name="id2541661"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
1982
1981
This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating
1983
1982
the UNIX permission on a directory using the native NT security dialog box.
1984
1983
</p><p>
2141
2140
</em></span>
2142
2141
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal">/usr/local/sbin/query_quota</code>
2143
2142
</em></span>
2144
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542490"></a>
2143
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542489"></a>
2145
2144
2146
2145
getwd cache (G)
2147
</h3></div></div></div><a class="indexterm" name="id2542491"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a
2146
</h3></div></div></div><a class="indexterm" name="id2542490"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a
2148
2147
caching algorithm will be used to reduce the time taken for getwd()
2149
2148
calls. This can have a significant impact on performance, especially
2150
2149
when the <a class="link" href="smb.conf.5.html#WIDESMBCONFOPTIONS" target="_top">wide smbconfoptions</a> parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = <code class="literal">yes</code>
2170
2169
</em></span>
2171
2170
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>guest account</code></em> = <code class="literal">ftp</code>
2172
2171
</em></span>
2173
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542658"></a>
2172
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542657"></a>
2174
2173
2175
2174
<a name="PUBLIC"></a>public
2176
</h3></div></div></div><a class="indexterm" name="id2542659"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542689"></a>
2175
</h3></div></div></div><a class="indexterm" name="id2542658"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542688"></a>
2177
2176
2178
2177
guest ok (S)
2179
2178
</h3></div></div></div><a class="indexterm" name="id2542690"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
2197
2196
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542882"></a>
2198
2197
2199
2198
hide dot files (S)
2200
</h3></div></div></div><a class="indexterm" name="id2542884"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether
2199
</h3></div></div></div><a class="indexterm" name="id2542883"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether
2201
2200
files starting with a dot appear as hidden files.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide dot files</code></em> = <code class="literal">yes</code>
2202
2201
</em></span>
2203
2202
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542925"></a>
2225
2224
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide files</code></em> = <code class="literal">
2226
2225
# no file are hidden</code>
2227
2226
</em></span>
2228
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543014"></a>
2227
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543013"></a>
2229
2228
2230
2229
hide special files (S)
2231
</h3></div></div></div><a class="indexterm" name="id2543015"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
2230
</h3></div></div></div><a class="indexterm" name="id2543014"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
2232
2231
This parameter prevents clients from seeing special files such as sockets, devices and
2233
2232
fifo's in directory listings.
2234
2233
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide special files</code></em> = <code class="literal">no</code>
2235
2234
</em></span>
2236
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543057"></a>
2235
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543056"></a>
2237
2236
2238
2237
hide unreadable (S)
2239
</h3></div></div></div><a class="indexterm" name="id2543058"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the
2238
</h3></div></div></div><a class="indexterm" name="id2543057"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the
2240
2239
existance of files that cannot be read. Defaults to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unreadable</code></em> = <code class="literal">no</code>
2241
2240
</em></span>
2242
2241
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543099"></a>
2247
2246
Defaults to off. Note that unwriteable directories are shown as usual.
2248
2247
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unwriteable files</code></em> = <code class="literal">no</code>
2249
2248
</em></span>
2250
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543144"></a>
2249
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543143"></a>
2251
2250
2252
2251
homedir map (G)
2253
</h3></div></div></div><a class="indexterm" name="id2543145"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
2252
</h3></div></div></div><a class="indexterm" name="id2543144"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
2254
2253
If <a class="link" href="smb.conf.5.html#NISHOMEDIR" target="_top">nis homedir</a> is <code class="constant">yes</code>, and <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting as a Win95/98 <em class="parameter"><code>logon server</code></em>
2255
2254
then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted.
2256
2255
At present, only the Sun auto.home map format is understood. The form of the map is:
2279
2278
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543320"></a>
2280
2279
2281
2280
hostname lookups (G)
2282
</h3></div></div></div><a class="indexterm" name="id2543322"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive)
2281
</h3></div></div></div><a class="indexterm" name="id2543321"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive)
2283
2282
hostname lookups or use the ip addresses instead. An example place
2284
2283
where hostname lookups are currently used is when checking
2285
2284
the <code class="literal">hosts deny</code> and <code class="literal">hosts allow</code>.
2313
2312
</em></span>
2314
2313
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts allow</code></em> = <code class="literal">150.203.5. myhost.mynet.edu.au</code>
2315
2314
</em></span>
2316
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543629"></a>
2315
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543628"></a>
2317
2316
2318
2317
<a name="DENYHOSTS"></a>deny hosts
2319
</h3></div></div></div><a class="indexterm" name="id2543630"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543660"></a>
2318
</h3></div></div></div><a class="indexterm" name="id2543629"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543660"></a>
2320
2319
2321
2320
hosts deny (S)
2322
2321
</h3></div></div></div><a class="indexterm" name="id2543661"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em>
2361
2360
for the backend defined by the <a class="link" href="smb.conf.5.html#IDMAPALLOCBACKEND" target="_top">idmap alloc backend</a>
2362
2361
parameter. Refer to the man page for each idmap plugin regarding
2363
2362
specific configuration details.
2364
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543912"></a>
2363
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543911"></a>
2365
2364
2366
2365
idmap backend (G)
2367
</h3></div></div></div><a class="indexterm" name="id2543913"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
2366
</h3></div></div></div><a class="indexterm" name="id2543912"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
2368
2367
The idmap backend provides a plugin interface for Winbind to use
2369
2368
varying backends to store SID/uid/gid mapping tables.
2370
2369
</p><p>
2385
2384
and ad (<a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a>).
2386
2385
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> = <code class="literal">tdb</code>
2387
2386
</em></span>
2388
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544084"></a>
2387
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544083"></a>
2389
2388
2390
2389
idmap cache time (G)
2391
</h3></div></div></div><a class="indexterm" name="id2544085"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2390
</h3></div></div></div><a class="indexterm" name="id2544084"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2392
2391
idmap interface will cache positive SID/uid/gid query results.
2393
2392
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap cache time</code></em> = <code class="literal">604800 (one week)</code>
2394
2393
</em></span>
2395
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544128"></a>
2394
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544127"></a>
2396
2395
2397
2396
idmap config (G)
2398
</h3></div></div></div><a class="indexterm" name="id2544129"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
2397
</h3></div></div></div><a class="indexterm" name="id2544128"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
2399
2398
The idmap config prefix provides a means of managing each trusted
2400
2399
domain separately. The idmap config prefix should be followed by the
2401
2400
name of the domain, a colon, and a setting specific to the chosen
2427
2426
2428
2427
idmap config CORP : backend = ad
2429
2428
idmap config CORP : range = 1000-999999
2430
</pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544261"></a>
2429
</pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544260"></a>
2431
2430
2432
2431
<a name="WINBINDGID"></a>winbind gid
2433
</h3></div></div></div><a class="indexterm" name="id2544262"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544292"></a>
2432
</h3></div></div></div><a class="indexterm" name="id2544261"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544292"></a>
2434
2433
2435
2434
idmap gid (G)
2436
2435
</h3></div></div></div><a class="indexterm" name="id2544293"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>The idmap gid parameter specifies the range of group ids
2443
2442
</em></span>
2444
2443
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal">10000-20000</code>
2445
2444
</em></span>
2446
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544379"></a>
2445
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544378"></a>
2447
2446
2448
2447
idmap negative cache time (G)
2449
</h3></div></div></div><a class="indexterm" name="id2544380"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2448
</h3></div></div></div><a class="indexterm" name="id2544379"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2450
2449
idmap interface will cache negative SID/uid/gid query results.
2451
2450
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap negative cache time</code></em> = <code class="literal">120</code>
2452
2451
</em></span>
2548
2547
<a class="link" href="smb.conf.5.html#INITLOGONDELAYEDHOSTS" target="_top">init logon delayed hosts</a>.
2549
2548
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>init logon delay</code></em> = <code class="literal">100</code>
2550
2549
</em></span>
2551
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545023"></a>
2550
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545022"></a>
2552
2551
2553
2552
interfaces (G)
2554
</h3></div></div></div><a class="indexterm" name="id2545024"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default
2553
</h3></div></div></div><a class="indexterm" name="id2545023"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default
2555
2554
network interfaces list that Samba will use for browsing, name
2556
2555
registration and other NetBIOS over TCP/IP (NBT) traffic. By default Samba will query
2557
2556
the kernel for the list of all active interfaces and use any
2575
2574
</em></span>
2576
2575
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>interfaces</code></em> = <code class="literal">eth0 192.168.2.10/24 192.168.3.10/255.255.255.0</code>
2577
2576
</em></span>
2578
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545140"></a>
2577
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545139"></a>
2579
2578
2580
2579
invalid users (S)
2581
</h3></div></div></div><a class="indexterm" name="id2545141"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed
2580
</h3></div></div></div><a class="indexterm" name="id2545140"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed
2582
2581
to login to this service. This is really a <span class="emphasis"><em>paranoid</em></span>
2583
2582
check to absolutely ensure an improper setting does not breach
2584
2583
your security.</p><p>A name starting with a '@' is interpreted as an NIS
2610
2609
</em></span>
2611
2610
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>iprint server</code></em> = <code class="literal">MYCUPSSERVER</code>
2612
2611
</em></span>
2613
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545341"></a>
2612
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545340"></a>
2614
2613
2615
2614
keepalive (G)
2616
</h3></div></div></div><a class="indexterm" name="id2545342"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents
2615
</h3></div></div></div><a class="indexterm" name="id2545341"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents
2617
2616
the number of seconds between <em class="parameter"><code>keepalive</code></em>
2618
2617
packets. If this parameter is zero, no keepalive packets will be
2619
2618
sent. Keepalive packets, if sent, allow the server to tell whether
2646
2645
to a no-op on systems that no not have the necessary kernel support.
2647
2646
You should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel oplocks</code></em> = <code class="literal">yes</code>
2648
2647
</em></span>
2649
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545567"></a>
2648
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545566"></a>
2650
2649
2651
2650
lanman auth (G)
2652
</h3></div></div></div><a class="indexterm" name="id2545568"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
2651
</h3></div></div></div><a class="indexterm" name="id2545567"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
2653
2652
authenticate users or permit password changes
2654
2653
using the LANMAN password hash. If disabled, only clients which support NT
2655
2654
password hashes (e.g. Windows NT/2000 clients, smbclient, but not
2656
2655
Windows 95/98 or the MS DOS network client) will be able to
2657
connect to the Samba host.</p><p>The LANMAN encrypted response is easily broken, due to it's
2656
connect to the Samba host.</p><p>The LANMAN encrypted response is easily broken, due to its
2658
2657
case-insensitive nature, and the choice of algorithm. Servers
2659
2658
without Windows 95/98/ME or MS DOS clients are advised to disable
2660
2659
this option. </p><p>Unlike the <code class="literal">encrypt
2678
2677
performance by 10% with Windows 2000 clients. Defaults to on. Not as
2679
2678
tested as some other Samba code paths.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>large readwrite</code></em> = <code class="literal">yes</code>
2680
2679
</em></span>
2681
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545716"></a>
2680
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545715"></a>
2682
2681
2683
2682
ldap admin dn (G)
2684
</h3></div></div></div><a class="indexterm" name="id2545717"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>
2683
</h3></div></div></div><a class="indexterm" name="id2545716"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>
2685
2684
The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> defines the Distinguished Name (DN) name used by Samba to contact
2686
2685
the ldap server when retreiving user account information. The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> is used
2687
2686
in conjunction with the admin dn password stored in the <code class="filename">private/secrets.tdb</code>
2689
2688
man page for more information on how to accomplish this.
2690
2689
</p><p>
2691
2690
The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> requires a fully specified DN. The <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> is not appended to the <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a>.
2692
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545825"></a>
2691
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545824"></a>
2693
2692
2694
2693
ldap connection timeout (G)
2695
2694
</h3></div></div></div><a class="indexterm" name="id2545826"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
2736
2735
</em></span>
2737
2736
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug threshold</code></em> = <code class="literal">5</code>
2738
2737
</em></span>
2739
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546046"></a>
2738
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546045"></a>
2740
2739
2741
2740
ldap delete dn (G)
2742
</h3></div></div></div><a class="indexterm" name="id2546047"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete
2741
</h3></div></div></div><a class="indexterm" name="id2546046"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete
2743
2742
operation in the ldapsam deletes the complete entry or only the attributes
2744
2743
specific to Samba.
2745
2744
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap delete dn</code></em> = <code class="literal">no</code>
2746
2745
</em></span>
2747
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546090"></a>
2746
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546089"></a>
2748
2747
2749
2748
ldap group suffix (G)
2750
</h3></div></div></div><a class="indexterm" name="id2546091"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is
2749
</h3></div></div></div><a class="indexterm" name="id2546090"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is
2751
2750
used for groups when these are added to the LDAP directory.
2752
2751
If this parameter is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix string is pre-pended to the
2753
2752
<a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = <code class="literal"></code>
2765
2764
</em></span>
2766
2765
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap idmap suffix</code></em> = <code class="literal">ou=Idmap</code>
2767
2766
</em></span>
2768
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546256"></a>
2767
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546255"></a>
2769
2768
2770
2769
ldap machine suffix (G)
2771
</h3></div></div></div><a class="indexterm" name="id2546257"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2770
</h3></div></div></div><a class="indexterm" name="id2546256"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2772
2771
It specifies where machines should be added to the ldap tree. If this parameter is unset, the value of
2773
2772
<a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix string is pre-pended to the
2774
2773
<a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.
2806
2805
The value is specified in milliseconds, the maximum value is 5000 (5 seconds).
2807
2806
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap replication sleep</code></em> = <code class="literal">1000</code>
2808
2807
</em></span>
2809
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546503"></a>
2808
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546502"></a>
2810
2809
2811
2810
ldapsam:editposix (G)
2812
</h3></div></div></div><a class="indexterm" name="id2546504"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2811
</h3></div></div></div><a class="indexterm" name="id2546503"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2813
2812
Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller
2814
2813
eliminating the need to set up custom scripts to add and manage the posix users and groups. This option
2815
2814
will instead directly manipulate the ldap tree to create, remove and modify user and group entries.
2887
2886
</pre><p>
2888
2887
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:editposix</code></em> = <code class="literal">no</code>
2889
2888
</em></span>
2890
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546637"></a>
2889
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546636"></a>
2891
2890
2892
2891
ldapsam:trusted (G)
2893
</h3></div></div></div><a class="indexterm" name="id2546638"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
2892
</h3></div></div></div><a class="indexterm" name="id2546637"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
2894
2893
By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to
2895
2894
access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group
2896
2895
this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he
2908
2907
is easily achieved.
2909
2908
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:trusted</code></em> = <code class="literal">no</code>
2910
2909
</em></span>
2911
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546726"></a>
2910
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546725"></a>
2911
2912
ldap ssl ads (G)
2913
</h3></div></div></div><a class="indexterm" name="id2546726"></a><a name="LDAPSSLADS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
2914
use SSL when connecting to the ldap server using
2915
<span class="emphasis"><em>ads</em></span> methods.
2916
Rpc methods are not affected by this parameter. Please note, that
2917
this parameter won't have any effect if <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a>
2918
is set to <em class="parameter"><code>no</code></em>.
2919
</p><p>See <span class="refentrytitle">smb.conf</span>(5)
2920
for more information on <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a>.
2921
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl ads</code></em> = <code class="literal">no</code>
2922
</em></span>
2923
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546811"></a>
2912
2924
2913
2925
ldap ssl (G)
2914
</h3></div></div></div><a class="indexterm" name="id2546727"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
2926
</h3></div></div></div><a class="indexterm" name="id2546812"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
2915
2927
use SSL when connecting to the ldap server
2916
2928
This is <span class="emphasis"><em>NOT</em></span> related to
2917
2929
Samba's previous SSL support which was enabled by specifying the
2918
2930
<code class="literal">--with-ssl</code> option to the
2919
2931
<code class="filename">configure</code>
2920
2932
script.</p><p>LDAP connections should be secured where possible. This may be
2921
done setting either this parameter to
2933
done setting <span class="emphasis"><em>either</em></span> this parameter to
2922
2934
<em class="parameter"><code>Start_tls</code></em>
2923
or by specifying <em class="parameter"><code>ldaps://</code></em> in
2935
<span class="emphasis"><em>or</em></span> by specifying <em class="parameter"><code>ldaps://</code></em> in
2924
2936
the URL argument of <a class="link" href="smb.conf.5.html#PASSDBBACKEND" target="_top">passdb backend</a>.</p><p>The <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a> can be set to one of
2925
2937
two values:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Off</code></em> = Never
2926
2938
use SSL when querying the directory.</p></li><li><p><em class="parameter"><code>start tls</code></em> = Use
2927
2939
the LDAPv3 StartTLS extended operation (RFC2830) for
2928
communicating with the directory server.</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = <code class="literal">start tls</code>
2940
communicating with the directory server.</p></li></ul></div><p>
2941
Please note that this parameter does only affect <span class="emphasis"><em>rpc</em></span>
2942
methods. To enable the LDAPv3 StartTLS extended operation (RFC2830) for
2943
<span class="emphasis"><em>ads</em></span>, set
2944
<a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl = yes</a>
2945
<span class="emphasis"><em>and</em></span>
2946
<a class="link" href="smb.conf.5.html#LDAPSSLADS" target="_top">ldap ssl ads = yes</a>.
2947
See <span class="refentrytitle">smb.conf</span>(5)
2948
for more information on <a class="link" href="smb.conf.5.html#LDAPSSLADS" target="_top">ldap ssl ads</a>.
2949
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = <code class="literal">start tls</code>
2929
2950
</em></span>
2930
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546858"></a>
2951
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547004"></a>
2931
2952
2932
2953
ldap suffix (G)
2933
</h3></div></div></div><a class="indexterm" name="id2546859"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
2954
</h3></div></div></div><a class="indexterm" name="id2547005"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
2934
2955
The ldap suffix will be appended to the values specified for the <a class="link" href="smb.conf.5.html#LDAPUSERSUFFIX" target="_top">ldap user suffix</a>,
2935
2956
<a class="link" href="smb.conf.5.html#LDAPGROUPSUFFIX" target="_top">ldap group suffix</a>, <a class="link" href="smb.conf.5.html#LDAPMACHINESUFFIX" target="_top">ldap machine suffix</a>, and the
2936
2957
<a class="link" href="smb.conf.5.html#LDAPIDMAPSUFFIX" target="_top">ldap idmap suffix</a>. Each of these should be given only a DN relative to the
2939
2960
</em></span>
2940
2961
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap suffix</code></em> = <code class="literal">dc=samba,dc=org</code>
2941
2962
</em></span>
2942
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546980"></a>
2963
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547126"></a>
2943
2964
2944
2965
ldap timeout (G)
2945
</h3></div></div></div><a class="indexterm" name="id2546981"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
2966
</h3></div></div></div><a class="indexterm" name="id2547127"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
2946
2967
This parameter defines the number of seconds that Samba should use as timeout for LDAP operations.
2947
2968
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap timeout</code></em> = <code class="literal">15</code>
2948
2969
</em></span>
2949
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547023"></a>
2970
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547169"></a>
2950
2971
2951
2972
ldap user suffix (G)
2952
</h3></div></div></div><a class="indexterm" name="id2547024"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2973
</h3></div></div></div><a class="indexterm" name="id2547170"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2953
2974
This parameter specifies where users are added to the tree. If this parameter is unset,
2954
2975
the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix
2955
2976
string is pre-pended to the <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.
2957
2978
</em></span>
2958
2979
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap user suffix</code></em> = <code class="literal">ou=people</code>
2959
2980
</em></span>
2960
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547104"></a>
2981
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547251"></a>
2961
2982
2962
2983
level2 oplocks (S)
2963
</h3></div></div></div><a class="indexterm" name="id2547106"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports
2984
</h3></div></div></div><a class="indexterm" name="id2547252"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports
2964
2985
level2 (read-only) oplocks on a share.</p><p>Level2, or read-only oplocks allow Windows NT clients
2965
2986
that have an oplock on a file to downgrade from a read-write oplock
2966
2987
to a read-only oplock once a second client opens the file (instead
2980
3001
parameter must be set to <code class="constant">yes</code> on this share in order for
2981
3002
this parameter to have any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>level2 oplocks</code></em> = <code class="literal">yes</code>
2982
3003
</em></span>
2983
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547211"></a>
3004
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547357"></a>
2984
3005
2985
3006
lm announce (G)
2986
</h3></div></div></div><a class="indexterm" name="id2547212"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce
3007
</h3></div></div></div><a class="indexterm" name="id2547358"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce
2987
3008
broadcasts that are needed by OS/2 clients in order for them to see
2988
3009
the Samba server in their browse list. This parameter can have three
2989
3010
values, <code class="constant">yes</code>, <code class="constant">no</code>, or
2999
3020
</em></span>
3000
3021
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = <code class="literal">yes</code>
3001
3022
</em></span>
3002
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547333"></a>
3023
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547480"></a>
3003
3024
3004
3025
lm interval (G)
3005
</h3></div></div></div><a class="indexterm" name="id2547334"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce
3026
</h3></div></div></div><a class="indexterm" name="id2547481"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce
3006
3027
broadcasts needed by OS/2 clients (see the
3007
3028
<a class="link" href="smb.conf.5.html#LMANNOUNCE" target="_top">lm announce</a> parameter) then this
3008
3029
parameter defines the frequency in seconds with which they will be
3012
3033
</em></span>
3013
3034
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm interval</code></em> = <code class="literal">120</code>
3014
3035
</em></span>
3015
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547418"></a>
3036
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547564"></a>
3016
3037
3017
3038
load printers (G)
3018
</h3></div></div></div><a class="indexterm" name="id2547419"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all
3039
</h3></div></div></div><a class="indexterm" name="id2547565"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all
3019
3040
printers in the printcap will be loaded for browsing by default.
3020
3041
See the <a class="link" href="smb.conf.5.html#PRINTERS" target="_top">printers</a> section for
3021
3042
more details.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>load printers</code></em> = <code class="literal">yes</code>
3022
3043
</em></span>
3023
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547474"></a>
3044
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547620"></a>
3024
3045
3025
3046
local master (G)
3026
</h3></div></div></div><a class="indexterm" name="id2547475"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser
3047
</h3></div></div></div><a class="indexterm" name="id2547621"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser
3027
3048
on a subnet. If set to <code class="constant">no</code> then <code class="literal">
3028
3049
nmbd</code> will not attempt to become a local master browser
3029
3050
on a subnet and will also lose in all browsing elections. By
3033
3054
will <span class="emphasis"><em>participate</em></span> in elections for local master browser.</p><p>Setting this value to <code class="constant">no</code> will cause <code class="literal">nmbd</code> <span class="emphasis"><em>never</em></span> to become a local
3034
3055
master browser.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>local master</code></em> = <code class="literal">yes</code>
3035
3056
</em></span>
3036
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547574"></a>
3057
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547720"></a>
3037
3058
3038
3059
<a name="LOCKDIR"></a>lock dir
3039
</h3></div></div></div><a class="indexterm" name="id2547575"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547606"></a>
3060
</h3></div></div></div><a class="indexterm" name="id2547721"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547752"></a>
3040
3061
3041
3062
lock directory (G)
3042
</h3></div></div></div><a class="indexterm" name="id2547607"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock
3063
</h3></div></div></div><a class="indexterm" name="id2547753"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock
3043
3064
files will be placed. The lock files are used to implement the
3044
3065
<a class="link" href="smb.conf.5.html#MAXCONNECTIONS" target="_top">max connections</a> option.
3045
3066
</p><p>
3049
3070
</em></span>
3050
3071
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lock directory</code></em> = <code class="literal">/var/run/samba/locks</code>
3051
3072
</em></span>
3052
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547684"></a>
3073
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547831"></a>
3053
3074
3054
3075
locking (S)
3055
</h3></div></div></div><a class="indexterm" name="id2547686"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be
3076
</h3></div></div></div><a class="indexterm" name="id2547832"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be
3056
3077
performed by the server in response to lock requests from the
3057
3078
client.</p><p>If <code class="literal">locking = no</code>, all lock and unlock
3058
3079
requests will appear to succeed and all lock queries will report
3062
3083
CDROM drives), although setting this parameter of <code class="constant">no</code>
3063
3084
is not really recommended even in this case.</p><p>Be careful about disabling locking either globally or in a
3064
3085
specific service, as lack of locking may result in data corruption.
3065
You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547760"></a>
3086
You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547906"></a>
3066
3087
3067
3088
lock spin count (G)
3068
</h3></div></div></div><a class="indexterm" name="id2547761"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
3089
</h3></div></div></div><a class="indexterm" name="id2547907"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
3069
3090
The functionality it contolled is now controlled by the parameter
3070
3091
<a class="link" href="smb.conf.5.html#LOCKSPINTIME" target="_top">lock spin time</a>.
3071
3092
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin count</code></em> = <code class="literal">0</code>
3072
3093
</em></span>
3073
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547816"></a>
3094
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547962"></a>
3074
3095
3075
3096
lock spin time (G)
3076
</h3></div></div></div><a class="indexterm" name="id2547817"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in microseconds that smbd should
3097
</h3></div></div></div><a class="indexterm" name="id2547963"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in microseconds that smbd should
3077
3098
keep waiting to see if a failed lock request can
3078
3099
be granted. This parameter has changed in default
3079
3100
value from Samba 3.0.23 from 10 to 200. The associated
3081
3102
no longer used in Samba 3.0.24. You should not need
3082
3103
to change the value of this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin time</code></em> = <code class="literal">200</code>
3083
3104
</em></span>
3084
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547874"></a>
3105
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548020"></a>
3085
3106
3086
3107
log file (G)
3087
</h3></div></div></div><a class="indexterm" name="id2547875"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3108
</h3></div></div></div><a class="indexterm" name="id2548021"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3088
3109
This option allows you to override the name of the Samba log file (also known as the debug file).
3089
3110
</p><p>
3090
3111
This option takes the standard substitutions, allowing you to have separate log files for each user or machine.
3091
3112
</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log file</code></em> = <code class="literal">/usr/local/samba/var/log.%m</code>
3092
3113
</em></span>
3093
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547926"></a>
3114
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548072"></a>
3094
3115
3095
3116
<a name="DEBUGLEVEL"></a>debuglevel
3096
</h3></div></div></div><a class="indexterm" name="id2547927"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547957"></a>
3117
</h3></div></div></div><a class="indexterm" name="id2548073"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548103"></a>
3097
3118
3098
3119
log level (G)
3099
</h3></div></div></div><a class="indexterm" name="id2547958"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
3120
</h3></div></div></div><a class="indexterm" name="id2548104"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
3100
3121
The value of the parameter (a astring) allows the debug level (logging level) to be specified in the
3101
3122
<code class="filename">smb.conf</code> file.
3102
3123
</p><p>This parameter has been extended since the 2.2.x
3107
3128
</em></span>
3108
3129
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">3 passdb:5 auth:10 winbind:2</code>
3109
3130
</em></span>
3110
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548191"></a>
3131
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548337"></a>
3111
3132
3112
3133
logon drive (G)
3113
</h3></div></div></div><a class="indexterm" name="id2548192"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3134
</h3></div></div></div><a class="indexterm" name="id2548338"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3114
3135
This parameter specifies the local path to which the home directory will be
3115
3136
connected (see <a class="link" href="smb.conf.5.html#LOGONHOME" target="_top">logon home</a>) and is only used by NT
3116
3137
Workstations.
3120
3141
</em></span>
3121
3142
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon drive</code></em> = <code class="literal">h:</code>
3122
3143
</em></span>
3123
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548266"></a>
3144
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548412"></a>
3124
3145
3125
3146
logon home (G)
3126
</h3></div></div></div><a class="indexterm" name="id2548267"></a><a name="LOGONHOME"></a><div class="variablelist"><dl><dt></dt><dd><p>
3147
</h3></div></div></div><a class="indexterm" name="id2548413"></a><a name="LOGONHOME"></a><div class="variablelist"><dl><dt></dt><dd><p>
3127
3148
This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC.
3128
3149
It allows you to do
3129
3150
</p><p>
3154
3175
</em></span>
3155
3176
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon home</code></em> = <code class="literal">\\remote_smb_server\%U</code>
3156
3177
</em></span>
3157
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548431"></a>
3178
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548577"></a>
3158
3179
3159
3180
logon path (G)
3160
</h3></div></div></div><a class="indexterm" name="id2548432"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>
3181
</h3></div></div></div><a class="indexterm" name="id2548578"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>
3161
3182
This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are
3162
3183
stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming
3163
3184
profiles. To find out how to handle roaming profiles for Win 9X system, see the
3201
3222
</pre><p>
3202
3223
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>logon path</code></em> = <code class="literal">\\%N\%U\profile</code>
3203
3224
</em></span>
3204
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548599"></a>
3225
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548745"></a>
3205
3226
3206
3227
logon script (G)
3207
</h3></div></div></div><a class="indexterm" name="id2548600"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3228
</h3></div></div></div><a class="indexterm" name="id2548746"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3208
3229
This parameter specifies the batch file (<code class="filename">.bat</code>) or NT command file
3209
3230
(<code class="filename">.cmd</code>) to be downloaded and run on a machine when a user successfully logs in. The file
3210
3231
must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended.
3235
3256
</em></span>
3236
3257
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon script</code></em> = <code class="literal">scripts\%U.bat</code>
3237
3258
</em></span>
3238
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548769"></a>
3259
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548915"></a>
3239
3260
3240
3261
lppause command (S)
3241
</h3></div></div></div><a class="indexterm" name="id2548770"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3262
</h3></div></div></div><a class="indexterm" name="id2548916"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3242
3263
executed on the server host in order to stop printing or spooling
3243
3264
a specific print job.</p><p>This command should be a program or script which takes
3244
3265
a printer name and job number to pause the print job. One way
3262
3283
</em></span>
3263
3284
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lppause command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p0</code>
3264
3285
</em></span>
3265
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548917"></a>
3286
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549063"></a>
3266
3287
3267
3288
lpq cache time (G)
3268
</h3></div></div></div><a class="indexterm" name="id2548918"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached
3289
</h3></div></div></div><a class="indexterm" name="id2549064"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached
3269
3290
for to prevent the <code class="literal">lpq</code> command being called too
3270
3291
often. A separate cache is kept for each variation of the <code class="literal">
3271
3292
lpq</code> command used by the system, so if you use different
3278
3299
</em></span>
3279
3300
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq cache time</code></em> = <code class="literal">10</code>
3280
3301
</em></span>
3281
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549036"></a>
3302
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549182"></a>
3282
3303
3283
3304
lpq command (S)
3284
</h3></div></div></div><a class="indexterm" name="id2549037"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3305
</h3></div></div></div><a class="indexterm" name="id2549183"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3285
3306
executed on the server host in order to obtain <code class="literal">lpq
3286
3307
</code>-style printer status information.</p><p>This command should be a program or script which
3287
3308
takes a printer name as its only parameter and outputs printer
3303
3324
</em></span>
3304
3325
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq command</code></em> = <code class="literal">/usr/bin/lpq -P%p</code>
3305
3326
</em></span>
3306
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549162"></a>
3327
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549308"></a>
3307
3328
3308
3329
lpresume command (S)
3309
</h3></div></div></div><a class="indexterm" name="id2549163"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3330
</h3></div></div></div><a class="indexterm" name="id2549309"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3310
3331
executed on the server host in order to restart or continue
3311
3332
printing or spooling a specific print job.</p><p>This command should be a program or script which takes
3312
3333
a printer name and job number to resume the print job. See
3319
3340
parameter is <code class="constant">SYSV</code>, in which case the default is:</p><p><code class="literal">lp -i %p-%j -H resume</code></p><p>or if the value of the <em class="parameter"><code>printing</code></em> parameter
3320
3341
is <code class="constant">SOFTQ</code>, then the default is:</p><p><code class="literal">qstat -s -j%j -r</code></p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpresume command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p2</code>
3321
3342
</em></span>
3322
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549315"></a>
3343
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549461"></a>
3323
3344
3324
3345
lprm command (S)
3325
</h3></div></div></div><a class="indexterm" name="id2549316"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3346
</h3></div></div></div><a class="indexterm" name="id2549462"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3326
3347
executed on the server host in order to delete a print job.</p><p>This command should be a program or script which takes
3327
3348
a printer name and job number, and deletes the print job.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name
3328
3349
is put in its place. A <em class="parameter"><code>%j</code></em> is replaced with
3339
3360
</pre><p>
3340
3361
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lprm command</code></em> = <code class="literal"> determined by printing parameter</code>
3341
3362
</em></span>
3342
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549402"></a>
3363
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549548"></a>
3343
3364
3344
3365
machine password timeout (G)
3345
</h3></div></div></div><a class="indexterm" name="id2549403"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3366
</h3></div></div></div><a class="indexterm" name="id2549549"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3346
3367
If a Samba server is a member of a Windows NT Domain (see the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter) then periodically a running smbd process will try and change
3347
3368
the MACHINE ACCOUNT PASSWORD stored in the TDB called <code class="filename">private/secrets.tdb
3348
3369
</code>. This parameter specifies how often this password will be changed, in seconds. The default is one
3352
3373
and the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter.
3353
3374
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>machine password timeout</code></em> = <code class="literal">604800</code>
3354
3375
</em></span>
3355
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549490"></a>
3376
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549636"></a>
3356
3377
3357
3378
magic output (S)
3358
</h3></div></div></div><a class="indexterm" name="id2549491"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3379
</h3></div></div></div><a class="indexterm" name="id2549637"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3359
3380
This parameter specifies the name of a file which will contain output created by a magic script (see the
3360
3381
<a class="link" href="smb.conf.5.html#MAGICSCRIPT" target="_top">magic script</a> parameter below).
3361
3382
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>If two clients use the same <em class="parameter"><code>magic script
3364
3385
</em></span>
3365
3386
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic output</code></em> = <code class="literal">myfile.txt</code>
3366
3387
</em></span>
3367
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549574"></a>
3388
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549720"></a>
3368
3389
3369
3390
magic script (S)
3370
</h3></div></div></div><a class="indexterm" name="id2549575"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,
3391
</h3></div></div></div><a class="indexterm" name="id2549721"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,
3371
3392
if opened, will be executed by the server when the file is closed.
3372
3393
This allows a UNIX script to be sent to the Samba host and
3373
3394
executed on behalf of the connected user.</p><p>Scripts executed in this way will be deleted upon
3383
3404
</em></span>
3384
3405
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic script</code></em> = <code class="literal">user.csh</code>
3385
3406
</em></span>
3386
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549680"></a>
3407
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549826"></a>
3387
3408
3388
3409
mangled names (S)
3389
</h3></div></div></div><a class="indexterm" name="id2549681"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX
3410
</h3></div></div></div><a class="indexterm" name="id2549827"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX
3390
3411
should be mapped to DOS-compatible names ("mangled") and made visible,
3391
3412
or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a> for
3392
3413
details on how to control the mangling process.</p><p>If mangling is used then the mangling algorithm is as follows:</p><div class="itemizedlist"><ul type="disc"><li><p>The first (up to) five alphanumeric characters
3411
3432
from Windows/DOS and will retain the same basename. Mangled names
3412
3433
do not change between sessions.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangled names</code></em> = <code class="literal">yes</code>
3413
3434
</em></span>
3414
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549817"></a>
3435
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549963"></a>
3415
3436
3416
3437
mangle prefix (G)
3417
</h3></div></div></div><a class="indexterm" name="id2549818"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix
3438
</h3></div></div></div><a class="indexterm" name="id2549964"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix
3418
3439
characters from the original name used when generating
3419
3440
the mangled names. A larger value will give a weaker
3420
3441
hash and therefore more name collisions. The minimum
3424
3445
</em></span>
3425
3446
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangle prefix</code></em> = <code class="literal">4</code>
3426
3447
</em></span>
3427
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549883"></a>
3448
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550029"></a>
3428
3449
3429
3450
mangling char (S)
3430
</h3></div></div></div><a class="indexterm" name="id2549884"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as
3451
</h3></div></div></div><a class="indexterm" name="id2550030"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as
3431
3452
the <span class="emphasis"><em>magic</em></span> character in <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>. The
3432
3453
default is a '~' but this may interfere with some software. Use this option to set
3433
3454
it to whatever you prefer. This is effective only when mangling method is hash.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">~</code>
3434
3455
</em></span>
3435
3456
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">^</code>
3436
3457
</em></span>
3437
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549961"></a>
3458
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550107"></a>
3438
3459
3439
3460
mangling method (G)
3440
</h3></div></div></div><a class="indexterm" name="id2549962"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating
3461
</h3></div></div></div><a class="indexterm" name="id2550108"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating
3441
3462
the mangled names. Can take two different values, "hash" and
3442
3463
"hash2". "hash" is the algorithm that was used
3443
3464
used in Samba for many years and was the default in Samba 2.2.x "hash2" is
3448
3469
</em></span>
3449
3470
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling method</code></em> = <code class="literal">hash</code>
3450
3471
</em></span>
3451
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550028"></a>
3472
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550174"></a>
3452
3473
3453
3474
map acl inherit (S)
3454
</h3></div></div></div><a class="indexterm" name="id2550029"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'
3475
</h3></div></div></div><a class="indexterm" name="id2550175"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'
3455
3476
access control entry flags stored in Windows ACLs into an extended attribute
3456
3477
called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
3457
3478
on a platform that supports extended attributes (Linux and IRIX so far) and
3459
3480
POSIX ACL mapping code.
3460
3481
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map acl inherit</code></em> = <code class="literal">no</code>
3461
3482
</em></span>
3462
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550085"></a>
3483
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550238"></a>
3463
3484
3464
3485
map archive (S)
3465
</h3></div></div></div><a class="indexterm" name="id2550086"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3486
</h3></div></div></div><a class="indexterm" name="id2550239"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3466
3487
This controls whether the DOS archive attribute
3467
3488
should be mapped to the UNIX owner execute bit. The DOS archive bit
3468
3489
is set when a file has been modified since its last backup. One
3475
3496
<a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> for details.
3476
3497
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map archive</code></em> = <code class="literal">yes</code>
3477
3498
</em></span>
3478
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550160"></a>
3499
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550313"></a>
3479
3500
3480
3501
map hidden (S)
3481
</h3></div></div></div><a class="indexterm" name="id2550162"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>
3502
</h3></div></div></div><a class="indexterm" name="id2550314"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>
3482
3503
This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
3483
3504
</p><p>
3484
3505
Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> to be set such that the world execute
3485
3506
bit is not masked out (i.e. it must include 001). See the parameter <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a>
3486
3507
for details.
3487
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550218"></a>
3508
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550371"></a>
3488
3509
3489
3510
map read only (S)
3490
</h3></div></div></div><a class="indexterm" name="id2550219"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
3511
</h3></div></div></div><a class="indexterm" name="id2550372"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
3491
3512
This controls how the DOS read only attribute should be mapped from a UNIX filesystem.
3492
3513
</p><p>
3493
3514
This parameter can take three different values, which tell <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> how to display the read only attribute on files, where either
3512
3533
the <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> method. This may be useful for exporting mounted CDs.
3513
3534
</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>map read only</code></em> = <code class="literal">yes</code>
3514
3535
</em></span>
3515
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550375"></a>
3536
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550527"></a>
3516
3537
3517
3538
map system (S)
3518
</h3></div></div></div><a class="indexterm" name="id2550376"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>
3539
</h3></div></div></div><a class="indexterm" name="id2550528"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>
3519
3540
This controls whether DOS style system files should be mapped to the UNIX group execute bit.
3520
3541
</p><p>
3521
3542
Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> to be set such that the group
3523
3544
<a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> for details.
3524
3545
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map system</code></em> = <code class="literal">no</code>
3525
3546
</em></span>
3526
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550444"></a>
3547
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550597"></a>
3527
3548
3528
3549
map to guest (G)
3529
</h3></div></div></div><a class="indexterm" name="id2550445"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =
3550
</h3></div></div></div><a class="indexterm" name="id2550598"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =
3530
3551
security</a> modes other than <em class="parameter"><code>security = share</code></em>
3531
3552
and <em class="parameter"><code>security = server</code></em>
3532
3553
- i.e. <code class="constant">user</code>, and <code class="constant">domain</code>.</p><p>This parameter can take four different values, which tell
3568
3589
</em></span>
3569
3590
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>map to guest</code></em> = <code class="literal">Bad User</code>
3570
3591
</em></span>
3571
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550684"></a>
3592
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550837"></a>
3572
3593
3573
3594
max connections (S)
3574
</h3></div></div></div><a class="indexterm" name="id2550685"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.
3595
</h3></div></div></div><a class="indexterm" name="id2550838"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.
3575
3596
If <em class="parameter"><code>max connections</code></em> is greater than 0 then connections
3576
3597
will be refused if this number of connections to the service are already open. A value
3577
3598
of zero mean an unlimited number of connections may be made.</p><p>Record lock files are used to implement this feature. The lock files will be stored in
3579
3600
</em></span>
3580
3601
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = <code class="literal">10</code>
3581
3602
</em></span>
3582
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550770"></a>
3603
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550923"></a>
3583
3604
3584
3605
max disk size (G)
3585
</h3></div></div></div><a class="indexterm" name="id2550771"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit
3606
</h3></div></div></div><a class="indexterm" name="id2550924"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit
3586
3607
on the apparent size of disks. If you set this option to 100
3587
3608
then all shares will appear to be not larger than 100 MB in
3588
3609
size.</p><p>Note that this option does not limit the amount of
3596
3617
</em></span>
3597
3618
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max disk size</code></em> = <code class="literal">1000</code>
3598
3619
</em></span>
3599
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550862"></a>
3620
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551014"></a>
3600
3621
3601
3622
max log size (G)
3602
</h3></div></div></div><a class="indexterm" name="id2550863"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3623
</h3></div></div></div><a class="indexterm" name="id2551015"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3603
3624
This option (an integer in kilobytes) specifies the max size the log file should grow to.
3604
3625
Samba periodically checks the size and if it is exceeded it will rename the file, adding
3605
3626
a <code class="filename">.old</code> extension.
3608
3629
</em></span>
3609
3630
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max log size</code></em> = <code class="literal">1000</code>
3610
3631
</em></span>
3611
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550932"></a>
3632
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551085"></a>
3612
3633
3613
3634
max mux (G)
3614
</h3></div></div></div><a class="indexterm" name="id2550933"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of
3635
</h3></div></div></div><a class="indexterm" name="id2551086"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of
3615
3636
outstanding simultaneous SMB operations that Samba tells the client
3616
3637
it will allow. You should never need to set this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max mux</code></em> = <code class="literal">50</code>
3617
3638
</em></span>
3618
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550975"></a>
3639
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551128"></a>
3619
3640
3620
3641
max open files (G)
3621
</h3></div></div></div><a class="indexterm" name="id2550976"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3642
</h3></div></div></div><a class="indexterm" name="id2551129"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3622
3643
open files that one <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> file
3623
3644
serving process may have open for a client at any one time. The
3624
3645
default for this parameter is set very high (10,000) as Samba uses
3626
3647
by the UNIX per-process file descriptor limit rather than
3627
3648
this parameter so you should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max open files</code></em> = <code class="literal">10000</code>
3628
3649
</em></span>
3629
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551036"></a>
3650
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551188"></a>
3630
3651
3631
3652
max print jobs (S)
3632
</h3></div></div></div><a class="indexterm" name="id2551037"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3653
</h3></div></div></div><a class="indexterm" name="id2551189"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3633
3654
jobs allowable in a Samba printer queue at any given moment.
3634
3655
If this number is exceeded, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will remote "Out of Space" to the client.
3635
3656
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max print jobs</code></em> = <code class="literal">1000</code>
3636
3657
</em></span>
3637
3658
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max print jobs</code></em> = <code class="literal">5000</code>
3638
3659
</em></span>
3639
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551106"></a>
3660
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551258"></a>
3640
3661
3641
3662
<a name="PROTOCOL"></a>protocol
3642
</h3></div></div></div><a class="indexterm" name="id2551107"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551139"></a>
3663
</h3></div></div></div><a class="indexterm" name="id2551260"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551291"></a>
3643
3664
3644
3665
max protocol (G)
3645
</h3></div></div></div><a class="indexterm" name="id2551140"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest
3666
</h3></div></div></div><a class="indexterm" name="id2551292"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest
3646
3667
protocol level that will be supported by the server.</p><p>Possible values are :</p><div class="itemizedlist"><ul type="disc"><li><p><code class="constant">CORE</code>: Earliest version. No
3647
3668
concept of user names.</p></li><li><p><code class="constant">COREPLUS</code>: Slight improvements on
3648
3669
CORE for efficiency.</p></li><li><p><code class="constant">LANMAN1</code>: First <span class="emphasis"><em>
3654
3675
</em></span>
3655
3676
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max protocol</code></em> = <code class="literal">LANMAN1</code>
3656
3677
</em></span>
3657
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551264"></a>
3678
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551416"></a>
3658
3679
3659
3680
max reported print jobs (S)
3660
</h3></div></div></div><a class="indexterm" name="id2551265"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>
3681
</h3></div></div></div><a class="indexterm" name="id2551418"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>
3661
3682
This parameter limits the maximum number of jobs displayed in a port monitor for
3662
3683
Samba printer queue at any given moment. If this number is exceeded, the excess
3663
3684
jobs will not be shown. A value of zero means there is no limit on the number of
3666
3687
</em></span>
3667
3688
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max reported print jobs</code></em> = <code class="literal">1000</code>
3668
3689
</em></span>
3669
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551332"></a>
3690
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551480"></a>
3670
3691
3671
3692
max smbd processes (G)
3672
</h3></div></div></div><a class="indexterm" name="id2551334"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended
3693
</h3></div></div></div><a class="indexterm" name="id2551482"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended
3673
3694
as a stopgap to prevent degrading service to clients in the event that the server has insufficient
3674
3695
resources to handle more than this number of connections. Remember that under normal operating
3675
3696
conditions, each user will have an <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> associated with him or her to handle connections to all
3677
3698
</em></span>
3678
3699
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max smbd processes</code></em> = <code class="literal">1000</code>
3679
3700
</em></span>
3680
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551414"></a>
3701
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551562"></a>
3681
3702
3682
3703
max stat cache size (G)
3683
</h3></div></div></div><a class="indexterm" name="id2551415"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any
3704
</h3></div></div></div><a class="indexterm" name="id2551563"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any
3684
3705
<em class="parameter"><code>stat cache</code></em> being used
3685
3706
to speed up case insensitive name mappings. It represents
3686
3707
the number of kilobyte (1024) units the stat cache can use.
3691
3712
</em></span>
3692
3713
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max stat cache size</code></em> = <code class="literal">100</code>
3693
3714
</em></span>
3694
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551483"></a>
3715
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551631"></a>
3695
3716
3696
3717
max ttl (G)
3697
</h3></div></div></div><a class="indexterm" name="id2551484"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'
3718
</h3></div></div></div><a class="indexterm" name="id2551632"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'
3698
3719
of NetBIOS names should be (in seconds) when <code class="literal">nmbd</code> is
3699
3720
requesting a name using either a broadcast packet or from a WINS server. You should
3700
3721
never need to change this parameter. The default is 3 days.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max ttl</code></em> = <code class="literal">259200</code>
3701
3722
</em></span>
3702
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551542"></a>
3723
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551690"></a>
3703
3724
3704
3725
max wins ttl (G)
3705
</h3></div></div></div><a class="indexterm" name="id2551543"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
3726
</h3></div></div></div><a class="indexterm" name="id2551691"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
3706
3727
(<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the maximum
3707
3728
'time to live' of NetBIOS names that <code class="literal">nmbd</code>
3708
3729
will grant will be (in seconds). You should never need to change this
3709
3730
parameter. The default is 6 days (518400 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max wins ttl</code></em> = <code class="literal">518400</code>
3710
3731
</em></span>
3711
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551614"></a>
3732
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551762"></a>
3712
3733
3713
3734
max xmit (G)
3714
</h3></div></div></div><a class="indexterm" name="id2551615"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size
3735
</h3></div></div></div><a class="indexterm" name="id2551763"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size
3715
3736
that will be negotiated by Samba. The default is 16644, which
3716
3737
matches the behavior of Windows 2000. A value below 2048 is likely to cause problems.
3717
3738
You should never need to change this parameter from its default value.
3719
3740
</em></span>
3720
3741
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max xmit</code></em> = <code class="literal">8192</code>
3721
3742
</em></span>
3722
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551677"></a>
3743
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551825"></a>
3723
3744
3724
3745
message command (G)
3725
</h3></div></div></div><a class="indexterm" name="id2551678"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the
3746
</h3></div></div></div><a class="indexterm" name="id2551826"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the
3726
3747
server receives a WinPopup style message.</p><p>This would normally be a command that would
3727
3748
deliver the message somehow. How this is to be done is
3728
3749
up to your imagination.</p><p>An example is:
3761
3782
</em></span>
3762
3783
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>message command</code></em> = <code class="literal">csh -c 'xedit %s; rm %s' &</code>
3763
3784
</em></span>
3764
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551887"></a>
3785
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552035"></a>
3765
3786
3766
3787
min print space (S)
3767
</h3></div></div></div><a class="indexterm" name="id2551888"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk
3788
</h3></div></div></div><a class="indexterm" name="id2552036"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk
3768
3789
space that must be available before a user will be able to spool
3769
3790
a print job. It is specified in kilobytes. The default is 0, which
3770
3791
means a user can always spool a print job.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min print space</code></em> = <code class="literal">0</code>
3771
3792
</em></span>
3772
3793
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min print space</code></em> = <code class="literal">2000</code>
3773
3794
</em></span>
3774
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551949"></a>
3795
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552097"></a>
3775
3796
3776
3797
min protocol (G)
3777
</h3></div></div></div><a class="indexterm" name="id2551950"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the
3798
</h3></div></div></div><a class="indexterm" name="id2552098"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the
3778
3799
lowest SMB protocol dialect than Samba will support. Please refer
3779
3800
to the <a class="link" href="smb.conf.5.html#MAXPROTOCOL" target="_top">max protocol</a>
3780
3801
parameter for a list of valid protocol names and a brief description
3786
3807
</em></span>
3787
3808
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min protocol</code></em> = <code class="literal">NT1</code>
3788
3809
</em></span>
3789
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552047"></a>
3810
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552196"></a>
3790
3811
3791
3812
min receivefile size (G)
3792
</h3></div></div></div><a class="indexterm" name="id2552048"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming
3813
</h3></div></div></div><a class="indexterm" name="id2552197"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming
3793
3814
SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will
3794
3815
be passed to any underlying kernel recvfile or splice system call (if there is no such
3795
3816
call Samba will emulate in user space). This allows zero-copy writes directly from network
3798
3819
normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be
3799
3820
nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</p><p>Note this option will have NO EFFECT if set on a SMB signed connection.</p><p>The default is zero, which diables this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min receivefile size</code></em> = <code class="literal">0</code>
3800
3821
</em></span>
3801
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552117"></a>
3822
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552277"></a>
3802
3823
3803
3824
min wins ttl (G)
3804
</h3></div></div></div><a class="indexterm" name="id2552118"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
3825
</h3></div></div></div><a class="indexterm" name="id2552278"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
3805
3826
when acting as a WINS server (<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the minimum 'time to live'
3806
3827
of NetBIOS names that <code class="literal">nmbd</code> will grant will be (in
3807
3828
seconds). You should never need to change this parameter. The default
3808
3829
is 6 hours (21600 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min wins ttl</code></em> = <code class="literal">21600</code>
3809
3830
</em></span>
3810
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552187"></a>
3831
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552348"></a>
3811
3832
3812
3833
msdfs proxy (S)
3813
</h3></div></div></div><a class="indexterm" name="id2552188"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a
3834
</h3></div></div></div><a class="indexterm" name="id2552349"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a
3814
3835
stand-in for another CIFS share whose location is specified by
3815
3836
the value of the parameter. When clients attempt to connect to
3816
3837
this share, they are redirected to the proxied share using
3818
3839
<a class="link" href="smb.conf.5.html#MSDFSROOT" target="_top">msdfs root</a> and <a class="link" href="smb.conf.5.html#HOSTMSDFS" target="_top">host msdfs</a>
3819
3840
options to find out how to set up a Dfs root share.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>msdfs proxy</code></em> = <code class="literal">\otherserver\someshare</code>
3820
3841
</em></span>
3821
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552265"></a>
3842
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552426"></a>
3822
3843
3823
3844
msdfs root (S)
3824
</h3></div></div></div><a class="indexterm" name="id2552266"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the
3845
</h3></div></div></div><a class="indexterm" name="id2552427"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the
3825
3846
share as a Dfs root and allows clients to browse the
3826
3847
distributed file system tree rooted at the share directory.
3827
3848
Dfs links are specified in the share directory by symbolic
3829
3850
and so on. For more information on setting up a Dfs tree on
3830
3851
Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>msdfs root</code></em> = <code class="literal">no</code>
3831
3852
</em></span>
3832
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552320"></a>
3853
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552481"></a>
3833
3854
3834
3855
name cache timeout (G)
3835
</h3></div></div></div><a class="indexterm" name="id2552322"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before
3856
</h3></div></div></div><a class="indexterm" name="id2552482"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before
3836
3857
entries in samba's hostname resolve cache time out. If
3837
3858
the timeout is set to 0. the caching is disabled.
3838
3859
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>name cache timeout</code></em> = <code class="literal">660</code>
3839
3860
</em></span>
3840
3861
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name cache timeout</code></em> = <code class="literal">0</code>
3841
3862
</em></span>
3842
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552382"></a>
3863
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552542"></a>
3843
3864
3844
3865
name resolve order (G)
3845
</h3></div></div></div><a class="indexterm" name="id2552383"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba
3866
</h3></div></div></div><a class="indexterm" name="id2552543"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba
3846
3867
suite to determine what naming services to use and in what order
3847
3868
to resolve host names to IP addresses. Its main purpose to is to
3848
3869
control how netbios name resolution is performed. The option takes a space
3873
3894
</em></span>
3874
3895
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name resolve order</code></em> = <code class="literal">lmhosts bcast host</code>
3875
3896
</em></span>
3876
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552584"></a>
3897
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552744"></a>
3877
3898
3878
3899
netbios aliases (G)
3879
</h3></div></div></div><a class="indexterm" name="id2552585"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will
3900
</h3></div></div></div><a class="indexterm" name="id2552745"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will
3880
3901
advertise as additional names by which the Samba server is known. This allows one machine
3881
3902
to appear in browse lists under multiple names. If a machine is acting as a browse server
3882
3903
or logon server none of these names will be advertised as either browse server or logon
3886
3907
</em></span>
3887
3908
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios aliases</code></em> = <code class="literal">TEST TEST1 TEST2</code>
3888
3909
</em></span>
3889
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552650"></a>
3910
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552818"></a>
3890
3911
3891
3912
netbios name (G)
3892
</h3></div></div></div><a class="indexterm" name="id2552651"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
3913
</h3></div></div></div><a class="indexterm" name="id2552819"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
3893
3914
This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component
3894
3915
of the host's DNS name. If a machine is a browse server or logon server this name (or the first component of
3895
3916
the hosts DNS name) will be the name that these services are advertised under.
3902
3923
</em></span>
3903
3924
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios name</code></em> = <code class="literal">MYNAME</code>
3904
3925
</em></span>
3905
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552731"></a>
3926
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552899"></a>
3906
3927
3907
3928
netbios scope (G)
3908
</h3></div></div></div><a class="indexterm" name="id2552732"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will
3929
</h3></div></div></div><a class="indexterm" name="id2552900"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will
3909
3930
operate under. This should not be set unless every machine
3910
3931
on your LAN also sets this value.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>netbios scope</code></em> = <code class="literal"></code>
3911
3932
</em></span>
3912
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552774"></a>
3933
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552942"></a>
3913
3934
3914
3935
nis homedir (G)
3915
</h3></div></div></div><a class="indexterm" name="id2552775"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For
3936
</h3></div></div></div><a class="indexterm" name="id2552943"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For
3916
3937
UNIX systems that use an automounter, the user's home directory
3917
3938
will often be mounted on a workstation on demand from a remote
3918
3939
server. </p><p>When the Samba logon server is not the actual home directory
3931
3952
NIS system and the Samba server with this option must also
3932
3953
be a logon server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nis homedir</code></em> = <code class="literal">no</code>
3933
3954
</em></span>
3934
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552854"></a>
3955
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553022"></a>
3935
3956
3936
3957
nt acl support (S)
3937
</h3></div></div></div><a class="indexterm" name="id2552855"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map
3958
</h3></div></div></div><a class="indexterm" name="id2553023"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map
3938
3959
UNIX permissions into Windows NT access control lists. The UNIX
3939
3960
permissions considered are the the traditional UNIX owner and
3940
3961
group permissions, as well as POSIX ACLs set on any files or
3941
3962
directories. This parameter was formally a global parameter in
3942
3963
releases prior to 2.2.2.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt acl support</code></em> = <code class="literal">yes</code>
3943
3964
</em></span>
3944
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552909"></a>
3965
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553076"></a>
3945
3966
3946
3967
ntlm auth (G)
3947
</h3></div></div></div><a class="indexterm" name="id2552910"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
3968
</h3></div></div></div><a class="indexterm" name="id2553078"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
3948
3969
authenticate users using the NTLM encrypted password response.
3949
3970
If disabled, either the lanman password hash or an NTLMv2 response
3950
3971
will need to be sent by the client.</p><p>If this option, and <code class="literal">lanman
3952
3973
permited. Not all clients support NTLMv2, and most will require
3953
3974
special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ntlm auth</code></em> = <code class="literal">yes</code>
3954
3975
</em></span>
3955
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552973"></a>
3976
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553140"></a>
3956
3977
3957
3978
nt pipe support (G)
3958
</h3></div></div></div><a class="indexterm" name="id2552974"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether
3979
</h3></div></div></div><a class="indexterm" name="id2553142"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether
3959
3980
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow Windows NT
3960
3981
clients to connect to the NT SMB specific <code class="constant">IPC$</code>
3961
3982
pipes. This is a developer debugging option and can be left
3962
3983
alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt pipe support</code></em> = <code class="literal">yes</code>
3963
3984
</em></span>
3964
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553029"></a>
3985
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553196"></a>
3965
3986
3966
3987
nt status support (G)
3967
</h3></div></div></div><a class="indexterm" name="id2553030"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status
3988
</h3></div></div></div><a class="indexterm" name="id2553198"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status
3968
3989
support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone.
3969
3990
If this option is set to <code class="constant">no</code> then Samba offers
3970
3991
exactly the same DOS error codes that versions prior to Samba 2.2.3
3971
3992
reported.</p><p>You should not need to ever disable this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt status support</code></em> = <code class="literal">yes</code>
3972
3993
</em></span>
3973
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553090"></a>
3994
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553258"></a>
3974
3995
3975
3996
null passwords (G)
3976
</h3></div></div></div><a class="indexterm" name="id2553091"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>
3997
</h3></div></div></div><a class="indexterm" name="id2553259"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>
3977
3998
</em></span>
3978
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553144"></a>
3999
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553312"></a>
3979
4000
3980
4001
obey pam restrictions (G)
3981
</h3></div></div></div><a class="indexterm" name="id2553145"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support
4002
</h3></div></div></div><a class="indexterm" name="id2553313"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support
3982
4003
(i.e. --with-pam), this parameter will control whether or not Samba
3983
4004
should obey PAM's account and session management directives. The
3984
4005
default behavior is to use PAM for clear text authentication only
3988
4009
authentication mechanism needed in the presence of SMB password encryption.
3989
4010
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>obey pam restrictions</code></em> = <code class="literal">no</code>
3990
4011
</em></span>
3991
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553208"></a>
4012
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553382"></a>
3992
4013
3993
4014
only user (S)
3994
</h3></div></div></div><a class="indexterm" name="id2553209"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether
4015
</h3></div></div></div><a class="indexterm" name="id2553384"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether
3995
4016
connections with usernames not in the <em class="parameter"><code>user</code></em>
3996
4017
list will be allowed. By default this option is disabled so that a
3997
4018
client can supply a username to be used by the server. Enabling
4004
4025
will be just the service name, which for home directories is the
4005
4026
name of the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>only user</code></em> = <code class="literal">no</code>
4006
4027
</em></span>
4007
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553297"></a>
4028
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553471"></a>
4008
4029
4009
4030
oplock break wait time (G)
4010
</h3></div></div></div><a class="indexterm" name="id2553298"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4031
</h3></div></div></div><a class="indexterm" name="id2553472"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4011
4032
This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too
4012
4033
quickly when that client issues an SMB that can cause an oplock break request, then the network client can
4013
4034
fail and not respond to the break request. This tuning parameter (which is set in milliseconds) is the amount
4016
4037
DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
4017
4038
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock break wait time</code></em> = <code class="literal">0</code>
4018
4039
</em></span>
4019
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553352"></a>
4040
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553526"></a>
4020
4041
4021
4042
oplock contention limit (S)
4022
</h3></div></div></div><a class="indexterm" name="id2553353"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4043
</h3></div></div></div><a class="indexterm" name="id2553527"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4023
4044
This is a <span class="emphasis"><em>very</em></span> advanced <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> tuning option to improve the efficiency of the
4024
4045
granting of oplocks under multiple client contention for the same file.
4025
4046
</p><p>
4031
4052
DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
4032
4053
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock contention limit</code></em> = <code class="literal">2</code>
4033
4054
</em></span>
4034
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553434"></a>
4055
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553609"></a>
4035
4056
4036
4057
oplocks (S)
4037
</h3></div></div></div><a class="indexterm" name="id2553436"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4058
</h3></div></div></div><a class="indexterm" name="id2553610"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4038
4059
This boolean option tells <code class="literal">smbd</code> whether to
4039
4060
issue oplocks (opportunistic locks) to file open requests on this
4040
4061
share. The oplock code can dramatically (approx. 30% or more) improve
4053
4074
<a class="link" href="smb.conf.5.html#KERNELOPLOCKS" target="_top">kernel oplocks</a> parameter for details.
4054
4075
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplocks</code></em> = <code class="literal">yes</code>
4055
4076
</em></span>
4056
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553533"></a>
4077
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553707"></a>
4057
4078
4058
4079
os2 driver map (G)
4059
</h3></div></div></div><a class="indexterm" name="id2553534"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute
4080
</h3></div></div></div><a class="indexterm" name="id2553708"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute
4060
4081
path to a file containing a mapping of Windows NT printer driver
4061
4082
names to OS/2 printer driver names. The format is:</p><p><nt driver name> = <os2 driver name>.<device name></p><p>For example, a valid entry using the HP LaserJet 5
4062
4083
printer driver would appear as <code class="literal">HP LaserJet 5L = LASERJET.HP
4066
4087
details on OS/2 clients, please refer to chapter on other clients in the Samba3-HOWTO book.
4067
4088
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>os2 driver map</code></em> = <code class="literal"></code>
4068
4089
</em></span>
4069
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553600"></a>
4090
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553774"></a>
4070
4091
4071
4092
os level (G)
4072
</h3></div></div></div><a class="indexterm" name="id2553601"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
4093
</h3></div></div></div><a class="indexterm" name="id2553776"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
4073
4094
This integer value controls what level Samba advertises itself as for browse elections. The value of this
4074
4095
parameter determines whether <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> in the local broadcast area.
4075
4096
</p><p><span class="emphasis"><em>
4085
4106
</em></span>
4086
4107
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>os level</code></em> = <code class="literal">65</code>
4087
4108
</em></span>
4088
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553700"></a>
4109
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553874"></a>
4089
4110
4090
4111
pam password change (G)
4091
</h3></div></div></div><a class="indexterm" name="id2553701"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,
4112
</h3></div></div></div><a class="indexterm" name="id2553875"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,
4092
4113
this parameter, it is possible to use PAM's password change control
4093
4114
flag for Samba. If enabled, then PAM will be used for password
4094
4115
changes when requested by an SMB client instead of the program listed in
4096
4117
It should be possible to enable this without changing your
4097
4118
<a class="link" href="smb.conf.5.html#PASSWDCHAT" target="_top">passwd chat</a> parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = <code class="literal">no</code>
4098
4119
</em></span>
4099
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553772"></a>
4120
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553947"></a>
4100
4121
4101
4122
panic action (G)
4102
</h3></div></div></div><a class="indexterm" name="id2553774"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a
4123
</h3></div></div></div><a class="indexterm" name="id2553948"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a
4103
4124
system command to be called when either <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> or <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> crashes. This is usually used to
4104
4125
draw attention to the fact that a problem occurred.
4105
4126
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>panic action</code></em> = <code class="literal"></code>
4106
4127
</em></span>
4107
4128
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>panic action</code></em> = <code class="literal">"/bin/sleep 90000"</code>
4108
4129
</em></span>
4109
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553848"></a>
4130
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554023"></a>
4110
4131
4111
4132
paranoid server security (G)
4112
</h3></div></div></div><a class="indexterm" name="id2553849"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest
4133
</h3></div></div></div><a class="indexterm" name="id2554024"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest
4113
4134
users with a bad passowrd. When this option is enabled, samba will not
4114
4135
use a broken NT 4.x server as password server, but instead complain
4115
4136
to the logs and exit.
4117
4138
this check, which involves deliberatly attempting a
4118
4139
bad logon to the remote server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>paranoid server security</code></em> = <code class="literal">yes</code>
4119
4140
</em></span>
4120
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553900"></a>
4141
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554074"></a>
4121
4142
4122
4143
passdb backend (G)
4123
</h3></div></div></div><a class="indexterm" name="id2553901"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend
4144
</h3></div></div></div><a class="indexterm" name="id2554075"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend
4124
4145
will be used for storing user and possibly group information. This allows
4125
4146
you to swap between different storage mechanisms without recompile. </p><p>The parameter value is divided into two parts, the backend's name, and a 'location'
4126
4147
string that has meaning only to that particular backed. These are separated
4153
4174
passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"
4154
4175
</pre><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb backend</code></em> = <code class="literal">smbpasswd</code>
4155
4176
</em></span>
4156
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554057"></a>
4177
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554231"></a>
4157
4178
4158
4179
passdb expand explicit (G)
4159
</h3></div></div></div><a class="indexterm" name="id2554058"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4180
</h3></div></div></div><a class="indexterm" name="id2554232"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4160
4181
This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We
4161
4182
used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable
4162
4183
%G_osver% in which %G would have been substituted by the user's primary group.
4163
4184
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb expand explicit</code></em> = <code class="literal">no</code>
4164
4185
</em></span>
4165
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554104"></a>
4186
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554278"></a>
4166
4187
4167
4188
passwd chat debug (G)
4168
</h3></div></div></div><a class="indexterm" name="id2554105"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script
4189
</h3></div></div></div><a class="indexterm" name="id2554279"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script
4169
4190
parameter is run in <span class="emphasis"><em>debug</em></span> mode. In this mode the
4170
4191
strings passed to and received from the passwd chat are printed
4171
4192
in the <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> log with a
4178
4199
<a class="link" href="smb.conf.5.html#PAMPASSWORDCHANGE" target="_top">pam password change</a>
4179
4200
parameter is set. This parameter is off by default.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat debug</code></em> = <code class="literal">no</code>
4180
4201
</em></span>
4181
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554207"></a>
4202
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554382"></a>
4182
4203
4183
4204
passwd chat timeout (G)
4184
</h3></div></div></div><a class="indexterm" name="id2554208"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial
4205
</h3></div></div></div><a class="indexterm" name="id2554383"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial
4185
4206
answer from a passwd chat script being run. Once the initial answer is received
4186
4207
the subsequent answers must be received in one tenth of this time. The default it
4187
4208
two seconds.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat timeout</code></em> = <code class="literal">2</code>
4188
4209
</em></span>
4189
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554252"></a>
4210
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554427"></a>
4190
4211
4191
4212
passwd chat (G)
4192
</h3></div></div></div><a class="indexterm" name="id2554253"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>
4213
</h3></div></div></div><a class="indexterm" name="id2554428"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>
4193
4214
conversation that takes places between <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and the local password changing
4194
4215
program to change the user's password. The string describes a
4195
4216
sequence of response-receive pairs that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> uses to determine what to send to the
4220
4241
</em></span>
4221
4242
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd chat</code></em> = <code class="literal">"*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"</code>
4222
4243
</em></span>
4223
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554458"></a>
4244
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554632"></a>
4224
4245
4225
4246
passwd program (G)
4226
</h3></div></div></div><a class="indexterm" name="id2554459"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set
4247
</h3></div></div></div><a class="indexterm" name="id2554633"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set
4227
4248
UNIX user passwords. Any occurrences of <em class="parameter"><code>%u</code></em>
4228
4249
will be replaced with the user name. The user name is checked for
4229
4250
existence before calling the password changing program.</p><p>Also note that many passwd programs insist in <span class="emphasis"><em>reasonable
4244
4265
</em></span>
4245
4266
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd program</code></em> = <code class="literal">/bin/passwd %u</code>
4246
4267
</em></span>
4247
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554593"></a>
4268
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554767"></a>
4248
4269
4249
4270
password level (G)
4250
</h3></div></div></div><a class="indexterm" name="id2554594"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty
4271
</h3></div></div></div><a class="indexterm" name="id2554768"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty
4251
4272
with mixed-case passwords. One offending client is Windows for
4252
4273
Workgroups, which for some reason forces passwords to upper
4253
4274
case when using the LANMAN1 protocol, but leaves them alone when
4269
4290
</em></span>
4270
4291
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = <code class="literal">4</code>
4271
4292
</em></span>
4272
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554730"></a>
4293
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554904"></a>
4273
4294
4274
4295
password server (G)
4275
</h3></div></div></div><a class="indexterm" name="id2554731"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server
4296
</h3></div></div></div><a class="indexterm" name="id2554905"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server
4276
4297
or Active Directory domain controller with this option,
4277
4298
and using <code class="literal">security = [ads|domain|server]</code>
4278
it is possible to get Samba to
4299
it is possible to get Samba
4279
4300
to do all its username/password validation using a specific remote server.</p><p>This option sets the name or IP address of the password server to use.
4280
4301
New syntax has been added to support defining the port to use when connecting
4281
4302
to the server the case of an ADS realm. To define a port other than the
4332
4353
</em></span>
4333
4354
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">windc.mydomain.com:389 192.168.1.101 *</code>
4334
4355
</em></span>
4335
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555028"></a>
4356
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555203"></a>
4336
4357
4337
4358
<a name="DIRECTORY"></a>directory
4338
</h3></div></div></div><a class="indexterm" name="id2555030"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555060"></a>
4359
</h3></div></div></div><a class="indexterm" name="id2555204"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555234"></a>
4339
4360
4340
4361
path (S)
4341
</h3></div></div></div><a class="indexterm" name="id2555061"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which
4362
</h3></div></div></div><a class="indexterm" name="id2555235"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which
4342
4363
the user of the service is to be given access. In the case of
4343
4364
printable services, this is where print data will spool prior to
4344
4365
being submitted to the host for printing.</p><p>For a printable service offering guest access, the service
4355
4376
</em></span>
4356
4377
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>path</code></em> = <code class="literal">/home/fred</code>
4357
4378
</em></span>
4358
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555164"></a>
4379
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555338"></a>
4359
4380
4360
4381
pid directory (G)
4361
</h3></div></div></div><a class="indexterm" name="id2555165"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
4382
</h3></div></div></div><a class="indexterm" name="id2555339"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
4362
4383
This option specifies the directory where pid files will be placed.
4363
4384
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">${prefix}/var/locks</code>
4364
4385
</em></span>
4365
4386
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">pid directory = /var/run/</code>
4366
4387
</em></span>
4367
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555224"></a>
4388
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555398"></a>
4368
4389
4369
4390
posix locking (S)
4370
</h3></div></div></div><a class="indexterm" name="id2555225"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
4391
</h3></div></div></div><a class="indexterm" name="id2555399"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
4371
4392
The <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
4372
4393
daemon maintains an database of file locks obtained by SMB clients. The default behavior is
4373
4394
to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are
4375
4396
method (e.g. NFS or local file access). You should never need to disable this parameter.
4376
4397
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>posix locking</code></em> = <code class="literal">yes</code>
4377
4398
</em></span>
4378
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555279"></a>
4399
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555453"></a>
4379
4400
4380
4401
postexec (S)
4381
</h3></div></div></div><a class="indexterm" name="id2555280"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run
4402
</h3></div></div></div><a class="indexterm" name="id2555454"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run
4382
4403
whenever the service is disconnected. It takes the usual
4383
4404
substitutions. The command may be run as the root on some
4384
4405
systems.</p><p>An interesting example may be to unmount server
4386
4407
</em></span>
4387
4408
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>postexec</code></em> = <code class="literal">echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log</code>
4388
4409
</em></span>
4389
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555352"></a>
4410
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555526"></a>
4390
4411
4391
4412
preexec close (S)
4392
</h3></div></div></div><a class="indexterm" name="id2555353"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4413
</h3></div></div></div><a class="indexterm" name="id2555527"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4393
4414
This boolean option controls whether a non-zero return code from <a class="link" href="smb.conf.5.html#PREEXEC" target="_top">preexec</a>
4394
4415
should close the service being connected to.
4395
4416
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec close</code></em> = <code class="literal">no</code>
4396
4417
</em></span>
4397
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555407"></a>
4418
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555581"></a>
4398
4419
4399
4420
<a name="EXEC"></a>exec
4400
</h3></div></div></div><a class="indexterm" name="id2555408"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555438"></a>
4421
</h3></div></div></div><a class="indexterm" name="id2555582"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555613"></a>
4401
4422
4402
4423
preexec (S)
4403
</h3></div></div></div><a class="indexterm" name="id2555439"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever
4424
</h3></div></div></div><a class="indexterm" name="id2555614"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever
4404
4425
the service is connected to. It takes the usual substitutions.</p><p>An interesting example is to send the users a welcome
4405
4426
message every time they log in. Maybe a message of the day? Here
4406
4427
is an example:</p><p>
4412
4433
</em></span>
4413
4434
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preexec</code></em> = <code class="literal">echo \"%u connected to %S from %m (%I)\" >> /tmp/log</code>
4414
4435
</em></span>
4415
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555547"></a>
4436
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555721"></a>
4416
4437
4417
4438
<a name="PREFEREDMASTER"></a>prefered master
4418
</h3></div></div></div><a class="indexterm" name="id2555548"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555580"></a>
4439
</h3></div></div></div><a class="indexterm" name="id2555722"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555754"></a>
4419
4440
4420
4441
preferred master (G)
4421
</h3></div></div></div><a class="indexterm" name="id2555581"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
4442
</h3></div></div></div><a class="indexterm" name="id2555756"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
4422
4443
This boolean parameter controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> is a preferred master browser for its workgroup.
4423
4444
</p><p>
4424
4445
If this is set to <code class="constant">yes</code>, on startup, <code class="literal">nmbd</code> will force
4432
4453
capabilities.
4433
4454
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preferred master</code></em> = <code class="literal">auto</code>
4434
4455
</em></span>
4435
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555673"></a>
4456
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555847"></a>
4436
4457
4437
4458
preload modules (G)
4438
</h3></div></div></div><a class="indexterm" name="id2555674"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should
4459
</h3></div></div></div><a class="indexterm" name="id2555848"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should
4439
4460
be loaded into smbd before a client connects. This improves
4440
4461
the speed of smbd when reacting to new connections somewhat. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal"></code>
4441
4462
</em></span>
4442
4463
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal">/usr/lib/samba/passdb/mysql.so</code>
4443
4464
</em></span>
4444
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555734"></a>
4465
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555908"></a>
4445
4466
4446
4467
<a name="AUTOSERVICES"></a>auto services
4447
</h3></div></div></div><a class="indexterm" name="id2555735"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555767"></a>
4468
</h3></div></div></div><a class="indexterm" name="id2555909"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555941"></a>
4448
4469
4449
4470
preload (G)
4450
</h3></div></div></div><a class="indexterm" name="id2555768"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be
4471
</h3></div></div></div><a class="indexterm" name="id2555942"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be
4451
4472
automatically added to the browse lists. This is most useful
4452
4473
for homes and printers services that would otherwise not be
4453
4474
visible.</p><p>
4458
4479
</em></span>
4459
4480
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload</code></em> = <code class="literal">fred lp colorlp</code>
4460
4481
</em></span>
4461
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555845"></a>
4482
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556019"></a>
4462
4483
4463
4484
preserve case (S)
4464
</h3></div></div></div><a class="indexterm" name="id2555846"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4485
</h3></div></div></div><a class="indexterm" name="id2556020"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4465
4486
This controls if new filenames are created with the case that the client passes, or if
4466
4487
they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>.
4467
4488
</p><p>
4468
4489
See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a> for a fuller discussion.
4469
4490
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preserve case</code></em> = <code class="literal">yes</code>
4470
4491
</em></span>
4471
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555912"></a>
4492
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556086"></a>
4472
4493
4473
4494
<a name="PRINTOK"></a>print ok
4474
</h3></div></div></div><a class="indexterm" name="id2555913"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555942"></a>
4495
</h3></div></div></div><a class="indexterm" name="id2556087"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556117"></a>
4475
4496
4476
4497
printable (S)
4477
</h3></div></div></div><a class="indexterm" name="id2555944"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then
4498
</h3></div></div></div><a class="indexterm" name="id2556118"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then
4478
4499
clients may open, write to and submit spool files on the directory
4479
4500
specified for the service. </p><p>Note that a printable service will ALWAYS allow writing
4480
4501
to the service path (user privileges permitting) via the spooling
4481
4502
of print data. The <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> parameter controls only non-printing access to
4482
4503
the resource.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printable</code></em> = <code class="literal">no</code>
4483
4504
</em></span>
4484
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556006"></a>
4505
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556180"></a>
4485
4506
4486
4507
printcap cache time (G)
4487
</h3></div></div></div><a class="indexterm" name="id2556007"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing
4508
</h3></div></div></div><a class="indexterm" name="id2556181"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing
4488
4509
subsystem is again asked for the known printers. If the value
4489
4510
is greater than 60 the initial waiting time is set to 60 seconds
4490
4511
to allow an earlier first rescan of the printing subsystem.
4494
4515
</em></span>
4495
4516
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap cache time</code></em> = <code class="literal">600</code>
4496
4517
</em></span>
4497
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556075"></a>
4518
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556249"></a>
4498
4519
4499
4520
<a name="PRINTCAP"></a>printcap
4500
</h3></div></div></div><a class="indexterm" name="id2556076"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556108"></a>
4521
</h3></div></div></div><a class="indexterm" name="id2556250"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556282"></a>
4501
4522
4502
4523
printcap name (G)
4503
</h3></div></div></div><a class="indexterm" name="id2556109"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4524
</h3></div></div></div><a class="indexterm" name="id2556283"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4504
4525
This parameter may be used to override the compiled-in default printcap name used by the server (usually
4505
4526
<code class="filename"> /etc/printcap</code>). See the discussion of the <a class="link" href="#PRINTERSSECT" title="The [printers] section">[printers]</a> section above for reasons why you might want to do this.
4506
4527
</p><p>
4535
4556
</em></span>
4536
4557
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap name</code></em> = <code class="literal">/etc/myprintcap</code>
4537
4558
</em></span>
4538
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556292"></a>
4559
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556466"></a>
4539
4560
4540
4561
print command (S)
4541
</h3></div></div></div><a class="indexterm" name="id2556293"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to
4562
</h3></div></div></div><a class="indexterm" name="id2556467"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to
4542
4563
a service, this command will be used via a <code class="literal">system()</code>
4543
4564
call to process the spool file. Typically the command specified will
4544
4565
submit the spool file to the host's printing subsystem, but there
4580
4601
and if SAMBA is compiled against libcups, any manually
4581
4602
set print command will be ignored.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>print command</code></em> = <code class="literal">/usr/local/samba/bin/myprintscript %p %s</code>
4582
4603
</em></span>
4583
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556568"></a>
4604
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556736"></a>
4584
4605
4585
4606
printer admin (S)
4586
</h3></div></div></div><a class="indexterm" name="id2556570"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
4607
</h3></div></div></div><a class="indexterm" name="id2556737"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
4587
4608
This lists users who can do anything to printers
4588
4609
via the remote administration interfaces offered
4589
4610
by MS-RPC (usually using a NT workstation).
4599
4620
</em></span>
4600
4621
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer admin</code></em> = <code class="literal">admin, @staff</code>
4601
4622
</em></span>
4602
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556638"></a>
4623
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556805"></a>
4603
4624
4604
4625
<a name="PRINTER"></a>printer
4605
</h3></div></div></div><a class="indexterm" name="id2556639"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556669"></a>
4626
</h3></div></div></div><a class="indexterm" name="id2556806"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556837"></a>
4606
4627
4607
4628
printer name (S)
4608
</h3></div></div></div><a class="indexterm" name="id2556670"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4629
</h3></div></div></div><a class="indexterm" name="id2556838"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4609
4630
This parameter specifies the name of the printer to which print jobs spooled through a printable service
4610
4631
will be sent.
4611
4632
</p><p>
4618
4639
</em></span>
4619
4640
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer name</code></em> = <code class="literal">laserwriter</code>
4620
4641
</em></span>
4621
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556757"></a>
4642
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556924"></a>
4622
4643
4623
4644
printing (S)
4624
</h3></div></div></div><a class="indexterm" name="id2556758"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status information is
4645
</h3></div></div></div><a class="indexterm" name="id2556926"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status information is
4625
4646
interpreted on your system. It also affects the default values for
4626
4647
the <em class="parameter"><code>print command</code></em>, <em class="parameter"><code>lpq command</code></em>, <em class="parameter"><code>lppause command </code></em>, <em class="parameter"><code>lpresume command</code></em>, and <em class="parameter"><code>lprm command</code></em> if specified in the
4627
4648
[global] section.</p><p>Currently nine printing styles are supported. They are
4638
4659
[printers]</a> section.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printing</code></em> = <code class="literal">Depends on the operating system, see
4639
4660
<code class="literal">testparm -v.</code></code>
4640
4661
</em></span>
4641
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556910"></a>
4662
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557078"></a>
4642
4663
4643
4664
printjob username (S)
4644
</h3></div></div></div><a class="indexterm" name="id2556911"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be
4665
</h3></div></div></div><a class="indexterm" name="id2557079"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be
4645
4666
passed to the printing system. Usually, the username is sent,
4646
4667
but in some cases, e.g. the domain prefix is useful, too.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%U</code>
4647
4668
</em></span>
4648
4669
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%D\%U</code>
4649
4670
</em></span>
4650
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556972"></a>
4671
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557139"></a>
4651
4672
4652
4673
private dir (G)
4653
</h3></div></div></div><a class="indexterm" name="id2556973"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory
4674
</h3></div></div></div><a class="indexterm" name="id2557140"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory
4654
4675
smbd will use for storing such files as <code class="filename">smbpasswd</code>
4655
4676
and <code class="filename">secrets.tdb</code>.
4656
4677
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>private dir</code></em> = <code class="literal">${prefix}/private</code>
4657
4678
</em></span>
4658
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557026"></a>
4679
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557193"></a>
4659
4680
4660
4681
profile acls (S)
4661
</h3></div></div></div><a class="indexterm" name="id2557027"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4682
</h3></div></div></div><a class="indexterm" name="id2557194"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4662
4683
This boolean parameter was added to fix the problems that people have been
4663
4684
having with storing user profiles on Samba shares from Windows 2000 or
4664
4685
Windows XP clients. New versions of Windows 2000 or Windows XP service
4686
4707
tree to the owning user.
4687
4708
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>profile acls</code></em> = <code class="literal">no</code>
4688
4709
</em></span>
4689
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557098"></a>
4710
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557277"></a>
4690
4711
4691
4712
queuepause command (S)
4692
</h3></div></div></div><a class="indexterm" name="id2557100"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4713
</h3></div></div></div><a class="indexterm" name="id2557278"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4693
4714
executed on the server host in order to pause the printer queue.</p><p>This command should be a program or script which takes
4694
4715
a printer name as its only parameter and stops the printer queue,
4695
4716
such that no longer jobs are submitted to the printer.</p><p>This command is not supported by Windows for Workgroups,
4700
4721
path in the command as the PATH may not be available to the
4701
4722
server.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queuepause command</code></em> = <code class="literal">disable %p</code>
4702
4723
</em></span>
4703
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557175"></a>
4724
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557354"></a>
4704
4725
4705
4726
queueresume command (S)
4706
</h3></div></div></div><a class="indexterm" name="id2557176"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4727
</h3></div></div></div><a class="indexterm" name="id2557355"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4707
4728
executed on the server host in order to resume the printer queue. It
4708
4729
is the command to undo the behavior that is caused by the
4709
4730
previous parameter (<a class="link" href="smb.conf.5.html#QUEUEPAUSECOMMAND" target="_top">queuepause command</a>).</p><p>This command should be a program or script which takes
4718
4739
</em></span>
4719
4740
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queueresume command</code></em> = <code class="literal">enable %p</code>
4720
4741
</em></span>
4721
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557278"></a>
4742
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557457"></a>
4722
4743
4723
4744
read list (S)
4724
</h3></div></div></div><a class="indexterm" name="id2557279"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
4745
</h3></div></div></div><a class="indexterm" name="id2557458"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
4725
4746
This is a list of users that are given read-only access to a service. If the connecting user is in this list
4726
4747
then they will not be given write access, no matter what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set
4727
4748
to. The list can include group names using the syntax described in the <a class="link" href="smb.conf.5.html#INVALIDUSERS" target="_top">invalid users</a>
4731
4752
</em></span>
4732
4753
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> = <code class="literal">mary, @students</code>
4733
4754
</em></span>
4734
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557378"></a>
4755
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557556"></a>
4735
4756
4736
4757
read only (S)
4737
</h3></div></div></div><a class="indexterm" name="id2557379"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users
4758
</h3></div></div></div><a class="indexterm" name="id2557558"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users
4738
4759
of a service may not create or modify files in the service's
4739
4760
directory.</p><p>Note that a printable service (<code class="literal">printable = yes</code>)
4740
4761
will <span class="emphasis"><em>ALWAYS</em></span> allow writing to the directory
4741
4762
(user privileges permitting), but only via spooling operations.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read only</code></em> = <code class="literal">yes</code>
4742
4763
</em></span>
4743
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557455"></a>
4764
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557633"></a>
4744
4765
4745
4766
read raw (G)
4746
</h3></div></div></div><a class="indexterm" name="id2557456"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
4767
</h3></div></div></div><a class="indexterm" name="id2557634"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
4747
4768
will support the raw read SMB requests when transferring data
4748
4769
to clients.</p><p>If enabled, raw reads allow reads of 65535 bytes in
4749
4770
one packet. This typically provides a major performance benefit.
4752
4773
sizes, and for these clients you may need to disable raw reads.</p><p>In general this parameter should be viewed as a system tuning
4753
4774
tool and left severely alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read raw</code></em> = <code class="literal">yes</code>
4754
4775
</em></span>
4755
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557515"></a>
4776
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557693"></a>
4756
4777
4757
4778
realm (G)
4758
</h3></div></div></div><a class="indexterm" name="id2557516"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is
4779
</h3></div></div></div><a class="indexterm" name="id2557694"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is
4759
4780
used as the ADS equivalent of the NT4 <code class="literal">domain</code>. It
4760
4781
is usually set to the DNS name of the kerberos server.
4761
4782
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>realm</code></em> = <code class="literal"></code>
4762
4783
</em></span>
4763
4784
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>realm</code></em> = <code class="literal">mysambabox.mycompany.com</code>
4764
4785
</em></span>
4765
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557580"></a>
4786
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557758"></a>
4766
4787
4767
4788
registry shares (G)
4768
</h3></div></div></div><a class="indexterm" name="id2557581"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>
4789
</h3></div></div></div><a class="indexterm" name="id2557759"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>
4769
4790
This turns on or off support for share definitions read from
4770
4791
registry. Shares defined in <span class="emphasis"><em>smb.conf</em></span> take
4771
4792
precedence over shares with the same name defined in
4780
4801
</em></span>
4781
4802
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>registry shares</code></em> = <code class="literal">yes</code>
4782
4803
</em></span>
4783
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557666"></a>
4804
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557845"></a>
4784
4805
4785
4806
remote announce (G)
4786
</h3></div></div></div><a class="indexterm" name="id2557667"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4787
This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>to periodically announce itself
4807
</h3></div></div></div><a class="indexterm" name="id2557846"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4808
This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically announce itself
4788
4809
to arbitrary IP addresses with an arbitrary workgroup name.
4789
4810
</p><p>
4790
4811
This is useful if you want your Samba server to appear in a remote workgroup for
4797
4818
</pre><p>
4798
4819
the above line would cause <code class="literal">nmbd</code> to announce itself
4799
4820
to the two given IP addresses using the given workgroup names. If you leave out the
4800
workgroup name then the one given in the <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> parameter
4821
workgroup name, then the one given in the <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> parameter
4801
4822
is used instead.
4802
4823
</p><p>
4803
4824
The IP addresses you choose would normally be the broadcast addresses of the remote
4807
4828
See the chapter on Network Browsing in the Samba-HOWTO book.
4808
4829
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote announce</code></em> = <code class="literal"></code>
4809
4830
</em></span>
4810
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557771"></a>
4831
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557950"></a>
4811
4832
4812
4833
remote browse sync (G)
4813
</h3></div></div></div><a class="indexterm" name="id2557772"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4834
</h3></div></div></div><a class="indexterm" name="id2557951"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4814
4835
This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically request
4815
4836
synchronization of browse lists with the master browser of a Samba
4816
4837
server that is on a remote segment. This option will allow you to
4842
4863
each network has its own WINS server.
4843
4864
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote browse sync</code></em> = <code class="literal"></code>
4844
4865
</em></span>
4845
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557884"></a>
4866
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558063"></a>
4846
4867
4847
4868
rename user script (G)
4848
</h3></div></div></div><a class="indexterm" name="id2557885"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4869
</h3></div></div></div><a class="indexterm" name="id2558064"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4849
4870
This is the full pathname to a script that will be run as root by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> under special circumstances described below.
4850
4871
</p><p>
4851
4872
When a user with admin authority or SeAddUserPrivilege rights renames a user (e.g.: from the NT4 User Manager
4863
4884
needs to change for other applications using the same directory.
4864
4885
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>rename user script</code></em> = <code class="literal">no</code>
4865
4886
</em></span>
4866
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557974"></a>
4887
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558153"></a>
4867
4888
4868
4889
reset on zero vc (G)
4869
</h3></div></div></div><a class="indexterm" name="id2557975"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4890
</h3></div></div></div><a class="indexterm" name="id2558154"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4870
4891
This boolean option controls whether an incoming session setup
4871
4892
should kill other connections coming from the same IP. This matches
4872
4893
the default Windows 2003 behaviour.
4885
4906
4886
4907
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>reset on zero vc</code></em> = <code class="literal">no</code>
4887
4908
</em></span>
4888
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558027"></a>
4909
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558206"></a>
4889
4910
4890
4911
restrict anonymous (G)
4891
</h3></div></div></div><a class="indexterm" name="id2558028"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and
4912
</h3></div></div></div><a class="indexterm" name="id2558207"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and
4892
4913
group list information is returned for an anonymous connection.
4893
4914
and mirrors the effects of the
4894
4915
</p><pre class="programlisting">
4911
4932
by setting <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok = yes</a> on any share.
4912
4933
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>restrict anonymous</code></em> = <code class="literal">0</code>
4913
4934
</em></span>
4914
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558111"></a>
4935
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558290"></a>
4915
4936
4916
4937
<a name="ROOT"></a>root
4917
</h3></div></div></div><a class="indexterm" name="id2558112"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558144"></a>
4938
</h3></div></div></div><a class="indexterm" name="id2558291"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558323"></a>
4918
4939
4919
4940
<a name="ROOTDIR"></a>root dir
4920
</h3></div></div></div><a class="indexterm" name="id2558145"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558176"></a>
4941
</h3></div></div></div><a class="indexterm" name="id2558324"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558355"></a>
4921
4942
4922
4943
root directory (G)
4923
</h3></div></div></div><a class="indexterm" name="id2558177"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.
4944
</h3></div></div></div><a class="indexterm" name="id2558356"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.
4924
4945
Change its root directory) to this directory on startup. This is
4925
4946
not strictly necessary for secure operation. Even without it the
4926
4947
server will deny access to files not in one of the service entries.
4943
4964
</em></span>
4944
4965
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>root directory</code></em> = <code class="literal">/homes/smb</code>
4945
4966
</em></span>
4946
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558307"></a>
4967
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558479"></a>
4947
4968
4948
4969
root postexec (S)
4949
</h3></div></div></div><a class="indexterm" name="id2558308"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4970
</h3></div></div></div><a class="indexterm" name="id2558480"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4950
4971
This is the same as the <em class="parameter"><code>postexec</code></em>
4951
4972
parameter except that the command is run as root. This is useful for
4952
4973
unmounting filesystems (such as CDROMs) after a connection is closed.
4953
4974
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root postexec</code></em> = <code class="literal"></code>
4954
4975
</em></span>
4955
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558356"></a>
4976
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558527"></a>
4956
4977
4957
4978
root preexec close (S)
4958
</h3></div></div></div><a class="indexterm" name="id2558357"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close
4979
</h3></div></div></div><a class="indexterm" name="id2558528"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close
4959
4980
</code></em> parameter except that the command is run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec close</code></em> = <code class="literal">no</code>
4960
4981
</em></span>
4961
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558404"></a>
4982
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558576"></a>
4962
4983
4963
4984
root preexec (S)
4964
</h3></div></div></div><a class="indexterm" name="id2558405"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4985
</h3></div></div></div><a class="indexterm" name="id2558577"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4965
4986
This is the same as the <em class="parameter"><code>preexec</code></em>
4966
4987
parameter except that the command is run as root. This is useful for
4967
4988
mounting filesystems (such as CDROMs) when a connection is opened.
4968
4989
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec</code></em> = <code class="literal"></code>
4969
4990
</em></span>
4970
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558452"></a>
4991
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558624"></a>
4971
4992
4972
4993
security mask (S)
4973
</h3></div></div></div><a class="indexterm" name="id2558453"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
4994
</h3></div></div></div><a class="indexterm" name="id2558625"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
4974
4995
This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the
4975
4996
UNIX permission on a file using the native NT security dialog box.
4976
4997
</p><p>
4989
5010
</em></span>
4990
5011
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security mask</code></em> = <code class="literal">0770</code>
4991
5012
</em></span>
4992
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558559"></a>
5013
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558730"></a>
4993
5014
4994
5015
security (G)
4995
</h3></div></div></div><a class="indexterm" name="id2558560"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to
5016
</h3></div></div></div><a class="indexterm" name="id2558732"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to
4996
5017
Samba and is one of the most important settings in the <code class="filename">
4997
5018
smb.conf</code> file.</p><p>The option sets the "security mode bit" in replies to
4998
5019
protocol negotiations with <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to turn share level security on or off. Clients decide
5016
5037
want to mainly setup shares without a password (guest shares). This
5017
5038
is commonly used for a shared printer server. It is more difficult
5018
5039
to setup guest shares with <code class="literal">security = user</code>, see
5019
the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a>parameter for details.</p><p>It is possible to use <code class="literal">smbd</code> in a <span class="emphasis"><em>
5040
the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details.</p><p>It is possible to use <code class="literal">smbd</code> in a <span class="emphasis"><em>
5020
5041
hybrid mode</em></span> where it is offers both user and share
5021
level security under different <a class="link" href="smb.conf.5.html#NETBIOSALIASES" target="_top">NetBIOS aliases</a>. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><p>When clients connect to a share level security server they
5042
level security under different <a class="link" href="smb.conf.5.html#NETBIOSALIASES" target="_top">NetBIOS aliases</a>. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><p>When clients connect to a share level security server, they
5022
5043
need not log onto the server with a valid username and password before
5023
5044
attempting to connect to a shared resource (although modern clients
5024
5045
such as Windows 95/98 and Windows NT will send a logon request with
5098
5119
there is no way to reestablish it, and futher authentications to the
5099
5120
Samba server may fail (from a single client, till it disconnects).
5100
5121
</p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>From the client's point of
5101
view <code class="literal">security = server</code> is the
5122
view, <code class="literal">security = server</code> is the
5102
5123
same as <code class="literal">security = user</code>. It
5103
5124
only affects how the server deals with the authentication, it does
5104
5125
not in any way affect what the client sees.</p></div><p><span class="emphasis"><em>Note</em></span> that the name of the resource being
5116
5137
</em></span>
5117
5138
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security</code></em> = <code class="literal">DOMAIN</code>
5118
5139
</em></span>
5119
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559437"></a>
5140
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559615"></a>
5120
5141
5121
5142
server schannel (G)
5122
</h3></div></div></div><a class="indexterm" name="id2559438"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
5143
</h3></div></div></div><a class="indexterm" name="id2559616"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
5123
5144
This controls whether the server offers or even demands the use of the netlogon schannel.
5124
5145
<a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = no</a> does not offer the schannel, <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = auto</a> offers the schannel but does not enforce it, and <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = yes</a> denies access if the client is not able to speak netlogon schannel.
5125
5146
This is only the case for Windows NT4 before SP4.
5126
5147
</p><p>
5127
Please note that with this set to <code class="literal">no</code> you will have to apply the WindowsXP
5148
Please note that with this set to <code class="literal">no</code>, you will have to apply the WindowsXP
5128
5149
<code class="filename">WinXP_SignOrSeal.reg</code> registry patch found in the docs/registry subdirectory of the Samba distribution tarball.
5129
5150
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>server schannel</code></em> = <code class="literal">auto</code>
5130
5151
</em></span>
5131
5152
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server schannel</code></em> = <code class="literal">yes</code>
5132
5153
</em></span>
5133
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559553"></a>
5154
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559731"></a>
5134
5155
5135
5156
server signing (G)
5136
</h3></div></div></div><a class="indexterm" name="id2559554"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the server offers or requires
5137
the client it talks to to use SMB signing. Possible values
5157
</h3></div></div></div><a class="indexterm" name="id2559732"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
5138
5158
are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
5139
5159
and <span class="emphasis"><em>disabled</em></span>.
5140
5160
</p><p>When set to auto, SMB signing is offered, but not enforced.
5141
5161
When set to mandatory, SMB signing is required and if set
5142
5162
to disabled, SMB signing is not offered either.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>server signing</code></em> = <code class="literal">Disabled</code>
5143
5163
</em></span>
5144
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559614"></a>
5164
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559792"></a>
5145
5165
5146
5166
server string (G)
5147
</h3></div></div></div><a class="indexterm" name="id2559615"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print
5167
</h3></div></div></div><a class="indexterm" name="id2559793"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print
5148
5168
manager and next to the IPC connection in <code class="literal">net view</code>. It
5149
5169
can be any string that you wish to show to your users.</p><p>It also sets what will appear in browse lists next
5150
5170
to the machine name.</p><p>A <em class="parameter"><code>%v</code></em> will be replaced with the Samba
5153
5173
</em></span>
5154
5174
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server string</code></em> = <code class="literal">University of GNUs Samba Server</code>
5155
5175
</em></span>
5156
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559706"></a>
5176
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559883"></a>
5157
5177
5158
5178
set directory (S)
5159
</h3></div></div></div><a class="indexterm" name="id2559707"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5179
</h3></div></div></div><a class="indexterm" name="id2559884"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5160
5180
If <code class="literal">set directory = no</code>, then users of the
5161
5181
service may not use the setdir command to change directory.
5162
5182
</p><p>
5165
5185
for details.
5166
5186
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set directory</code></em> = <code class="literal">no</code>
5167
5187
</em></span>
5168
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559766"></a>
5188
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559943"></a>
5169
5189
5170
5190
set primary group script (G)
5171
</h3></div></div></div><a class="indexterm" name="id2559767"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a
5191
</h3></div></div></div><a class="indexterm" name="id2559944"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a
5172
5192
primary group in addition to the auxiliary groups. This script
5173
5193
sets the primary group in the unix userdatase when an
5174
5194
administrator sets the primary group from the windows user
5180
5200
</em></span>
5181
5201
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set primary group script</code></em> = <code class="literal">/usr/sbin/usermod -g '%g' '%u'</code>
5182
5202
</em></span>
5183
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559848"></a>
5203
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560025"></a>
5184
5204
5185
5205
set quota command (G)
5186
</h3></div></div></div><a class="indexterm" name="id2559849"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used
5206
</h3></div></div></div><a class="indexterm" name="id2560026"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used
5187
5207
whenever there is no operating system API available from the OS that
5188
5208
samba can use.</p><p>This option is only available if Samba was configured with the argument <code class="literal">--with-sys-quotas</code> or
5189
5209
on linux when <code class="literal">./configure --with-quotas</code> was used and a working quota api
5193
5213
</em></span>
5194
5214
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal">/usr/local/sbin/set_quota</code>
5195
5215
</em></span>
5196
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560011"></a>
5216
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560188"></a>
5197
5217
5198
5218
share modes (S)
5199
</h3></div></div></div><a class="indexterm" name="id2560012"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of
5219
</h3></div></div></div><a class="indexterm" name="id2560189"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of
5200
5220
the <em class="parameter"><code>share modes</code></em> during a file open. These
5201
5221
modes are used by clients to gain exclusive read or write access
5202
5222
to a file.</p><p>This is a deprecated option from old versions of
5208
5228
by default.</p><p>You should <span class="emphasis"><em>NEVER</em></span> turn this parameter
5209
5229
off as many Windows applications will break if you do so.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>share modes</code></em> = <code class="literal">yes</code>
5210
5230
</em></span>
5211
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560088"></a>
5231
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560265"></a>
5212
5232
5213
5233
short preserve case (S)
5214
</h3></div></div></div><a class="indexterm" name="id2560089"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
5234
</h3></div></div></div><a class="indexterm" name="id2560266"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
5215
5235
This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of
5216
5236
suitable length, are created upper case, or if they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>.
5217
5237
This option can be use with <a class="link" href="smb.conf.5.html#PRESERVECASE" target="_top">preserve case = yes</a> to permit long filenames
5218
5238
to retain their case, while short names are lowered.
5219
5239
</p><p>See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>short preserve case</code></em> = <code class="literal">yes</code>
5220
5240
</em></span>
5221
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560167"></a>
5241
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560345"></a>
5222
5242
5223
5243
show add printer wizard (G)
5224
</h3></div></div></div><a class="indexterm" name="id2560168"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support
5244
</h3></div></div></div><a class="indexterm" name="id2560346"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support
5225
5245
for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will
5226
5246
appear on Samba hosts in the share listing. Normally this folder will
5227
5247
contain an icon for the MS Add Printer Wizard (APW). However, it is
5239
5259
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This does not prevent the same user from having
5240
5260
administrative privilege on an individual printer.</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>show add printer wizard</code></em> = <code class="literal">yes</code>
5241
5261
</em></span>
5242
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560251"></a>
5262
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560428"></a>
5243
5263
5244
5264
shutdown script (G)
5245
</h3></div></div></div><a class="indexterm" name="id2560252"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by
5265
</h3></div></div></div><a class="indexterm" name="id2560429"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by
5246
5266
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that should
5247
5267
start a shutdown procedure.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>,
5248
5268
right, this command will be run as user.</p><p>The %z %t %r %f variables are expanded as follows:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>%z</code></em> will be substituted with the
5267
5287
</em></span>
5268
5288
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>shutdown script</code></em> = <code class="literal">/usr/local/samba/sbin/shutdown %m %t %r %f</code>
5269
5289
</em></span>
5270
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560404"></a>
5290
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560582"></a>
5271
5291
5272
5292
smb encrypt (S)
5273
</h3></div></div></div><a class="indexterm" name="id2560405"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an
5293
</h3></div></div></div><a class="indexterm" name="id2560583"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an
5274
5294
extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions.
5275
5295
SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt
5276
5296
and sign every request/response in a SMB protocol stream. When
5279
5299
to negotiate encryption and signing keys. Currently this is only
5280
5300
supported by Samba 3.2 smbclient, and hopefully soon Linux CIFSFS
5281
5301
and MacOS/X clients. Windows clients do not support this feature.
5282
</p><p>This controls whether the server offers or requires
5283
the client it talks to to use SMB encryption. Possible values
5302
</p><p>This controls whether the remote client is allowed or required to use SMB encryption. Possible values
5284
5303
are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
5285
5304
and <span class="emphasis"><em>disabled</em></span>. This may be set on a per-share
5286
5305
basis, but clients may chose to encrypt the entire session, not
5299
5318
When set to mandatory, SMB encryption is required and if set
5300
5319
to disabled, SMB encryption can not be negotiated.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb encrypt</code></em> = <code class="literal">auto</code>
5301
5320
</em></span>
5302
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560511"></a>
5321
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560688"></a>
5303
5322
5304
5323
smb passwd file (G)
5305
</h3></div></div></div><a class="indexterm" name="id2560512"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By
5324
</h3></div></div></div><a class="indexterm" name="id2560689"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By
5306
5325
default the path to the smbpasswd file is compiled into Samba.</p><p>
5307
5326
An example of use is:
5308
5327
</p><pre class="programlisting">
5310
5329
</pre><p>
5311
5330
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb passwd file</code></em> = <code class="literal">${prefix}/private/smbpasswd</code>
5312
5331
</em></span>
5313
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560564"></a>
5332
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560741"></a>
5314
5333
5315
5334
smb ports (G)
5316
</h3></div></div></div><a class="indexterm" name="id2560565"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>
5335
</h3></div></div></div><a class="indexterm" name="id2560742"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>
5317
5336
</em></span>
5318
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560606"></a>
5337
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560783"></a>
5319
5338
5320
5339
socket address (G)
5321
</h3></div></div></div><a class="indexterm" name="id2560607"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what
5340
</h3></div></div></div><a class="indexterm" name="id2560784"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what
5322
5341
address Samba will listen for connections on. This is used to
5323
5342
support multiple virtual interfaces on the one server, each
5324
5343
with a different configuration.</p><p>Setting this option should never be necessary on usual Samba
5327
5346
</em></span>
5328
5347
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket address</code></em> = <code class="literal">192.168.2.20</code>
5329
5348
</em></span>
5330
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560676"></a>
5349
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560853"></a>
5331
5350
5332
5351
socket options (G)
5333
</h3></div></div></div><a class="indexterm" name="id2560677"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options
5352
</h3></div></div></div><a class="indexterm" name="id2560854"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options
5334
5353
to be used when talking with the client.</p><p>Socket options are controls on the networking layer
5335
5354
of the operating systems which allow the connection to be
5336
5355
tuned.</p><p>This option will typically be used to tune your Samba server
5358
5377
</em></span>
5359
5378
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket options</code></em> = <code class="literal">IPTOS_LOWDELAY</code>
5360
5379
</em></span>
5361
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560887"></a>
5380
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561064"></a>
5362
5381
5363
5382
stat cache (G)
5364
</h3></div></div></div><a class="indexterm" name="id2560888"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to
5383
</h3></div></div></div><a class="indexterm" name="id2561065"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to
5365
5384
speed up case insensitive name mappings. You should never need
5366
5385
to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>stat cache</code></em> = <code class="literal">yes</code>
5367
5386
</em></span>
5368
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560938"></a>
5387
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561115"></a>
5369
5388
5370
5389
store dos attributes (S)
5371
</h3></div></div></div><a class="indexterm" name="id2560939"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>
5390
</h3></div></div></div><a class="indexterm" name="id2561116"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>
5372
5391
If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or
5373
5392
READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such
5374
5393
as occurs with <a class="link" href="smb.conf.5.html#MAPHIDDEN" target="_top">map hidden</a> and <a class="link" href="smb.conf.5.html#MAPREADONLY" target="_top">map readonly</a>). When set, DOS
5380
5399
extended attributes to work, also extended attributes must be compiled into the Linux kernel.
5381
5400
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>store dos attributes</code></em> = <code class="literal">no</code>
5382
5401
</em></span>
5383
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561060"></a>
5402
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561237"></a>
5384
5403
5385
5404
strict allocate (S)
5386
</h3></div></div></div><a class="indexterm" name="id2561061"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of
5405
</h3></div></div></div><a class="indexterm" name="id2561238"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of
5387
5406
disk space allocation in the server. When this is set to <code class="constant">yes</code>
5388
5407
the server will change from UNIX behaviour of not committing real
5389
5408
disk storage blocks when a file is extended to the Windows behaviour
5395
5414
out of quota messages on systems that are restricting the disk quota
5396
5415
of users.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict allocate</code></em> = <code class="literal">no</code>
5397
5416
</em></span>
5398
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561130"></a>
5417
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561307"></a>
5399
5418
5400
5419
strict locking (S)
5401
</h3></div></div></div><a class="indexterm" name="id2561131"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
5420
</h3></div></div></div><a class="indexterm" name="id2561308"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
5402
5421
This is an enumerated type that controls the handling of file locking in the server. When this is set to <code class="constant">yes</code>,
5403
5422
the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on
5404
5423
some systems.
5405
5424
</p><p>
5406
5425
When strict locking is set to Auto (the default), the server performs file lock checks only on non-oplocked files.
5407
5426
As most Windows redirectors perform file locking checks locally on oplocked files this is a good trade off for
5408
inproved performance.
5427
improved performance.
5409
5428
</p><p>
5410
5429
When strict locking is disabled, the server performs file lock checks only when the client explicitly asks for them.
5411
5430
</p><p>
5414
5433
<code class="literal">strict locking = no</code> is acceptable.
5415
5434
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict locking</code></em> = <code class="literal">Auto</code>
5416
5435
</em></span>
5417
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561209"></a>
5436
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561386"></a>
5418
5437
5419
5438
strict sync (S)
5420
</h3></div></div></div><a class="indexterm" name="id2561210"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer
5439
</h3></div></div></div><a class="indexterm" name="id2561388"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer
5421
5440
shell) seem to confuse flushing buffer contents to disk with doing
5422
5441
a sync to disk. Under UNIX, a sync call forces the process to be
5423
5442
suspended until the kernel has ensured that all outstanding data in
5431
5450
addition, this fixes many performance problems that people have
5432
5451
reported with the new Windows98 explorer shell file copies.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict sync</code></em> = <code class="literal">no</code>
5433
5452
</em></span>
5434
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561274"></a>
5453
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561451"></a>
5435
5454
5436
5455
svcctl list (G)
5437
</h3></div></div></div><a class="indexterm" name="id2561275"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd
5456
</h3></div></div></div><a class="indexterm" name="id2561452"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd
5438
5457
will use for starting and stopping Unix services via the Win32
5439
5458
ServiceControl API. This allows Windows administrators to
5440
5459
utilize the MS Management Console plug-ins to manage a
5447
5466
</em></span>
5448
5467
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>svcctl list</code></em> = <code class="literal">cups postfix portmap httpd</code>
5449
5468
</em></span>
5450
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561360"></a>
5469
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561541"></a>
5451
5470
5452
5471
sync always (S)
5453
</h3></div></div></div><a class="indexterm" name="id2561361"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls
5472
</h3></div></div></div><a class="indexterm" name="id2561542"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls
5454
5473
whether writes will always be written to stable storage before
5455
5474
the write call returns. If this is <code class="constant">no</code> then the server will be
5456
5475
guided by the client's request in each write call (clients can
5461
5480
<code class="constant">yes</code> in order for this parameter to have
5462
5481
any affect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>sync always</code></em> = <code class="literal">no</code>
5463
5482
</em></span>
5464
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561430"></a>
5483
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561612"></a>
5465
5484
5466
5485
syslog only (G)
5467
</h3></div></div></div><a class="indexterm" name="id2561432"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5486
</h3></div></div></div><a class="indexterm" name="id2561613"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5468
5487
If this parameter is set then Samba debug messages are logged into the system
5469
5488
syslog only, and not to the debug log files. There still will be some
5470
5489
logging to log.[sn]mbd even if <span class="emphasis"><em>syslog only</em></span> is enabled.
5471
5490
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog only</code></em> = <code class="literal">no</code>
5472
5491
</em></span>
5473
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561478"></a>
5492
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561660"></a>
5474
5493
5475
5494
syslog (G)
5476
</h3></div></div></div><a class="indexterm" name="id2561479"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>
5495
</h3></div></div></div><a class="indexterm" name="id2561661"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>
5477
5496
This parameter maps how Samba debug messages are logged onto the system syslog logging levels.
5478
5497
Samba debug level zero maps onto syslog <code class="constant">LOG_ERR</code>, debug level one maps onto
5479
5498
<code class="constant">LOG_WARNING</code>, debug level two maps onto <code class="constant">LOG_NOTICE</code>,
5484
5503
logging to log.[sn]mbd even if <span class="emphasis"><em>syslog only</em></span> is enabled.
5485
5504
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog</code></em> = <code class="literal">1</code>
5486
5505
</em></span>
5487
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561548"></a>
5506
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561730"></a>
5488
5507
5489
5508
template homedir (G)
5490
</h3></div></div></div><a class="indexterm" name="id2561550"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5509
</h3></div></div></div><a class="indexterm" name="id2561731"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5491
5510
user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this
5492
5511
parameter to fill in the home directory for that user. If the
5493
5512
string <em class="parameter"><code>%D</code></em> is present it
5495
5514
string <em class="parameter"><code>%U</code></em> is present it
5496
5515
is substituted with the user's Windows NT user name.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>template homedir</code></em> = <code class="literal">/home/%D/%U</code>
5497
5516
</em></span>
5498
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561614"></a>
5517
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561796"></a>
5499
5518
5500
5519
template shell (G)
5501
</h3></div></div></div><a class="indexterm" name="id2561615"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5520
</h3></div></div></div><a class="indexterm" name="id2561797"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5502
5521
user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this
5503
parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561653"></a>
5522
parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561835"></a>
5504
5523
5505
5524
time offset (G)
5506
</h3></div></div></div><a class="indexterm" name="id2561654"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add
5525
</h3></div></div></div><a class="indexterm" name="id2561836"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add
5507
5526
to the normal GMT to local time conversion. This is useful if
5508
5527
you are serving a lot of PCs that have incorrect daylight
5509
5528
saving time handling.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">0</code>
5510
5529
</em></span>
5511
5530
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">60</code>
5512
5531
</em></span>
5513
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561713"></a>
5532
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561895"></a>
5514
5533
5515
5534
time server (G)
5516
</h3></div></div></div><a class="indexterm" name="id2561714"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows
5535
</h3></div></div></div><a class="indexterm" name="id2561896"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows
5517
5536
clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time server</code></em> = <code class="literal">no</code>
5518
5537
</em></span>
5519
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561764"></a>
5538
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561945"></a>
5520
5539
5521
5540
unix charset (G)
5522
</h3></div></div></div><a class="indexterm" name="id2561765"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine
5541
</h3></div></div></div><a class="indexterm" name="id2561946"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine
5523
5542
Samba runs on uses. Samba needs to know this in order to be able to
5524
5543
convert text to the charsets other SMB clients use.
5525
5544
</p><p>This is also the charset Samba will use when specifying arguments
5528
5547
</em></span>
5529
5548
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>unix charset</code></em> = <code class="literal">ASCII</code>
5530
5549
</em></span>
5531
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561830"></a>
5550
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562011"></a>
5532
5551
5533
5552
unix extensions (G)
5534
</h3></div></div></div><a class="indexterm" name="id2561831"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5553
</h3></div></div></div><a class="indexterm" name="id2562012"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5535
5554
implments the CIFS UNIX extensions, as defined by HP.
5536
5555
These extensions enable Samba to better serve UNIX CIFS clients
5537
5556
by supporting features such as symbolic links, hard links, etc...
5538
5557
These extensions require a similarly enabled client, and are of
5539
5558
no current use to Windows clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix extensions</code></em> = <code class="literal">yes</code>
5540
5559
</em></span>
5541
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561877"></a>
5560
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562059"></a>
5542
5561
5543
5562
unix password sync (G)
5544
</h3></div></div></div><a class="indexterm" name="id2561878"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5563
</h3></div></div></div><a class="indexterm" name="id2562060"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5545
5564
attempts to synchronize the UNIX password with the SMB password
5546
5565
when the encrypted SMB password in the smbpasswd file is changed.
5547
5566
If this is set to <code class="constant">yes</code> the program specified in the <em class="parameter"><code>passwd
5550
5569
old UNIX password (as the SMB password change code has no
5551
5570
access to the old password cleartext, only the new).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix password sync</code></em> = <code class="literal">no</code>
5552
5571
</em></span>
5553
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561938"></a>
5572
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562120"></a>
5554
5573
5555
5574
update encrypted (G)
5556
</h3></div></div></div><a class="indexterm" name="id2561939"></a><a name="UPDATEENCRYPTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
5575
</h3></div></div></div><a class="indexterm" name="id2562121"></a><a name="UPDATEENCRYPTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
5557
5576
This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed)
5558
5577
password in the smbpasswd file to be updated automatically as they log on. This option allows a site to
5559
5578
migrate from plaintext password authentication (users authenticate with plaintext password over the
5560
wire, and are checked against a UNIX account atabase) to encrypted password authentication (the SMB
5579
wire, and are checked against a UNIX account database) to encrypted password authentication (the SMB
5561
5580
challenge/response authentication mechanism) without forcing all users to re-enter their passwords via
5562
5581
smbpasswd at the time the change is made. This is a convenience option to allow the change over to encrypted
5563
5582
passwords to be made over a longer period. Once all users have encrypted representations of their passwords
5566
5585
In order for this parameter to be operative the <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords</a> parameter must
5567
5586
be set to <code class="constant">no</code>. The default value of <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords = Yes</a>. Note: This must be set to <code class="constant">no</code> for this <a class="link" href="smb.conf.5.html#UPDATEENCRYPTED" target="_top">update encrypted</a> to work.
5568
5587
</p><p>
5569
Note that even when this parameter is set a user authenticating to <code class="literal">smbd</code>
5588
Note that even when this parameter is set, a user authenticating to <code class="literal">smbd</code>
5570
5589
must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd)
5571
5590
passwords.
5572
5591
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>update encrypted</code></em> = <code class="literal">no</code>
5573
5592
</em></span>
5574
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562056"></a>
5593
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562239"></a>
5575
5594
5576
5595
use client driver (S)
5577
</h3></div></div></div><a class="indexterm" name="id2562058"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/2000
5596
</h3></div></div></div><a class="indexterm" name="id2562240"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/2000
5578
5597
clients. It has no effect on Windows 95/98/ME clients. When
5579
5598
serving a printer to Windows NT/2000 clients without first installing
5580
5599
a valid printer driver on the Samba host, the client will be required
5595
5614
printed). </p><p>If this parameter is enabled for a printer, then any attempt
5596
5615
to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped
5597
5616
to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx()
5598
call to succeed. <span class="emphasis"><em>This parameter MUST not be able enabled
5617
call to succeed. <span class="emphasis"><em>This parameter MUST not be enabled
5599
5618
on a print share which has valid print driver installed on the Samba
5600
5619
server.</em></span></p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use client driver</code></em> = <code class="literal">no</code>
5601
5620
</em></span>
5602
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562137"></a>
5621
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562320"></a>
5603
5622
5604
5623
use kerberos keytab (G)
5605
</h3></div></div></div><a class="indexterm" name="id2562138"></a><a name="USEKERBEROSKEYTAB"></a><div class="variablelist"><dl><dt></dt><dd><p>
5624
</h3></div></div></div><a class="indexterm" name="id2562321"></a><a name="USEKERBEROSKEYTAB"></a><div class="variablelist"><dl><dt></dt><dd><p>
5606
5625
Specifies whether Samba should attempt to maintain service principals in the systems
5607
5626
keytab file for <code class="constant">host/FQDN</code> and <code class="constant">cifs/FQDN</code>.
5608
5627
</p><p>
5614
5633
</pre><p>
5615
5634
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use kerberos keytab</code></em> = <code class="literal">False</code>
5616
5635
</em></span>
5617
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562206"></a>
5636
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562388"></a>
5618
5637
5619
5638
use mmap (G)
5620
</h3></div></div></div><a class="indexterm" name="id2562207"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can
5639
</h3></div></div></div><a class="indexterm" name="id2562389"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can
5621
5640
depend on mmap working correctly on the running system. Samba requires a coherent
5622
5641
mmap/read-write system memory cache. Currently only HPUX does not have such a
5623
5642
coherent cache, and so this parameter is set to <code class="constant">no</code> by
5626
5645
the tdb internal code.
5627
5646
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use mmap</code></em> = <code class="literal">yes</code>
5628
5647
</em></span>
5629
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562258"></a>
5648
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562440"></a>
5630
5649
5631
5650
username level (G)
5632
</h3></div></div></div><a class="indexterm" name="id2562259"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at
5651
</h3></div></div></div><a class="indexterm" name="id2562441"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at
5633
5652
the real UNIX username, as many DOS clients send an all-uppercase
5634
5653
username. By default Samba tries all lowercase, followed by the
5635
5654
username with the first letter capitalized, and fails if the
5644
5663
</em></span>
5645
5664
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username level</code></em> = <code class="literal">5</code>
5646
5665
</em></span>
5647
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562340"></a>
5666
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562522"></a>
5648
5667
5649
5668
username map script (G)
5650
</h3></div></div></div><a class="indexterm" name="id2562341"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the
5669
</h3></div></div></div><a class="indexterm" name="id2562523"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the
5651
5670
<a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a> parameter. This parameter
5652
5671
specifies and external program or script that must accept a single
5653
5672
command line option (the username transmitted in the authentication
5658
5677
</em></span>
5659
5678
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username map script</code></em> = <code class="literal">/etc/samba/scripts/mapusers.sh</code>
5660
5679
</em></span>
5661
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562416"></a>
5680
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562599"></a>
5662
5681
5663
5682
username map (G)
5664
</h3></div></div></div><a class="indexterm" name="id2562418"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
5683
</h3></div></div></div><a class="indexterm" name="id2562600"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
5665
5684
This option allows you to specify a file containing a mapping of usernames from the clients to the server.
5666
5685
This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows
5667
5686
machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they
5745
5764
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>username map</code></em> = <code class="literal">
5746
5765
# no username map</code>
5747
5766
</em></span>
5748
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562703"></a>
5767
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562878"></a>
5749
5768
5750
5769
<a name="USER"></a>user
5751
</h3></div></div></div><a class="indexterm" name="id2562704"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562735"></a>
5770
</h3></div></div></div><a class="indexterm" name="id2562880"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562910"></a>
5752
5771
5753
5772
<a name="USERS"></a>users
5754
</h3></div></div></div><a class="indexterm" name="id2562736"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562767"></a>
5773
</h3></div></div></div><a class="indexterm" name="id2562912"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562942"></a>
5755
5774
5756
5775
username (S)
5757
</h3></div></div></div><a class="indexterm" name="id2562768"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited
5776
</h3></div></div></div><a class="indexterm" name="id2562943"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited
5758
5777
list, in which case the supplied password will be tested against
5759
5778
each username in turn (left to right).</p><p>The <em class="parameter"><code>username</code></em> line is needed only when
5760
5779
the PC is unable to supply its own username. This is the case
5792
5811
</em></span>
5793
5812
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username</code></em> = <code class="literal">fred, mary, jack, jane, @users, @pcgroup</code>
5794
5813
</em></span>
5795
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562937"></a>
5814
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563112"></a>
5796
5815
5797
5816
usershare allow guests (G)
5798
</h3></div></div></div><a class="indexterm" name="id2562938"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed
5817
</h3></div></div></div><a class="indexterm" name="id2563114"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed
5799
5818
to be accessed by non-authenticated users or not. It is the equivalent
5800
5819
of allowing people who can create a share the option of setting
5801
5820
<em class="parameter"><code>guest ok = yes</code></em> in a share
5802
definition. Due to the security sensitive nature of this the default
5821
definition. Due to its security sensitive nature, the default
5803
5822
is set to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare allow guests</code></em> = <code class="literal">no</code>
5804
5823
</em></span>
5805
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562990"></a>
5824
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563165"></a>
5806
5825
5807
5826
usershare max shares (G)
5808
</h3></div></div></div><a class="indexterm" name="id2562991"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares
5827
</h3></div></div></div><a class="indexterm" name="id2563166"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares
5809
5828
that are allowed to be created by users belonging to the group owning the
5810
5829
usershare directory. If set to zero (the default) user defined shares are ignored.
5811
5830
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare max shares</code></em> = <code class="literal">0</code>
5812
5831
</em></span>
5813
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563035"></a>
5832
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563210"></a>
5814
5833
5815
5834
usershare owner only (G)
5816
</h3></div></div></div><a class="indexterm" name="id2563036"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by
5835
</h3></div></div></div><a class="indexterm" name="id2563211"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by
5817
5836
a user defined shares must be owned by the user creating the
5818
5837
user defined share or not. If set to True (the default) then
5819
5838
smbd checks that the directory path being shared is owned by
5823
5842
regardless of who owns it.
5824
5843
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare owner only</code></em> = <code class="literal">True</code>
5825
5844
</em></span>
5826
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563085"></a>
5845
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563268"></a>
5827
5846
5828
5847
usershare path (G)
5829
</h3></div></div></div><a class="indexterm" name="id2563086"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the
5848
</h3></div></div></div><a class="indexterm" name="id2563269"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the
5830
5849
filesystem used to store the user defined share definition files.
5831
5850
This directory must be owned by root, and have no access for
5832
5851
other, and be writable only by the group owner. In addition the
5847
5866
In this case, only members of the group "power_users" can create user defined shares.
5848
5867
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare path</code></em> = <code class="literal">NULL</code>
5849
5868
</em></span>
5850
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563156"></a>
5869
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563339"></a>
5851
5870
5852
5871
usershare prefix allow list (G)
5853
</h3></div></div></div><a class="indexterm" name="id2563157"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
5872
</h3></div></div></div><a class="indexterm" name="id2563340"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
5854
5873
the root of which are allowed to be exported by user defined share definitions.
5855
If the pathname exported doesn't start with one of the strings in this
5856
list the user defined share will not be allowed. This allows the Samba
5874
If the pathname to be exported doesn't start with one of the strings in this
5875
list, the user defined share will not be allowed. This allows the Samba
5857
5876
administrator to restrict the directories on the system that can be
5858
5877
exported by user defined shares.
5859
5878
</p><p>
5865
5884
</em></span>
5866
5885
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix allow list</code></em> = <code class="literal">/home /data /space</code>
5867
5886
</em></span>
5868
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563228"></a>
5887
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563411"></a>
5869
5888
5870
5889
usershare prefix deny list (G)
5871
</h3></div></div></div><a class="indexterm" name="id2563230"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
5890
</h3></div></div></div><a class="indexterm" name="id2563412"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
5872
5891
the root of which are NOT allowed to be exported by user defined share definitions.
5873
5892
If the pathname exported starts with one of the strings in this
5874
5893
list the user defined share will not be allowed. Any pathname not
5884
5903
</em></span>
5885
5904
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix deny list</code></em> = <code class="literal">/etc /dev /private</code>
5886
5905
</em></span>
5887
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563303"></a>
5906
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563486"></a>
5888
5907
5889
5908
usershare template share (G)
5890
</h3></div></div></div><a class="indexterm" name="id2563304"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters
5891
such as path, guest ok etc. This parameter allows usershares to
5909
</h3></div></div></div><a class="indexterm" name="id2563487"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters
5910
such as path, guest ok, etc. This parameter allows usershares to
5892
5911
"cloned" from an existing share. If "usershare template share"
5893
5912
is set to the name of an existing share, then all usershares
5894
5913
created have their defaults set from the parameters set on this
5902
5921
</em></span>
5903
5922
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare template share</code></em> = <code class="literal">template_share</code>
5904
5923
</em></span>
5905
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563376"></a>
5924
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563559"></a>
5906
5925
5907
5926
use sendfile (S)
5908
</h3></div></div></div><a class="indexterm" name="id2563377"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>
5927
</h3></div></div></div><a class="indexterm" name="id2563560"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>
5909
5928
system call is supported by the underlying operating system, then some SMB read calls
5910
5929
(mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that
5911
5930
are exclusively oplocked. This may make more efficient use of the system CPU's
5914
5933
Windows 9x (using sendfile from Linux will cause these clients to fail).
5915
5934
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use sendfile</code></em> = <code class="literal">false</code>
5916
5935
</em></span>
5917
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563433"></a>
5936
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563616"></a>
5918
5937
5919
5938
use spnego (G)
5920
</h3></div></div></div><a class="indexterm" name="id2563434"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This variable controls controls whether samba will try
5939
</h3></div></div></div><a class="indexterm" name="id2563618"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This variable controls controls whether samba will try
5921
5940
to use Simple and Protected NEGOciation (as specified by rfc2478) with
5922
5941
WindowsXP and Windows2000 clients to agree upon an authentication mechanism.
5923
5942
</p><p>
5925
5944
implementation, there is no reason this should ever be
5926
5945
disabled.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use spnego</code></em> = <code class="literal">yes</code>
5927
5946
</em></span>
5928
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563483"></a>
5947
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563666"></a>
5929
5948
5930
5949
utmp directory (G)
5931
</h3></div></div></div><a class="indexterm" name="id2563484"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has
5950
</h3></div></div></div><a class="indexterm" name="id2563667"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has
5932
5951
been configured and compiled with the option <code class="literal">
5933
5952
--with-utmp</code>. It specifies a directory pathname that is
5934
5953
used to store the utmp or utmpx files (depending on the UNIX system) that
5940
5959
</em></span>
5941
5960
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>utmp directory</code></em> = <code class="literal">/var/run/utmp</code>
5942
5961
</em></span>
5943
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563561"></a>
5962
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563744"></a>
5944
5963
5945
5964
utmp (G)
5946
</h3></div></div></div><a class="indexterm" name="id2563562"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
5965
</h3></div></div></div><a class="indexterm" name="id2563745"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
5947
5966
This boolean parameter is only available if Samba has been configured and compiled
5948
5967
with the option <code class="literal">--with-utmp</code>. If set to
5949
5968
<code class="constant">yes</code> then Samba will attempt to add utmp or utmpx records
5955
5974
to find this number. This may impede performance on large installations.
5956
5975
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>utmp</code></em> = <code class="literal">no</code>
5957
5976
</em></span>
5958
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563624"></a>
5977
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563807"></a>
5959
5978
5960
5979
valid users (S)
5961
</h3></div></div></div><a class="indexterm" name="id2563625"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>
5980
</h3></div></div></div><a class="indexterm" name="id2563808"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>
5962
5981
This is a list of users that should be allowed to login to this service. Names starting with
5963
5982
'@', '+' and '&' are interpreted using the same rules as described in the
5964
5983
<em class="parameter"><code>invalid users</code></em> parameter.
5974
5993
</em></span>
5975
5994
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>valid users</code></em> = <code class="literal">greg, @pcusers</code>
5976
5995
</em></span>
5977
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563715"></a>
5996
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563898"></a>
5978
5997
5979
5998
-valid (S)
5980
</h3></div></div></div><a class="indexterm" name="id2563716"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is
5999
</h3></div></div></div><a class="indexterm" name="id2563899"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is
5981
6000
valid and thus can be used. When this parameter is set to false,
5982
6001
the share will be in no way visible nor accessible.
5983
6002
</p><p>
5986
6005
Samba uses this option internally to mark shares as deleted.
5987
6006
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>-valid</code></em> = <code class="literal">yes</code>
5988
6007
</em></span>
5989
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563765"></a>
6008
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563948"></a>
5990
6009
5991
6010
veto files (S)
5992
</h3></div></div></div><a class="indexterm" name="id2563766"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
6011
</h3></div></div></div><a class="indexterm" name="id2563949"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
5993
6012
This is a list of files and directories that are neither visible nor accessible. Each entry in
5994
6013
the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?'
5995
6014
can be used to specify multiple files or directories as in DOS wildcards.
6020
6039
</pre><p>
6021
6040
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>veto files</code></em> = <code class="literal">No files or directories are vetoed.</code>
6022
6041
</em></span>
6023
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563883"></a>
6042
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564066"></a>
6024
6043
6025
6044
veto oplock files (S)
6026
</h3></div></div></div><a class="indexterm" name="id2563884"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
6045
</h3></div></div></div><a class="indexterm" name="id2564068"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
6027
6046
This parameter is only valid when the <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
6028
6047
parameter is turned on for a share. It allows the Samba administrator
6029
6048
to selectively turn off the granting of oplocks on selected files that
6044
6063
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>veto oplock files</code></em> = <code class="literal">
6045
6064
# No files are vetoed for oplock grants</code>
6046
6065
</em></span>
6047
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563976"></a>
6066
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564160"></a>
6048
6067
6049
6068
<a name="VFSOBJECT"></a>vfs object
6050
</h3></div></div></div><a class="indexterm" name="id2563978"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564008"></a>
6069
</h3></div></div></div><a class="indexterm" name="id2564161"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564192"></a>
6051
6070
6052
6071
vfs objects (S)
6053
</h3></div></div></div><a class="indexterm" name="id2564010"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which
6072
</h3></div></div></div><a class="indexterm" name="id2564193"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which
6054
6073
are used for Samba VFS I/O operations. By default, normal
6055
6074
disk I/O operations are used but these can be overloaded
6056
6075
with one or more VFS objects. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>vfs objects</code></em> = <code class="literal"></code>
6057
6076
</em></span>
6058
6077
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>vfs objects</code></em> = <code class="literal">extd_audit recycle</code>
6059
6078
</em></span>
6060
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564068"></a>
6079
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564252"></a>
6061
6080
6062
6081
volume (S)
6063
</h3></div></div></div><a class="indexterm" name="id2564070"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label
6082
</h3></div></div></div><a class="indexterm" name="id2564253"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label
6064
6083
returned for a share. Useful for CDROMs with installation programs
6065
6084
that insist on a particular volume label.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>volume</code></em> = <code class="literal">
6066
6085
# the name of the share</code>
6067
6086
</em></span>
6068
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564112"></a>
6087
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564295"></a>
6069
6088
6070
6089
wide links (S)
6071
</h3></div></div></div><a class="indexterm" name="id2564113"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links
6090
</h3></div></div></div><a class="indexterm" name="id2564296"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links
6072
6091
in the UNIX file system may be followed by the server. Links
6073
6092
that point to areas within the directory tree exported by the
6074
6093
server are always allowed; this parameter controls access only
6076
6095
effect on your server performance due to the extra system calls
6077
6096
that Samba has to do in order to perform the link checks.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wide links</code></em> = <code class="literal">yes</code>
6078
6097
</em></span>
6079
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564164"></a>
6098
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564347"></a>
6080
6099
6081
6100
winbind cache time (G)
6082
</h3></div></div></div><a class="indexterm" name="id2564165"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6101
</h3></div></div></div><a class="indexterm" name="id2564348"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6083
6102
seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will cache
6084
6103
user and group information before querying a Windows NT server
6085
6104
again.</p><p>
6087
6106
evaluated in real time unless the <a class="link" href="smb.conf.5.html#WINBINDOFFLINELOGON" target="_top">winbind offline logon</a> option has been enabled.
6088
6107
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind cache time</code></em> = <code class="literal">300</code>
6089
6108
</em></span>
6090
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564236"></a>
6109
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564419"></a>
6091
6110
6092
6111
winbind enum groups (G)
6093
</h3></div></div></div><a class="indexterm" name="id2564237"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
6112
</h3></div></div></div><a class="indexterm" name="id2564420"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
6094
6113
the enumeration of groups through the <code class="literal">setgrent()</code>,
6095
6114
<code class="literal">getgrent()</code> and
6096
6115
<code class="literal">endgrent()</code> group of system calls. If
6098
6117
<code class="constant">no</code>, calls to the <code class="literal">getgrent()</code> system
6099
6118
call will not return any data. </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off group enumeration may cause some programs to behave oddly. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum groups</code></em> = <code class="literal">no</code>
6100
6119
</em></span>
6101
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564326"></a>
6120
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564510"></a>
6102
6121
6103
6122
winbind enum users (G)
6104
</h3></div></div></div><a class="indexterm" name="id2564328"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be
6123
</h3></div></div></div><a class="indexterm" name="id2564511"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be
6105
6124
necessary to suppress the enumeration of users through the <code class="literal">setpwent()</code>,
6106
6125
<code class="literal">getpwent()</code> and
6107
6126
<code class="literal">endpwent()</code> group of system calls. If
6113
6132
full user list when searching for matching
6114
6133
usernames. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum users</code></em> = <code class="literal">no</code>
6115
6134
</em></span>
6116
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564420"></a>
6135
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564603"></a>
6117
6136
6118
6137
winbind expand groups (G)
6119
</h3></div></div></div><a class="indexterm" name="id2564421"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd
6138
</h3></div></div></div><a class="indexterm" name="id2564604"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd
6120
6139
will traverse when flattening nested group memberships
6121
6140
of Windows domain groups. This is different from the
6122
6141
<a class="link" href="smb.conf.5.html#WINBINDNESTEDGROUPS" target="_top">winbind nested groups</a> option
6128
6147
must perform the group unrolling and will be unable to answer
6129
6148
incoming NSS or authentication requests during this time.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind expand groups</code></em> = <code class="literal">1</code>
6130
6149
</em></span>
6131
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564489"></a>
6150
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564672"></a>
6132
6151
6133
6152
winbind nested groups (G)
6134
</h3></div></div></div><a class="indexterm" name="id2564490"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested
6153
</h3></div></div></div><a class="indexterm" name="id2564673"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested
6135
6154
groups. Nested groups are also called local groups or
6136
6155
aliases. They work like their counterparts in Windows: Nested
6137
6156
groups are defined locally on any machine (they are shared
6139
6158
global groups from any trusted SAM. To be able to use nested
6140
6159
groups, you need to run nss_winbind.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind nested groups</code></em> = <code class="literal">yes</code>
6141
6160
</em></span>
6142
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564539"></a>
6161
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564722"></a>
6143
6162
6144
6163
winbind normalize names (G)
6145
</h3></div></div></div><a class="indexterm" name="id2564540"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace
6164
</h3></div></div></div><a class="indexterm" name="id2564723"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace
6146
6165
whitespace in user and group names with an underscore (_) character.
6147
6166
For example, whether the name "Space Kadet" should be
6148
6167
replaced with the string "space_kadet".
6162
6181
</em></span>
6163
6182
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind normalize names</code></em> = <code class="literal">yes</code>
6164
6183
</em></span>
6165
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564617"></a>
6184
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564800"></a>
6166
6185
6167
6186
winbind nss info (G)
6168
</h3></div></div></div><a class="indexterm" name="id2564618"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name
6187
</h3></div></div></div><a class="indexterm" name="id2564801"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name
6169
6188
Service Information to construct a user's home directory and login shell.
6170
6189
Currently the following settings are available:
6171
6190
6187
6206
</em></span>
6188
6207
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind nss info</code></em> = <code class="literal">template sfu</code>
6189
6208
</em></span>
6190
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564736"></a>
6209
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564920"></a>
6191
6210
6192
6211
winbind offline logon (G)
6193
</h3></div></div></div><a class="indexterm" name="id2564738"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should
6212
</h3></div></div></div><a class="indexterm" name="id2564921"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should
6194
6213
allow to login with the <em class="parameter"><code>pam_winbind</code></em>
6195
6214
module using Cached Credentials. If enabled, winbindd will store user credentials
6196
6215
from successful logins encrypted in a local cache.
6198
6217
</em></span>
6199
6218
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind offline logon</code></em> = <code class="literal">true</code>
6200
6219
</em></span>
6201
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564806"></a>
6220
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564989"></a>
6202
6221
6203
6222
winbind reconnect delay (G)
6204
</h3></div></div></div><a class="indexterm" name="id2564807"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6223
</h3></div></div></div><a class="indexterm" name="id2564990"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6205
6224
seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will wait between
6206
6225
attempts to contact a Domain controller for a domain that is
6207
6226
determined to be down or not contactable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind reconnect delay</code></em> = <code class="literal">30</code>
6208
6227
</em></span>
6209
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564858"></a>
6228
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565042"></a>
6210
6229
6211
6230
winbind refresh tickets (G)
6212
</h3></div></div></div><a class="indexterm" name="id2564860"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets
6231
</h3></div></div></div><a class="indexterm" name="id2565043"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets
6213
6232
retrieved using the <em class="parameter"><code>pam_winbind</code></em> module.
6214
6233
6215
6234
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind refresh tickets</code></em> = <code class="literal">false</code>
6216
6235
</em></span>
6217
6236
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind refresh tickets</code></em> = <code class="literal">true</code>
6218
6237
</em></span>
6219
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564926"></a>
6238
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565109"></a>
6220
6239
6221
6240
winbind rpc only (G)
6222
</h3></div></div></div><a class="indexterm" name="id2564927"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6241
</h3></div></div></div><a class="indexterm" name="id2565110"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6223
6242
Setting this parameter to <code class="literal">yes</code> forces
6224
6243
winbindd to use RPC instead of LDAP to retrieve information from Domain
6225
6244
Controllers.
6226
6245
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind rpc only</code></em> = <code class="literal">no</code>
6227
6246
</em></span>
6228
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564974"></a>
6247
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565157"></a>
6229
6248
6230
6249
winbind separator (G)
6231
</h3></div></div></div><a class="indexterm" name="id2564975"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character
6250
</h3></div></div></div><a class="indexterm" name="id2565158"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character
6232
6251
used when listing a username of the form of <em class="replaceable"><code>DOMAIN
6233
6252
</code></em>\<em class="replaceable"><code>user</code></em>. This parameter
6234
6253
is only applicable when using the <code class="filename">pam_winbind.so</code>
6239
6258
</em></span>
6240
6259
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind separator</code></em> = <code class="literal">+</code>
6241
6260
</em></span>
6242
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565061"></a>
6261
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565245"></a>
6243
6262
6244
6263
winbind trusted domains only (G)
6245
</h3></div></div></div><a class="indexterm" name="id2565062"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6264
</h3></div></div></div><a class="indexterm" name="id2565246"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6246
6265
This parameter is designed to allow Samba servers that are members
6247
6266
of a Samba controlled domain to use UNIX accounts distributed via NIS,
6248
6267
rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
6253
6272
Refer to the <a class="citerefentry" href="idmap_nss.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_nss</span>(8)</span></a> man page for more information.
6254
6273
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind trusted domains only</code></em> = <code class="literal">no</code>
6255
6274
</em></span>
6256
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565128"></a>
6275
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565312"></a>
6257
6276
6258
6277
winbind use default domain (G)
6259
</h3></div></div></div><a class="indexterm" name="id2565130"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the
6278
</h3></div></div></div><a class="indexterm" name="id2565313"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the
6260
6279
<a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon should operate on users
6261
6280
without domain component in their username. Users without a domain
6262
6281
component are treated as is part of the winbindd server's own
6266
6285
</em></span>
6267
6286
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind use default domain</code></em> = <code class="literal">yes</code>
6268
6287
</em></span>
6269
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565201"></a>
6288
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565385"></a>
6270
6289
6271
6290
wins hook (G)
6272
</h3></div></div></div><a class="indexterm" name="id2565202"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this
6291
</h3></div></div></div><a class="indexterm" name="id2565386"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this
6273
6292
allows you to call an external program for all changes to the
6274
6293
WINS database. The primary use for this option is to allow the
6275
6294
dynamic update of external name resolution databases such as
6290
6309
addresses currently registered for that name. If this list is
6291
6310
empty then the name should be deleted.</p></li></ul></div><p>An example script that calls the BIND dynamic DNS update
6292
6311
program <code class="literal">nsupdate</code> is provided in the examples
6293
directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565308"></a>
6312
directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565491"></a>
6294
6313
6295
6314
wins proxy (G)
6296
</h3></div></div></div><a class="indexterm" name="id2565309"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name
6315
</h3></div></div></div><a class="indexterm" name="id2565492"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name
6297
6316
queries on behalf of other hosts. You may need to set this
6298
6317
to <code class="constant">yes</code> for some older clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins proxy</code></em> = <code class="literal">no</code>
6299
6318
</em></span>
6300
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565362"></a>
6319
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565546"></a>
6301
6320
6302
6321
wins server (G)
6303
</h3></div></div></div><a class="indexterm" name="id2565364"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP
6322
</h3></div></div></div><a class="indexterm" name="id2565547"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP
6304
6323
address for preference) of the WINS server that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> should register with. If you have a WINS server on
6305
6324
your network then you should set this to the WINS server's IP.</p><p>You should point this at your WINS server if you have a
6306
6325
multi-subnetted network.</p><p>If you want to work in multiple namespaces, you can
6319
6338
</em></span>
6320
6339
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wins server</code></em> = <code class="literal">192.9.200.1 192.168.2.61</code>
6321
6340
</em></span>
6322
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565473"></a>
6341
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565656"></a>
6323
6342
6324
6343
wins support (G)
6325
</h3></div></div></div><a class="indexterm" name="id2565474"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should
6344
</h3></div></div></div><a class="indexterm" name="id2565657"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should
6326
6345
not set this to <code class="constant">yes</code> unless you have a multi-subnetted network and
6327
6346
you wish a particular <code class="literal">nmbd</code> to be your WINS server.
6328
6347
Note that you should <span class="emphasis"><em>NEVER</em></span> set this to <code class="constant">yes</code>
6329
6348
on more than one machine in your network.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins support</code></em> = <code class="literal">no</code>
6330
6349
</em></span>
6331
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565542"></a>
6350
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565726"></a>
6332
6351
6333
6352
workgroup (G)
6334
</h3></div></div></div><a class="indexterm" name="id2565543"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will
6353
</h3></div></div></div><a class="indexterm" name="id2565727"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will
6335
6354
appear to be in when queried by clients. Note that this parameter
6336
6355
also controls the Domain name used with
6337
6356
the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a>
6339
6358
</em></span>
6340
6359
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = <code class="literal">MYGROUP</code>
6341
6360
</em></span>
6342
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565615"></a>
6361
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565798"></a>
6343
6362
6344
6363
<a name="WRITABLE"></a>writable
6345
</h3></div></div></div><a class="indexterm" name="id2565616"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565646"></a>
6364
</h3></div></div></div><a class="indexterm" name="id2565799"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565830"></a>
6346
6365
6347
6366
writeable (S)
6348
</h3></div></div></div><a class="indexterm" name="id2565647"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>
6367
</h3></div></div></div><a class="indexterm" name="id2565831"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>
6349
6368
</em></span>
6350
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565697"></a>
6369
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565881"></a>
6351
6370
6352
6371
write cache size (S)
6353
</h3></div></div></div><a class="indexterm" name="id2565698"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,
6372
</h3></div></div></div><a class="indexterm" name="id2565882"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,
6354
6373
Samba will create an in-memory cache for each oplocked file
6355
6374
(it does <span class="emphasis"><em>not</em></span> do this for
6356
6375
non-oplocked files). All writes that the client does not request
6368
6387
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>write cache size</code></em> = <code class="literal">262144
6369
6388
# for a 256k cache size per file</code>
6370
6389
</em></span>
6371
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565781"></a>
6390
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565964"></a>
6372
6391
6373
6392
write list (S)
6374
</h3></div></div></div><a class="indexterm" name="id2565782"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
6393
</h3></div></div></div><a class="indexterm" name="id2565965"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
6375
6394
This is a list of users that are given read-write access to a service. If the
6376
6395
connecting user is in this list then they will be given write access, no matter
6377
6396
what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set to. The list can
6386
6405
</em></span>
6387
6406
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>write list</code></em> = <code class="literal">admin, root, @staff</code>
6388
6407
</em></span>
6389
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565874"></a>
6408
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566057"></a>
6390
6409
6391
6410
write raw (G)
6392
</h3></div></div></div><a class="indexterm" name="id2565875"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
6411
</h3></div></div></div><a class="indexterm" name="id2566058"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
6393
6412
will support raw write SMB's when transferring data from clients.
6394
6413
You should never need to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>write raw</code></em> = <code class="literal">yes</code>
6395
6414
</em></span>
6396
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565918"></a>
6415
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566101"></a>
6397
6416
6398
6417
wtmp directory (G)
6399
</h3></div></div></div><a class="indexterm" name="id2565919"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6418
</h3></div></div></div><a class="indexterm" name="id2566102"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6400
6419
This parameter is only available if Samba has been configured and compiled with the option <code class="literal">
6401
6420
--with-utmp</code>. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on
6402
6421
the UNIX system) that record user connections to a Samba server. The difference with the utmp directory is the fact
6408
6427
</em></span>
6409
6428
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wtmp directory</code></em> = <code class="literal">/var/log/wtmp</code>
6410
6429
</em></span>
6411
</p></dd></dl></div></div></div></div><div class="refsect1" lang="en"><a name="id2566002"></a><h2>WARNINGS</h2><p>
6430
</p></dd></dl></div></div></div></div><div class="refsect1" lang="en"><a name="id2566185"></a><h2>WARNINGS</h2><p>
6412
6431
Although the configuration file permits service names to contain spaces, your client software may not.
6413
6432
Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.
6414
6433
</p><p>
6421
6440
for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme
6422
6441
care when designing these sections. In particular, ensure that the permissions on spool directories are
6423
6442
correct.
6424
</p></div><div class="refsect1" lang="en"><a name="id2566052"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2566062"></a><h2>SEE ALSO</h2><p>
6425
<a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id2566142"></a><h2>AUTHOR</h2><p>
6443
</p></div><div class="refsect1" lang="en"><a name="id2566235"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2566246"></a><h2>SEE ALSO</h2><p>
6444
<a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id2566325"></a><h2>AUTHOR</h2><p>
6426
6445
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
6427
6446
by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
6428
6447
</p><p>
Loggerhead is a web-based interface for Breezy
Version: 2.0.1