~ubuntu-branches/ubuntu/maverick/samba/maverick-security
» Revision
91
: docs/htmldocs/manpages/smb.conf.5.html
« back to all changes in this revision
Viewing changes to docs/htmldocs/manpages/smb.conf.5.html
- browse files at revision 91
- compare with another revision
- download diff
- download tarball
- view history from revision 91
- Committer: Bazaar Package Importer
- Author(s): Chuck Short
- Date: 2010-01-29 06:16:15 UTC
- mfrom: (0.27.9 upstream) (0.34.4 squeeze)
- Revision ID: james.westby@ubuntu.com-20100129061615-37hs6xqpsdhjq3ld
Tags: 2:3.4.5~dfsg-1ubuntu1
* Merge from debian testing. Remaining changes:
+ debian/patches/VERSION.patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/smb.conf:
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are allowed to create
public shares in additon to authenticated ones.
- add map to guest = Bad user, maps bad username to gues access.
+ debian/samba-common.conf:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksambapasswd.awk:
- Do not add user with UID less than 1000 to smbpasswd.
+ debian/control:
- Make libswbclient0 replace/conflict with hardy's likewise-open.
- Don't build against ctdb, since its not in main yet.
+ debian/rules:
- Enable "native" PIE hardening.
- Add BIND_NOW to maximize benefit of RELRO hardening.
+ Add ufw integration:
- Created debian/samba.ufw.profile.
- debian/rules, debian/samba.dirs, debian/samba.files: install
+ Add apoort hook:
- Created debian/source_samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
+ debian/rules, debian/samba.if-up: allow "NetworkManager" as a recognized address
family... it's obviously /not/ an address family, but it's what gets
sent when using NM, so we'll cope for now. (LP: #462169). Taken from karmic-proposed.
+ debian/control: Recommend keyutils for smbfs (LP: #493565)
+ Dropped patches:
- debian/patches/security-CVE-2009-3297.patch: No longer needed
- debian/patches/fix-too-many-open-files.patch: No longer needed
+ debian/patches/VERSION.patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/smb.conf:
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are allowed to create
public shares in additon to authenticated ones.
- add map to guest = Bad user, maps bad username to gues access.
+ debian/samba-common.conf:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksambapasswd.awk:
- Do not add user with UID less than 1000 to smbpasswd.
+ debian/control:
- Make libswbclient0 replace/conflict with hardy's likewise-open.
- Don't build against ctdb, since its not in main yet.
+ debian/rules:
- Enable "native" PIE hardening.
- Add BIND_NOW to maximize benefit of RELRO hardening.
+ Add ufw integration:
- Created debian/samba.ufw.profile.
- debian/rules, debian/samba.dirs, debian/samba.files: install
+ Add apoort hook:
- Created debian/source_samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
+ debian/rules, debian/samba.if-up: allow "NetworkManager" as a recognized address
family... it's obviously /not/ an address family, but it's what gets
sent when using NM, so we'll cope for now. (LP: #462169). Taken from karmic-proposed.
+ debian/control: Recommend keyutils for smbfs (LP: #493565)
+ Dropped patches:
- debian/patches/security-CVE-2009-3297.patch: No longer needed
- debian/patches/fix-too-many-open-files.patch: No longer needed
- files added:
- .pc/debian-changes-2:3.4.5~dfsg-1ubuntu1
- .pc/debian-changes-2:3.4.5~dfsg-1ubuntu1/source3
- .pc/debian-changes-2:3.4.5~dfsg-1ubuntu1/source3/client
- files removed:
- .pc/fix-manpages-warnings.patch
- .pc/fix-manpages-warnings.patch/docs
- .pc/fix-manpages-warnings.patch/docs/manpages
- .pc/fix-too-many-open-files.patch
- .pc/fix-too-many-open-files.patch/source3
- .pc/fix-too-many-open-files.patch/source3/include
- .pc/fix-too-many-open-files.patch/source3/param
- .pc/fix-too-many-open-files.patch/source3/smbd
- .pc/security-CVE-2009-3297.patch
- .pc/security-CVE-2009-3297.patch/source3
- .pc/security-CVE-2009-3297.patch/source3/client
- files modified:
- .pc/VERSION.patch/source3/VERSION
added
removed
docs/htmldocs/manpages/smb.conf.5.html
1
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smb.conf</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smb.conf.5"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smb.conf — The configuration file for the Samba suite</p></div><div class="refsect1" lang="en"><a name="id2522915"></a><h2>SYNOPSIS</h2><p>
1
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smb.conf</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="smb.conf"><a name="smb.conf.5"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smb.conf — The configuration file for the Samba suite</p></div><div class="refsect1" title="SYNOPSIS"><a name="id2528887"></a><h2>SYNOPSIS</h2><p>
2
2
The <code class="filename">smb.conf</code> file is a configuration file for the Samba suite. <code class="filename">smb.conf</code> contains runtime configuration information for the Samba programs. The
3
3
<code class="filename">smb.conf</code> file is designed to be configured and administered by the
4
4
<a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a> program. The
5
5
complete description of the file format and possible parameters held within are here for reference purposes.
6
</p></div><div class="refsect1" lang="en"><a name="FILEFORMATSECT"></a><h2>FILE FORMAT</h2><p>
6
</p></div><div class="refsect1" title="FILE FORMAT"><a name="FILEFORMATSECT"></a><h2>FILE FORMAT</h2><p>
7
7
The file consists of sections and parameters. A section begins with the name of the section in square brackets
8
8
and continues until the next section begins. Sections contain parameters of the form:
9
9
</p><pre class="programlisting">
18
18
and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value is
19
19
retained verbatim.
20
20
</p><p>
21
Any line beginning with a semicolon (“<span class="quote">;</span>”) or a hash (“<span class="quote">#</span>”)
21
Any line beginning with a semicolon (<span class="quote">“<span class="quote">;</span>”</span>) or a hash (<span class="quote">“<span class="quote">#</span>”</span>)
22
22
character is ignored, as are lines containing only whitespace.
23
23
</p><p>
24
Any line ending in a “<span class="quote"><code class="literal">\</code></span>” is continued on the next line in the customary UNIX fashion.
24
Any line ending in a <span class="quote">“<span class="quote"><code class="literal">\</code></span>”</span> is continued on the next line in the customary UNIX fashion.
25
25
</p><p>
26
26
The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean,
27
27
which may be given as yes/no, 1/0 or true/false. Case is not significant in boolean values, but is preserved
28
28
in string values. Some items such as create masks are numeric.
29
</p></div><div class="refsect1" lang="en"><a name="id2483408"></a><h2>SECTION DESCRIPTIONS</h2><p>
29
</p></div><div class="refsect1" title="SECTION DESCRIPTIONS"><a name="id2489374"></a><h2>SECTION DESCRIPTIONS</h2><p>
30
30
Each section in the configuration file (except for the [global] section) describes a shared resource (known as
31
a “<span class="quote">share</span>”). The section name is the name of the shared resource and the parameters within the
31
a <span class="quote">“<span class="quote">share</span>”</span>). The section name is the name of the shared resource and the parameters within the
32
32
section define the shares attributes.
33
33
</p><p>
34
34
There are three special sections, [global], [homes] and [printers], which are described under
69
69
<a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable = yes</a>
70
70
<a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok = yes</a>
71
71
</pre><p>
72
</p></div><div class="refsect1" lang="en"><a name="id2481484"></a><h2>SPECIAL SECTIONS</h2><div class="refsect2" lang="en"><a name="id2481490"></a><h3>The [global] section</h3><p>
72
</p></div><div class="refsect1" title="SPECIAL SECTIONS"><a name="id2487452"></a><h2>SPECIAL SECTIONS</h2><div class="refsect2" title="The [global] section"><a name="id2487457"></a><h3>The [global] section</h3><p>
73
73
Parameters in this section apply to the server as a whole, or are defaults for sections that do not
74
74
specifically define certain items. See the notes under PARAMETERS for more information.
75
</p></div><div class="refsect2" lang="en"><a name="HOMESECT"></a><h3>The [homes] section</h3><p>
75
</p></div><div class="refsect2" title="The [homes] section"><a name="HOMESECT"></a><h3>The [homes] section</h3><p>
76
76
If a section called [homes] is included in the configuration file, services connecting clients
77
77
to their home directories can be created on the fly by the server.
78
78
</p><p>
82
82
[homes] section.
83
83
</p><p>
84
84
Some modifications are then made to the newly created share:
85
</p><div class="itemizedlist"><ul type="disc"><li><p>
85
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
86
86
The share name is changed from homes to the located username.
87
</p></li><li><p>
87
</p></li><li class="listitem"><p>
88
88
If no path was given, the path is set to the user's home directory.
89
89
</p></li></ul></div><p>
90
90
If you decide to use a <span class="emphasis"><em>path =</em></span> line in your [homes] section, it may be useful
97
97
This is a fast and simple way to give a large number of clients access to their home directories with a minimum
98
98
of fuss.
99
99
</p><p>
100
A similar process occurs if the requested section name is “<span class="quote">homes</span>”, except that the share
100
A similar process occurs if the requested section name is <span class="quote">“<span class="quote">homes</span>”</span>, except that the share
101
101
name is not changed to that of the requesting user. This method of using the [homes] section works well if
102
102
different users share a client PC.
103
103
</p><p>
115
115
The <span class="emphasis"><em>browseable</em></span> flag for auto home directories will be inherited from the global browseable
116
116
flag, not the [homes] browseable flag. This is useful as it means setting <span class="emphasis"><em>browseable = no</em></span> in
117
117
the [homes] section will hide the [homes] share but make any auto home directories visible.
118
</p></div><div class="refsect2" lang="en"><a name="PRINTERSSECT"></a><h3>The [printers] section</h3><p>
118
</p></div><div class="refsect2" title="The [printers] section"><a name="PRINTERSSECT"></a><h3>The [printers] section</h3><p>
119
119
This section works like [homes], but for printers.
120
120
</p><p>
121
121
If a [printers] section occurs in the configuration file, users are able to connect to any printer
128
128
[printers] section.
129
129
</p><p>
130
130
A few modifications are then made to the newly created share:
131
</p><div class="itemizedlist"><ul type="disc"><li><p>The share name is set to the located printer name</p></li><li><p>If no printer name was given, the printer name is set to the located printer name</p></li><li><p>If the share does not permit guest access and no username was given, the username is set
131
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>The share name is set to the located printer name</p></li><li class="listitem"><p>If no printer name was given, the printer name is set to the located printer name</p></li><li class="listitem"><p>If the share does not permit guest access and no username was given, the username is set
132
132
to the located printer name.</p></li></ul></div><p>
133
133
The [printers] service MUST be printable - if you specify otherwise, the server will refuse
134
134
to load the configuration file.
156
156
</p><p>
157
157
An alias, by the way, is defined as any component of the first entry of a printcap record. Records are separated by newlines,
158
158
components (if there are more than one) are separated by vertical bar symbols (<code class="literal">|</code>).
159
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
159
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
160
160
On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use
161
161
<code class="literal">printcap name = lpstat</code> to automatically obtain a list of printers. See the
162
162
<code class="literal">printcap name</code> option for more details.
163
</p></div></div></div><div class="refsect1" lang="en"><a name="id2481804"></a><h2>USERSHARES</h2><p>Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete
163
</p></div></div></div><div class="refsect1" title="USERSHARES"><a name="id2487774"></a><h2>USERSHARES</h2><p>Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete
164
164
their own share definitions has been added. This capability is called <span class="emphasis"><em>usershares</em></span> and
165
165
is controlled by a set of parameters in the [global] section of the smb.conf.
166
166
The relevant parameters are :
184
184
185
185
to the global
186
186
section of your <code class="filename">smb.conf</code>. Members of the group foo may then manipulate the user defined shares
187
using the following commands.</p><div class="variablelist"><dl><dt><span class="term">net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]</span></dt><dd><p>To create or modify (overwrite) a user defined share.</p></dd><dt><span class="term">net usershare delete sharename</span></dt><dd><p>To delete a user defined share.</p></dd><dt><span class="term">net usershare list wildcard-sharename</span></dt><dd><p>To list user defined shares.</p></dd><dt><span class="term">net usershare info wildcard-sharename</span></dt><dd><p>To print information about user defined shares.</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2482031"></a><h2>PARAMETERS</h2><p>Parameters define the specific attributes of sections.</p><p>
187
using the following commands.</p><div class="variablelist"><dl><dt><span class="term">net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]</span></dt><dd><p>To create or modify (overwrite) a user defined share.</p></dd><dt><span class="term">net usershare delete sharename</span></dt><dd><p>To delete a user defined share.</p></dd><dt><span class="term">net usershare list wildcard-sharename</span></dt><dd><p>To list user defined shares.</p></dd><dt><span class="term">net usershare info wildcard-sharename</span></dt><dd><p>To print information about user defined shares.</p></dd></dl></div></div><div class="refsect1" title="PARAMETERS"><a name="id2488001"></a><h2>PARAMETERS</h2><p>Parameters define the specific attributes of sections.</p><p>
188
188
Some parameters are specific to the [global] section (e.g., <span class="emphasis"><em>security</em></span>). Some parameters
189
189
are usable in all sections (e.g., <span class="emphasis"><em>create mask</em></span>). All others are permissible only in normal
190
190
sections. For the purposes of the following descriptions the [homes] and [printers] sections will be
196
196
Parameters are arranged here in alphabetical order - this may not create best bedfellows, but at least you can
197
197
find them! Where there are synonyms, the preferred synonym is described, others refer to the preferred
198
198
synonym.
199
</p></div><div class="refsect1" lang="en"><a name="id2532544"></a><h2>VARIABLE SUBSTITUTIONS</h2><p>
199
</p></div><div class="refsect1" title="VARIABLE SUBSTITUTIONS"><a name="id2538515"></a><h2>VARIABLE SUBSTITUTIONS</h2><p>
200
200
Many of the strings that are settable in the config file can take substitutions. For example the option
201
“<span class="quote">path = /tmp/%u</span>” is interpreted as “<span class="quote">path = /tmp/john</span>” if the user connected with the
201
<span class="quote">“<span class="quote">path = /tmp/%u</span>”</span> is interpreted as <span class="quote">“<span class="quote">path = /tmp/john</span>”</span> if the user connected with the
202
202
username john.
203
203
</p><p>
204
204
These substitutions are mostly noted in the descriptions below, but there are some general substitutions
210
210
139</code></em>. This will cause Samba to not listen on port 445 and will permit include
211
211
functionality to function as it did with Samba 2.x.
212
212
</p></dd><dt><span class="term">%L</span></dt><dd><p>the NetBIOS name of the server. This allows you to change your config based on what
213
the client calls you. Your server can have a “<span class="quote">dual personality</span>”.
213
the client calls you. Your server can have a <span class="quote">“<span class="quote">dual personality</span>”</span>.
214
214
</p></dd><dt><span class="term">%M</span></dt><dd><p>the Internet name of the client machine.
215
215
</p></dd><dt><span class="term">%R</span></dt><dd><p>the selected protocol level after protocol negotiation. It can be one of CORE, COREPLUS,
216
216
LANMAN1, LANMAN2 or NT1.</p></dd><dt><span class="term">%d</span></dt><dd><p>the process id of the current server
238
238
auto.map entry is split up as <code class="literal">%N:%p</code>.</p></dd></dl></div><p>
239
239
There are some quite creative things that can be done with these substitutions and other
240
240
<code class="filename">smb.conf</code> options.
241
</p></div><div class="refsect1" lang="en"><a name="NAMEMANGLINGSECT"></a><h2>NAME MANGLING</h2><p>
241
</p></div><div class="refsect1" title="NAME MANGLING"><a name="NAMEMANGLINGSECT"></a><h2>NAME MANGLING</h2><p>
242
242
Samba supports <code class="literal">name mangling</code> so that DOS and Windows clients can use files that don't
243
243
conform to the 8.3 format. It can also be set to adjust the case of 8.3 format filenames.
244
244
</p><p>
276
276
options are set as follows, "case sensitive = yes", "case preserve = no", "short preserve case = no"
277
277
then the "default case" option will be applied and will modify all filenames sent from the client
278
278
when accessing this share.
279
</p></div><div class="refsect1" lang="en"><a name="VALIDATIONSECT"></a><h2>NOTE ABOUT USERNAME/PASSWORD VALIDATION</h2><p>
279
</p></div><div class="refsect1" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION"><a name="VALIDATIONSECT"></a><h2>NOTE ABOUT USERNAME/PASSWORD VALIDATION</h2><p>
280
280
There are a number of ways in which a user can connect to a service. The server uses the following steps
281
281
in determining if it will allow a connection to a specified service. If all the steps fail, the connection
282
282
request is rejected. However, if one of the steps succeeds, the following steps are not checked.
283
283
</p><p>
284
If the service is marked “<span class="quote">guest only = yes</span>” and the server is running with share-level
285
security (“<span class="quote">security = share</span>”, steps 1 to 5 are skipped.
286
</p><div class="orderedlist"><ol type="1"><li><p>
284
If the service is marked <span class="quote">“<span class="quote">guest only = yes</span>”</span> and the server is running with share-level
285
security (<span class="quote">“<span class="quote">security = share</span>”</span>, steps 1 to 5 are skipped.
286
</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
287
287
If the client has passed a username/password pair and that username/password pair is validated by the UNIX
288
288
system's password programs, the connection is made as that username. This includes the
289
289
<code class="literal">\\server\service</code>%<em class="replaceable"><code>username</code></em> method of passing a username.
290
</p></li><li><p>
290
</p></li><li class="listitem"><p>
291
291
If the client has previously registered a username with the system and now supplies a correct password for that
292
292
username, the connection is allowed.
293
</p></li><li><p>
293
</p></li><li class="listitem"><p>
294
294
The client's NetBIOS name and any previously used usernames are checked against the supplied password. If
295
295
they match, the connection is allowed as the corresponding user.
296
</p></li><li><p>
296
</p></li><li class="listitem"><p>
297
297
If the client has previously validated a username/password pair with the server and the client has passed
298
298
the validation token, that username is used.
299
</p></li><li><p>
299
</p></li><li class="listitem"><p>
300
300
If a <code class="literal">user = </code> field is given in the <code class="filename">smb.conf</code> file for the
301
301
service and the client has supplied a password, and that password matches (according to the UNIX system's
302
302
password checking) with one of the usernames from the <code class="literal">user =</code> field, the connection is made as
303
303
the username in the <code class="literal">user =</code> line. If one of the usernames in the <code class="literal">user =</code> list
304
304
begins with a <code class="literal">@</code>, that name expands to a list of names in the group of the same name.
305
</p></li><li><p>
305
</p></li><li class="listitem"><p>
306
306
If the service is a guest service, a connection is made as the username given in the <code class="literal">guest account
307
307
=</code> for the service, irrespective of the supplied password.
308
</p></li></ol></div></div><div class="refsect1" lang="en"><a name="id2533244"></a><h2>REGISTRY-BASED CONFIGURATION</h2><p>
308
</p></li></ol></div></div><div class="refsect1" title="REGISTRY-BASED CONFIGURATION"><a name="id2539216"></a><h2>REGISTRY-BASED CONFIGURATION</h2><p>
309
309
Starting with Samba version 3.2.0, the capability to
310
310
store Samba configuration in the registry is available.
311
311
The configuration is stored in the registry key
312
312
<span class="emphasis"><em><code class="literal">HKLM\Software\Samba\smbconf</code></em></span>.
313
313
There are two levels of registry configuration:
314
</p><div class="orderedlist"><ol type="1"><li><p>Share definitions stored in registry are used.
314
</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Share definitions stored in registry are used.
315
315
This is triggered by setting the global
316
316
parameter <em class="parameter"><code>registry shares</code></em>
317
to “<span class="quote">yes</span>” in <span class="emphasis"><em>smb.conf</em></span>.
317
to <span class="quote">“<span class="quote">yes</span>”</span> in <span class="emphasis"><em>smb.conf</em></span>.
318
318
</p><p>The registry shares are loaded not at startup but
319
319
on demand at runtime by <span class="emphasis"><em>smbd</em></span>.
320
320
Shares defined in <span class="emphasis"><em>smb.conf</em></span> take
321
321
priority over shares of the same name defined in
322
registry.</p></li><li><p>Global <span class="emphasis"><em>smb.conf</em></span>
322
registry.</p></li><li class="listitem"><p>Global <span class="emphasis"><em>smb.conf</em></span>
323
323
options stored in registry are used. This can be activated
324
324
in two different ways:</p><p>Firstly, a registry only configuration is triggered
325
325
by setting
360
360
registry based configuration locally, i.e. directly
361
361
accessing the database file, circumventing the
362
362
server.
363
</p></div><div class="refsect1" lang="en"><a name="id2533419"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="section" lang="en"><div class="titlepage"></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533430"></a>
363
</p></div><div class="refsect1" title="EXPLANATION OF EACH PARAMETER"><a name="id2539391"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="section"><div class="titlepage"></div><div class="section" title="abort shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539402"></a>
364
364
365
365
abort shutdown script (G)
366
</h3></div></div></div><a class="indexterm" name="id2533431"></a><a name="ABORTSHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that
366
</h3></div></div></div><a class="indexterm" name="id2539403"></a><a name="ABORTSHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that
367
367
should stop a shutdown procedure issued by the <a class="link" href="smb.conf.5.html#SHUTDOWNSCRIPT" target="_top">shutdown script</a>.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>,
368
368
right, this command will be run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = <code class="literal">""</code>
369
369
</em></span>
370
370
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = <code class="literal">/sbin/shutdown -c</code>
371
371
</em></span>
372
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533509"></a>
372
</p></dd></dl></div></div><div class="section" title="access based share enum (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539481"></a>
373
373
374
374
access based share enum (S)
375
</h3></div></div></div><a class="indexterm" name="id2533510"></a><a name="ACCESSBASEDSHAREENUM"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for a
375
</h3></div></div></div><a class="indexterm" name="id2539482"></a><a name="ACCESSBASEDSHAREENUM"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for a
376
376
service, then the share hosted by the service will only be visible
377
377
to users who have read or write access to the share during share
378
378
enumeration (for example net view \\sambaserver). This has
381
381
descriptors on files contained on the share are not used in
382
382
computing enumeration access rights.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>access based share enum</code></em> = <code class="literal">no</code>
383
383
</em></span>
384
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533557"></a>
384
</p></dd></dl></div></div><div class="section" title="acl check permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539530"></a>
385
385
386
386
acl check permissions (S)
387
</h3></div></div></div><a class="indexterm" name="id2533558"></a><a name="ACLCHECKPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls what <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>does on receiving a protocol request of "open for delete"
387
</h3></div></div></div><a class="indexterm" name="id2539531"></a><a name="ACLCHECKPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls what <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>does on receiving a protocol request of "open for delete"
388
388
from a Windows client. If a Windows client doesn't have permissions to delete a file then they
389
389
expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by
390
390
actually attempting to delete the file or directory. As Windows clients can (and do) "back out" a
404
404
with slightly different semantics was introduced in 3.0.20. That older version is not documented here.
405
405
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl check permissions</code></em> = <code class="literal">True</code>
406
406
</em></span>
407
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533654"></a>
407
</p></dd></dl></div></div><div class="section" title="acl compatibility (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539626"></a>
408
408
409
409
acl compatibility (G)
410
</h3></div></div></div><a class="indexterm" name="id2533655"></a><a name="ACLCOMPATIBILITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies what OS ACL semantics should
410
</h3></div></div></div><a class="indexterm" name="id2539627"></a><a name="ACLCOMPATIBILITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies what OS ACL semantics should
411
411
be compatible with. Possible values are <span class="emphasis"><em>winnt</em></span> for Windows NT 4,
412
412
<span class="emphasis"><em>win2k</em></span> for Windows 2000 and above and <span class="emphasis"><em>auto</em></span>.
413
413
If you specify <span class="emphasis"><em>auto</em></span>, the value for this parameter
416
416
</em></span>
417
417
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>acl compatibility</code></em> = <code class="literal">win2k</code>
418
418
</em></span>
419
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533724"></a>
419
</p></dd></dl></div></div><div class="section" title="acl group control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539696"></a>
420
420
421
421
acl group control (S)
422
</h3></div></div></div><a class="indexterm" name="id2533725"></a><a name="ACLGROUPCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
422
</h3></div></div></div><a class="indexterm" name="id2539697"></a><a name="ACLGROUPCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
423
423
In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions
424
424
and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the
425
425
<span class="emphasis"><em>primary group owner</em></span> of a file or directory to modify the permissions and ACLs
446
446
<em class="parameter"><code>dos filemode</code></em> option.
447
447
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl group control</code></em> = <code class="literal">no</code>
448
448
</em></span>
449
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533820"></a>
449
</p></dd></dl></div></div><div class="section" title="acl map full control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539792"></a>
450
450
451
451
acl map full control (S)
452
</h3></div></div></div><a class="indexterm" name="id2533821"></a><a name="ACLMAPFULLCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
452
</h3></div></div></div><a class="indexterm" name="id2539793"></a><a name="ACLMAPFULLCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
453
453
This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum
454
454
allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX
455
455
ACE entry of "rwx" will be returned in a Windows ACL as "FULL CONTROL", is this parameter is set to false any
457
457
execute.
458
458
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl map full control</code></em> = <code class="literal">True</code>
459
459
</em></span>
460
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533871"></a>
460
</p></dd></dl></div></div><div class="section" title="add group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539843"></a>
461
461
462
462
add group script (G)
463
</h3></div></div></div><a class="indexterm" name="id2533872"></a><a name="ADDGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
463
</h3></div></div></div><a class="indexterm" name="id2539844"></a><a name="ADDGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
464
464
This is the full pathname to a script that will be run <span class="emphasis"><em>AS ROOT</em></span> by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a new group is requested. It
465
465
will expand any <em class="parameter"><code>%g</code></em> to the group name passed. This script is only useful
466
466
for installations using the Windows NT domain administration tools. The script is free to create a group with
470
470
</em></span>
471
471
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add group script</code></em> = <code class="literal">/usr/sbin/groupadd %g</code>
472
472
</em></span>
473
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533946"></a>
473
</p></dd></dl></div></div><div class="section" title="add machine script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539918"></a>
474
474
475
475
add machine script (G)
476
</h3></div></div></div><a class="indexterm" name="id2533947"></a><a name="ADDMACHINESCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
476
</h3></div></div></div><a class="indexterm" name="id2539919"></a><a name="ADDMACHINESCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
477
477
This is the full pathname to a script that will be run by
478
478
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a machine is
479
479
added to Samba's domain and a Unix account matching the machine's name appended with a "$" does not
484
484
</em></span>
485
485
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add machine script</code></em> = <code class="literal">/usr/sbin/adduser -n -g machines -c Machine -d /var/lib/nobody -s /bin/false %u</code>
486
486
</em></span>
487
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534025"></a>
487
</p></dd></dl></div></div><div class="section" title="add port command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539997"></a>
488
488
489
489
add port command (G)
490
</h3></div></div></div><a class="indexterm" name="id2534026"></a><a name="ADDPORTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>Samba 3.0.23 introduced support for adding printer ports
490
</h3></div></div></div><a class="indexterm" name="id2539998"></a><a name="ADDPORTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>Samba 3.0.23 introduced support for adding printer ports
491
491
remotely using the Windows "Add Standard TCP/IP Port Wizard".
492
492
This option defines an external program to be executed when
493
493
smbd receives a request to add a new Port to the system.
494
The script is passed two parameters:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>port name</code></em></p></li><li><p><em class="parameter"><code>device URI</code></em></p></li></ul></div><p>The deviceURI is in the for of socket://<hostname>[:<portnumber>]
494
The script is passed two parameters:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>port name</code></em></p></li><li class="listitem"><p><em class="parameter"><code>device URI</code></em></p></li></ul></div><p>The deviceURI is in the for of socket://<hostname>[:<portnumber>]
495
495
or lpd://<hostname>/<queuename>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>add port command</code></em> = <code class="literal"></code>
496
496
</em></span>
497
497
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add port command</code></em> = <code class="literal">/etc/samba/scripts/addport.sh</code>
498
498
</em></span>
499
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534108"></a>
499
</p></dd></dl></div></div><div class="section" title="addprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540082"></a>
500
500
501
501
addprinter command (G)
502
</h3></div></div></div><a class="indexterm" name="id2534110"></a><a name="ADDPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing
502
</h3></div></div></div><a class="indexterm" name="id2540083"></a><a name="ADDPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing
503
503
support for Windows NT/2000 clients in Samba 2.2, The MS Add
504
504
Printer Wizard (APW) icon is now also available in the
505
505
"Printers..." folder displayed a share listing. The APW
513
513
to the <code class="filename">smb.conf</code> file in order that it can be
514
514
shared by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>.</p><p>The <em class="parameter"><code>addprinter command</code></em> is
515
515
automatically invoked with the following parameter (in
516
order):</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>printer name</code></em></p></li><li><p><em class="parameter"><code>share name</code></em></p></li><li><p><em class="parameter"><code>port name</code></em></p></li><li><p><em class="parameter"><code>driver name</code></em></p></li><li><p><em class="parameter"><code>location</code></em></p></li><li><p><em class="parameter"><code>Windows 9x driver location</code></em></p></li></ul></div><p>All parameters are filled in from the PRINTER_INFO_2 structure sent
516
order):</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>printer name</code></em></p></li><li class="listitem"><p><em class="parameter"><code>share name</code></em></p></li><li class="listitem"><p><em class="parameter"><code>port name</code></em></p></li><li class="listitem"><p><em class="parameter"><code>driver name</code></em></p></li><li class="listitem"><p><em class="parameter"><code>location</code></em></p></li><li class="listitem"><p><em class="parameter"><code>Windows 9x driver location</code></em></p></li></ul></div><p>All parameters are filled in from the PRINTER_INFO_2 structure sent
517
517
by the Windows NT/2000 client with one exception. The "Windows 9x
518
518
driver location" parameter is included for backwards compatibility
519
519
only. The remaining fields in the structure are generated from answers
530
530
</em></span>
531
531
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>addprinter command</code></em> = <code class="literal">/usr/bin/addprinter</code>
532
532
</em></span>
533
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534297"></a>
533
</p></dd></dl></div></div><div class="section" title="add share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540270"></a>
534
534
535
535
add share command (G)
536
</h3></div></div></div><a class="indexterm" name="id2534298"></a><a name="ADDSHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
536
</h3></div></div></div><a class="indexterm" name="id2540271"></a><a name="ADDSHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
537
537
Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
538
538
Manager. The <em class="parameter"><code>add share command</code></em> is used to define an external program
539
539
or script which will add a new service definition to
549
549
</p><p>
550
550
When executed, <code class="literal">smbd</code> will automatically invoke the
551
551
<em class="parameter"><code>add share command</code></em> with five parameters.
552
</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>configFile</code></em> - the location of the global <code class="filename">smb.conf</code> file.
553
</p></li><li><p><em class="parameter"><code>shareName</code></em> - the name of the new share.
554
</p></li><li><p><em class="parameter"><code>pathName</code></em> - path to an **existing**
552
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>configFile</code></em> - the location of the global <code class="filename">smb.conf</code> file.
553
</p></li><li class="listitem"><p><em class="parameter"><code>shareName</code></em> - the name of the new share.
554
</p></li><li class="listitem"><p><em class="parameter"><code>pathName</code></em> - path to an **existing**
555
555
directory on disk.
556
</p></li><li><p><em class="parameter"><code>comment</code></em> - comment string to associate with the new
556
</p></li><li class="listitem"><p><em class="parameter"><code>comment</code></em> - comment string to associate with the new
557
557
share.
558
</p></li><li><p><em class="parameter"><code>max
558
</p></li><li class="listitem"><p><em class="parameter"><code>max
559
559
connections</code></em>
560
560
Number of maximum simultaneous connections to this
561
561
share.
565
565
</em></span>
566
566
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add share command</code></em> = <code class="literal">/usr/local/bin/addshare</code>
567
567
</em></span>
568
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534482"></a>
568
</p></dd></dl></div></div><div class="section" title="add user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540455"></a>
569
569
570
570
add user script (G)
571
</h3></div></div></div><a class="indexterm" name="id2534483"></a><a name="ADDUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
571
</h3></div></div></div><a class="indexterm" name="id2540456"></a><a name="ADDUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
572
572
This is the full pathname to a script that will be run <span class="emphasis"><em>AS ROOT</em></span> by
573
573
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
574
574
under special circumstances described below.
603
603
</em></span>
604
604
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add user script</code></em> = <code class="literal">/usr/local/samba/bin/add_user %u</code>
605
605
</em></span>
606
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534694"></a>
606
</p></dd></dl></div></div><div class="section" title="add user to group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540666"></a>
607
607
608
608
add user to group script (G)
609
</h3></div></div></div><a class="indexterm" name="id2534695"></a><a name="ADDUSERTOGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
609
</h3></div></div></div><a class="indexterm" name="id2540667"></a><a name="ADDUSERTOGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
610
610
Full path to the script that will be called when a user is added to a group using the Windows NT domain administration
611
611
tools. It will be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
612
612
<span class="emphasis"><em>AS ROOT</em></span>. Any <em class="parameter"><code>%g</code></em> will be replaced with the group name and
618
618
</em></span>
619
619
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add user to group script</code></em> = <code class="literal">/usr/sbin/adduser %u %g</code>
620
620
</em></span>
621
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534780"></a>
621
</p></dd></dl></div></div><div class="section" title="administrative share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540753"></a>
622
622
623
623
administrative share (S)
624
</h3></div></div></div><a class="indexterm" name="id2534782"></a><a name="ADMINISTRATIVESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is set to <code class="constant">yes</code> for
624
</h3></div></div></div><a class="indexterm" name="id2540754"></a><a name="ADMINISTRATIVESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is set to <code class="constant">yes</code> for
625
625
a share, then the share will be an administrative share. The Administrative
626
626
Shares are the default network shares created by all Windows NT-based
627
627
operating systems. These are shares like C$, D$ or ADMIN$. The type of these
628
628
shares is STYPE_DISKTREE_HIDDEN.</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> for more
629
629
information about this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>administrative share</code></em> = <code class="literal">no</code>
630
630
</em></span>
631
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534839"></a>
631
</p></dd></dl></div></div><div class="section" title="admin users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540811"></a>
632
632
633
633
admin users (S)
634
</h3></div></div></div><a class="indexterm" name="id2534840"></a><a name="ADMINUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users who will be granted
634
</h3></div></div></div><a class="indexterm" name="id2540812"></a><a name="ADMINUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users who will be granted
635
635
administrative privileges on the share. This means that they
636
636
will do all file operations as the super-user (root).</p><p>You should use this option very carefully, as any user in
637
637
this list will be able to do anything they like on the share,
640
640
</em></span>
641
641
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>admin users</code></em> = <code class="literal">jason</code>
642
642
</em></span>
643
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534911"></a>
643
</p></dd></dl></div></div><div class="section" title="afs share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540883"></a>
644
644
645
645
afs share (S)
646
</h3></div></div></div><a class="indexterm" name="id2534912"></a><a name="AFSSHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether special AFS features are enabled
646
</h3></div></div></div><a class="indexterm" name="id2540884"></a><a name="AFSSHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether special AFS features are enabled
647
647
for this share. If enabled, it assumes that the directory exported via
648
648
the <em class="parameter"><code>path</code></em> parameter is a local AFS import. The
649
649
special AFS features include the attempt to hand-craft an AFS token
650
650
if you enabled --with-fake-kaserver in configure.
651
651
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>afs share</code></em> = <code class="literal">no</code>
652
652
</em></span>
653
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534958"></a>
653
</p></dd></dl></div></div><div class="section" title="afs username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540931"></a>
654
654
655
655
afs username map (G)
656
</h3></div></div></div><a class="indexterm" name="id2534960"></a><a name="AFSUSERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>If you are using the fake kaserver AFS feature, you might
656
</h3></div></div></div><a class="indexterm" name="id2540932"></a><a name="AFSUSERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>If you are using the fake kaserver AFS feature, you might
657
657
want to hand-craft the usernames you are creating tokens for.
658
658
For example this is necessary if you have users from several domain
659
659
in your AFS Protection Database. One possible scheme to code users
663
663
</em></span>
664
664
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>afs username map</code></em> = <code class="literal">%u@afs.samba.org</code>
665
665
</em></span>
666
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535021"></a>
666
</p></dd></dl></div></div><div class="section" title="aio read size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540993"></a>
667
667
668
668
aio read size (S)
669
</h3></div></div></div><a class="indexterm" name="id2535022"></a><a name="AIOREADSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
669
</h3></div></div></div><a class="indexterm" name="id2540994"></a><a name="AIOREADSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
670
670
integer parameter is set to non-zero value,
671
671
Samba will read from file asynchronously when size of request is bigger
672
672
than this value. Note that it happens only for non-chained and non-chaining
677
677
# Use asynchronous I/O for reads bigger than 16KB
678
678
request size</code>
679
679
</em></span>
680
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535108"></a>
680
</p></dd></dl></div></div><div class="section" title="aio write behind (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541080"></a>
681
682
aio write behind (S)
683
</h3></div></div></div><a class="indexterm" name="id2541081"></a><a name="AIOWRITEBEHIND"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support,
684
Samba will not wait until write requests are finished before returning
685
the result to the client for files listed in this parameter.
686
Instead, Samba will immediately return that the write
687
request has been finished successfully, no matter if the
688
operation will succeed or not. This might speed up clients without
689
aio support, but is really dangerous, because data could be lost
690
and files could be damaged.
691
</p><p>
692
The syntax is identical to the <a class="link" href="smb.conf.5.html#VETOFILES" target="_top">veto files</a>
693
parameter.
694
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>aio write behind</code></em> = <code class="literal"></code>
695
</em></span>
696
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>aio write behind</code></em> = <code class="literal">/*.tmp/</code>
697
</em></span>
698
</p></dd></dl></div></div><div class="section" title="aio write size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541159"></a>
681
699
682
700
aio write size (S)
683
</h3></div></div></div><a class="indexterm" name="id2535109"></a><a name="AIOWRITESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
701
</h3></div></div></div><a class="indexterm" name="id2541160"></a><a name="AIOWRITESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
684
702
integer parameter is set to non-zero value,
685
703
Samba will write to file asynchronously when size of request is bigger
686
704
than this value. Note that it happens only for non-chained and non-chaining
691
709
# Use asynchronous I/O for writes bigger than 16KB
692
710
request size</code>
693
711
</em></span>
694
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535193"></a>
712
</p></dd></dl></div></div><div class="section" title="algorithmic rid base (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541245"></a>
695
713
696
714
algorithmic rid base (G)
697
</h3></div></div></div><a class="indexterm" name="id2535194"></a><a name="ALGORITHMICRIDBASE"></a><div class="variablelist"><dl><dt></dt><dd><p>This determines how Samba will use its
715
</h3></div></div></div><a class="indexterm" name="id2541246"></a><a name="ALGORITHMICRIDBASE"></a><div class="variablelist"><dl><dt></dt><dd><p>This determines how Samba will use its
698
716
algorithmic mapping from uids/gid to the RIDs needed to construct
699
717
NT Security Identifiers.
700
718
</p><p>Setting this option to a larger value could be useful to sites
709
727
</em></span>
710
728
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>algorithmic rid base</code></em> = <code class="literal">100000</code>
711
729
</em></span>
712
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535264"></a>
730
</p></dd></dl></div></div><div class="section" title="allocation roundup size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541315"></a>
713
731
714
732
allocation roundup size (S)
715
</h3></div></div></div><a class="indexterm" name="id2535265"></a><a name="ALLOCATIONROUNDUPSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an administrator to tune the
733
</h3></div></div></div><a class="indexterm" name="id2541316"></a><a name="ALLOCATIONROUNDUPSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an administrator to tune the
716
734
allocation size reported to Windows clients. The default
717
735
size of 1Mb generally results in improved Windows client
718
736
performance. However, rounding the allocation size may cause
724
742
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>allocation roundup size</code></em> = <code class="literal">0
725
743
# (to disable roundups)</code>
726
744
</em></span>
727
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535329"></a>
745
</p></dd></dl></div></div><div class="section" title="allow trusted domains (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541379"></a>
728
746
729
747
allow trusted domains (G)
730
</h3></div></div></div><a class="indexterm" name="id2535330"></a><a name="ALLOWTRUSTEDDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p>
748
</h3></div></div></div><a class="indexterm" name="id2541380"></a><a name="ALLOWTRUSTEDDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p>
731
749
This option only takes effect when the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> option is set to
732
750
<code class="constant">server</code>, <code class="constant">domain</code> or <code class="constant">ads</code>.
733
751
If it is set to no, then attempts to connect to a resource from
742
760
Samba server even if they do not have an account in DOMA. This
743
761
can make implementing a security boundary difficult.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>allow trusted domains</code></em> = <code class="literal">yes</code>
744
762
</em></span>
745
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535401"></a>
763
</p></dd></dl></div></div><div class="section" title="announce as (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541452"></a>
746
764
747
765
announce as (G)
748
</h3></div></div></div><a class="indexterm" name="id2535402"></a><a name="ANNOUNCEAS"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what type of server <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse
766
</h3></div></div></div><a class="indexterm" name="id2541453"></a><a name="ANNOUNCEAS"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what type of server <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse
749
767
list. By default this is set to Windows NT. The valid options
750
768
are : "NT Server" (which can also be written as "NT"),
751
769
"NT Workstation", "Win95" or "WfW" meaning Windows NT Server,
757
775
</em></span>
758
776
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>announce as</code></em> = <code class="literal">Win95</code>
759
777
</em></span>
760
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535470"></a>
778
</p></dd></dl></div></div><div class="section" title="announce version (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541521"></a>
761
779
762
780
announce version (G)
763
</h3></div></div></div><a class="indexterm" name="id2535471"></a><a name="ANNOUNCEVERSION"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the major and minor version numbers
781
</h3></div></div></div><a class="indexterm" name="id2541522"></a><a name="ANNOUNCEVERSION"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the major and minor version numbers
764
782
that nmbd will use when announcing itself as a server. The default
765
783
is 4.9. Do not change this parameter unless you have a specific
766
784
need to set a Samba server to be a downlevel server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>announce version</code></em> = <code class="literal">4.9</code>
767
785
</em></span>
768
786
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>announce version</code></em> = <code class="literal">2.0</code>
769
787
</em></span>
770
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535527"></a>
788
</p></dd></dl></div></div><div class="section" title="auth methods (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541578"></a>
771
789
772
790
auth methods (G)
773
</h3></div></div></div><a class="indexterm" name="id2535528"></a><a name="AUTHMETHODS"></a><div class="variablelist"><dl><dt></dt><dd><p>
791
</h3></div></div></div><a class="indexterm" name="id2541579"></a><a name="AUTHMETHODS"></a><div class="variablelist"><dl><dt></dt><dd><p>
774
792
This option allows the administrator to chose what authentication methods <code class="literal">smbd</code>
775
793
will use when authenticating a user. This option defaults to sensible values based on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a>.
776
794
This should be considered a developer option and used only in rare circumstances. In the majority (if not all)
791
809
</em></span>
792
810
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>auth methods</code></em> = <code class="literal">guest sam winbind</code>
793
811
</em></span>
794
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535632"></a>
812
</p></dd></dl></div></div><div class="section" title="available (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541684"></a>
795
813
796
814
available (S)
797
</h3></div></div></div><a class="indexterm" name="id2535633"></a><a name="AVAILABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter lets you "turn off" a service. If
815
</h3></div></div></div><a class="indexterm" name="id2541685"></a><a name="AVAILABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter lets you "turn off" a service. If
798
816
<em class="parameter"><code>available = no</code></em>, then <span class="emphasis"><em>ALL</em></span>
799
817
attempts to connect to the service will fail. Such failures are
800
818
logged.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>available</code></em> = <code class="literal">yes</code>
801
819
</em></span>
802
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535680"></a>
820
</p></dd></dl></div></div><div class="section" title="bind interfaces only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541731"></a>
803
821
804
822
bind interfaces only (G)
805
</h3></div></div></div><a class="indexterm" name="id2535681"></a><a name="BINDINTERFACESONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter allows the Samba admin
823
</h3></div></div></div><a class="indexterm" name="id2541732"></a><a name="BINDINTERFACESONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter allows the Samba admin
806
824
to limit what interfaces on a machine will serve SMB requests. It
807
825
affects file service <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and name service <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> in a slightly different ways.</p><p>
808
826
For name service it causes <code class="literal">nmbd</code> to bind to ports 137 and 138 on the
843
861
from starting/stopping/restarting <code class="literal">smbd</code> and <code class="literal">nmbd</code>.
844
862
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>bind interfaces only</code></em> = <code class="literal">no</code>
845
863
</em></span>
846
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536007"></a>
864
</p></dd></dl></div></div><div class="section" title="blocking locks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542058"></a>
847
865
848
866
blocking locks (S)
849
</h3></div></div></div><a class="indexterm" name="id2536008"></a><a name="BLOCKINGLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior
867
</h3></div></div></div><a class="indexterm" name="id2542059"></a><a name="BLOCKINGLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior
850
868
of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when given a request by a client
851
869
to obtain a byte range lock on a region of an open file, and the
852
870
request has a time limit associated with it.</p><p>If this parameter is set and the lock range requested
857
875
will fail the lock request immediately if the lock range
858
876
cannot be obtained.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>blocking locks</code></em> = <code class="literal">yes</code>
859
877
</em></span>
860
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536071"></a>
878
</p></dd></dl></div></div><div class="section" title="block size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542122"></a>
861
879
862
880
block size (S)
863
</h3></div></div></div><a class="indexterm" name="id2536072"></a><a name="BLOCKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when reporting disk free
881
</h3></div></div></div><a class="indexterm" name="id2542124"></a><a name="BLOCKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when reporting disk free
864
882
sizes. By default, this reports a disk block size of 1024 bytes.
865
883
</p><p>Changing this parameter may have some effect on the
866
884
efficiency of client writes, this is not yet confirmed. This
874
892
</em></span>
875
893
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>block size</code></em> = <code class="literal">4096</code>
876
894
</em></span>
877
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536149"></a>
895
</p></dd></dl></div></div><div class="section" title="browsable"><div class="titlepage"><div><div><h3 class="title"><a name="id2542200"></a>
878
896
879
897
<a name="BROWSABLE"></a>browsable
880
</h3></div></div></div><a class="indexterm" name="id2536150"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#BROWSEABLE">browseable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536176"></a>
898
</h3></div></div></div><a class="indexterm" name="id2542202"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#BROWSEABLE">browseable</a>.</p></dd></dl></div></div><div class="section" title="browseable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542227"></a>
881
899
882
900
browseable (S)
883
</h3></div></div></div><a class="indexterm" name="id2536177"></a><a name="BROWSEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether this share is seen in
901
</h3></div></div></div><a class="indexterm" name="id2542228"></a><a name="BROWSEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether this share is seen in
884
902
the list of available shares in a net view and in the browse list.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browseable</code></em> = <code class="literal">yes</code>
885
903
</em></span>
886
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536215"></a>
904
</p></dd></dl></div></div><div class="section" title="browse list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542266"></a>
887
905
888
906
browse list (G)
889
</h3></div></div></div><a class="indexterm" name="id2536216"></a><a name="BROWSELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will serve a browse list to
907
</h3></div></div></div><a class="indexterm" name="id2542267"></a><a name="BROWSELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will serve a browse list to
890
908
a client doing a <code class="literal">NetServerEnum</code> call. Normally
891
909
set to <code class="constant">yes</code>. You should never need to change
892
910
this.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browse list</code></em> = <code class="literal">yes</code>
893
911
</em></span>
894
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536269"></a>
912
</p></dd></dl></div></div><div class="section" title="cache directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542321"></a>
913
914
cache directory (G)
915
</h3></div></div></div><a class="indexterm" name="id2542322"></a><a name="CACHEDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>Usually, most of the TDB files are stored in the <em class="parameter"><code>lock directory</code></em>. Since Samba 3.4.0, it is
916
possible to differentiate between TDB files with persistent data and
917
TDB files with non-persistent data using the
918
<em class="parameter"><code>state directory</code></em> and the
919
<em class="parameter"><code>cache directory</code></em> options.
920
</p><p> This option specifies the directory where TDB files containing
921
non-persistent data will be stored.
922
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>cache directory</code></em> = <code class="literal">${prefix}/var/locks</code>
923
</em></span>
924
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cache directory</code></em> = <code class="literal">/var/run/samba/locks/cache</code>
925
</em></span>
926
</p></dd></dl></div></div><div class="section" title="casesignames"><div class="titlepage"><div><div><h3 class="title"><a name="id2542397"></a>
895
927
896
928
<a name="CASESIGNAMES"></a>casesignames
897
</h3></div></div></div><a class="indexterm" name="id2536270"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CASESENSITIVE">case sensitive</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536296"></a>
929
</h3></div></div></div><a class="indexterm" name="id2542398"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CASESENSITIVE">case sensitive</a>.</p></dd></dl></div></div><div class="section" title="case sensitive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542424"></a>
898
930
899
931
case sensitive (S)
900
</h3></div></div></div><a class="indexterm" name="id2536297"></a><a name="CASESENSITIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the discussion in the section <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = <code class="literal">no</code>
932
</h3></div></div></div><a class="indexterm" name="id2542425"></a><a name="CASESENSITIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the discussion in the section <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = <code class="literal">no</code>
901
933
</em></span>
902
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536343"></a>
934
</p></dd></dl></div></div><div class="section" title="change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542471"></a>
903
935
904
936
change notify (S)
905
</h3></div></div></div><a class="indexterm" name="id2536344"></a><a name="CHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should reply
937
</h3></div></div></div><a class="indexterm" name="id2542472"></a><a name="CHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should reply
906
938
to a client's file change notify requests.
907
939
</p><p>You should never need to change this parameter</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>change notify</code></em> = <code class="literal">yes</code>
908
940
</em></span>
909
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536386"></a>
941
</p></dd></dl></div></div><div class="section" title="change share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542514"></a>
910
942
911
943
change share command (G)
912
</h3></div></div></div><a class="indexterm" name="id2536387"></a><a name="CHANGESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
944
</h3></div></div></div><a class="indexterm" name="id2542515"></a><a name="CHANGESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
913
945
Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
914
946
Manager. The <em class="parameter"><code>change share command</code></em> is used to define an external
915
947
program or script which will modify an existing service definition in <code class="filename">smb.conf</code>.
924
956
</p><p>
925
957
When executed, <code class="literal">smbd</code> will automatically invoke the
926
958
<em class="parameter"><code>change share command</code></em> with five parameters.
927
</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>configFile</code></em> - the location
959
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>configFile</code></em> - the location
928
960
of the global <code class="filename">smb.conf</code> file.
929
</p></li><li><p><em class="parameter"><code>shareName</code></em> - the name of the new
961
</p></li><li class="listitem"><p><em class="parameter"><code>shareName</code></em> - the name of the new
930
962
share.
931
</p></li><li><p><em class="parameter"><code>pathName</code></em> - path to an **existing**
963
</p></li><li class="listitem"><p><em class="parameter"><code>pathName</code></em> - path to an **existing**
932
964
directory on disk.
933
</p></li><li><p><em class="parameter"><code>comment</code></em> - comment string to associate
965
</p></li><li class="listitem"><p><em class="parameter"><code>comment</code></em> - comment string to associate
934
966
with the new share.
935
</p></li><li><p><em class="parameter"><code>max
967
</p></li><li class="listitem"><p><em class="parameter"><code>max
936
968
connections</code></em>
937
969
Number of maximum simultaneous connections to this
938
970
share.
944
976
</em></span>
945
977
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>change share command</code></em> = <code class="literal">/usr/local/bin/changeshare</code>
946
978
</em></span>
947
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536564"></a>
979
</p></dd></dl></div></div><div class="section" title="check password script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542692"></a>
948
980
949
981
check password script (G)
950
</h3></div></div></div><a class="indexterm" name="id2536565"></a><a name="CHECKPASSWORDSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to check password
982
</h3></div></div></div><a class="indexterm" name="id2542693"></a><a name="CHECKPASSWORDSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to check password
951
983
complexity. The password is sent to the program's standard input.</p><p>The program must return 0 on a good password, or any other value
952
984
if the password is bad.
953
985
In case the password is considered weak (the program does not return 0) the
956
988
</em></span>
957
989
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>check password script</code></em> = <code class="literal">/usr/local/sbin/crackcheck</code>
958
990
</em></span>
959
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536638"></a>
991
</p></dd></dl></div></div><div class="section" title="client lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542766"></a>
960
992
961
993
client lanman auth (G)
962
</h3></div></div></div><a class="indexterm" name="id2536639"></a><a name="CLIENTLANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba client
994
</h3></div></div></div><a class="indexterm" name="id2542767"></a><a name="CLIENTLANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba client
963
995
tools will attempt to authenticate itself to servers using the
964
996
weaker LANMAN password hash. If disabled, only server which support NT
965
997
password hashes (e.g. Windows NT/2000, Samba, etc... but not
970
1002
auth</code> parameter is enabled, then only NTLMv2 logins will be
971
1003
attempted.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client lanman auth</code></em> = <code class="literal">no</code>
972
1004
</em></span>
973
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536714"></a>
1005
</p></dd></dl></div></div><div class="section" title="client ldap sasl wrapping (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542842"></a>
974
1006
975
1007
client ldap sasl wrapping (G)
976
</h3></div></div></div><a class="indexterm" name="id2536715"></a><a name="CLIENTLDAPSASLWRAPPING"></a><div class="variablelist"><dl><dt></dt><dd><p>
1008
</h3></div></div></div><a class="indexterm" name="id2542843"></a><a name="CLIENTLDAPSASLWRAPPING"></a><div class="variablelist"><dl><dt></dt><dd><p>
977
1009
The <a class="link" href="smb.conf.5.html#CLIENTLDAPSASLWRAPPING" target="_top">client ldap sasl wrapping</a> defines whether
978
1010
ldap traffic will be signed or signed and encrypted (sealed).
979
1011
Possible values are <span class="emphasis"><em>plain</em></span>, <span class="emphasis"><em>sign</em></span>
1001
1033
<span class="emphasis"><em>seal</em></span>.
1002
1034
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ldap sasl wrapping</code></em> = <code class="literal">plain</code>
1003
1035
</em></span>
1004
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536829"></a>
1036
</p></dd></dl></div></div><div class="section" title="client ntlmv2 auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542957"></a>
1005
1037
1006
1038
client ntlmv2 auth (G)
1007
</h3></div></div></div><a class="indexterm" name="id2536830"></a><a name="CLIENTNTLMV2AUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to
1039
</h3></div></div></div><a class="indexterm" name="id2542958"></a><a name="CLIENTNTLMV2AUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to
1008
1040
authenticate itself to servers using the NTLMv2 encrypted password
1009
1041
response.</p><p>If enabled, only an NTLMv2 and LMv2 response (both much more
1010
1042
secure than earlier versions) will be sent. Many servers
1016
1048
those following 'best practice' security polices) only allow NTLMv2
1017
1049
responses, and not the weaker LM or NTLM.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ntlmv2 auth</code></em> = <code class="literal">no</code>
1018
1050
</em></span>
1019
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536917"></a>
1051
</p></dd></dl></div></div><div class="section" title="client plaintext auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543045"></a>
1020
1052
1021
1053
client plaintext auth (G)
1022
</h3></div></div></div><a class="indexterm" name="id2536918"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext
1054
</h3></div></div></div><a class="indexterm" name="id2543046"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext
1023
1055
password if the server does not support encrypted passwords.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client plaintext auth</code></em> = <code class="literal">no</code>
1024
1056
</em></span>
1025
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536956"></a>
1057
</p></dd></dl></div></div><div class="section" title="client schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543084"></a>
1026
1058
1027
1059
client schannel (G)
1028
</h3></div></div></div><a class="indexterm" name="id2536957"></a><a name="CLIENTSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
1060
</h3></div></div></div><a class="indexterm" name="id2543085"></a><a name="CLIENTSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
1029
1061
This controls whether the client offers or even demands the use of the netlogon schannel.
1030
1062
<a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" target="_top">client schannel = no</a> does not offer the schannel,
1031
1063
<a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" target="_top">client schannel = auto</a> offers the schannel but does not
1035
1067
</em></span>
1036
1068
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>client schannel</code></em> = <code class="literal">yes</code>
1037
1069
</em></span>
1038
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537040"></a>
1070
</p></dd></dl></div></div><div class="section" title="client signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543168"></a>
1039
1071
1040
1072
client signing (G)
1041
</h3></div></div></div><a class="indexterm" name="id2537041"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
1073
</h3></div></div></div><a class="indexterm" name="id2543169"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
1042
1074
are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
1043
1075
and <span class="emphasis"><em>disabled</em></span>.
1044
1076
</p><p>When set to auto, SMB signing is offered, but not enforced.
1046
1078
to disabled, SMB signing is not offered either.
1047
1079
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client signing</code></em> = <code class="literal">auto</code>
1048
1080
</em></span>
1049
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537094"></a>
1081
</p></dd></dl></div></div><div class="section" title="client use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543222"></a>
1050
1082
1051
1083
client use spnego (G)
1052
</h3></div></div></div><a class="indexterm" name="id2537096"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try
1084
</h3></div></div></div><a class="indexterm" name="id2543224"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try
1053
1085
to use Simple and Protected NEGOciation (as specified by rfc2478) with
1054
1086
supporting servers (including WindowsXP, Windows2000 and Samba
1055
1087
3.0) to agree upon an authentication
1056
1088
mechanism. This enables Kerberos authentication in particular.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client use spnego</code></em> = <code class="literal">yes</code>
1057
1089
</em></span>
1058
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537136"></a>
1090
</p></dd></dl></div></div><div class="section" title="cluster addresses (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543264"></a>
1059
1091
1060
1092
cluster addresses (G)
1061
</h3></div></div></div><a class="indexterm" name="id2537138"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses
1093
</h3></div></div></div><a class="indexterm" name="id2543266"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses
1062
1094
nmbd will register with a WINS server. These addresses are not
1063
1095
necessarily present on all nodes simultaneously, but they will
1064
1096
be registered with the WINS server so that clients can contact
1067
1099
</em></span>
1068
1100
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cluster addresses</code></em> = <code class="literal">10.0.0.1 10.0.0.2 10.0.0.3</code>
1069
1101
</em></span>
1070
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537192"></a>
1102
</p></dd></dl></div></div><div class="section" title="clustering (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543320"></a>
1071
1103
1072
1104
clustering (G)
1073
</h3></div></div></div><a class="indexterm" name="id2537194"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact
1105
</h3></div></div></div><a class="indexterm" name="id2543322"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact
1074
1106
ctdb for accessing its tdb files and use ctdb as a backend
1075
1107
for its messaging backend.
1076
1108
</p><p>Set this parameter to <code class="literal">yes</code> only if
1077
1109
you have a cluster setup with ctdb running.
1078
1110
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>clustering</code></em> = <code class="literal">no</code>
1079
1111
</em></span>
1080
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537241"></a>
1112
</p></dd></dl></div></div><div class="section" title="comment (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543369"></a>
1081
1113
1082
1114
comment (S)
1083
</h3></div></div></div><a class="indexterm" name="id2537242"></a><a name="COMMENT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a text field that is seen next to a share
1115
</h3></div></div></div><a class="indexterm" name="id2543370"></a><a name="COMMENT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a text field that is seen next to a share
1084
1116
when a client does a queries the server, either via the network
1085
1117
neighborhood or via <code class="literal">net view</code> to list what shares
1086
1118
are available.</p><p>If you want to set the string that is displayed next to the
1089
1121
</em></span>
1090
1122
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>comment</code></em> = <code class="literal">Fred's Files</code>
1091
1123
</em></span>
1092
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537316"></a>
1124
</p></dd></dl></div></div><div class="section" title="config backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543444"></a>
1093
1125
1094
1126
config backend (G)
1095
</h3></div></div></div><a class="indexterm" name="id2537317"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1127
</h3></div></div></div><a class="indexterm" name="id2543445"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1096
1128
This controls the backend for storing the configuration.
1097
1129
Possible values are <span class="emphasis"><em>file</em></span> (the default)
1098
1130
and <span class="emphasis"><em>registry</em></span>.
1110
1142
</em></span>
1111
1143
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>config backend</code></em> = <code class="literal">registry</code>
1112
1144
</em></span>
1113
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537405"></a>
1145
</p></dd></dl></div></div><div class="section" title="config file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543533"></a>
1114
1146
1115
1147
config file (G)
1116
</h3></div></div></div><a class="indexterm" name="id2537406"></a><a name="CONFIGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the config file
1148
</h3></div></div></div><a class="indexterm" name="id2543534"></a><a name="CONFIGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the config file
1117
1149
to use, instead of the default (usually <code class="filename">smb.conf</code>).
1118
1150
There is a chicken and egg problem here as this option is set
1119
1151
in the config file!</p><p>For this reason, if the name of the config file has changed
1123
1155
(allowing you to special case the config files of just a few
1124
1156
clients).</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>config file</code></em> = <code class="literal">/usr/local/samba/lib/smb.conf.%m</code>
1125
1157
</em></span>
1126
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537470"></a>
1158
</p></dd></dl></div></div><div class="section" title="copy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543598"></a>
1127
1159
1128
1160
copy (S)
1129
</h3></div></div></div><a class="indexterm" name="id2537471"></a><a name="COPY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows you to "clone" service
1161
</h3></div></div></div><a class="indexterm" name="id2543599"></a><a name="COPY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows you to "clone" service
1130
1162
entries. The specified service is simply duplicated under the
1131
1163
current service's name. Any parameters specified in the current
1132
1164
section will override those in the section being copied.</p><p>This feature lets you set up a 'template' service and
1136
1168
</em></span>
1137
1169
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>copy</code></em> = <code class="literal">otherservice</code>
1138
1170
</em></span>
1139
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537532"></a>
1171
</p></dd></dl></div></div><div class="section" title="create mode"><div class="titlepage"><div><div><h3 class="title"><a name="id2543660"></a>
1140
1172
1141
1173
<a name="CREATEMODE"></a>create mode
1142
</h3></div></div></div><a class="indexterm" name="id2537534"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CREATEMASK">create mask</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537559"></a>
1174
</h3></div></div></div><a class="indexterm" name="id2543662"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CREATEMASK">create mask</a>.</p></dd></dl></div></div><div class="section" title="create mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543687"></a>
1143
1175
1144
1176
create mask (S)
1145
</h3></div></div></div><a class="indexterm" name="id2537560"></a><a name="CREATEMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
1177
</h3></div></div></div><a class="indexterm" name="id2543688"></a><a name="CREATEMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
1146
1178
When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to
1147
1179
UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may
1148
1180
be thought of as a bit-wise MASK for the UNIX modes of a file. Any bit <span class="emphasis"><em>not</em></span> set here will
1163
1195
</em></span>
1164
1196
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>create mask</code></em> = <code class="literal">0775</code>
1165
1197
</em></span>
1166
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537681"></a>
1198
</p></dd></dl></div></div><div class="section" title="csc policy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543809"></a>
1167
1199
1168
1200
csc policy (S)
1169
</h3></div></div></div><a class="indexterm" name="id2537682"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p>
1201
</h3></div></div></div><a class="indexterm" name="id2543810"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p>
1170
1202
This stands for <span class="emphasis"><em>client-side caching policy</em></span>, and specifies how clients capable of offline
1171
1203
caching will cache the files in the share. The valid values are: manual, documents, programs, disable.
1172
1204
</p><p>
1178
1210
</em></span>
1179
1211
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>csc policy</code></em> = <code class="literal">programs</code>
1180
1212
</em></span>
1181
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537756"></a>
1213
</p></dd></dl></div></div><div class="section" title="ctdbd socket (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543884"></a>
1182
1214
1183
1215
ctdbd socket (G)
1184
</h3></div></div></div><a class="indexterm" name="id2537757"></a><a name="CTDBDSOCKET"></a><div class="variablelist"><dl><dt></dt><dd><p>If you set <code class="literal">clustering=yes</code>,
1216
</h3></div></div></div><a class="indexterm" name="id2543885"></a><a name="CTDBDSOCKET"></a><div class="variablelist"><dl><dt></dt><dd><p>If you set <code class="literal">clustering=yes</code>,
1185
1217
you need to tell Samba where ctdbd listens on its unix domain
1186
1218
socket. The default path as of ctdb 1.0 is /tmp/ctdb.socket which
1187
1219
you have to explicitly set for Samba in smb.conf.
1189
1221
</em></span>
1190
1222
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ctdbd socket</code></em> = <code class="literal">/tmp/ctdb.socket</code>
1191
1223
</em></span>
1192
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537816"></a>
1224
</p></dd></dl></div></div><div class="section" title="cups connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543944"></a>
1193
1225
1194
1226
cups connection timeout (G)
1195
</h3></div></div></div><a class="indexterm" name="id2537817"></a><a name="CUPSCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
1227
</h3></div></div></div><a class="indexterm" name="id2543945"></a><a name="CUPSCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
1196
1228
This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">cups</code>.
1197
1229
</p><p>
1198
1230
If set, this option specifies the number of seconds that smbd will wait
1202
1234
</em></span>
1203
1235
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups connection timeout</code></em> = <code class="literal">60</code>
1204
1236
</em></span>
1205
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537888"></a>
1237
</p></dd></dl></div></div><div class="section" title="cups options (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544016"></a>
1206
1238
1207
1239
cups options (S)
1208
</h3></div></div></div><a class="indexterm" name="id2537889"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1240
</h3></div></div></div><a class="indexterm" name="id2544017"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1209
1241
This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is
1210
1242
set to <code class="constant">cups</code>. Its value is a free form string of options
1211
1243
passed directly to the cups library.
1227
1259
</em></span>
1228
1260
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups options</code></em> = <code class="literal">"raw media=a4"</code>
1229
1261
</em></span>
1230
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537986"></a>
1262
</p></dd></dl></div></div><div class="section" title="cups server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2487373"></a>
1231
1263
1232
1264
cups server (G)
1233
</h3></div></div></div><a class="indexterm" name="id2537987"></a><a name="CUPSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
1265
</h3></div></div></div><a class="indexterm" name="id2487374"></a><a name="CUPSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
1234
1266
This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">cups</code>.
1235
1267
</p><p>
1236
1268
If set, this option overrides the ServerName option in the CUPS <code class="filename">client.conf</code>. This is
1244
1276
</em></span>
1245
1277
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups server</code></em> = <code class="literal">mycupsserver:1631</code>
1246
1278
</em></span>
1247
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538084"></a>
1279
</p></dd></dl></div></div><div class="section" title="deadtime (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544360"></a>
1248
1280
1249
1281
deadtime (G)
1250
</h3></div></div></div><a class="indexterm" name="id2538085"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer)
1282
</h3></div></div></div><a class="indexterm" name="id2544361"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer)
1251
1283
represents the number of minutes of inactivity before a connection
1252
1284
is considered dead, and it is disconnected. The deadtime only takes
1253
1285
effect if the number of open files is zero.</p><p>This is useful to stop a server's resources being
1259
1291
</em></span>
1260
1292
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deadtime</code></em> = <code class="literal">15</code>
1261
1293
</em></span>
1262
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538161"></a>
1294
</p></dd></dl></div></div><div class="section" title="debug class (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544437"></a>
1263
1295
1264
1296
debug class (G)
1265
</h3></div></div></div><a class="indexterm" name="id2538162"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1297
</h3></div></div></div><a class="indexterm" name="id2544438"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1266
1298
With this boolean parameter enabled, the debug class (DBGC_CLASS)
1267
1299
will be displayed in the debug header.
1268
1300
</p><p>
1270
1302
section about <a class="link" href="smb.conf.5.html#LOGLEVEL" target="_top">log level</a>.
1271
1303
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug class</code></em> = <code class="literal">no</code>
1272
1304
</em></span>
1273
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538212"></a>
1305
</p></dd></dl></div></div><div class="section" title="debug hires timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544488"></a>
1274
1306
1275
1307
debug hires timestamp (G)
1276
</h3></div></div></div><a class="indexterm" name="id2538213"></a><a name="DEBUGHIRESTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
1308
</h3></div></div></div><a class="indexterm" name="id2544489"></a><a name="DEBUGHIRESTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
1277
1309
Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this
1278
1310
boolean parameter adds microsecond resolution to the timestamp message header when turned on.
1279
1311
</p><p>
1280
1312
Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> must be on for this to have an effect.
1281
1313
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug hires timestamp</code></em> = <code class="literal">no</code>
1282
1314
</em></span>
1283
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538267"></a>
1315
</p></dd></dl></div></div><div class="section" title="debug pid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544543"></a>
1284
1316
1285
1317
debug pid (G)
1286
</h3></div></div></div><a class="indexterm" name="id2538268"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1318
</h3></div></div></div><a class="indexterm" name="id2544544"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1287
1319
When using only one log file for more then one forked <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>-process there may be hard to follow which process outputs which
1288
1320
message. This boolean parameter is adds the process-id to the timestamp message headers in the
1289
1321
logfile when turned on.
1291
1323
Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> must be on for this to have an effect.
1292
1324
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug pid</code></em> = <code class="literal">no</code>
1293
1325
</em></span>
1294
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538329"></a>
1326
</p></dd></dl></div></div><div class="section" title="debug prefix timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544605"></a>
1295
1327
1296
1328
debug prefix timestamp (G)
1297
</h3></div></div></div><a class="indexterm" name="id2538330"></a><a name="DEBUGPREFIXTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
1329
</h3></div></div></div><a class="indexterm" name="id2544606"></a><a name="DEBUGPREFIXTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
1298
1330
With this option enabled, the timestamp message header is prefixed to the debug message without the
1299
1331
filename and function information that is included with the <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a>
1300
1332
parameter. This gives timestamps to the messages without adding an additional line.
1302
1334
Note that this parameter overrides the <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> parameter.
1303
1335
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug prefix timestamp</code></em> = <code class="literal">no</code>
1304
1336
</em></span>
1305
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538392"></a>
1337
</p></dd></dl></div></div><div class="section" title="timestamp logs"><div class="titlepage"><div><div><h3 class="title"><a name="id2544668"></a>
1306
1338
1307
1339
<a name="TIMESTAMPLOGS"></a>timestamp logs
1308
</h3></div></div></div><a class="indexterm" name="id2538393"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEBUGTIMESTAMP">debug timestamp</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538419"></a>
1340
</h3></div></div></div><a class="indexterm" name="id2544669"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEBUGTIMESTAMP">debug timestamp</a>.</p></dd></dl></div></div><div class="section" title="debug timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544695"></a>
1309
1341
1310
1342
debug timestamp (G)
1311
</h3></div></div></div><a class="indexterm" name="id2538420"></a><a name="DEBUGTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
1343
</h3></div></div></div><a class="indexterm" name="id2544696"></a><a name="DEBUGTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
1312
1344
Samba debug log messages are timestamped by default. If you are running at a high
1313
1345
<a class="link" href="smb.conf.5.html#DEBUGLEVEL" target="_top">debug level</a> these timestamps can be distracting. This
1314
1346
boolean parameter allows timestamping to be turned off.
1315
1347
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug timestamp</code></em> = <code class="literal">yes</code>
1316
1348
</em></span>
1317
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538468"></a>
1349
</p></dd></dl></div></div><div class="section" title="debug uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544743"></a>
1318
1350
1319
1351
debug uid (G)
1320
</h3></div></div></div><a class="indexterm" name="id2538469"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1352
</h3></div></div></div><a class="indexterm" name="id2544744"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1321
1353
Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the
1322
1354
current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.
1323
1355
</p><p>
1324
1356
Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> must be on for this to have an effect.
1325
1357
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug uid</code></em> = <code class="literal">no</code>
1326
1358
</em></span>
1327
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538521"></a>
1359
</p></dd></dl></div></div><div class="section" title="dedicated keytab file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544797"></a>
1328
1360
1329
1361
dedicated keytab file (G)
1330
</h3></div></div></div><a class="indexterm" name="id2538522"></a><a name="DEDICATEDKEYTABFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
1362
</h3></div></div></div><a class="indexterm" name="id2544798"></a><a name="DEDICATEDKEYTABFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
1331
1363
Specifies the path to the kerberos keytab file when
1332
1364
<a class="link" href="smb.conf.5.html#KERBEROSMETHOD" target="_top">kerberos method</a> is set to "dedicated
1333
1365
keytab".
1335
1367
</em></span>
1336
1368
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dedicated keytab file</code></em> = <code class="literal">/usr/local/etc/krb5.keytab</code>
1337
1369
</em></span>
1338
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538584"></a>
1370
</p></dd></dl></div></div><div class="section" title="default case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544860"></a>
1339
1371
1340
1372
default case (S)
1341
</h3></div></div></div><a class="indexterm" name="id2538585"></a><a name="DEFAULTCASE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.
1373
</h3></div></div></div><a class="indexterm" name="id2544861"></a><a name="DEFAULTCASE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.
1342
1374
Also note the <a class="link" href="smb.conf.5.html#SHORTPRESERVECASE" target="_top">short preserve case</a> parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default case</code></em> = <code class="literal">lower</code>
1343
1375
</em></span>
1344
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538638"></a>
1376
</p></dd></dl></div></div><div class="section" title="default devmode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544914"></a>
1345
1377
1346
1378
default devmode (S)
1347
</h3></div></div></div><a class="indexterm" name="id2538639"></a><a name="DEFAULTDEVMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only applicable to <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable</a> services.
1379
</h3></div></div></div><a class="indexterm" name="id2544915"></a><a name="DEFAULTDEVMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only applicable to <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable</a> services.
1348
1380
When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
1349
1381
server has a Device Mode which defines things such as paper size and
1350
1382
orientation and duplex settings. The device mode can only correctly be
1367
1399
see the <a class="ulink" href="http://msdn.microsoft.com/" target="_top">MSDN documentation</a>.
1368
1400
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default devmode</code></em> = <code class="literal">yes</code>
1369
1401
</em></span>
1370
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538726"></a>
1402
</p></dd></dl></div></div><div class="section" title="default"><div class="titlepage"><div><div><h3 class="title"><a name="id2545002"></a>
1371
1403
1372
1404
<a name="DEFAULT"></a>default
1373
</h3></div></div></div><a class="indexterm" name="id2538727"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEFAULTSERVICE">default service</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538753"></a>
1405
</h3></div></div></div><a class="indexterm" name="id2545003"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEFAULTSERVICE">default service</a>.</p></dd></dl></div></div><div class="section" title="default service (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545029"></a>
1374
1406
1375
1407
default service (G)
1376
</h3></div></div></div><a class="indexterm" name="id2538754"></a><a name="DEFAULTSERVICE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a service
1408
</h3></div></div></div><a class="indexterm" name="id2545030"></a><a name="DEFAULTSERVICE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a service
1377
1409
which will be connected to if the service actually requested cannot
1378
1410
be found. Note that the square brackets are <span class="emphasis"><em>NOT</em></span>
1379
1411
given in the parameter value (see example below).</p><p>There is no default value for this parameter. If this
1387
1419
</em></span>
1388
1420
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>default service</code></em> = <code class="literal">pub</code>
1389
1421
</em></span>
1390
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538854"></a>
1422
</p></dd></dl></div></div><div class="section" title="defer sharing violations (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545130"></a>
1391
1423
1392
1424
defer sharing violations (G)
1393
</h3></div></div></div><a class="indexterm" name="id2538855"></a><a name="DEFERSHARINGVIOLATIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1425
</h3></div></div></div><a class="indexterm" name="id2545131"></a><a name="DEFERSHARINGVIOLATIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1394
1426
Windows allows specifying how a file will be shared with
1395
1427
other processes when it is opened. Sharing violations occur when
1396
1428
a file is opened by a different process using options that violate
1403
1435
designed to enable Samba to more correctly emulate Windows.
1404
1436
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>defer sharing violations</code></em> = <code class="literal">True</code>
1405
1437
</em></span>
1406
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538909"></a>
1438
</p></dd></dl></div></div><div class="section" title="delete group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545185"></a>
1407
1439
1408
1440
delete group script (G)
1409
</h3></div></div></div><a class="indexterm" name="id2538910"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
1441
</h3></div></div></div><a class="indexterm" name="id2545186"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
1410
1442
be run <span class="emphasis"><em>AS ROOT</em></span> <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a group is requested to be deleted.
1411
1443
It will expand any <em class="parameter"><code>%g</code></em> to the group name passed.
1412
1444
This script is only useful for installations using the Windows NT domain administration tools.
1413
1445
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete group script</code></em> = <code class="literal"></code>
1414
1446
</em></span>
1415
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538965"></a>
1447
</p></dd></dl></div></div><div class="section" title="deleteprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545241"></a>
1416
1448
1417
1449
deleteprinter command (G)
1418
</h3></div></div></div><a class="indexterm" name="id2538966"></a><a name="DELETEPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printer
1450
</h3></div></div></div><a class="indexterm" name="id2545242"></a><a name="DELETEPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printer
1419
1451
support for Windows NT/2000 clients in Samba 2.2, it is now
1420
1452
possible to delete a printer at run time by issuing the
1421
1453
DeletePrinter() RPC call.</p><p>For a Samba host this means that the printer must be
1433
1465
</em></span>
1434
1466
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deleteprinter command</code></em> = <code class="literal">/usr/bin/removeprinter</code>
1435
1467
</em></span>
1436
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539093"></a>
1468
</p></dd></dl></div></div><div class="section" title="delete readonly (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545369"></a>
1437
1469
1438
1470
delete readonly (S)
1439
</h3></div></div></div><a class="indexterm" name="id2539094"></a><a name="DELETEREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows readonly files to be deleted.
1471
</h3></div></div></div><a class="indexterm" name="id2545370"></a><a name="DELETEREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows readonly files to be deleted.
1440
1472
This is not normal DOS semantics, but is allowed by UNIX.</p><p>This option may be useful for running applications such
1441
1473
as rcs, where UNIX file ownership prevents changing file
1442
1474
permissions, and DOS semantics prevent deletion of a read only file.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete readonly</code></em> = <code class="literal">no</code>
1443
1475
</em></span>
1444
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539138"></a>
1476
</p></dd></dl></div></div><div class="section" title="delete share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545414"></a>
1445
1477
1446
1478
delete share command (G)
1447
</h3></div></div></div><a class="indexterm" name="id2539139"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1479
</h3></div></div></div><a class="indexterm" name="id2545415"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1448
1480
Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
1449
1481
Manager. The <em class="parameter"><code>delete share command</code></em> is used to define an external
1450
1482
program or script which will remove an existing service definition from
1459
1491
</p><p>
1460
1492
When executed, <code class="literal">smbd</code> will automatically invoke the
1461
1493
<em class="parameter"><code>delete share command</code></em> with two parameters.
1462
</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>configFile</code></em> - the location
1494
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>configFile</code></em> - the location
1463
1495
of the global <code class="filename">smb.conf</code> file.
1464
</p></li><li><p><em class="parameter"><code>shareName</code></em> - the name of
1496
</p></li><li class="listitem"><p><em class="parameter"><code>shareName</code></em> - the name of
1465
1497
the existing service.
1466
1498
</p></li></ul></div><p>
1467
1499
This parameter is only used to remove file shares. To delete printer shares,
1470
1502
</em></span>
1471
1503
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete share command</code></em> = <code class="literal">/usr/local/bin/delshare</code>
1472
1504
</em></span>
1473
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539290"></a>
1505
</p></dd></dl></div></div><div class="section" title="delete user from group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545566"></a>
1474
1506
1475
1507
delete user from group script (G)
1476
</h3></div></div></div><a class="indexterm" name="id2539291"></a><a name="DELETEUSERFROMGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Full path to the script that will be called when
1508
</h3></div></div></div><a class="indexterm" name="id2545567"></a><a name="DELETEUSERFROMGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Full path to the script that will be called when
1477
1509
a user is removed from a group using the Windows NT domain administration
1478
1510
tools. It will be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> <span class="emphasis"><em>AS ROOT</em></span>.
1479
1511
Any <em class="parameter"><code>%g</code></em> will be replaced with the group name and
1482
1514
</em></span>
1483
1515
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete user from group script</code></em> = <code class="literal">/usr/sbin/deluser %u %g</code>
1484
1516
</em></span>
1485
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539369"></a>
1517
</p></dd></dl></div></div><div class="section" title="delete user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545645"></a>
1486
1518
1487
1519
delete user script (G)
1488
</h3></div></div></div><a class="indexterm" name="id2539370"></a><a name="DELETEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
1520
</h3></div></div></div><a class="indexterm" name="id2545646"></a><a name="DELETEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
1489
1521
be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when managing users
1490
1522
with remote RPC (NT) tools.
1491
1523
</p><p>This script is called when a remote client removes a user
1494
1526
</em></span>
1495
1527
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete user script</code></em> = <code class="literal">/usr/local/samba/bin/del_user %u</code>
1496
1528
</em></span>
1497
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539446"></a>
1529
</p></dd></dl></div></div><div class="section" title="delete veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545722"></a>
1498
1530
1499
1531
delete veto files (S)
1500
</h3></div></div></div><a class="indexterm" name="id2539447"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to
1532
</h3></div></div></div><a class="indexterm" name="id2545723"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to
1501
1533
delete a directory that contains one or more vetoed directories
1502
1534
(see the <a class="link" href="smb.conf.5.html#VETOFILES" target="_top">veto files</a>
1503
1535
option). If this option is set to <code class="constant">no</code> (the default) then if a vetoed
1511
1543
directories to be transparently deleted when the parent directory
1512
1544
is deleted (so long as the user has permissions to do so).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete veto files</code></em> = <code class="literal">no</code>
1513
1545
</em></span>
1514
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539531"></a>
1546
</p></dd></dl></div></div><div class="section" title="dfree cache time (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545807"></a>
1515
1547
1516
1548
dfree cache time (S)
1517
</h3></div></div></div><a class="indexterm" name="id2539532"></a><a name="DFREECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
1549
</h3></div></div></div><a class="indexterm" name="id2545808"></a><a name="DFREECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
1518
1550
The <em class="parameter"><code>dfree cache time</code></em> should only be used on systems where a problem
1519
1551
occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur
1520
1552
with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore" at the
1527
1559
By default this parameter is zero, meaning no caching will be done.
1528
1560
</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree cache time</code></em> = <code class="literal">dfree cache time = 60</code>
1529
1561
</em></span>
1530
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539604"></a>
1562
</p></dd></dl></div></div><div class="section" title="dfree command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545880"></a>
1531
1563
1532
1564
dfree command (S)
1533
</h3></div></div></div><a class="indexterm" name="id2539605"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1565
</h3></div></div></div><a class="indexterm" name="id2545881"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1534
1566
The <em class="parameter"><code>dfree command</code></em> setting should only be used on systems where a
1535
1567
problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may
1536
1568
occur with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore"
1568
1600
By default internal routines for determining the disk capacity and remaining space will be used.
1569
1601
</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree command</code></em> = <code class="literal">/usr/local/samba/bin/dfree</code>
1570
1602
</em></span>
1571
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539726"></a>
1603
</p></dd></dl></div></div><div class="section" title="directory mode"><div class="titlepage"><div><div><h3 class="title"><a name="id2546001"></a>
1572
1604
1573
1605
<a name="DIRECTORYMODE"></a>directory mode
1574
</h3></div></div></div><a class="indexterm" name="id2539727"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DIRECTORYMASK">directory mask</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539752"></a>
1606
</h3></div></div></div><a class="indexterm" name="id2546002"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DIRECTORYMASK">directory mask</a>.</p></dd></dl></div></div><div class="section" title="directory mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546028"></a>
1575
1607
1576
1608
directory mask (S)
1577
</h3></div></div></div><a class="indexterm" name="id2539754"></a><a name="DIRECTORYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is the octal modes which are
1609
</h3></div></div></div><a class="indexterm" name="id2546029"></a><a name="DIRECTORYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is the octal modes which are
1578
1610
used when converting DOS modes to UNIX modes when creating UNIX
1579
1611
directories.</p><p>When a directory is created, the necessary permissions are
1580
1612
calculated according to the mapping from DOS modes to UNIX permissions,
1592
1624
</em></span>
1593
1625
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = <code class="literal">0775</code>
1594
1626
</em></span>
1595
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539858"></a>
1627
</p></dd></dl></div></div><div class="section" title="directory name cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546134"></a>
1628
1629
directory name cache size (S)
1630
</h3></div></div></div><a class="indexterm" name="id2546135"></a><a name="DIRECTORYNAMECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
1631
This parameter specifies the the size of the directory name cache.
1632
It will be needed to turn this off for *BSD systems.
1633
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>directory name cache size</code></em> = <code class="literal">100</code>
1634
</em></span>
1635
</p></dd></dl></div></div><div class="section" title="directory security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546173"></a>
1596
1636
1597
1637
directory security mask (S)
1598
</h3></div></div></div><a class="indexterm" name="id2539859"></a><a name="DIRECTORYSECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls what UNIX permission bits
1638
</h3></div></div></div><a class="indexterm" name="id2546174"></a><a name="DIRECTORYSECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls what UNIX permission bits
1599
1639
will be set when a Windows NT client is manipulating the UNIX
1600
1640
permission on a directory using the native NT security dialog
1601
1641
box.</p><p>
1615
1655
</em></span>
1616
1656
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory security mask</code></em> = <code class="literal">0700</code>
1617
1657
</em></span>
1618
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539958"></a>
1658
</p></dd></dl></div></div><div class="section" title="disable netbios (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546274"></a>
1619
1659
1620
1660
disable netbios (G)
1621
</h3></div></div></div><a class="indexterm" name="id2539959"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support
1661
</h3></div></div></div><a class="indexterm" name="id2546275"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support
1622
1662
in Samba. Netbios is the only available form of browsing in
1623
all windows versions except for 2000 and XP. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Clients that only support netbios won't be able to
1663
all windows versions except for 2000 and XP. </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Clients that only support netbios won't be able to
1624
1664
see your samba server when netbios support is disabled.
1625
1665
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable netbios</code></em> = <code class="literal">no</code>
1626
1666
</em></span>
1627
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540004"></a>
1667
</p></dd></dl></div></div><div class="section" title="disable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546320"></a>
1628
1668
1629
1669
disable spoolss (G)
1630
</h3></div></div></div><a class="indexterm" name="id2540005"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support
1670
</h3></div></div></div><a class="indexterm" name="id2546321"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support
1631
1671
for the SPOOLSS set of MS-RPC's and will yield identical behavior
1632
1672
as Samba 2.0.x. Windows NT/2000 clients will downgrade to using
1633
1673
Lanman style printing commands. Windows 9x/ME will be unaffected by
1639
1679
<span class="emphasis"><em>Be very careful about enabling this parameter.</em></span>
1640
1680
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable spoolss</code></em> = <code class="literal">no</code>
1641
1681
</em></span>
1642
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540055"></a>
1682
</p></dd></dl></div></div><div class="section" title="display charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546371"></a>
1643
1683
1644
1684
display charset (G)
1645
</h3></div></div></div><a class="indexterm" name="id2540056"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>
1685
</h3></div></div></div><a class="indexterm" name="id2546372"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>
1646
1686
Specifies the charset that samba will use to print messages to stdout and stderr.
1647
1687
The default value is "LOCALE", which means automatically set, depending on the
1648
1688
current locale. The value should generally be the same as the value of the parameter
1651
1691
</em></span>
1652
1692
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>display charset</code></em> = <code class="literal">UTF8</code>
1653
1693
</em></span>
1654
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540122"></a>
1694
</p></dd></dl></div></div><div class="section" title="dmapi support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546437"></a>
1655
1695
1656
1696
dmapi support (S)
1657
</h3></div></div></div><a class="indexterm" name="id2540123"></a><a name="DMAPISUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should use DMAPI to
1697
</h3></div></div></div><a class="indexterm" name="id2546438"></a><a name="DMAPISUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should use DMAPI to
1658
1698
determine whether a file is offline or not. This would typically
1659
1699
be used in conjunction with a hierarchical storage system that
1660
1700
automatically migrates files to tape.
1669
1709
</p><p>
1670
1710
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dmapi support</code></em> = <code class="literal">no</code>
1671
1711
</em></span>
1672
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540181"></a>
1712
</p></dd></dl></div></div><div class="section" title="dns proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546496"></a>
1673
1713
1674
1714
dns proxy (G)
1675
</h3></div></div></div><a class="indexterm" name="id2540182"></a><a name="DNSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> when acting as a WINS server and
1715
</h3></div></div></div><a class="indexterm" name="id2546497"></a><a name="DNSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> when acting as a WINS server and
1676
1716
finding that a NetBIOS name has not been registered, should treat the
1677
1717
NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server
1678
1718
for that name on behalf of the name-querying client.</p><p>Note that the maximum length for a NetBIOS name is 15
1681
1721
DNS name lookup requests, as doing a name lookup is a blocking
1682
1722
action.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dns proxy</code></em> = <code class="literal">yes</code>
1683
1723
</em></span>
1684
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540244"></a>
1724
</p></dd></dl></div></div><div class="section" title="domain logons (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546560"></a>
1685
1725
1686
1726
domain logons (G)
1687
</h3></div></div></div><a class="indexterm" name="id2540245"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1727
</h3></div></div></div><a class="indexterm" name="id2546561"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1688
1728
If set to <code class="constant">yes</code>, the Samba server will
1689
1729
provide the netlogon service for Windows 9X network logons for the
1690
1730
<a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> it is in.
1694
1734
Samba HOWTO Collection.
1695
1735
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain logons</code></em> = <code class="literal">no</code>
1696
1736
</em></span>
1697
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540298"></a>
1737
</p></dd></dl></div></div><div class="section" title="domain master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546613"></a>
1698
1738
1699
1739
domain master (G)
1700
</h3></div></div></div><a class="indexterm" name="id2540299"></a><a name="DOMAINMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
1740
</h3></div></div></div><a class="indexterm" name="id2546614"></a><a name="DOMAINMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
1701
1741
Tell <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to enable
1702
1742
WAN-wide browse list collation. Setting this option causes <code class="literal">nmbd</code> to claim a
1703
1743
special domain specific NetBIOS name that identifies it as a domain master browser for its given
1723
1763
Samba will function as a BDC. In general, this parameter should be set to 'No' only on a BDC.
1724
1764
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain master</code></em> = <code class="literal">auto</code>
1725
1765
</em></span>
1726
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540489"></a>
1766
</p></dd></dl></div></div><div class="section" title="dont descend (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546804"></a>
1727
1767
1728
1768
dont descend (S)
1729
</h3></div></div></div><a class="indexterm" name="id2540490"></a><a name="DONTDESCEND"></a><div class="variablelist"><dl><dt></dt><dd><p>There are certain directories on some systems
1769
</h3></div></div></div><a class="indexterm" name="id2546805"></a><a name="DONTDESCEND"></a><div class="variablelist"><dl><dt></dt><dd><p>There are certain directories on some systems
1730
1770
(e.g., the <code class="filename">/proc</code> tree under Linux) that are either not
1731
1771
of interest to clients or are infinitely deep (recursive). This
1732
1772
parameter allows you to specify a comma-delimited list of directories
1737
1777
</em></span>
1738
1778
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dont descend</code></em> = <code class="literal">/proc,/dev</code>
1739
1779
</em></span>
1740
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540567"></a>
1780
</p></dd></dl></div></div><div class="section" title="dos charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546882"></a>
1741
1781
1742
1782
dos charset (G)
1743
</h3></div></div></div><a class="indexterm" name="id2540568"></a><a name="DOSCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>DOS SMB clients assume the server has
1783
</h3></div></div></div><a class="indexterm" name="id2546883"></a><a name="DOSCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>DOS SMB clients assume the server has
1744
1784
the same charset as they do. This option specifies which
1745
1785
charset Samba should talk to DOS clients.
1746
1786
</p><p>The default depends on which charsets you have installed.
1747
1787
Samba tries to use charset 850 but falls back to ASCII in
1748
case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540608"></a>
1788
case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="dos filemode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546924"></a>
1749
1789
1750
1790
dos filemode (S)
1751
</h3></div></div></div><a class="indexterm" name="id2540609"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide
1791
</h3></div></div></div><a class="indexterm" name="id2546925"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide
1752
1792
UNIX-like behavior where only the owner of a file/directory is
1753
1793
able to change the permissions on it. However, this behavior
1754
1794
is often confusing to DOS/Windows users. Enabling this parameter
1759
1799
the group is only granted read access. Ownership of the
1760
1800
file/directory may also be changed.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filemode</code></em> = <code class="literal">no</code>
1761
1801
</em></span>
1762
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540655"></a>
1802
</p></dd></dl></div></div><div class="section" title="dos filetime resolution (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546970"></a>
1763
1803
1764
1804
dos filetime resolution (S)
1765
</h3></div></div></div><a class="indexterm" name="id2540656"></a><a name="DOSFILETIMERESOLUTION"></a><div class="variablelist"><dl><dt></dt><dd><p>Under the DOS and Windows FAT filesystem, the finest
1805
</h3></div></div></div><a class="indexterm" name="id2546971"></a><a name="DOSFILETIMERESOLUTION"></a><div class="variablelist"><dl><dt></dt><dd><p>Under the DOS and Windows FAT filesystem, the finest
1766
1806
granularity on time resolution is two seconds. Setting this parameter
1767
1807
for a share causes Samba to round the reported time down to the
1768
1808
nearest two second boundary when a query call that requires one second
1777
1817
this option causes the two timestamps to match, and Visual C++ is
1778
1818
happy.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetime resolution</code></em> = <code class="literal">no</code>
1779
1819
</em></span>
1780
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540718"></a>
1820
</p></dd></dl></div></div><div class="section" title="dos filetimes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547034"></a>
1781
1821
1782
1822
dos filetimes (S)
1783
</h3></div></div></div><a class="indexterm" name="id2540719"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a
1823
</h3></div></div></div><a class="indexterm" name="id2547035"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a
1784
1824
file they can change the timestamp on it. Under POSIX semantics,
1785
1825
only the owner of the file or root may change the timestamp. By
1786
1826
default, Samba runs with POSIX semantics and refuses to change the
1794
1834
shared between users.
1795
1835
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetimes</code></em> = <code class="literal">yes</code>
1796
1836
</em></span>
1797
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540784"></a>
1837
</p></dd></dl></div></div><div class="section" title="ea support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547099"></a>
1798
1838
1799
1839
ea support (S)
1800
</h3></div></div></div><a class="indexterm" name="id2540785"></a><a name="EASUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow clients to attempt to store OS/2 style Extended
1840
</h3></div></div></div><a class="indexterm" name="id2547100"></a><a name="EASUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow clients to attempt to store OS/2 style Extended
1801
1841
attributes on a share. In order to enable this parameter the underlying filesystem exported by
1802
1842
the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the
1803
1843
correct kernel patches). On Linux the filesystem must have been mounted with the mount
1804
1844
option user_xattr in order for extended attributes to work, also
1805
1845
extended attributes must be compiled into the Linux kernel.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ea support</code></em> = <code class="literal">no</code>
1806
1846
</em></span>
1807
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540837"></a>
1847
</p></dd></dl></div></div><div class="section" title="enable asu support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547161"></a>
1808
1848
1809
1849
enable asu support (G)
1810
</h3></div></div></div><a class="indexterm" name="id2540838"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product
1850
</h3></div></div></div><a class="indexterm" name="id2547162"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product
1811
1851
require some special accomodations such as creating a builtin [ADMIN$]
1812
1852
share that only supports IPC connections. The has been the default
1813
1853
behavior in smbd for many years. However, certain Microsoft applications
1815
1855
an [ADMIN$} file share. Disabling this parameter allows for creating
1816
1856
an [ADMIN$] file share in smb.conf.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable asu support</code></em> = <code class="literal">no</code>
1817
1857
</em></span>
1818
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540882"></a>
1858
</p></dd></dl></div></div><div class="section" title="enable core files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547205"></a>
1859
1860
enable core files (G)
1861
</h3></div></div></div><a class="indexterm" name="id2547206"></a><a name="ENABLECOREFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether core dumps should be written
1862
on internal exits. Normally set to <code class="constant">yes</code>.
1863
You should never need to change this.
1864
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable core files</code></em> = <code class="literal">yes</code>
1865
</em></span>
1866
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>enable core files</code></em> = <code class="literal">no</code>
1867
</em></span>
1868
</p></dd></dl></div></div><div class="section" title="enable privileges (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547264"></a>
1819
1869
1820
1870
enable privileges (G)
1821
</h3></div></div></div><a class="indexterm" name="id2540883"></a><a name="ENABLEPRIVILEGES"></a><div class="variablelist"><dl><dt></dt><dd><p>
1871
</h3></div></div></div><a class="indexterm" name="id2547265"></a><a name="ENABLEPRIVILEGES"></a><div class="variablelist"><dl><dt></dt><dd><p>
1822
1872
This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
1823
1873
<code class="literal">net rpc rights</code> or one of the Windows user and group manager tools. This parameter is
1824
1874
enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to
1831
1881
Please read the extended description provided in the Samba HOWTO documentation.
1832
1882
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable privileges</code></em> = <code class="literal">yes</code>
1833
1883
</em></span>
1834
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540942"></a>
1884
</p></dd></dl></div></div><div class="section" title="enable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547324"></a>
1885
1886
enable spoolss (G)
1887
</h3></div></div></div><a class="indexterm" name="id2547325"></a><a name="ENABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#DISABLESPOOLSS" target="_top">disable spoolss</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable spoolss</code></em> = <code class="literal">yes</code>
1888
</em></span>
1889
</p></dd></dl></div></div><div class="section" title="encrypt passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547370"></a>
1835
1890
1836
1891
encrypt passwords (G)
1837
</h3></div></div></div><a class="indexterm" name="id2540943"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords
1892
</h3></div></div></div><a class="indexterm" name="id2547371"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords
1838
1893
will be negotiated with the client. Note that Windows NT 4.0 SP3 and
1839
1894
above and also Windows 98 will by default expect encrypted passwords
1840
1895
unless a registry entry is changed. To use encrypted passwords in
1857
1912
causes <code class="literal">smbd</code> to authenticate against another
1858
1913
server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>encrypt passwords</code></em> = <code class="literal">yes</code>
1859
1914
</em></span>
1860
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541047"></a>
1915
</p></dd></dl></div></div><div class="section" title="enhanced browsing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547474"></a>
1861
1916
1862
1917
enhanced browsing (G)
1863
</h3></div></div></div><a class="indexterm" name="id2541048"></a><a name="ENHANCEDBROWSING"></a><div class="variablelist"><dl><dt></dt><dd><p>This option enables a couple of enhancements to
1918
</h3></div></div></div><a class="indexterm" name="id2547475"></a><a name="ENHANCEDBROWSING"></a><div class="variablelist"><dl><dt></dt><dd><p>This option enables a couple of enhancements to
1864
1919
cross-subnet browse propagation that have been added in Samba
1865
1920
but which are not standard in Microsoft implementations.
1866
1921
</p><p>The first enhancement to browse propagation consists of a regular
1873
1928
to stay around forever which can be annoying.</p><p>In general you should leave this option enabled as it makes
1874
1929
cross-subnet browse propagation much more reliable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enhanced browsing</code></em> = <code class="literal">yes</code>
1875
1930
</em></span>
1876
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541108"></a>
1931
</p></dd></dl></div></div><div class="section" title="enumports command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547535"></a>
1877
1932
1878
1933
enumports command (G)
1879
</h3></div></div></div><a class="indexterm" name="id2541109"></a><a name="ENUMPORTSCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The concept of a "port" is fairly foreign
1934
</h3></div></div></div><a class="indexterm" name="id2547536"></a><a name="ENUMPORTSCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The concept of a "port" is fairly foreign
1880
1935
to UNIX hosts. Under Windows NT/2000 print servers, a port
1881
1936
is associated with a port monitor and generally takes the form of
1882
1937
a local port (i.e. LPT1:, COM1:, FILE:) or a remote port
1893
1948
</em></span>
1894
1949
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>enumports command</code></em> = <code class="literal">/usr/bin/listports</code>
1895
1950
</em></span>
1896
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541189"></a>
1951
</p></dd></dl></div></div><div class="section" title="eventlog list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547616"></a>
1897
1952
1898
1953
eventlog list (G)
1899
</h3></div></div></div><a class="indexterm" name="id2541190"></a><a name="EVENTLOGLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of log names that Samba will
1954
</h3></div></div></div><a class="indexterm" name="id2547617"></a><a name="EVENTLOGLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of log names that Samba will
1900
1955
report to the Microsoft EventViewer utility. The listed
1901
1956
eventlogs will be associated with tdb file on disk in the
1902
1957
<code class="filename">$(lockdir)/eventlog</code>.
1909
1964
</em></span>
1910
1965
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>eventlog list</code></em> = <code class="literal">Security Application Syslog Apache</code>
1911
1966
</em></span>
1912
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541262"></a>
1967
</p></dd></dl></div></div><div class="section" title="fake directory create times (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547689"></a>
1913
1968
1914
1969
fake directory create times (S)
1915
</h3></div></div></div><a class="indexterm" name="id2541263"></a><a name="FAKEDIRECTORYCREATETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>NTFS and Windows VFAT file systems keep a create
1970
</h3></div></div></div><a class="indexterm" name="id2547690"></a><a name="FAKEDIRECTORYCREATETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>NTFS and Windows VFAT file systems keep a create
1916
1971
time for all files and directories. This is not the same as the
1917
1972
ctime - status change time - that Unix keeps, so Samba by default
1918
1973
reports the earliest of the various times Unix does keep. Setting
1934
1989
ensures directories always predate their contents and an NMAKE build
1935
1990
will proceed as expected.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake directory create times</code></em> = <code class="literal">no</code>
1936
1991
</em></span>
1937
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541329"></a>
1992
</p></dd></dl></div></div><div class="section" title="fake oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547756"></a>
1938
1993
1939
1994
fake oplocks (S)
1940
</h3></div></div></div><a class="indexterm" name="id2541330"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission
1995
</h3></div></div></div><a class="indexterm" name="id2547758"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission
1941
1996
from a server to locally cache file operations. If a server grants
1942
1997
an oplock (opportunistic lock) then the client is free to assume
1943
1998
that it is the only one accessing the file and it will aggressively
1953
2008
files read-write at the same time you can get data corruption. Use
1954
2009
this option carefully!</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake oplocks</code></em> = <code class="literal">no</code>
1955
2010
</em></span>
1956
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541413"></a>
2011
</p></dd></dl></div></div><div class="section" title="follow symlinks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547846"></a>
1957
2012
1958
2013
follow symlinks (S)
1959
</h3></div></div></div><a class="indexterm" name="id2541414"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2014
</h3></div></div></div><a class="indexterm" name="id2547847"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1960
2015
This parameter allows the Samba administrator to stop <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> from following symbolic links in a particular share. Setting this
1961
2016
parameter to <code class="constant">no</code> prevents any file or directory that is a symbolic link from being
1962
2017
followed (the user will get an error). This option is very useful to stop users from adding a symbolic
1966
2021
This option is enabled (i.e. <code class="literal">smbd</code> will follow symbolic links) by default.
1967
2022
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>follow symlinks</code></em> = <code class="literal">yes</code>
1968
2023
</em></span>
1969
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541483"></a>
2024
</p></dd></dl></div></div><div class="section" title="force create mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547921"></a>
1970
2025
1971
2026
force create mode (S)
1972
</h3></div></div></div><a class="indexterm" name="id2541484"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
2027
</h3></div></div></div><a class="indexterm" name="id2547922"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
1973
2028
permissions that will <span class="emphasis"><em>always</em></span> be set on a
1974
2029
file created by Samba. This is done by bitwise 'OR'ing these bits onto
1975
2030
the mode bits of a file that is being created. The default for this parameter is (in octal)
1981
2036
</em></span>
1982
2037
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force create mode</code></em> = <code class="literal">0755</code>
1983
2038
</em></span>
1984
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541557"></a>
2039
</p></dd></dl></div></div><div class="section" title="force directory mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548002"></a>
1985
2040
1986
2041
force directory mode (S)
1987
</h3></div></div></div><a class="indexterm" name="id2541558"></a><a name="FORCEDIRECTORYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
2042
</h3></div></div></div><a class="indexterm" name="id2548003"></a><a name="FORCEDIRECTORYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
1988
2043
permissions that will <span class="emphasis"><em>always</em></span> be set on a directory
1989
2044
created by Samba. This is done by bitwise 'OR'ing these bits onto the
1990
2045
mode bits of a directory that is being created. The default for this
1997
2052
</em></span>
1998
2053
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory mode</code></em> = <code class="literal">0755</code>
1999
2054
</em></span>
2000
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541634"></a>
2055
</p></dd></dl></div></div><div class="section" title="force directory security mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548083"></a>
2001
2056
2002
2057
force directory security mode (S)
2003
</h3></div></div></div><a class="indexterm" name="id2541635"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
2058
</h3></div></div></div><a class="indexterm" name="id2548084"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
2004
2059
This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating
2005
2060
the UNIX permission on a directory using the native NT security dialog box.
2006
2061
</p><p>
2013
2068
</p><p>
2014
2069
If not set explicitly this parameter is 0000, which allows a user to modify all the user/group/world
2015
2070
permissions on a directory without restrictions.
2016
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
2071
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
2017
2072
Users who can access the Samba server through other means can easily bypass this restriction, so it is
2018
2073
primarily useful for standalone "appliance" systems. Administrators of most normal systems will
2019
2074
probably want to leave it set as 0000.
2021
2076
</em></span>
2022
2077
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory security mode</code></em> = <code class="literal">700</code>
2023
2078
</em></span>
2024
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541738"></a>
2079
</p></dd></dl></div></div><div class="section" title="group"><div class="titlepage"><div><div><h3 class="title"><a name="id2548187"></a>
2025
2080
2026
2081
<a name="GROUP"></a>group
2027
</h3></div></div></div><a class="indexterm" name="id2541739"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#FORCEGROUP">force group</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541770"></a>
2082
</h3></div></div></div><a class="indexterm" name="id2548188"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#FORCEGROUP">force group</a>.</p></dd></dl></div></div><div class="section" title="force group (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548220"></a>
2028
2083
2029
2084
force group (S)
2030
</h3></div></div></div><a class="indexterm" name="id2541772"></a><a name="FORCEGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX group name that will be
2085
</h3></div></div></div><a class="indexterm" name="id2548221"></a><a name="FORCEGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX group name that will be
2031
2086
assigned as the default primary group for all users connecting
2032
2087
to this service. This is useful for sharing files by ensuring
2033
2088
that all access to files on service will use the named group for
2051
2106
</em></span>
2052
2107
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force group</code></em> = <code class="literal">agroup</code>
2053
2108
</em></span>
2054
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2481422"></a>
2109
</p></dd></dl></div></div><div class="section" title="force printername (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544133"></a>
2055
2110
2056
2111
force printername (S)
2057
</h3></div></div></div><a class="indexterm" name="id2481423"></a><a name="FORCEPRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>When printing from Windows NT (or later),
2112
</h3></div></div></div><a class="indexterm" name="id2544134"></a><a name="FORCEPRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>When printing from Windows NT (or later),
2058
2113
each printer in <code class="filename">smb.conf</code> has two
2059
2114
associated names which can be used by the client. The first
2060
2115
is the sharename (or shortname) defined in smb.conf. This
2077
2132
not be able to delete printer connections from their local Printers
2078
2133
folder.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force printername</code></em> = <code class="literal">no</code>
2079
2134
</em></span>
2080
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542114"></a>
2135
</p></dd></dl></div></div><div class="section" title="force security mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544224"></a>
2081
2136
2082
2137
force security mode (S)
2083
</h3></div></div></div><a class="indexterm" name="id2542115"></a><a name="FORCESECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
2138
</h3></div></div></div><a class="indexterm" name="id2544225"></a><a name="FORCESECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
2084
2139
This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating
2085
2140
the UNIX permission on a file using the native NT security dialog box.
2086
2141
</p><p>
2100
2155
</em></span>
2101
2156
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force security mode</code></em> = <code class="literal">700</code>
2102
2157
</em></span>
2103
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542215"></a>
2158
</p></dd></dl></div></div><div class="section" title="force unknown acl user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544326"></a>
2104
2159
2105
2160
force unknown acl user (S)
2106
</h3></div></div></div><a class="indexterm" name="id2542216"></a><a name="FORCEUNKNOWNACLUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>
2161
</h3></div></div></div><a class="indexterm" name="id2544327"></a><a name="FORCEUNKNOWNACLUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>
2107
2162
If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or
2108
2163
representation of a user or group id) as the owner or group owner of the file will be silently
2109
2164
mapped into the current UNIX uid or gid of the currently connected user.
2117
2172
Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
2118
2173
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force unknown acl user</code></em> = <code class="literal">no</code>
2119
2174
</em></span>
2120
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542278"></a>
2175
</p></dd></dl></div></div><div class="section" title="force user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548864"></a>
2121
2176
2122
2177
force user (S)
2123
</h3></div></div></div><a class="indexterm" name="id2542279"></a><a name="FORCEUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX user name that will be
2178
</h3></div></div></div><a class="indexterm" name="id2548865"></a><a name="FORCEUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX user name that will be
2124
2179
assigned as the default user for all users connecting to this service.
2125
2180
This is useful for sharing files. You should also use it carefully
2126
2181
as using it incorrectly can cause security problems.</p><p>This user name only gets used once a connection is established.
2134
2189
</em></span>
2135
2190
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force user</code></em> = <code class="literal">auser</code>
2136
2191
</em></span>
2137
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542354"></a>
2192
</p></dd></dl></div></div><div class="section" title="fstype (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548940"></a>
2138
2193
2139
2194
fstype (S)
2140
</h3></div></div></div><a class="indexterm" name="id2542355"></a><a name="FSTYPE"></a><div class="variablelist"><dl><dt></dt><dd><p>
2195
</h3></div></div></div><a class="indexterm" name="id2548941"></a><a name="FSTYPE"></a><div class="variablelist"><dl><dt></dt><dd><p>
2141
2196
This parameter allows the administrator to configure the string that specifies the type of filesystem a share
2142
2197
is using that is reported by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
2143
2198
when a client queries the filesystem type for a share. The default type is <code class="constant">NTFS</code> for compatibility
2147
2202
</em></span>
2148
2203
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>fstype</code></em> = <code class="literal">Samba</code>
2149
2204
</em></span>
2150
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542436"></a>
2205
</p></dd></dl></div></div><div class="section" title="get quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549022"></a>
2151
2206
2152
2207
get quota command (G)
2153
</h3></div></div></div><a class="indexterm" name="id2542437"></a><a name="GETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">get quota command</code> should only be used
2208
</h3></div></div></div><a class="indexterm" name="id2549023"></a><a name="GETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">get quota command</code> should only be used
2154
2209
whenever there is no operating system API available from the OS that
2155
2210
samba can use.</p><p>This option is only available you have compiled Samba with the
2156
2211
<code class="literal">--with-sys-quotas</code> option or on Linux with
2158
2213
was found in the system.</p><p>This parameter should specify the path to a script that
2159
2214
queries the quota information for the specified
2160
2215
user/group for the partition that
2161
the specified directory is on.</p><p>Such a script should take 3 arguments:</p><div class="itemizedlist"><ul type="disc"><li><p>directory</p></li><li><p>type of query</p></li><li><p>uid of user or gid of group</p></li></ul></div><p>The type of query can be one of :</p><div class="itemizedlist"><ul type="disc"><li><p>1 - user quotas</p></li><li><p>2 - user default quotas (uid = -1)</p></li><li><p>3 - group quotas</p></li><li><p>4 - group default quotas (gid = -1)</p></li></ul></div><p>This script should print one line as output with spaces between the arguments. The arguments are:
2162
</p><div class="itemizedlist"><ul type="disc"><li><p>Arg 1 - quota flags (0 = no quotas, 1 = quotas enabled, 2 = quotas enabled and enforced)</p></li><li><p>Arg 2 - number of currently used blocks</p></li><li><p>Arg 3 - the softlimit number of blocks</p></li><li><p>Arg 4 - the hardlimit number of blocks</p></li><li><p>Arg 5 - currently used number of inodes</p></li><li><p>Arg 6 - the softlimit number of inodes</p></li><li><p>Arg 7 - the hardlimit number of inodes</p></li><li><p>Arg 8(optional) - the number of bytes in a block(default is 1024)</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal"></code>
2216
the specified directory is on.</p><p>Such a script should take 3 arguments:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>directory</p></li><li class="listitem"><p>type of query</p></li><li class="listitem"><p>uid of user or gid of group</p></li></ul></div><p>The type of query can be one of :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>1 - user quotas</p></li><li class="listitem"><p>2 - user default quotas (uid = -1)</p></li><li class="listitem"><p>3 - group quotas</p></li><li class="listitem"><p>4 - group default quotas (gid = -1)</p></li></ul></div><p>This script should print one line as output with spaces between the arguments. The arguments are:
2217
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Arg 1 - quota flags (0 = no quotas, 1 = quotas enabled, 2 = quotas enabled and enforced)</p></li><li class="listitem"><p>Arg 2 - number of currently used blocks</p></li><li class="listitem"><p>Arg 3 - the softlimit number of blocks</p></li><li class="listitem"><p>Arg 4 - the hardlimit number of blocks</p></li><li class="listitem"><p>Arg 5 - currently used number of inodes</p></li><li class="listitem"><p>Arg 6 - the softlimit number of inodes</p></li><li class="listitem"><p>Arg 7 - the hardlimit number of inodes</p></li><li class="listitem"><p>Arg 8(optional) - the number of bytes in a block(default is 1024)</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal"></code>
2163
2218
</em></span>
2164
2219
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal">/usr/local/sbin/query_quota</code>
2165
2220
</em></span>
2166
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542623"></a>
2221
</p></dd></dl></div></div><div class="section" title="getwd cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549208"></a>
2167
2222
2168
2223
getwd cache (G)
2169
</h3></div></div></div><a class="indexterm" name="id2542624"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a
2224
</h3></div></div></div><a class="indexterm" name="id2549210"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a
2170
2225
caching algorithm will be used to reduce the time taken for getwd()
2171
2226
calls. This can have a significant impact on performance, especially
2172
2227
when the <a class="link" href="smb.conf.5.html#WIDESMBCONFOPTIONS" target="_top">wide smbconfoptions</a> parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = <code class="literal">yes</code>
2173
2228
</em></span>
2174
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542683"></a>
2229
</p></dd></dl></div></div><div class="section" title="guest account (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549269"></a>
2175
2230
2176
2231
guest account (G)
2177
</h3></div></div></div><a class="indexterm" name="id2542684"></a><a name="GUESTACCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a username which will be used for access
2232
</h3></div></div></div><a class="indexterm" name="id2549270"></a><a name="GUESTACCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a username which will be used for access
2178
2233
to services which are specified as <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a> (see below). Whatever privileges this
2179
2234
user has will be available to any client connecting to the guest service.
2180
2235
This user must exist in the password file, but does not require
2192
2247
</em></span>
2193
2248
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>guest account</code></em> = <code class="literal">ftp</code>
2194
2249
</em></span>
2195
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542791"></a>
2250
</p></dd></dl></div></div><div class="section" title="public"><div class="titlepage"><div><div><h3 class="title"><a name="id2549377"></a>
2196
2251
2197
2252
<a name="PUBLIC"></a>public
2198
</h3></div></div></div><a class="indexterm" name="id2542792"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542822"></a>
2253
</h3></div></div></div><a class="indexterm" name="id2549378"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" title="guest ok (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549408"></a>
2199
2254
2200
2255
guest ok (S)
2201
</h3></div></div></div><a class="indexterm" name="id2542823"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
2256
</h3></div></div></div><a class="indexterm" name="id2549409"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
2202
2257
a service, then no password is required to connect to the service.
2203
2258
Privileges will be those of the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p><p>This paramater nullifies the benifits of setting
2204
2259
<a class="link" href="smb.conf.5.html#RESTRICTANONYMOUS" target="_top">restrict anonymous = 2</a>
2205
2260
</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> for more information about this option.
2206
2261
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest ok</code></em> = <code class="literal">no</code>
2207
2262
</em></span>
2208
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542910"></a>
2263
</p></dd></dl></div></div><div class="section" title="only guest"><div class="titlepage"><div><div><h3 class="title"><a name="id2549496"></a>
2209
2264
2210
2265
<a name="ONLYGUEST"></a>only guest
2211
</h3></div></div></div><a class="indexterm" name="id2542911"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTONLY">guest only</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542943"></a>
2266
</h3></div></div></div><a class="indexterm" name="id2549497"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTONLY">guest only</a>.</p></dd></dl></div></div><div class="section" title="guest only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549529"></a>
2212
2267
2213
2268
guest only (S)
2214
</h3></div></div></div><a class="indexterm" name="id2542944"></a><a name="GUESTONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
2269
</h3></div></div></div><a class="indexterm" name="id2549530"></a><a name="GUESTONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
2215
2270
a service, then only guest connections to the service are permitted.
2216
2271
This parameter will have no effect if <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a> is not set for the service.</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> for more information about this option.
2217
2272
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest only</code></em> = <code class="literal">no</code>
2218
2273
</em></span>
2219
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543016"></a>
2274
</p></dd></dl></div></div><div class="section" title="hide dot files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549601"></a>
2220
2275
2221
2276
hide dot files (S)
2222
</h3></div></div></div><a class="indexterm" name="id2543017"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether
2277
</h3></div></div></div><a class="indexterm" name="id2549602"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether
2223
2278
files starting with a dot appear as hidden files.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide dot files</code></em> = <code class="literal">yes</code>
2224
2279
</em></span>
2225
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543058"></a>
2280
</p></dd></dl></div></div><div class="section" title="hide files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549644"></a>
2226
2281
2227
2282
hide files (S)
2228
</h3></div></div></div><a class="indexterm" name="id2543059"></a><a name="HIDEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of files or directories that are not
2283
</h3></div></div></div><a class="indexterm" name="id2549645"></a><a name="HIDEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of files or directories that are not
2229
2284
visible but are accessible. The DOS 'hidden' attribute is applied
2230
2285
to any files or directories that match.</p><p>Each entry in the list must be separated by a '/',
2231
2286
which allows spaces to be included in the entry. '*'
2247
2302
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide files</code></em> = <code class="literal">
2248
2303
# no file are hidden</code>
2249
2304
</em></span>
2250
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543147"></a>
2305
</p></dd></dl></div></div><div class="section" title="hide special files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549733"></a>
2251
2306
2252
2307
hide special files (S)
2253
</h3></div></div></div><a class="indexterm" name="id2543148"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
2308
</h3></div></div></div><a class="indexterm" name="id2549734"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
2254
2309
This parameter prevents clients from seeing special files such as sockets, devices and
2255
2310
fifo's in directory listings.
2256
2311
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide special files</code></em> = <code class="literal">no</code>
2257
2312
</em></span>
2258
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543190"></a>
2313
</p></dd></dl></div></div><div class="section" title="hide unreadable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549776"></a>
2259
2314
2260
2315
hide unreadable (S)
2261
</h3></div></div></div><a class="indexterm" name="id2543191"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the
2316
</h3></div></div></div><a class="indexterm" name="id2549777"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the
2262
2317
existance of files that cannot be read. Defaults to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unreadable</code></em> = <code class="literal">no</code>
2263
2318
</em></span>
2264
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543233"></a>
2319
</p></dd></dl></div></div><div class="section" title="hide unwriteable files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549818"></a>
2265
2320
2266
2321
hide unwriteable files (S)
2267
</h3></div></div></div><a class="indexterm" name="id2543234"></a><a name="HIDEUNWRITEABLEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
2322
</h3></div></div></div><a class="indexterm" name="id2549819"></a><a name="HIDEUNWRITEABLEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
2268
2323
This parameter prevents clients from seeing the existance of files that cannot be written to.
2269
2324
Defaults to off. Note that unwriteable directories are shown as usual.
2270
2325
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unwriteable files</code></em> = <code class="literal">no</code>
2271
2326
</em></span>
2272
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543277"></a>
2327
</p></dd></dl></div></div><div class="section" title="homedir map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549863"></a>
2273
2328
2274
2329
homedir map (G)
2275
</h3></div></div></div><a class="indexterm" name="id2543278"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
2330
</h3></div></div></div><a class="indexterm" name="id2549864"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
2276
2331
If <a class="link" href="smb.conf.5.html#NISHOMEDIR" target="_top">nis homedir</a> is <code class="constant">yes</code>, and <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting as a Win95/98 <em class="parameter"><code>logon server</code></em>
2277
2332
then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted.
2278
2333
At present, only the Sun auto.home map format is understood. The form of the map is:
2281
2336
</pre><p>
2282
2337
and the program will extract the servername from before the first ':'. There should probably be a better parsing system
2283
2338
that copes with different map formats and also Amd (another automounter) maps.
2284
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
2339
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
2285
2340
A working NIS client is required on the system for this option to work.
2286
2341
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>homedir map</code></em> = <code class="literal"></code>
2287
2342
</em></span>
2288
2343
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>homedir map</code></em> = <code class="literal">amd.homedir</code>
2289
2344
</em></span>
2290
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543390"></a>
2345
</p></dd></dl></div></div><div class="section" title="host msdfs (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549976"></a>
2291
2346
2292
2347
host msdfs (G)
2293
</h3></div></div></div><a class="indexterm" name="id2543391"></a><a name="HOSTMSDFS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2348
</h3></div></div></div><a class="indexterm" name="id2549977"></a><a name="HOSTMSDFS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2294
2349
If set to <code class="constant">yes</code>, Samba will act as a Dfs server, and allow Dfs-aware clients to browse
2295
2350
Dfs trees hosted on the server.
2296
2351
</p><p>
2298
2353
setting up a Dfs tree on Samba, refer to the MSFDS chapter in the book Samba3-HOWTO.
2299
2354
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>host msdfs</code></em> = <code class="literal">yes</code>
2300
2355
</em></span>
2301
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543454"></a>
2356
</p></dd></dl></div></div><div class="section" title="hostname lookups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550040"></a>
2302
2357
2303
2358
hostname lookups (G)
2304
</h3></div></div></div><a class="indexterm" name="id2543455"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive)
2359
</h3></div></div></div><a class="indexterm" name="id2550041"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive)
2305
2360
hostname lookups or use the ip addresses instead. An example place
2306
2361
where hostname lookups are currently used is when checking
2307
2362
the <code class="literal">hosts deny</code> and <code class="literal">hosts allow</code>.
2309
2364
</em></span>
2310
2365
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hostname lookups</code></em> = <code class="literal">yes</code>
2311
2366
</em></span>
2312
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543528"></a>
2367
</p></dd></dl></div></div><div class="section" title="allow hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id2550114"></a>
2313
2368
2314
2369
<a name="ALLOWHOSTS"></a>allow hosts
2315
</h3></div></div></div><a class="indexterm" name="id2543529"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSALLOW">hosts allow</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543560"></a>
2370
</h3></div></div></div><a class="indexterm" name="id2550115"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSALLOW">hosts allow</a>.</p></dd></dl></div></div><div class="section" title="hosts allow (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550146"></a>
2316
2371
2317
2372
hosts allow (S)
2318
</h3></div></div></div><a class="indexterm" name="id2543561"></a><a name="HOSTSALLOW"></a><div class="variablelist"><dl><dt></dt><dd><p>A synonym for this parameter is <a class="link" href="smb.conf.5.html#ALLOWHOSTS" target="_top">allow hosts</a>.</p><p>This parameter is a comma, space, or tab delimited
2373
</h3></div></div></div><a class="indexterm" name="id2550147"></a><a name="HOSTSALLOW"></a><div class="variablelist"><dl><dt></dt><dd><p>A synonym for this parameter is <a class="link" href="smb.conf.5.html#ALLOWHOSTS" target="_top">allow hosts</a>.</p><p>This parameter is a comma, space, or tab delimited
2319
2374
set of hosts which are permitted to access a service.</p><p>If specified in the [global] section then it will
2320
2375
apply to all services, regardless of whether the individual
2321
2376
service has a different setting.</p><p>You can specify the hosts by name or IP number. For
2329
2384
by netgroup names if your system supports netgroups. The
2330
2385
<span class="emphasis"><em>EXCEPT</em></span> keyword can also be used to limit a
2331
2386
wildcard list. The following examples may provide some help:</p><p>Example 1: allow all IPs in 150.203.*.*; except one</p><p><code class="literal">hosts allow = 150.203. EXCEPT 150.203.6.66</code></p><p>Example 2: allow hosts that match the given network/netmask</p><p><code class="literal">hosts allow = 150.203.15.0/255.255.255.0</code></p><p>Example 3: allow a couple of hosts</p><p><code class="literal">hosts allow = lapland, arvidsjaur</code></p><p>Example 4: allow only hosts in NIS netgroup "foonet", but
2332
deny access from one particular host</p><p><code class="literal">hosts allow = @foonet</code></p><p><code class="literal">hosts deny = pirate</code></p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Note that access still requires suitable user-level passwords.</p></div><p>See <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> for a way of testing your host access
2387
deny access from one particular host</p><p><code class="literal">hosts allow = @foonet</code></p><p><code class="literal">hosts deny = pirate</code></p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Note that access still requires suitable user-level passwords.</p></div><p>See <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> for a way of testing your host access
2333
2388
to see if it does what you expect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hosts allow</code></em> = <code class="literal">
2334
2389
# none (i.e., all hosts permitted access)</code>
2335
2390
</em></span>
2336
2391
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts allow</code></em> = <code class="literal">150.203.5. myhost.mynet.edu.au</code>
2337
2392
</em></span>
2338
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543762"></a>
2393
</p></dd></dl></div></div><div class="section" title="deny hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id2550348"></a>
2339
2394
2340
2395
<a name="DENYHOSTS"></a>deny hosts
2341
</h3></div></div></div><a class="indexterm" name="id2543763"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543794"></a>
2396
</h3></div></div></div><a class="indexterm" name="id2550349"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" title="hosts deny (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550379"></a>
2342
2397
2343
2398
hosts deny (S)
2344
</h3></div></div></div><a class="indexterm" name="id2543795"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em>
2399
</h3></div></div></div><a class="indexterm" name="id2550380"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em>
2345
2400
- hosts listed here are <span class="emphasis"><em>NOT</em></span> permitted access to
2346
2401
services unless the specific services have their own lists to override
2347
2402
this one. Where the lists conflict, the <em class="parameter"><code>allow</code></em>
2355
2410
</em></span>
2356
2411
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts deny</code></em> = <code class="literal">150.203.4. badhost.mynet.edu.au</code>
2357
2412
</em></span>
2358
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543896"></a>
2413
</p></dd></dl></div></div><div class="section" title="idmap alloc backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550481"></a>
2359
2414
2360
2415
idmap alloc backend (G)
2361
</h3></div></div></div><a class="indexterm" name="id2543897"></a><a name="IDMAPALLOCBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
2416
</h3></div></div></div><a class="indexterm" name="id2550482"></a><a name="IDMAPALLOCBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
2362
2417
The idmap alloc backend provides a plugin interface for Winbind to use
2363
2418
when allocating Unix uids/gids for Windows SIDs. This option refers
2364
2419
to the name of the idmap module which will provide the id allocation
2375
2430
Also refer to the <a class="link" href="smb.conf.5.html#IDMAPALLOCCONFIG" target="_top">idmap alloc config</a> option.
2376
2431
</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap alloc backend</code></em> = <code class="literal">tdb</code>
2377
2432
</em></span>
2378
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544001"></a>
2433
</p></dd></dl></div></div><div class="section" title="idmap alloc config (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550587"></a>
2379
2434
2380
2435
idmap alloc config (G)
2381
</h3></div></div></div><a class="indexterm" name="id2544002"></a><a name="IDMAPALLOCCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
2436
</h3></div></div></div><a class="indexterm" name="id2550588"></a><a name="IDMAPALLOCCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
2382
2437
The idmap alloc config prefix provides a means of managing settings
2383
2438
for the backend defined by the <a class="link" href="smb.conf.5.html#IDMAPALLOCBACKEND" target="_top">idmap alloc backend</a>
2384
2439
parameter. Refer to the man page for each idmap plugin regarding
2385
2440
specific configuration details.
2386
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544045"></a>
2441
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="idmap backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550631"></a>
2387
2442
2388
2443
idmap backend (G)
2389
</h3></div></div></div><a class="indexterm" name="id2544046"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
2444
</h3></div></div></div><a class="indexterm" name="id2550632"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
2390
2445
The idmap backend provides a plugin interface for Winbind to use
2391
2446
varying backends to store SID/uid/gid mapping tables.
2392
2447
</p><p>
2407
2462
and ad (<a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a>).
2408
2463
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> = <code class="literal">tdb</code>
2409
2464
</em></span>
2410
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544217"></a>
2465
</p></dd></dl></div></div><div class="section" title="idmap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550803"></a>
2411
2466
2412
2467
idmap cache time (G)
2413
</h3></div></div></div><a class="indexterm" name="id2544218"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2468
</h3></div></div></div><a class="indexterm" name="id2550804"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2414
2469
idmap interface will cache positive SID/uid/gid query results.
2415
2470
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap cache time</code></em> = <code class="literal">604800 (one week)</code>
2416
2471
</em></span>
2417
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544261"></a>
2472
</p></dd></dl></div></div><div class="section" title="idmap config (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550847"></a>
2418
2473
2419
2474
idmap config (G)
2420
</h3></div></div></div><a class="indexterm" name="id2544262"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
2475
</h3></div></div></div><a class="indexterm" name="id2550848"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
2421
2476
The idmap config prefix provides a means of managing each trusted
2422
2477
domain separately. The idmap config prefix should be followed by the
2423
2478
name of the domain, a colon, and a setting specific to the chosen
2449
2504
2450
2505
idmap config CORP : backend = ad
2451
2506
idmap config CORP : range = 1000-999999
2452
</pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544394"></a>
2507
</pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="winbind gid"><div class="titlepage"><div><div><h3 class="title"><a name="id2550980"></a>
2453
2508
2454
2509
<a name="WINBINDGID"></a>winbind gid
2455
</h3></div></div></div><a class="indexterm" name="id2544395"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544426"></a>
2510
</h3></div></div></div><a class="indexterm" name="id2550981"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" title="idmap gid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551012"></a>
2456
2511
2457
2512
idmap gid (G)
2458
</h3></div></div></div><a class="indexterm" name="id2544427"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>The idmap gid parameter specifies the range of group ids
2513
</h3></div></div></div><a class="indexterm" name="id2551013"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>The idmap gid parameter specifies the range of group ids
2459
2514
that are allocated for the purpose of mapping UNX groups to NT group
2460
2515
SIDs. This range of group ids should have no
2461
2516
existing local or NIS groups within it as strange conflicts can
2465
2520
</em></span>
2466
2521
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal">10000-20000</code>
2467
2522
</em></span>
2468
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544512"></a>
2523
</p></dd></dl></div></div><div class="section" title="idmap negative cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551098"></a>
2469
2524
2470
2525
idmap negative cache time (G)
2471
</h3></div></div></div><a class="indexterm" name="id2544513"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2526
</h3></div></div></div><a class="indexterm" name="id2551099"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2472
2527
idmap interface will cache negative SID/uid/gid query results.
2473
2528
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap negative cache time</code></em> = <code class="literal">120</code>
2474
2529
</em></span>
2475
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544557"></a>
2530
</p></dd></dl></div></div><div class="section" title="winbind uid"><div class="titlepage"><div><div><h3 class="title"><a name="id2551142"></a>
2476
2531
2477
2532
<a name="WINBINDUID"></a>winbind uid
2478
</h3></div></div></div><a class="indexterm" name="id2544558"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPUID">idmap uid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544588"></a>
2533
</h3></div></div></div><a class="indexterm" name="id2551143"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPUID">idmap uid</a>.</p></dd></dl></div></div><div class="section" title="idmap uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551173"></a>
2479
2534
2480
2535
idmap uid (G)
2481
</h3></div></div></div><a class="indexterm" name="id2544589"></a><a name="IDMAPUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
2536
</h3></div></div></div><a class="indexterm" name="id2551174"></a><a name="IDMAPUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
2482
2537
The idmap uid parameter specifies the range of user ids that are
2483
2538
allocated for use in mapping UNIX users to NT user SIDs. This
2484
2539
range of ids should have no existing local
2488
2543
</em></span>
2489
2544
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> = <code class="literal">10000-20000</code>
2490
2545
</em></span>
2491
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544674"></a>
2546
</p></dd></dl></div></div><div class="section" title="include (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551260"></a>
2492
2547
2493
2548
include (G)
2494
</h3></div></div></div><a class="indexterm" name="id2544675"></a><a name="INCLUDE"></a><div class="variablelist"><dl><dt></dt><dd><p>
2549
</h3></div></div></div><a class="indexterm" name="id2551261"></a><a name="INCLUDE"></a><div class="variablelist"><dl><dt></dt><dd><p>
2495
2550
This allows you to include one config file inside another. The file is included literally, as though typed
2496
2551
in place.
2497
2552
</p><p>
2509
2564
</em></span>
2510
2565
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>include</code></em> = <code class="literal">/usr/local/samba/lib/admin_smb.conf</code>
2511
2566
</em></span>
2512
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544775"></a>
2567
</p></dd></dl></div></div><div class="section" title="inherit acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551360"></a>
2513
2568
2514
2569
inherit acls (S)
2515
</h3></div></div></div><a class="indexterm" name="id2544776"></a><a name="INHERITACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter can be used to ensure that if default acls
2570
</h3></div></div></div><a class="indexterm" name="id2551362"></a><a name="INHERITACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter can be used to ensure that if default acls
2516
2571
exist on parent directories, they are always honored when creating a
2517
2572
new file or subdirectory in these parent directories. The default
2518
2573
behavior is to use the unix mode specified when creating the directory.
2520
2575
default directory acls are propagated.
2521
2576
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit acls</code></em> = <code class="literal">no</code>
2522
2577
</em></span>
2523
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544822"></a>
2578
</p></dd></dl></div></div><div class="section" title="inherit owner (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551407"></a>
2524
2579
2525
2580
inherit owner (S)
2526
</h3></div></div></div><a class="indexterm" name="id2544823"></a><a name="INHERITOWNER"></a><div class="variablelist"><dl><dt></dt><dd><p>The ownership of new files and directories
2581
</h3></div></div></div><a class="indexterm" name="id2551408"></a><a name="INHERITOWNER"></a><div class="variablelist"><dl><dt></dt><dd><p>The ownership of new files and directories
2527
2582
is normally governed by effective uid of the connected user.
2528
2583
This option allows the Samba administrator to specify that
2529
2584
the ownership for new files and directories should be controlled
2532
2587
delete them and to ensure that newly create files in a user's
2533
2588
roaming profile directory are actually owner by the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit owner</code></em> = <code class="literal">no</code>
2534
2589
</em></span>
2535
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544875"></a>
2590
</p></dd></dl></div></div><div class="section" title="inherit permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551461"></a>
2536
2591
2537
2592
inherit permissions (S)
2538
</h3></div></div></div><a class="indexterm" name="id2544876"></a><a name="INHERITPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2593
</h3></div></div></div><a class="indexterm" name="id2551462"></a><a name="INHERITPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2539
2594
The permissions on new files and directories are normally governed by <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a>,
2540
2595
<a class="link" href="smb.conf.5.html#DIRECTORYMASK" target="_top">directory mask</a>, <a class="link" href="smb.conf.5.html#FORCECREATEMODE" target="_top">force create mode</a> and <a class="link" href="smb.conf.5.html#FORCEDIRECTORYMODE" target="_top">force directory mode</a> but the boolean inherit permissions parameter overrides this.
2541
2596
</p><p>New directories inherit the mode of the parent directory,
2547
2602
many users, perhaps several thousand, to allow a single [homes]
2548
2603
share to be used flexibly by each user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit permissions</code></em> = <code class="literal">no</code>
2549
2604
</em></span>
2550
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545024"></a>
2605
</p></dd></dl></div></div><div class="section" title="init logon delayed hosts (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551610"></a>
2551
2606
2552
2607
init logon delayed hosts (G)
2553
</h3></div></div></div><a class="indexterm" name="id2545025"></a><a name="INITLOGONDELAYEDHOSTS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2608
</h3></div></div></div><a class="indexterm" name="id2551611"></a><a name="INITLOGONDELAYEDHOSTS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2554
2609
This parameter takes a list of host names, addresses or networks for
2555
2610
which the initial samlogon reply should be delayed (so other DCs get
2556
2611
preferred by XP workstations if there are any).
2561
2616
</em></span>
2562
2617
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>init logon delayed hosts</code></em> = <code class="literal">150.203.5. myhost.mynet.de</code>
2563
2618
</em></span>
2564
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545102"></a>
2619
</p></dd></dl></div></div><div class="section" title="init logon delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551688"></a>
2565
2620
2566
2621
init logon delay (G)
2567
</h3></div></div></div><a class="indexterm" name="id2545103"></a><a name="INITLOGONDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>
2622
</h3></div></div></div><a class="indexterm" name="id2551689"></a><a name="INITLOGONDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>
2568
2623
This parameter specifies a delay in milliseconds for the hosts configured
2569
2624
for delayed initial samlogon with
2570
2625
<a class="link" href="smb.conf.5.html#INITLOGONDELAYEDHOSTS" target="_top">init logon delayed hosts</a>.
2571
2626
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>init logon delay</code></em> = <code class="literal">100</code>
2572
2627
</em></span>
2573
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545156"></a>
2628
</p></dd></dl></div></div><div class="section" title="interfaces (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551742"></a>
2574
2629
2575
2630
interfaces (G)
2576
</h3></div></div></div><a class="indexterm" name="id2545157"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default
2631
</h3></div></div></div><a class="indexterm" name="id2551743"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default
2577
2632
network interfaces list that Samba will use for browsing, name
2578
2633
registration and other NetBIOS over TCP/IP (NBT) traffic. By default Samba will query
2579
2634
the kernel for the list of all active interfaces and use any
2580
2635
interfaces except 127.0.0.1 that are broadcast capable.</p><p>The option takes a list of interface strings. Each string
2581
can be in any of the following forms:</p><div class="itemizedlist"><ul type="disc"><li><p>a network interface name (such as eth0).
2636
can be in any of the following forms:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>a network interface name (such as eth0).
2582
2637
This may include shell-like wildcards so eth* will match
2583
any interface starting with the substring "eth"</p></li><li><p>an IP address. In this case the netmask is
2638
any interface starting with the substring "eth"</p></li><li class="listitem"><p>an IP address. In this case the netmask is
2584
2639
determined from the list of interfaces obtained from the
2585
kernel</p></li><li><p>an IP/mask pair. </p></li><li><p>a broadcast/mask pair.</p></li></ul></div><p>The "mask" parameters can either be a bit length (such
2640
kernel</p></li><li class="listitem"><p>an IP/mask pair. </p></li><li class="listitem"><p>a broadcast/mask pair.</p></li></ul></div><p>The "mask" parameters can either be a bit length (such
2586
2641
as 24 for a C class network) or a full netmask in dotted
2587
2642
decimal form.</p><p>The "IP" parameters above can either be a full dotted
2588
2643
decimal IP address or a hostname which will be looked up via
2597
2652
</em></span>
2598
2653
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>interfaces</code></em> = <code class="literal">eth0 192.168.2.10/24 192.168.3.10/255.255.255.0</code>
2599
2654
</em></span>
2600
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545273"></a>
2655
</p></dd></dl></div></div><div class="section" title="invalid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551859"></a>
2601
2656
2602
2657
invalid users (S)
2603
</h3></div></div></div><a class="indexterm" name="id2545274"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed
2658
</h3></div></div></div><a class="indexterm" name="id2551860"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed
2604
2659
to login to this service. This is really a <span class="emphasis"><em>paranoid</em></span>
2605
2660
check to absolutely ensure an improper setting does not breach
2606
2661
your security.</p><p>A name starting with a '@' is interpreted as an NIS
2620
2675
</em></span>
2621
2676
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>invalid users</code></em> = <code class="literal">root fred admin @wheel</code>
2622
2677
</em></span>
2623
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545388"></a>
2678
</p></dd></dl></div></div><div class="section" title="iprint server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551973"></a>
2624
2679
2625
2680
iprint server (G)
2626
</h3></div></div></div><a class="indexterm" name="id2545389"></a><a name="IPRINTSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
2681
</h3></div></div></div><a class="indexterm" name="id2551974"></a><a name="IPRINTSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
2627
2682
This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">iprint</code>.
2628
2683
</p><p>
2629
2684
If set, this option overrides the ServerName option in the CUPS <code class="filename">client.conf</code>. This is
2632
2687
</em></span>
2633
2688
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>iprint server</code></em> = <code class="literal">MYCUPSSERVER</code>
2634
2689
</em></span>
2635
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545474"></a>
2690
</p></dd></dl></div></div><div class="section" title="keepalive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552060"></a>
2636
2691
2637
2692
keepalive (G)
2638
</h3></div></div></div><a class="indexterm" name="id2545475"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents
2693
</h3></div></div></div><a class="indexterm" name="id2552061"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents
2639
2694
the number of seconds between <em class="parameter"><code>keepalive</code></em>
2640
2695
packets. If this parameter is zero, no keepalive packets will be
2641
2696
sent. Keepalive packets, if sent, allow the server to tell whether
2645
2700
</em></span>
2646
2701
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>keepalive</code></em> = <code class="literal">600</code>
2647
2702
</em></span>
2648
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545562"></a>
2703
</p></dd></dl></div></div><div class="section" title="kerberos method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552147"></a>
2649
2704
2650
2705
kerberos method (G)
2651
</h3></div></div></div><a class="indexterm" name="id2545563"></a><a name="KERBEROSMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p>
2706
</h3></div></div></div><a class="indexterm" name="id2552148"></a><a name="KERBEROSMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p>
2652
2707
Controls how kerberos tickets are verified.
2653
</p><p>Valid options are:</p><div class="itemizedlist"><ul type="disc"><li><p>secrets only - use only the secrets.tdb for
2654
ticket verification (default)</p></li><li><p>system keytab - use only the system keytab
2655
for ticket verification</p></li><li><p>dedicated keytab - use a dedicated keytab
2656
for ticket verification</p></li><li><p>secrets and keytab - use the secrets.tdb
2708
</p><p>Valid options are:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>secrets only - use only the secrets.tdb for
2709
ticket verification (default)</p></li><li class="listitem"><p>system keytab - use only the system keytab
2710
for ticket verification</p></li><li class="listitem"><p>dedicated keytab - use a dedicated keytab
2711
for ticket verification</p></li><li class="listitem"><p>secrets and keytab - use the secrets.tdb
2657
2712
first, then the system keytab</p></li></ul></div><p>
2658
2713
The major difference between "system keytab" and "dedicated
2659
2714
keytab" is that the latter method relies on kerberos to find the
2665
2720
specify the location of the keytab file.
2666
2721
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kerberos method</code></em> = <code class="literal">secrets only</code>
2667
2722
</em></span>
2668
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545658"></a>
2723
</p></dd></dl></div></div><div class="section" title="kernel change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552243"></a>
2669
2724
2670
2725
kernel change notify (S)
2671
</h3></div></div></div><a class="indexterm" name="id2545659"></a><a name="KERNELCHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should ask the
2726
</h3></div></div></div><a class="indexterm" name="id2552244"></a><a name="KERNELCHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should ask the
2672
2727
kernel for change notifications in directories so that
2673
2728
SMB clients can refresh whenever the data on the server changes.
2674
2729
</p><p>This parameter is only used when your kernel supports
2675
2730
change notification to user programs using the inotify interface.
2676
2731
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel change notify</code></em> = <code class="literal">yes</code>
2677
2732
</em></span>
2678
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545708"></a>
2733
</p></dd></dl></div></div><div class="section" title="kernel oplocks (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552293"></a>
2679
2734
2680
2735
kernel oplocks (G)
2681
</h3></div></div></div><a class="indexterm" name="id2545709"></a><a name="KERNELOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>For UNIXes that support kernel based <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
2736
</h3></div></div></div><a class="indexterm" name="id2552294"></a><a name="KERNELOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>For UNIXes that support kernel based <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
2682
2737
(currently only IRIX and the Linux 2.4 kernel), this parameter
2683
2738
allows the use of them to be turned on or off.</p><p>Kernel oplocks support allows Samba <em class="parameter"><code>oplocks
2684
2739
</code></em> to be broken whenever a local UNIX process or NFS operation
2688
2743
to a no-op on systems that no not have the necessary kernel support.
2689
2744
You should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel oplocks</code></em> = <code class="literal">yes</code>
2690
2745
</em></span>
2691
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545796"></a>
2746
</p></dd></dl></div></div><div class="section" title="lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552382"></a>
2692
2747
2693
2748
lanman auth (G)
2694
</h3></div></div></div><a class="indexterm" name="id2545798"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
2749
</h3></div></div></div><a class="indexterm" name="id2552383"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
2695
2750
authenticate users or permit password changes
2696
2751
using the LANMAN password hash. If disabled, only clients which support NT
2697
2752
password hashes (e.g. Windows NT/2000 clients, smbclient, but not
2708
2763
permited. Not all clients support NTLMv2, and most will require
2709
2764
special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lanman auth</code></em> = <code class="literal">no</code>
2710
2765
</em></span>
2711
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545889"></a>
2766
</p></dd></dl></div></div><div class="section" title="large readwrite (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552474"></a>
2712
2767
2713
2768
large readwrite (G)
2714
</h3></div></div></div><a class="indexterm" name="id2545890"></a><a name="LARGEREADWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not
2769
</h3></div></div></div><a class="indexterm" name="id2552475"></a><a name="LARGEREADWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not
2715
2770
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> supports the new 64k
2716
2771
streaming read and write varient SMB requests introduced with
2717
2772
Windows 2000. Note that due to Windows 2000 client redirector bugs
2720
2775
performance by 10% with Windows 2000 clients. Defaults to on. Not as
2721
2776
tested as some other Samba code paths.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>large readwrite</code></em> = <code class="literal">yes</code>
2722
2777
</em></span>
2723
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545952"></a>
2778
</p></dd></dl></div></div><div class="section" title="ldap admin dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552531"></a>
2724
2779
2725
2780
ldap admin dn (G)
2726
</h3></div></div></div><a class="indexterm" name="id2545953"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>
2781
</h3></div></div></div><a class="indexterm" name="id2552532"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>
2727
2782
The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> defines the Distinguished Name (DN) name used by Samba to contact
2728
2783
the ldap server when retreiving user account information. The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> is used
2729
2784
in conjunction with the admin dn password stored in the <code class="filename">private/secrets.tdb</code>
2731
2786
man page for more information on how to accomplish this.
2732
2787
</p><p>
2733
2788
The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> requires a fully specified DN. The <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> is not appended to the <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a>.
2734
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546062"></a>
2789
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="ldap connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552640"></a>
2735
2790
2736
2791
ldap connection timeout (G)
2737
</h3></div></div></div><a class="indexterm" name="id2546063"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
2792
</h3></div></div></div><a class="indexterm" name="id2552641"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
2738
2793
This parameter tells the LDAP library calls which timeout in seconds
2739
2794
they should honor during initial connection establishments to LDAP servers.
2740
2795
It is very useful in failover scenarios in particular. If one or more LDAP
2746
2801
and not establishing an initial connection.
2747
2802
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap connection timeout</code></em> = <code class="literal">2</code>
2748
2803
</em></span>
2749
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546127"></a>
2804
</p></dd></dl></div></div><div class="section" title="ldap debug level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552705"></a>
2750
2805
2751
2806
ldap debug level (G)
2752
</h3></div></div></div><a class="indexterm" name="id2546128"></a><a name="LDAPDEBUGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
2807
</h3></div></div></div><a class="indexterm" name="id2552706"></a><a name="LDAPDEBUGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
2753
2808
This parameter controls the debug level of the LDAP library
2754
2809
calls. In the case of OpenLDAP, it is the same
2755
2810
bit-field as understood by the server and documented in the
2766
2821
</em></span>
2767
2822
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug level</code></em> = <code class="literal">1</code>
2768
2823
</em></span>
2769
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546215"></a>
2824
</p></dd></dl></div></div><div class="section" title="ldap debug threshold (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552793"></a>
2770
2825
2771
2826
ldap debug threshold (G)
2772
</h3></div></div></div><a class="indexterm" name="id2546216"></a><a name="LDAPDEBUGTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p>
2827
</h3></div></div></div><a class="indexterm" name="id2552794"></a><a name="LDAPDEBUGTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p>
2773
2828
This parameter controls the Samba debug level at which
2774
2829
the ldap library debug output is
2775
2830
printed in the Samba logs. See the description of
2778
2833
</em></span>
2779
2834
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug threshold</code></em> = <code class="literal">5</code>
2780
2835
</em></span>
2781
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546282"></a>
2836
</p></dd></dl></div></div><div class="section" title="ldap delete dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552861"></a>
2782
2837
2783
2838
ldap delete dn (G)
2784
</h3></div></div></div><a class="indexterm" name="id2546283"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete
2839
</h3></div></div></div><a class="indexterm" name="id2552862"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete
2785
2840
operation in the ldapsam deletes the complete entry or only the attributes
2786
2841
specific to Samba.
2787
2842
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap delete dn</code></em> = <code class="literal">no</code>
2788
2843
</em></span>
2789
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546326"></a>
2844
</p></dd></dl></div></div><div class="section" title="ldap group suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552905"></a>
2790
2845
2791
2846
ldap group suffix (G)
2792
</h3></div></div></div><a class="indexterm" name="id2546327"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is
2847
</h3></div></div></div><a class="indexterm" name="id2552906"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is
2793
2848
used for groups when these are added to the LDAP directory.
2794
2849
If this parameter is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix string is pre-pended to the
2795
2850
<a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = <code class="literal"></code>
2796
2851
</em></span>
2797
2852
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = <code class="literal">ou=Groups</code>
2798
2853
</em></span>
2799
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546410"></a>
2854
</p></dd></dl></div></div><div class="section" title="ldap idmap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552988"></a>
2800
2855
2801
2856
ldap idmap suffix (G)
2802
</h3></div></div></div><a class="indexterm" name="id2546411"></a><a name="LDAPIDMAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2857
</h3></div></div></div><a class="indexterm" name="id2552990"></a><a name="LDAPIDMAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2803
2858
This parameters specifies the suffix that is used when storing idmap mappings. If this parameter
2804
2859
is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix
2805
2860
string is pre-pended to the <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.
2807
2862
</em></span>
2808
2863
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap idmap suffix</code></em> = <code class="literal">ou=Idmap</code>
2809
2864
</em></span>
2810
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546492"></a>
2865
</p></dd></dl></div></div><div class="section" title="ldap machine suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553071"></a>
2811
2866
2812
2867
ldap machine suffix (G)
2813
</h3></div></div></div><a class="indexterm" name="id2546494"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2868
</h3></div></div></div><a class="indexterm" name="id2553072"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2814
2869
It specifies where machines should be added to the ldap tree. If this parameter is unset, the value of
2815
2870
<a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix string is pre-pended to the
2816
2871
<a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.
2818
2873
</em></span>
2819
2874
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap machine suffix</code></em> = <code class="literal">ou=Computers</code>
2820
2875
</em></span>
2821
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546574"></a>
2876
</p></dd></dl></div></div><div class="section" title="ldap page size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553153"></a>
2877
2878
ldap page size (G)
2879
</h3></div></div></div><a class="indexterm" name="id2553154"></a><a name="LDAPPAGESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
2880
This parameter specifies the number of entries per page.
2881
</p><p>If the LDAP server supports paged results, clients can
2882
request subsets of search results (pages) instead of the entire list.
2883
This parameter specifies the size of these pages.
2884
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap page size</code></em> = <code class="literal">1024</code>
2885
</em></span>
2886
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap page size</code></em> = <code class="literal">512</code>
2887
</em></span>
2888
</p></dd></dl></div></div><div class="section" title="ldap passwd sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553220"></a>
2822
2889
2823
2890
ldap passwd sync (G)
2824
</h3></div></div></div><a class="indexterm" name="id2546575"></a><a name="LDAPPASSWDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
2891
</h3></div></div></div><a class="indexterm" name="id2553221"></a><a name="LDAPPASSWDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
2825
2892
This option is used to define whether or not Samba should sync the LDAP password with the NT
2826
2893
and LM hashes for normal accounts (NOT for workstation, server or domain trusts) on a password
2827
2894
change via SAMBA.
2828
2895
</p><p>
2829
2896
The <a class="link" href="smb.conf.5.html#LDAPPASSWDSYNC" target="_top">ldap passwd sync</a> can be set to one of three values:
2830
</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Yes</code></em> = Try
2831
to update the LDAP, NT and LM passwords and update the pwdLastSet time.</p></li><li><p><em class="parameter"><code>No</code></em> = Update NT and
2832
LM passwords and update the pwdLastSet time.</p></li><li><p><em class="parameter"><code>Only</code></em> = Only update
2897
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>Yes</code></em> = Try
2898
to update the LDAP, NT and LM passwords and update the pwdLastSet time.</p></li><li class="listitem"><p><em class="parameter"><code>No</code></em> = Update NT and
2899
LM passwords and update the pwdLastSet time.</p></li><li class="listitem"><p><em class="parameter"><code>Only</code></em> = Only update
2833
2900
the LDAP password and let the LDAP server do the rest.</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap passwd sync</code></em> = <code class="literal">no</code>
2834
2901
</em></span>
2835
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546676"></a>
2902
</p></dd></dl></div></div><div class="section" title="ldap replication sleep (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553321"></a>
2836
2903
2837
2904
ldap replication sleep (G)
2838
</h3></div></div></div><a class="indexterm" name="id2546677"></a><a name="LDAPREPLICATIONSLEEP"></a><div class="variablelist"><dl><dt></dt><dd><p>
2905
</h3></div></div></div><a class="indexterm" name="id2553322"></a><a name="LDAPREPLICATIONSLEEP"></a><div class="variablelist"><dl><dt></dt><dd><p>
2839
2906
When Samba is asked to write to a read-only LDAP replica, we are redirected to talk to the read-write master server.
2840
2907
This server then replicates our changes back to the 'local' server, however the replication might take some seconds,
2841
2908
especially over slow links. Certain client activities, particularly domain joins, can become confused by the 'success'
2848
2915
The value is specified in milliseconds, the maximum value is 5000 (5 seconds).
2849
2916
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap replication sleep</code></em> = <code class="literal">1000</code>
2850
2917
</em></span>
2851
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546739"></a>
2918
</p></dd></dl></div></div><div class="section" title="ldapsam:editposix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553385"></a>
2852
2919
2853
2920
ldapsam:editposix (G)
2854
</h3></div></div></div><a class="indexterm" name="id2546740"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2921
</h3></div></div></div><a class="indexterm" name="id2553386"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2855
2922
Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller
2856
2923
eliminating the need to set up custom scripts to add and manage the posix users and groups. This option
2857
2924
will instead directly manipulate the ldap tree to create, remove and modify user and group entries.
2929
2996
</pre><p>
2930
2997
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:editposix</code></em> = <code class="literal">no</code>
2931
2998
</em></span>
2932
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546865"></a>
2999
</p></dd></dl></div></div><div class="section" title="ldapsam:trusted (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553510"></a>
2933
3000
2934
3001
ldapsam:trusted (G)
2935
</h3></div></div></div><a class="indexterm" name="id2546866"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
3002
</h3></div></div></div><a class="indexterm" name="id2553512"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
2936
3003
By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to
2937
3004
access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group
2938
3005
this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he
2950
3017
is easily achieved.
2951
3018
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:trusted</code></em> = <code class="literal">no</code>
2952
3019
</em></span>
2953
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546954"></a>
3020
</p></dd></dl></div></div><div class="section" title="ldap ssl ads (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553599"></a>
2954
3021
2955
3022
ldap ssl ads (G)
2956
</h3></div></div></div><a class="indexterm" name="id2546955"></a><a name="LDAPSSLADS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
3023
</h3></div></div></div><a class="indexterm" name="id2553600"></a><a name="LDAPSSLADS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
2957
3024
use SSL when connecting to the ldap server using
2958
3025
<span class="emphasis"><em>ads</em></span> methods.
2959
3026
Rpc methods are not affected by this parameter. Please note, that
2963
3030
for more information on <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a>.
2964
3031
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl ads</code></em> = <code class="literal">no</code>
2965
3032
</em></span>
2966
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547040"></a>
3033
</p></dd></dl></div></div><div class="section" title="ldap ssl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553685"></a>
2967
3034
2968
3035
ldap ssl (G)
2969
</h3></div></div></div><a class="indexterm" name="id2547041"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
3036
</h3></div></div></div><a class="indexterm" name="id2553686"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
2970
3037
use SSL when connecting to the ldap server
2971
3038
This is <span class="emphasis"><em>NOT</em></span> related to
2972
3039
Samba's previous SSL support which was enabled by specifying the
2977
3044
<em class="parameter"><code>Start_tls</code></em>
2978
3045
<span class="emphasis"><em>or</em></span> by specifying <em class="parameter"><code>ldaps://</code></em> in
2979
3046
the URL argument of <a class="link" href="smb.conf.5.html#PASSDBBACKEND" target="_top">passdb backend</a>.</p><p>The <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a> can be set to one of
2980
two values:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Off</code></em> = Never
2981
use SSL when querying the directory.</p></li><li><p><em class="parameter"><code>start tls</code></em> = Use
3047
two values:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>Off</code></em> = Never
3048
use SSL when querying the directory.</p></li><li class="listitem"><p><em class="parameter"><code>start tls</code></em> = Use
2982
3049
the LDAPv3 StartTLS extended operation (RFC2830) for
2983
3050
communicating with the directory server.</p></li></ul></div><p>
2984
3051
Please note that this parameter does only affect <span class="emphasis"><em>rpc</em></span>
2991
3058
for more information on <a class="link" href="smb.conf.5.html#LDAPSSLADS" target="_top">ldap ssl ads</a>.
2992
3059
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = <code class="literal">start tls</code>
2993
3060
</em></span>
2994
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547233"></a>
3061
</p></dd></dl></div></div><div class="section" title="ldap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553878"></a>
2995
3062
2996
3063
ldap suffix (G)
2997
</h3></div></div></div><a class="indexterm" name="id2547234"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
3064
</h3></div></div></div><a class="indexterm" name="id2553879"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
2998
3065
The ldap suffix will be appended to the values specified for the <a class="link" href="smb.conf.5.html#LDAPUSERSUFFIX" target="_top">ldap user suffix</a>,
2999
3066
<a class="link" href="smb.conf.5.html#LDAPGROUPSUFFIX" target="_top">ldap group suffix</a>, <a class="link" href="smb.conf.5.html#LDAPMACHINESUFFIX" target="_top">ldap machine suffix</a>, and the
3000
3067
<a class="link" href="smb.conf.5.html#LDAPIDMAPSUFFIX" target="_top">ldap idmap suffix</a>. Each of these should be given only a DN relative to the
3003
3070
</em></span>
3004
3071
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap suffix</code></em> = <code class="literal">dc=samba,dc=org</code>
3005
3072
</em></span>
3006
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547355"></a>
3073
</p></dd></dl></div></div><div class="section" title="ldap timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554001"></a>
3007
3074
3008
3075
ldap timeout (G)
3009
</h3></div></div></div><a class="indexterm" name="id2547356"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3076
</h3></div></div></div><a class="indexterm" name="id2554002"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3010
3077
This parameter defines the number of seconds that Samba should use as timeout for LDAP operations.
3011
3078
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap timeout</code></em> = <code class="literal">15</code>
3012
3079
</em></span>
3013
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547398"></a>
3080
</p></dd></dl></div></div><div class="section" title="ldap user suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554043"></a>
3014
3081
3015
3082
ldap user suffix (G)
3016
</h3></div></div></div><a class="indexterm" name="id2547399"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
3083
</h3></div></div></div><a class="indexterm" name="id2554044"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
3017
3084
This parameter specifies where users are added to the tree. If this parameter is unset,
3018
3085
the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix
3019
3086
string is pre-pended to the <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.
3021
3088
</em></span>
3022
3089
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap user suffix</code></em> = <code class="literal">ou=people</code>
3023
3090
</em></span>
3024
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547480"></a>
3091
</p></dd></dl></div></div><div class="section" title="level2 oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554125"></a>
3025
3092
3026
3093
level2 oplocks (S)
3027
</h3></div></div></div><a class="indexterm" name="id2547481"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports
3094
</h3></div></div></div><a class="indexterm" name="id2554126"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports
3028
3095
level2 (read-only) oplocks on a share.</p><p>Level2, or read-only oplocks allow Windows NT clients
3029
3096
that have an oplock on a file to downgrade from a read-write oplock
3030
3097
to a read-only oplock once a second client opens the file (instead
3044
3111
parameter must be set to <code class="constant">yes</code> on this share in order for
3045
3112
this parameter to have any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>level2 oplocks</code></em> = <code class="literal">yes</code>
3046
3113
</em></span>
3047
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547586"></a>
3114
</p></dd></dl></div></div><div class="section" title="lm announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554232"></a>
3048
3115
3049
3116
lm announce (G)
3050
</h3></div></div></div><a class="indexterm" name="id2547588"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce
3117
</h3></div></div></div><a class="indexterm" name="id2554233"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce
3051
3118
broadcasts that are needed by OS/2 clients in order for them to see
3052
3119
the Samba server in their browse list. This parameter can have three
3053
3120
values, <code class="constant">yes</code>, <code class="constant">no</code>, or
3063
3130
</em></span>
3064
3131
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = <code class="literal">yes</code>
3065
3132
</em></span>
3066
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547709"></a>
3133
</p></dd></dl></div></div><div class="section" title="lm interval (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554354"></a>
3067
3134
3068
3135
lm interval (G)
3069
</h3></div></div></div><a class="indexterm" name="id2547710"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce
3136
</h3></div></div></div><a class="indexterm" name="id2554355"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce
3070
3137
broadcasts needed by OS/2 clients (see the
3071
3138
<a class="link" href="smb.conf.5.html#LMANNOUNCE" target="_top">lm announce</a> parameter) then this
3072
3139
parameter defines the frequency in seconds with which they will be
3076
3143
</em></span>
3077
3144
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm interval</code></em> = <code class="literal">120</code>
3078
3145
</em></span>
3079
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547793"></a>
3146
</p></dd></dl></div></div><div class="section" title="load printers (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554438"></a>
3080
3147
3081
3148
load printers (G)
3082
</h3></div></div></div><a class="indexterm" name="id2547794"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all
3149
</h3></div></div></div><a class="indexterm" name="id2554439"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all
3083
3150
printers in the printcap will be loaded for browsing by default.
3084
3151
See the <a class="link" href="smb.conf.5.html#PRINTERS" target="_top">printers</a> section for
3085
3152
more details.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>load printers</code></em> = <code class="literal">yes</code>
3086
3153
</em></span>
3087
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547849"></a>
3154
</p></dd></dl></div></div><div class="section" title="local master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554494"></a>
3088
3155
3089
3156
local master (G)
3090
</h3></div></div></div><a class="indexterm" name="id2547850"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser
3157
</h3></div></div></div><a class="indexterm" name="id2554495"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser
3091
3158
on a subnet. If set to <code class="constant">no</code> then <code class="literal">
3092
3159
nmbd</code> will not attempt to become a local master browser
3093
3160
on a subnet and will also lose in all browsing elections. By
3097
3164
will <span class="emphasis"><em>participate</em></span> in elections for local master browser.</p><p>Setting this value to <code class="constant">no</code> will cause <code class="literal">nmbd</code> <span class="emphasis"><em>never</em></span> to become a local
3098
3165
master browser.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>local master</code></em> = <code class="literal">yes</code>
3099
3166
</em></span>
3100
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547949"></a>
3167
</p></dd></dl></div></div><div class="section" title="lock dir"><div class="titlepage"><div><div><h3 class="title"><a name="id2554594"></a>
3101
3168
3102
3169
<a name="LOCKDIR"></a>lock dir
3103
</h3></div></div></div><a class="indexterm" name="id2547950"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547981"></a>
3170
</h3></div></div></div><a class="indexterm" name="id2554595"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" title="lock directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554626"></a>
3104
3171
3105
3172
lock directory (G)
3106
</h3></div></div></div><a class="indexterm" name="id2547982"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock
3173
</h3></div></div></div><a class="indexterm" name="id2554627"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock
3107
3174
files will be placed. The lock files are used to implement the
3108
3175
<a class="link" href="smb.conf.5.html#MAXCONNECTIONS" target="_top">max connections</a> option.
3109
3176
</p><p>
3113
3180
</em></span>
3114
3181
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lock directory</code></em> = <code class="literal">/var/run/samba/locks</code>
3115
3182
</em></span>
3116
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548060"></a>
3183
</p></dd></dl></div></div><div class="section" title="locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554705"></a>
3117
3184
3118
3185
locking (S)
3119
</h3></div></div></div><a class="indexterm" name="id2548061"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be
3186
</h3></div></div></div><a class="indexterm" name="id2554706"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be
3120
3187
performed by the server in response to lock requests from the
3121
3188
client.</p><p>If <code class="literal">locking = no</code>, all lock and unlock
3122
3189
requests will appear to succeed and all lock queries will report
3126
3193
CDROM drives), although setting this parameter of <code class="constant">no</code>
3127
3194
is not really recommended even in this case.</p><p>Be careful about disabling locking either globally or in a
3128
3195
specific service, as lack of locking may result in data corruption.
3129
You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548135"></a>
3196
You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="lock spin count (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554780"></a>
3130
3197
3131
3198
lock spin count (G)
3132
</h3></div></div></div><a class="indexterm" name="id2548136"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
3199
</h3></div></div></div><a class="indexterm" name="id2554781"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
3133
3200
The functionality it contolled is now controlled by the parameter
3134
3201
<a class="link" href="smb.conf.5.html#LOCKSPINTIME" target="_top">lock spin time</a>.
3135
3202
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin count</code></em> = <code class="literal">0</code>
3136
3203
</em></span>
3137
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548191"></a>
3204
</p></dd></dl></div></div><div class="section" title="lock spin time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554836"></a>
3138
3205
3139
3206
lock spin time (G)
3140
</h3></div></div></div><a class="indexterm" name="id2548192"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in microseconds that smbd should
3207
</h3></div></div></div><a class="indexterm" name="id2554837"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in microseconds that smbd should
3141
3208
keep waiting to see if a failed lock request can
3142
3209
be granted. This parameter has changed in default
3143
3210
value from Samba 3.0.23 from 10 to 200. The associated
3145
3212
no longer used in Samba 3.0.24. You should not need
3146
3213
to change the value of this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin time</code></em> = <code class="literal">200</code>
3147
3214
</em></span>
3148
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548249"></a>
3215
</p></dd></dl></div></div><div class="section" title="log file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554894"></a>
3149
3216
3150
3217
log file (G)
3151
</h3></div></div></div><a class="indexterm" name="id2548250"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3218
</h3></div></div></div><a class="indexterm" name="id2554895"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3152
3219
This option allows you to override the name of the Samba log file (also known as the debug file).
3153
3220
</p><p>
3154
3221
This option takes the standard substitutions, allowing you to have separate log files for each user or machine.
3155
3222
</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log file</code></em> = <code class="literal">/usr/local/samba/var/log.%m</code>
3156
3223
</em></span>
3157
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548301"></a>
3224
</p></dd></dl></div></div><div class="section" title="debuglevel"><div class="titlepage"><div><div><h3 class="title"><a name="id2554947"></a>
3158
3225
3159
3226
<a name="DEBUGLEVEL"></a>debuglevel
3160
</h3></div></div></div><a class="indexterm" name="id2548302"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548332"></a>
3227
</h3></div></div></div><a class="indexterm" name="id2554948"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" title="log level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554978"></a>
3161
3228
3162
3229
log level (G)
3163
</h3></div></div></div><a class="indexterm" name="id2548334"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
3230
</h3></div></div></div><a class="indexterm" name="id2554979"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
3164
3231
The value of the parameter (a astring) allows the debug level (logging level) to be specified in the
3165
3232
<code class="filename">smb.conf</code> file.
3166
3233
</p><p>This parameter has been extended since the 2.2.x
3167
3234
series, now it allows to specify the debug level for multiple
3168
3235
debug classes. This is to give greater flexibility in the configuration
3169
3236
of the system. The following debug classes are currently implemented:
3170
</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>all</code></em></p></li><li><p><em class="parameter"><code>tdb</code></em></p></li><li><p><em class="parameter"><code>printdrivers</code></em></p></li><li><p><em class="parameter"><code>lanman</code></em></p></li><li><p><em class="parameter"><code>smb</code></em></p></li><li><p><em class="parameter"><code>rpc_parse</code></em></p></li><li><p><em class="parameter"><code>rpc_srv</code></em></p></li><li><p><em class="parameter"><code>rpc_cli</code></em></p></li><li><p><em class="parameter"><code>passdb</code></em></p></li><li><p><em class="parameter"><code>sam</code></em></p></li><li><p><em class="parameter"><code>auth</code></em></p></li><li><p><em class="parameter"><code>winbind</code></em></p></li><li><p><em class="parameter"><code>vfs</code></em></p></li><li><p><em class="parameter"><code>idmap</code></em></p></li><li><p><em class="parameter"><code>quota</code></em></p></li><li><p><em class="parameter"><code>acls</code></em></p></li><li><p><em class="parameter"><code>locking</code></em></p></li><li><p><em class="parameter"><code>msdfs</code></em></p></li><li><p><em class="parameter"><code>dmapi</code></em></p></li><li><p><em class="parameter"><code>registry</code></em></p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">0</code>
3237
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>all</code></em></p></li><li class="listitem"><p><em class="parameter"><code>tdb</code></em></p></li><li class="listitem"><p><em class="parameter"><code>printdrivers</code></em></p></li><li class="listitem"><p><em class="parameter"><code>lanman</code></em></p></li><li class="listitem"><p><em class="parameter"><code>smb</code></em></p></li><li class="listitem"><p><em class="parameter"><code>rpc_parse</code></em></p></li><li class="listitem"><p><em class="parameter"><code>rpc_srv</code></em></p></li><li class="listitem"><p><em class="parameter"><code>rpc_cli</code></em></p></li><li class="listitem"><p><em class="parameter"><code>passdb</code></em></p></li><li class="listitem"><p><em class="parameter"><code>sam</code></em></p></li><li class="listitem"><p><em class="parameter"><code>auth</code></em></p></li><li class="listitem"><p><em class="parameter"><code>winbind</code></em></p></li><li class="listitem"><p><em class="parameter"><code>vfs</code></em></p></li><li class="listitem"><p><em class="parameter"><code>idmap</code></em></p></li><li class="listitem"><p><em class="parameter"><code>quota</code></em></p></li><li class="listitem"><p><em class="parameter"><code>acls</code></em></p></li><li class="listitem"><p><em class="parameter"><code>locking</code></em></p></li><li class="listitem"><p><em class="parameter"><code>msdfs</code></em></p></li><li class="listitem"><p><em class="parameter"><code>dmapi</code></em></p></li><li class="listitem"><p><em class="parameter"><code>registry</code></em></p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">0</code>
3171
3238
</em></span>
3172
3239
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">3 passdb:5 auth:10 winbind:2</code>
3173
3240
</em></span>
3174
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548566"></a>
3241
</p></dd></dl></div></div><div class="section" title="logon drive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555211"></a>
3175
3242
3176
3243
logon drive (G)
3177
</h3></div></div></div><a class="indexterm" name="id2548567"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3244
</h3></div></div></div><a class="indexterm" name="id2555212"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3178
3245
This parameter specifies the local path to which the home directory will be
3179
3246
connected (see <a class="link" href="smb.conf.5.html#LOGONHOME" target="_top">logon home</a>) and is only used by NT
3180
3247
Workstations.
3184
3251
</em></span>
3185
3252
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon drive</code></em> = <code class="literal">h:</code>
3186
3253
</em></span>
3187
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548641"></a>
3254
</p></dd></dl></div></div><div class="section" title="logon home (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555286"></a>
3188
3255
3189
3256
logon home (G)
3190
</h3></div></div></div><a class="indexterm" name="id2548642"></a><a name="LOGONHOME"></a><div class="variablelist"><dl><dt></dt><dd><p>
3257
</h3></div></div></div><a class="indexterm" name="id2555287"></a><a name="LOGONHOME"></a><div class="variablelist"><dl><dt></dt><dd><p>
3191
3258
This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC.
3192
3259
It allows you to do
3193
3260
</p><p>
3218
3285
</em></span>
3219
3286
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon home</code></em> = <code class="literal">\\remote_smb_server\%U</code>
3220
3287
</em></span>
3221
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548806"></a>
3288
</p></dd></dl></div></div><div class="section" title="logon path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555451"></a>
3222
3289
3223
3290
logon path (G)
3224
</h3></div></div></div><a class="indexterm" name="id2548807"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>
3291
</h3></div></div></div><a class="indexterm" name="id2555452"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>
3225
3292
This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are
3226
3293
stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming
3227
3294
profiles. To find out how to handle roaming profiles for Win 9X system, see the
3243
3310
this parameter to \\%N\homes\profile_path will cause problems).
3244
3311
</p><p>
3245
3312
This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine.
3246
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
3247
Do not quote the value. Setting this as “<span class="quote">\\%N\profile\%U</span>”
3313
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
3314
Do not quote the value. Setting this as <span class="quote">“<span class="quote">\\%N\profile\%U</span>”</span>
3248
3315
will break profile handling. Where the tdbsam or ldapsam passdb backend
3249
3316
is used, at the time the user account is created the value configured
3250
3317
for this parameter is written to the passdb backend and that value will
3265
3332
</pre><p>
3266
3333
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>logon path</code></em> = <code class="literal">\\%N\%U\profile</code>
3267
3334
</em></span>
3268
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548983"></a>
3335
</p></dd></dl></div></div><div class="section" title="logon script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555620"></a>
3269
3336
3270
3337
logon script (G)
3271
</h3></div></div></div><a class="indexterm" name="id2548984"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3338
</h3></div></div></div><a class="indexterm" name="id2555621"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3272
3339
This parameter specifies the batch file (<code class="filename">.bat</code>) or NT command file
3273
3340
(<code class="filename">.cmd</code>) to be downloaded and run on a machine when a user successfully logs in. The file
3274
3341
must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended.
3299
3366
</em></span>
3300
3367
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon script</code></em> = <code class="literal">scripts\%U.bat</code>
3301
3368
</em></span>
3302
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549152"></a>
3369
</p></dd></dl></div></div><div class="section" title="lppause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555789"></a>
3303
3370
3304
3371
lppause command (S)
3305
</h3></div></div></div><a class="indexterm" name="id2549153"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3372
</h3></div></div></div><a class="indexterm" name="id2555790"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3306
3373
executed on the server host in order to stop printing or spooling
3307
3374
a specific print job.</p><p>This command should be a program or script which takes
3308
3375
a printer name and job number to pause the print job. One way
3326
3393
</em></span>
3327
3394
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lppause command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p0</code>
3328
3395
</em></span>
3329
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549300"></a>
3396
</p></dd></dl></div></div><div class="section" title="lpq cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555937"></a>
3330
3397
3331
3398
lpq cache time (G)
3332
</h3></div></div></div><a class="indexterm" name="id2549301"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached
3399
</h3></div></div></div><a class="indexterm" name="id2555938"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached
3333
3400
for to prevent the <code class="literal">lpq</code> command being called too
3334
3401
often. A separate cache is kept for each variation of the <code class="literal">
3335
3402
lpq</code> command used by the system, so if you use different
3342
3409
</em></span>
3343
3410
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq cache time</code></em> = <code class="literal">10</code>
3344
3411
</em></span>
3345
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549419"></a>
3412
</p></dd></dl></div></div><div class="section" title="lpq command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556056"></a>
3346
3413
3347
3414
lpq command (S)
3348
</h3></div></div></div><a class="indexterm" name="id2549420"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3415
</h3></div></div></div><a class="indexterm" name="id2556057"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3349
3416
executed on the server host in order to obtain <code class="literal">lpq
3350
3417
</code>-style printer status information.</p><p>This command should be a program or script which
3351
3418
takes a printer name as its only parameter and outputs printer
3367
3434
</em></span>
3368
3435
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq command</code></em> = <code class="literal">/usr/bin/lpq -P%p</code>
3369
3436
</em></span>
3370
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549545"></a>
3437
</p></dd></dl></div></div><div class="section" title="lpresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556182"></a>
3371
3438
3372
3439
lpresume command (S)
3373
</h3></div></div></div><a class="indexterm" name="id2549546"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3440
</h3></div></div></div><a class="indexterm" name="id2556183"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3374
3441
executed on the server host in order to restart or continue
3375
3442
printing or spooling a specific print job.</p><p>This command should be a program or script which takes
3376
3443
a printer name and job number to resume the print job. See
3383
3450
parameter is <code class="constant">SYSV</code>, in which case the default is:</p><p><code class="literal">lp -i %p-%j -H resume</code></p><p>or if the value of the <em class="parameter"><code>printing</code></em> parameter
3384
3451
is <code class="constant">SOFTQ</code>, then the default is:</p><p><code class="literal">qstat -s -j%j -r</code></p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpresume command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p2</code>
3385
3452
</em></span>
3386
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549698"></a>
3453
</p></dd></dl></div></div><div class="section" title="lprm command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556335"></a>
3387
3454
3388
3455
lprm command (S)
3389
</h3></div></div></div><a class="indexterm" name="id2549700"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3456
</h3></div></div></div><a class="indexterm" name="id2556336"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3390
3457
executed on the server host in order to delete a print job.</p><p>This command should be a program or script which takes
3391
3458
a printer name and job number, and deletes the print job.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name
3392
3459
is put in its place. A <em class="parameter"><code>%j</code></em> is replaced with
3403
3470
</pre><p>
3404
3471
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lprm command</code></em> = <code class="literal"> determined by printing parameter</code>
3405
3472
</em></span>
3406
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549786"></a>
3473
</p></dd></dl></div></div><div class="section" title="machine password timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556423"></a>
3407
3474
3408
3475
machine password timeout (G)
3409
</h3></div></div></div><a class="indexterm" name="id2549787"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3476
</h3></div></div></div><a class="indexterm" name="id2556424"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3410
3477
If a Samba server is a member of a Windows NT Domain (see the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter) then periodically a running smbd process will try and change
3411
3478
the MACHINE ACCOUNT PASSWORD stored in the TDB called <code class="filename">private/secrets.tdb
3412
3479
</code>. This parameter specifies how often this password will be changed, in seconds. The default is one
3416
3483
and the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter.
3417
3484
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>machine password timeout</code></em> = <code class="literal">604800</code>
3418
3485
</em></span>
3419
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549874"></a>
3486
</p></dd></dl></div></div><div class="section" title="magic output (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556510"></a>
3420
3487
3421
3488
magic output (S)
3422
</h3></div></div></div><a class="indexterm" name="id2549875"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3489
</h3></div></div></div><a class="indexterm" name="id2556512"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3423
3490
This parameter specifies the name of a file which will contain output created by a magic script (see the
3424
3491
<a class="link" href="smb.conf.5.html#MAGICSCRIPT" target="_top">magic script</a> parameter below).
3425
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>If two clients use the same <em class="parameter"><code>magic script
3492
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>If two clients use the same <em class="parameter"><code>magic script
3426
3493
</code></em> in the same directory the output file content is undefined.
3427
3494
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>magic output</code></em> = <code class="literal"><magic script name>.out</code>
3428
3495
</em></span>
3429
3496
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic output</code></em> = <code class="literal">myfile.txt</code>
3430
3497
</em></span>
3431
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549958"></a>
3498
</p></dd></dl></div></div><div class="section" title="magic script (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556594"></a>
3432
3499
3433
3500
magic script (S)
3434
</h3></div></div></div><a class="indexterm" name="id2549959"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,
3501
</h3></div></div></div><a class="indexterm" name="id2556596"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,
3435
3502
if opened, will be executed by the server when the file is closed.
3436
3503
This allows a UNIX script to be sent to the Samba host and
3437
3504
executed on behalf of the connected user.</p><p>Scripts executed in this way will be deleted upon
3447
3514
</em></span>
3448
3515
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic script</code></em> = <code class="literal">user.csh</code>
3449
3516
</em></span>
3450
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550063"></a>
3517
</p></dd></dl></div></div><div class="section" title="mangled names (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556700"></a>
3451
3518
3452
3519
mangled names (S)
3453
</h3></div></div></div><a class="indexterm" name="id2550064"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX
3520
</h3></div></div></div><a class="indexterm" name="id2556701"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX
3454
3521
should be mapped to DOS-compatible names ("mangled") and made visible,
3455
3522
or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a> for
3456
details on how to control the mangling process.</p><p>If mangling is used then the mangling algorithm is as follows:</p><div class="itemizedlist"><ul type="disc"><li><p>The first (up to) five alphanumeric characters
3523
details on how to control the mangling process.</p><p>If mangling is used then the mangling method is as follows:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>The first (up to) five alphanumeric characters
3457
3524
before the rightmost dot of the filename are preserved, forced
3458
3525
to upper case, and appear as the first (up to) five characters
3459
of the mangled name.</p></li><li><p>A tilde "~" is appended to the first part of the mangled
3526
of the mangled name.</p></li><li class="listitem"><p>A tilde "~" is appended to the first part of the mangled
3460
3527
name, followed by a two-character unique sequence, based on the
3461
3528
original root name (i.e., the original filename minus its final
3462
3529
extension). The final extension is included in the hash calculation
3463
3530
only if it contains any upper case characters or is longer than three
3464
3531
characters.</p><p>Note that the character to use may be specified using
3465
3532
the <a class="link" href="smb.conf.5.html#MANGLINGCHAR" target="_top">mangling char</a>
3466
option, if you don't like '~'.</p></li><li><p>Files whose UNIX name begins with a dot will be
3533
option, if you don't like '~'.</p></li><li class="listitem"><p>Files whose UNIX name begins with a dot will be
3467
3534
presented as DOS hidden files. The mangled name will be created as
3468
3535
for other filenames, but with the leading dot removed and "___" as
3469
3536
its extension regardless of actual original extension (that's three
3475
3542
from Windows/DOS and will retain the same basename. Mangled names
3476
3543
do not change between sessions.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangled names</code></em> = <code class="literal">yes</code>
3477
3544
</em></span>
3478
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550200"></a>
3545
</p></dd></dl></div></div><div class="section" title="mangle prefix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556837"></a>
3479
3546
3480
3547
mangle prefix (G)
3481
</h3></div></div></div><a class="indexterm" name="id2550201"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix
3548
</h3></div></div></div><a class="indexterm" name="id2556838"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix
3482
3549
characters from the original name used when generating
3483
3550
the mangled names. A larger value will give a weaker
3484
3551
hash and therefore more name collisions. The minimum
3488
3555
</em></span>
3489
3556
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangle prefix</code></em> = <code class="literal">4</code>
3490
3557
</em></span>
3491
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550267"></a>
3558
</p></dd></dl></div></div><div class="section" title="mangling char (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556904"></a>
3492
3559
3493
3560
mangling char (S)
3494
</h3></div></div></div><a class="indexterm" name="id2550268"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as
3561
</h3></div></div></div><a class="indexterm" name="id2556905"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as
3495
3562
the <span class="emphasis"><em>magic</em></span> character in <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>. The
3496
3563
default is a '~' but this may interfere with some software. Use this option to set
3497
3564
it to whatever you prefer. This is effective only when mangling method is hash.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">~</code>
3498
3565
</em></span>
3499
3566
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">^</code>
3500
3567
</em></span>
3501
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550344"></a>
3568
</p></dd></dl></div></div><div class="section" title="mangling method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556981"></a>
3502
3569
3503
3570
mangling method (G)
3504
</h3></div></div></div><a class="indexterm" name="id2550345"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating
3571
</h3></div></div></div><a class="indexterm" name="id2556982"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating
3505
3572
the mangled names. Can take two different values, "hash" and
3506
3573
"hash2". "hash" is the algorithm that was used
3507
3574
used in Samba for many years and was the default in Samba 2.2.x "hash2" is
3512
3579
</em></span>
3513
3580
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling method</code></em> = <code class="literal">hash</code>
3514
3581
</em></span>
3515
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550412"></a>
3582
</p></dd></dl></div></div><div class="section" title="map acl inherit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557048"></a>
3516
3583
3517
3584
map acl inherit (S)
3518
</h3></div></div></div><a class="indexterm" name="id2550413"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'
3585
</h3></div></div></div><a class="indexterm" name="id2557049"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'
3519
3586
access control entry flags stored in Windows ACLs into an extended attribute
3520
3587
called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
3521
3588
on a platform that supports extended attributes (Linux and IRIX so far) and
3523
3590
POSIX ACL mapping code.
3524
3591
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map acl inherit</code></em> = <code class="literal">no</code>
3525
3592
</em></span>
3526
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550468"></a>
3593
</p></dd></dl></div></div><div class="section" title="map archive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557105"></a>
3527
3594
3528
3595
map archive (S)
3529
</h3></div></div></div><a class="indexterm" name="id2550470"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3596
</h3></div></div></div><a class="indexterm" name="id2557106"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3530
3597
This controls whether the DOS archive attribute
3531
3598
should be mapped to the UNIX owner execute bit. The DOS archive bit
3532
3599
is set when a file has been modified since its last backup. One
3539
3606
<a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> for details.
3540
3607
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map archive</code></em> = <code class="literal">yes</code>
3541
3608
</em></span>
3542
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550544"></a>
3609
</p></dd></dl></div></div><div class="section" title="map hidden (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557181"></a>
3543
3610
3544
3611
map hidden (S)
3545
</h3></div></div></div><a class="indexterm" name="id2550545"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>
3612
</h3></div></div></div><a class="indexterm" name="id2557182"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>
3546
3613
This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
3547
3614
</p><p>
3548
3615
Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> to be set such that the world execute
3549
3616
bit is not masked out (i.e. it must include 001). See the parameter <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a>
3550
3617
for details.
3551
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550601"></a>
3618
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="map read only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557238"></a>
3552
3619
3553
3620
map read only (S)
3554
</h3></div></div></div><a class="indexterm" name="id2550602"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
3621
</h3></div></div></div><a class="indexterm" name="id2557239"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
3555
3622
This controls how the DOS read only attribute should be mapped from a UNIX filesystem.
3556
3623
</p><p>
3557
3624
This parameter can take three different values, which tell <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> how to display the read only attribute on files, where either
3558
3625
<a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> is set to <code class="constant">No</code>, or no extended attribute is
3559
3626
present. If <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> is set to <code class="constant">yes</code> then this
3560
3627
parameter is <span class="emphasis"><em>ignored</em></span>. This is a new parameter introduced in Samba version 3.0.21.
3561
</p><p>The three settings are :</p><div class="itemizedlist"><ul type="disc"><li><p>
3628
</p><p>The three settings are :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
3562
3629
<code class="constant">Yes</code> - The read only DOS attribute is mapped to the inverse of the user
3563
3630
or owner write bit in the unix permission mode set. If the owner write bit is not set, the
3564
3631
read only attribute is reported as being set on the file.
3566
3633
others write bits to zero. Write bits set in an ACL are ignored by Samba.
3567
3634
If the read only DOS attribute is unset, Samba simply sets the write bit of the
3568
3635
owner to one.
3569
</p></li><li><p>
3636
</p></li><li class="listitem"><p>
3570
3637
<code class="constant">Permissions</code> - The read only DOS attribute is mapped to the effective permissions of
3571
3638
the connecting user, as evaluated by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> by reading the unix permissions and POSIX ACL (if present).
3572
3639
If the connecting user does not have permission to modify the file, the read only attribute
3573
3640
is reported as being set on the file.
3574
</p></li><li><p>
3641
</p></li><li class="listitem"><p>
3575
3642
<code class="constant">No</code> - The read only DOS attribute is unaffected by permissions, and can only be set by
3576
3643
the <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> method. This may be useful for exporting mounted CDs.
3577
3644
</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>map read only</code></em> = <code class="literal">yes</code>
3578
3645
</em></span>
3579
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550758"></a>
3646
</p></dd></dl></div></div><div class="section" title="map system (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557395"></a>
3580
3647
3581
3648
map system (S)
3582
</h3></div></div></div><a class="indexterm" name="id2550759"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>
3649
</h3></div></div></div><a class="indexterm" name="id2557396"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>
3583
3650
This controls whether DOS style system files should be mapped to the UNIX group execute bit.
3584
3651
</p><p>
3585
3652
Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> to be set such that the group
3587
3654
<a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> for details.
3588
3655
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map system</code></em> = <code class="literal">no</code>
3589
3656
</em></span>
3590
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550827"></a>
3657
</p></dd></dl></div></div><div class="section" title="map to guest (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557464"></a>
3591
3658
3592
3659
map to guest (G)
3593
</h3></div></div></div><a class="indexterm" name="id2550828"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =
3660
</h3></div></div></div><a class="indexterm" name="id2557465"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =
3594
3661
security</a> modes other than <em class="parameter"><code>security = share</code></em>
3595
3662
and <em class="parameter"><code>security = server</code></em>
3596
3663
- i.e. <code class="constant">user</code>, and <code class="constant">domain</code>.</p><p>This parameter can take four different values, which tell
3597
3664
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> what to do with user
3598
login requests that don't match a valid UNIX user in some way.</p><p>The four settings are :</p><div class="itemizedlist"><ul type="disc"><li><p><code class="constant">Never</code> - Means user login
3665
login requests that don't match a valid UNIX user in some way.</p><p>The four settings are :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="constant">Never</code> - Means user login
3599
3666
requests with an invalid password are rejected. This is the
3600
default.</p></li><li><p><code class="constant">Bad User</code> - Means user
3667
default.</p></li><li class="listitem"><p><code class="constant">Bad User</code> - Means user
3601
3668
logins with an invalid password are rejected, unless the username
3602
3669
does not exist, in which case it is treated as a guest login and
3603
mapped into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p></li><li><p><code class="constant">Bad Password</code> - Means user logins
3670
mapped into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p></li><li class="listitem"><p><code class="constant">Bad Password</code> - Means user logins
3604
3671
with an invalid password are treated as a guest login and mapped
3605
3672
into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. Note that
3606
3673
this can cause problems as it means that any user incorrectly typing
3609
3676
they should - there will have been no message given to them
3610
3677
that they got their password wrong. Helpdesk services will
3611
3678
<span class="emphasis"><em>hate</em></span> you if you set the <em class="parameter"><code>map to
3612
guest</code></em> parameter this way :-).</p></li><li><p><code class="constant">Bad Uid</code> - Is only applicable when Samba is configured
3679
guest</code></em> parameter this way :-).</p></li><li class="listitem"><p><code class="constant">Bad Uid</code> - Is only applicable when Samba is configured
3613
3680
in some type of domain mode security (security = {domain|ads}) and means that
3614
3681
user logins which are successfully authenticated but which have no valid Unix
3615
3682
user account (and smbd is unable to create one) should be mapped to the defined
3632
3699
</em></span>
3633
3700
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>map to guest</code></em> = <code class="literal">Bad User</code>
3634
3701
</em></span>
3635
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551067"></a>
3702
</p></dd></dl></div></div><div class="section" title="map untrusted to domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557704"></a>
3636
3703
3637
3704
map untrusted to domain (G)
3638
</h3></div></div></div><a class="indexterm" name="id2551068"></a><a name="MAPUNTRUSTEDTODOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
3705
</h3></div></div></div><a class="indexterm" name="id2557705"></a><a name="MAPUNTRUSTEDTODOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
3639
3706
If a client connects to smbd using an untrusted domain name, such as
3640
3707
BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before
3641
3708
attempting to authenticate that user. In the case where smbd is acting as
3653
3720
effect.
3654
3721
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map untrusted to domain</code></em> = <code class="literal">no</code>
3655
3722
</em></span>
3656
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551134"></a>
3723
</p></dd></dl></div></div><div class="section" title="max connections (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557771"></a>
3657
3724
3658
3725
max connections (S)
3659
</h3></div></div></div><a class="indexterm" name="id2551135"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.
3726
</h3></div></div></div><a class="indexterm" name="id2557772"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.
3660
3727
If <em class="parameter"><code>max connections</code></em> is greater than 0 then connections
3661
3728
will be refused if this number of connections to the service are already open. A value
3662
3729
of zero mean an unlimited number of connections may be made.</p><p>Record lock files are used to implement this feature. The lock files will be stored in
3664
3731
</em></span>
3665
3732
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = <code class="literal">10</code>
3666
3733
</em></span>
3667
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551220"></a>
3734
</p></dd></dl></div></div><div class="section" title="max disk size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557857"></a>
3668
3735
3669
3736
max disk size (G)
3670
</h3></div></div></div><a class="indexterm" name="id2551221"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit
3737
</h3></div></div></div><a class="indexterm" name="id2557858"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit
3671
3738
on the apparent size of disks. If you set this option to 100
3672
3739
then all shares will appear to be not larger than 100 MB in
3673
3740
size.</p><p>Note that this option does not limit the amount of
3681
3748
</em></span>
3682
3749
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max disk size</code></em> = <code class="literal">1000</code>
3683
3750
</em></span>
3684
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551312"></a>
3751
</p></dd></dl></div></div><div class="section" title="max log size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557949"></a>
3685
3752
3686
3753
max log size (G)
3687
</h3></div></div></div><a class="indexterm" name="id2551313"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3754
</h3></div></div></div><a class="indexterm" name="id2557950"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3688
3755
This option (an integer in kilobytes) specifies the max size the log file should grow to.
3689
3756
Samba periodically checks the size and if it is exceeded it will rename the file, adding
3690
3757
a <code class="filename">.old</code> extension.
3693
3760
</em></span>
3694
3761
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max log size</code></em> = <code class="literal">1000</code>
3695
3762
</em></span>
3696
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551383"></a>
3763
</p></dd></dl></div></div><div class="section" title="max mux (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558020"></a>
3697
3764
3698
3765
max mux (G)
3699
</h3></div></div></div><a class="indexterm" name="id2551384"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of
3766
</h3></div></div></div><a class="indexterm" name="id2558021"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of
3700
3767
outstanding simultaneous SMB operations that Samba tells the client
3701
3768
it will allow. You should never need to set this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max mux</code></em> = <code class="literal">50</code>
3702
3769
</em></span>
3703
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551426"></a>
3770
</p></dd></dl></div></div><div class="section" title="max open files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558063"></a>
3704
3771
3705
3772
max open files (G)
3706
</h3></div></div></div><a class="indexterm" name="id2551427"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3773
</h3></div></div></div><a class="indexterm" name="id2558064"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3707
3774
open files that one <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> file
3708
3775
serving process may have open for a client at any one time. The
3709
3776
default for this parameter is set very high (10,000) as Samba uses
3711
3778
by the UNIX per-process file descriptor limit rather than
3712
3779
this parameter so you should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max open files</code></em> = <code class="literal">10000</code>
3713
3780
</em></span>
3714
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551487"></a>
3781
</p></dd></dl></div></div><div class="section" title="max print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558123"></a>
3715
3782
3716
3783
max print jobs (S)
3717
</h3></div></div></div><a class="indexterm" name="id2551488"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3784
</h3></div></div></div><a class="indexterm" name="id2558124"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3718
3785
jobs allowable in a Samba printer queue at any given moment.
3719
3786
If this number is exceeded, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will remote "Out of Space" to the client.
3720
3787
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max print jobs</code></em> = <code class="literal">1000</code>
3721
3788
</em></span>
3722
3789
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max print jobs</code></em> = <code class="literal">5000</code>
3723
3790
</em></span>
3724
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551557"></a>
3791
</p></dd></dl></div></div><div class="section" title="protocol"><div class="titlepage"><div><div><h3 class="title"><a name="id2558193"></a>
3725
3792
3726
3793
<a name="PROTOCOL"></a>protocol
3727
</h3></div></div></div><a class="indexterm" name="id2551558"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551590"></a>
3794
</h3></div></div></div><a class="indexterm" name="id2558194"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" title="max protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558226"></a>
3728
3795
3729
3796
max protocol (G)
3730
</h3></div></div></div><a class="indexterm" name="id2551591"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest
3731
protocol level that will be supported by the server.</p><p>Possible values are :</p><div class="itemizedlist"><ul type="disc"><li><p><code class="constant">CORE</code>: Earliest version. No
3732
concept of user names.</p></li><li><p><code class="constant">COREPLUS</code>: Slight improvements on
3733
CORE for efficiency.</p></li><li><p><code class="constant">LANMAN1</code>: First <span class="emphasis"><em>
3797
</h3></div></div></div><a class="indexterm" name="id2558227"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest
3798
protocol level that will be supported by the server.</p><p>Possible values are :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="constant">CORE</code>: Earliest version. No
3799
concept of user names.</p></li><li class="listitem"><p><code class="constant">COREPLUS</code>: Slight improvements on
3800
CORE for efficiency.</p></li><li class="listitem"><p><code class="constant">LANMAN1</code>: First <span class="emphasis"><em>
3734
3801
modern</em></span> version of the protocol. Long filename
3735
support.</p></li><li><p><code class="constant">LANMAN2</code>: Updates to Lanman1 protocol.</p></li><li><p><code class="constant">NT1</code>: Current up to date version of the protocol.
3802
support.</p></li><li class="listitem"><p><code class="constant">LANMAN2</code>: Updates to Lanman1 protocol.</p></li><li class="listitem"><p><code class="constant">NT1</code>: Current up to date version of the protocol.
3736
3803
Used by Windows NT. Known as CIFS.</p></li></ul></div><p>Normally this option should not be set as the automatic
3737
3804
negotiation phase in the SMB protocol takes care of choosing
3738
3805
the appropriate protocol.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max protocol</code></em> = <code class="literal">NT1</code>
3739
3806
</em></span>
3740
3807
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max protocol</code></em> = <code class="literal">LANMAN1</code>
3741
3808
</em></span>
3742
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551715"></a>
3809
</p></dd></dl></div></div><div class="section" title="max reported print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558351"></a>
3743
3810
3744
3811
max reported print jobs (S)
3745
</h3></div></div></div><a class="indexterm" name="id2551716"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>
3812
</h3></div></div></div><a class="indexterm" name="id2558352"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>
3746
3813
This parameter limits the maximum number of jobs displayed in a port monitor for
3747
3814
Samba printer queue at any given moment. If this number is exceeded, the excess
3748
3815
jobs will not be shown. A value of zero means there is no limit on the number of
3751
3818
</em></span>
3752
3819
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max reported print jobs</code></em> = <code class="literal">1000</code>
3753
3820
</em></span>
3754
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551779"></a>
3821
</p></dd></dl></div></div><div class="section" title="max smbd processes (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558415"></a>
3755
3822
3756
3823
max smbd processes (G)
3757
</h3></div></div></div><a class="indexterm" name="id2551780"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended
3824
</h3></div></div></div><a class="indexterm" name="id2558416"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended
3758
3825
as a stopgap to prevent degrading service to clients in the event that the server has insufficient
3759
3826
resources to handle more than this number of connections. Remember that under normal operating
3760
3827
conditions, each user will have an <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> associated with him or her to handle connections to all
3762
3829
</em></span>
3763
3830
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max smbd processes</code></em> = <code class="literal">1000</code>
3764
3831
</em></span>
3765
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551860"></a>
3832
</p></dd></dl></div></div><div class="section" title="max stat cache size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558497"></a>
3766
3833
3767
3834
max stat cache size (G)
3768
</h3></div></div></div><a class="indexterm" name="id2551861"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any
3835
</h3></div></div></div><a class="indexterm" name="id2558498"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any
3769
3836
<em class="parameter"><code>stat cache</code></em> being used
3770
3837
to speed up case insensitive name mappings. It represents
3771
3838
the number of kilobyte (1024) units the stat cache can use.
3776
3843
</em></span>
3777
3844
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max stat cache size</code></em> = <code class="literal">100</code>
3778
3845
</em></span>
3779
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551930"></a>
3846
</p></dd></dl></div></div><div class="section" title="max ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558566"></a>
3780
3847
3781
3848
max ttl (G)
3782
</h3></div></div></div><a class="indexterm" name="id2551931"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'
3849
</h3></div></div></div><a class="indexterm" name="id2558567"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'
3783
3850
of NetBIOS names should be (in seconds) when <code class="literal">nmbd</code> is
3784
3851
requesting a name using either a broadcast packet or from a WINS server. You should
3785
3852
never need to change this parameter. The default is 3 days.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max ttl</code></em> = <code class="literal">259200</code>
3786
3853
</em></span>
3787
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551989"></a>
3854
</p></dd></dl></div></div><div class="section" title="max wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558625"></a>
3788
3855
3789
3856
max wins ttl (G)
3790
</h3></div></div></div><a class="indexterm" name="id2551990"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
3857
</h3></div></div></div><a class="indexterm" name="id2558626"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
3791
3858
(<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the maximum
3792
3859
'time to live' of NetBIOS names that <code class="literal">nmbd</code>
3793
3860
will grant will be (in seconds). You should never need to change this
3794
3861
parameter. The default is 6 days (518400 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max wins ttl</code></em> = <code class="literal">518400</code>
3795
3862
</em></span>
3796
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552060"></a>
3863
</p></dd></dl></div></div><div class="section" title="max xmit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558696"></a>
3797
3864
3798
3865
max xmit (G)
3799
</h3></div></div></div><a class="indexterm" name="id2552061"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size
3866
</h3></div></div></div><a class="indexterm" name="id2558697"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size
3800
3867
that will be negotiated by Samba. The default is 16644, which
3801
3868
matches the behavior of Windows 2000. A value below 2048 is likely to cause problems.
3802
3869
You should never need to change this parameter from its default value.
3804
3871
</em></span>
3805
3872
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max xmit</code></em> = <code class="literal">8192</code>
3806
3873
</em></span>
3807
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552122"></a>
3874
</p></dd></dl></div></div><div class="section" title="message command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558759"></a>
3808
3875
3809
3876
message command (G)
3810
</h3></div></div></div><a class="indexterm" name="id2552123"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the
3877
</h3></div></div></div><a class="indexterm" name="id2558760"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the
3811
3878
server receives a WinPopup style message.</p><p>This would normally be a command that would
3812
3879
deliver the message somehow. How this is to be done is
3813
3880
up to your imagination.</p><p>An example is:
3823
3890
The command takes the standard substitutions, although <em class="parameter"><code>
3824
3891
%u</code></em> won't work (<em class="parameter"><code>%U</code></em> may be better
3825
3892
in this case).</p><p>Apart from the standard substitutions, some additional
3826
ones apply. In particular:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>%s</code></em> = the filename containing
3827
the message.</p></li><li><p><em class="parameter"><code>%t</code></em> = the destination that
3828
the message was sent to (probably the server name).</p></li><li><p><em class="parameter"><code>%f</code></em> = who the message
3893
ones apply. In particular:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>%s</code></em> = the filename containing
3894
the message.</p></li><li class="listitem"><p><em class="parameter"><code>%t</code></em> = the destination that
3895
the message was sent to (probably the server name).</p></li><li class="listitem"><p><em class="parameter"><code>%f</code></em> = who the message
3829
3896
is from.</p></li></ul></div><p>You could make this command send mail, or whatever else
3830
3897
takes your fancy. Please let us know of any really interesting
3831
3898
ideas you have.</p><p>
3846
3913
</em></span>
3847
3914
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>message command</code></em> = <code class="literal">csh -c 'xedit %s; rm %s' &</code>
3848
3915
</em></span>
3849
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552333"></a>
3916
</p></dd></dl></div></div><div class="section" title="min print space (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558969"></a>
3850
3917
3851
3918
min print space (S)
3852
</h3></div></div></div><a class="indexterm" name="id2552334"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk
3919
</h3></div></div></div><a class="indexterm" name="id2558970"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk
3853
3920
space that must be available before a user will be able to spool
3854
3921
a print job. It is specified in kilobytes. The default is 0, which
3855
3922
means a user can always spool a print job.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min print space</code></em> = <code class="literal">0</code>
3856
3923
</em></span>
3857
3924
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min print space</code></em> = <code class="literal">2000</code>
3858
3925
</em></span>
3859
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552395"></a>
3926
</p></dd></dl></div></div><div class="section" title="min protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559032"></a>
3860
3927
3861
3928
min protocol (G)
3862
</h3></div></div></div><a class="indexterm" name="id2552396"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the
3929
</h3></div></div></div><a class="indexterm" name="id2559033"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the
3863
3930
lowest SMB protocol dialect than Samba will support. Please refer
3864
3931
to the <a class="link" href="smb.conf.5.html#MAXPROTOCOL" target="_top">max protocol</a>
3865
3932
parameter for a list of valid protocol names and a brief description
3871
3938
</em></span>
3872
3939
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min protocol</code></em> = <code class="literal">NT1</code>
3873
3940
</em></span>
3874
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552494"></a>
3941
</p></dd></dl></div></div><div class="section" title="min receivefile size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559130"></a>
3875
3942
3876
3943
min receivefile size (G)
3877
</h3></div></div></div><a class="indexterm" name="id2552495"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming
3944
</h3></div></div></div><a class="indexterm" name="id2559132"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming
3878
3945
SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will
3879
3946
be passed to any underlying kernel recvfile or splice system call (if there is no such
3880
3947
call Samba will emulate in user space). This allows zero-copy writes directly from network
3883
3950
normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be
3884
3951
nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</p><p>Note this option will have NO EFFECT if set on a SMB signed connection.</p><p>The default is zero, which diables this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min receivefile size</code></em> = <code class="literal">0</code>
3885
3952
</em></span>
3886
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552563"></a>
3953
</p></dd></dl></div></div><div class="section" title="min wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559200"></a>
3887
3954
3888
3955
min wins ttl (G)
3889
</h3></div></div></div><a class="indexterm" name="id2552564"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
3956
</h3></div></div></div><a class="indexterm" name="id2559201"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
3890
3957
when acting as a WINS server (<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the minimum 'time to live'
3891
3958
of NetBIOS names that <code class="literal">nmbd</code> will grant will be (in
3892
3959
seconds). You should never need to change this parameter. The default
3893
3960
is 6 hours (21600 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min wins ttl</code></em> = <code class="literal">21600</code>
3894
3961
</em></span>
3895
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552634"></a>
3962
</p></dd></dl></div></div><div class="section" title="msdfs proxy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559270"></a>
3896
3963
3897
3964
msdfs proxy (S)
3898
</h3></div></div></div><a class="indexterm" name="id2552635"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a
3965
</h3></div></div></div><a class="indexterm" name="id2559271"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a
3899
3966
stand-in for another CIFS share whose location is specified by
3900
3967
the value of the parameter. When clients attempt to connect to
3901
3968
this share, they are redirected to the proxied share using
3903
3970
<a class="link" href="smb.conf.5.html#MSDFSROOT" target="_top">msdfs root</a> and <a class="link" href="smb.conf.5.html#HOSTMSDFS" target="_top">host msdfs</a>
3904
3971
options to find out how to set up a Dfs root share.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>msdfs proxy</code></em> = <code class="literal">\otherserver\someshare</code>
3905
3972
</em></span>
3906
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552712"></a>
3973
</p></dd></dl></div></div><div class="section" title="msdfs root (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559348"></a>
3907
3974
3908
3975
msdfs root (S)
3909
</h3></div></div></div><a class="indexterm" name="id2552713"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the
3976
</h3></div></div></div><a class="indexterm" name="id2559349"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the
3910
3977
share as a Dfs root and allows clients to browse the
3911
3978
distributed file system tree rooted at the share directory.
3912
3979
Dfs links are specified in the share directory by symbolic
3914
3981
and so on. For more information on setting up a Dfs tree on
3915
3982
Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>msdfs root</code></em> = <code class="literal">no</code>
3916
3983
</em></span>
3917
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552767"></a>
3984
</p></dd></dl></div></div><div class="section" title="name cache timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559404"></a>
3918
3985
3919
3986
name cache timeout (G)
3920
</h3></div></div></div><a class="indexterm" name="id2552768"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before
3987
</h3></div></div></div><a class="indexterm" name="id2559405"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before
3921
3988
entries in samba's hostname resolve cache time out. If
3922
3989
the timeout is set to 0. the caching is disabled.
3923
3990
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>name cache timeout</code></em> = <code class="literal">660</code>
3924
3991
</em></span>
3925
3992
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name cache timeout</code></em> = <code class="literal">0</code>
3926
3993
</em></span>
3927
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552828"></a>
3994
</p></dd></dl></div></div><div class="section" title="name resolve order (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559465"></a>
3928
3995
3929
3996
name resolve order (G)
3930
</h3></div></div></div><a class="indexterm" name="id2552829"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba
3997
</h3></div></div></div><a class="indexterm" name="id2559466"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba
3931
3998
suite to determine what naming services to use and in what order
3932
3999
to resolve host names to IP addresses. Its main purpose to is to
3933
4000
control how netbios name resolution is performed. The option takes a space
3934
4001
separated string of name resolution options.</p><p>The options are: "lmhosts", "host",
3935
4002
"wins" and "bcast". They cause names to be
3936
resolved as follows:</p><div class="itemizedlist"><ul type="disc"><li><p>
4003
resolved as follows:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
3937
4004
<code class="constant">lmhosts</code> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has
3938
4005
no name type attached to the NetBIOS name (see the manpage for lmhosts for details) then
3939
4006
any name type matches for lookup.
3940
</p></li><li><p>
4007
</p></li><li class="listitem"><p>
3941
4008
<code class="constant">host</code> : Do a standard host name to IP address resolution, using the system
3942
4009
<code class="filename">/etc/hosts </code>, NIS, or DNS lookups. This method of name resolution is
3943
4010
operating system depended for instance on IRIX or Solaris this may be controlled by the <code class="filename">/etc/nsswitch.conf</code> file. Note that this method is used only if the NetBIOS name
3944
4011
type being queried is the 0x20 (server) name type or 0x1c (domain controllers). The latter case is only
3945
4012
useful for active directory domains and results in a DNS query for the SRV RR entry matching
3946
4013
_ldap._tcp.domain.
3947
</p></li><li><p><code class="constant">wins</code> : Query a name with
4014
</p></li><li class="listitem"><p><code class="constant">wins</code> : Query a name with
3948
4015
the IP address listed in the <a class="link" href="smb.conf.5.html#WINSSERVER" target="_top">WINSSERVER</a> parameter. If no WINS server has
3949
been specified this method will be ignored.</p></li><li><p><code class="constant">bcast</code> : Do a broadcast on
4016
been specified this method will be ignored.</p></li><li class="listitem"><p><code class="constant">bcast</code> : Do a broadcast on
3950
4017
each of the known local interfaces listed in the <a class="link" href="smb.conf.5.html#INTERFACES" target="_top">interfaces</a>
3951
4018
parameter. This is the least reliable of the name resolution
3952
4019
methods as it depends on the target host being on a locally
3958
4025
</em></span>
3959
4026
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name resolve order</code></em> = <code class="literal">lmhosts bcast host</code>
3960
4027
</em></span>
3961
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553030"></a>
4028
</p></dd></dl></div></div><div class="section" title="netbios aliases (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559667"></a>
3962
4029
3963
4030
netbios aliases (G)
3964
</h3></div></div></div><a class="indexterm" name="id2553031"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will
4031
</h3></div></div></div><a class="indexterm" name="id2559668"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will
3965
4032
advertise as additional names by which the Samba server is known. This allows one machine
3966
4033
to appear in browse lists under multiple names. If a machine is acting as a browse server
3967
4034
or logon server none of these names will be advertised as either browse server or logon
3971
4038
</em></span>
3972
4039
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios aliases</code></em> = <code class="literal">TEST TEST1 TEST2</code>
3973
4040
</em></span>
3974
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553096"></a>
4041
</p></dd></dl></div></div><div class="section" title="netbios name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559733"></a>
3975
4042
3976
4043
netbios name (G)
3977
</h3></div></div></div><a class="indexterm" name="id2553098"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4044
</h3></div></div></div><a class="indexterm" name="id2559734"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
3978
4045
This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component
3979
4046
of the host's DNS name. If a machine is a browse server or logon server this name (or the first component of
3980
4047
the hosts DNS name) will be the name that these services are advertised under.
3987
4054
</em></span>
3988
4055
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios name</code></em> = <code class="literal">MYNAME</code>
3989
4056
</em></span>
3990
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553178"></a>
4057
</p></dd></dl></div></div><div class="section" title="netbios scope (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559814"></a>
3991
4058
3992
4059
netbios scope (G)
3993
</h3></div></div></div><a class="indexterm" name="id2553179"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will
4060
</h3></div></div></div><a class="indexterm" name="id2559816"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will
3994
4061
operate under. This should not be set unless every machine
3995
4062
on your LAN also sets this value.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>netbios scope</code></em> = <code class="literal"></code>
3996
4063
</em></span>
3997
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553220"></a>
4064
</p></dd></dl></div></div><div class="section" title="nis homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559857"></a>
3998
4065
3999
4066
nis homedir (G)
4000
</h3></div></div></div><a class="indexterm" name="id2553221"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For
4067
</h3></div></div></div><a class="indexterm" name="id2559858"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For
4001
4068
UNIX systems that use an automounter, the user's home directory
4002
4069
will often be mounted on a workstation on demand from a remote
4003
4070
server. </p><p>When the Samba logon server is not the actual home directory
4016
4083
NIS system and the Samba server with this option must also
4017
4084
be a logon server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nis homedir</code></em> = <code class="literal">no</code>
4018
4085
</em></span>
4019
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553300"></a>
4086
</p></dd></dl></div></div><div class="section" title="nt acl support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559943"></a>
4020
4087
4021
4088
nt acl support (S)
4022
</h3></div></div></div><a class="indexterm" name="id2553301"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map
4089
</h3></div></div></div><a class="indexterm" name="id2559944"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map
4023
4090
UNIX permissions into Windows NT access control lists. The UNIX
4024
4091
permissions considered are the the traditional UNIX owner and
4025
4092
group permissions, as well as POSIX ACLs set on any files or
4026
4093
directories. This parameter was formally a global parameter in
4027
4094
releases prior to 2.2.2.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt acl support</code></em> = <code class="literal">yes</code>
4028
4095
</em></span>
4029
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553355"></a>
4096
</p></dd></dl></div></div><div class="section" title="ntlm auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559998"></a>
4030
4097
4031
4098
ntlm auth (G)
4032
</h3></div></div></div><a class="indexterm" name="id2553356"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
4099
</h3></div></div></div><a class="indexterm" name="id2559999"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
4033
4100
authenticate users using the NTLM encrypted password response.
4034
4101
If disabled, either the lanman password hash or an NTLMv2 response
4035
4102
will need to be sent by the client.</p><p>If this option, and <code class="literal">lanman
4037
4104
permited. Not all clients support NTLMv2, and most will require
4038
4105
special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ntlm auth</code></em> = <code class="literal">yes</code>
4039
4106
</em></span>
4040
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553419"></a>
4107
</p></dd></dl></div></div><div class="section" title="nt pipe support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560062"></a>
4041
4108
4042
4109
nt pipe support (G)
4043
</h3></div></div></div><a class="indexterm" name="id2553420"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether
4110
</h3></div></div></div><a class="indexterm" name="id2560063"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether
4044
4111
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow Windows NT
4045
4112
clients to connect to the NT SMB specific <code class="constant">IPC$</code>
4046
4113
pipes. This is a developer debugging option and can be left
4047
4114
alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt pipe support</code></em> = <code class="literal">yes</code>
4048
4115
</em></span>
4049
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553475"></a>
4116
</p></dd></dl></div></div><div class="section" title="nt status support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560118"></a>
4050
4117
4051
4118
nt status support (G)
4052
</h3></div></div></div><a class="indexterm" name="id2553476"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status
4119
</h3></div></div></div><a class="indexterm" name="id2560119"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status
4053
4120
support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone.
4054
4121
If this option is set to <code class="constant">no</code> then Samba offers
4055
4122
exactly the same DOS error codes that versions prior to Samba 2.2.3
4056
4123
reported.</p><p>You should not need to ever disable this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt status support</code></em> = <code class="literal">yes</code>
4057
4124
</em></span>
4058
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553537"></a>
4125
</p></dd></dl></div></div><div class="section" title="null passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560179"></a>
4059
4126
4060
4127
null passwords (G)
4061
</h3></div></div></div><a class="indexterm" name="id2553538"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>
4128
</h3></div></div></div><a class="indexterm" name="id2560180"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>
4062
4129
</em></span>
4063
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553590"></a>
4130
</p></dd></dl></div></div><div class="section" title="obey pam restrictions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560233"></a>
4064
4131
4065
4132
obey pam restrictions (G)
4066
</h3></div></div></div><a class="indexterm" name="id2553591"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support
4133
</h3></div></div></div><a class="indexterm" name="id2560234"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support
4067
4134
(i.e. --with-pam), this parameter will control whether or not Samba
4068
4135
should obey PAM's account and session management directives. The
4069
4136
default behavior is to use PAM for clear text authentication only
4073
4140
authentication mechanism needed in the presence of SMB password encryption.
4074
4141
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>obey pam restrictions</code></em> = <code class="literal">no</code>
4075
4142
</em></span>
4076
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553655"></a>
4143
</p></dd></dl></div></div><div class="section" title="only user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560297"></a>
4077
4144
4078
4145
only user (S)
4079
</h3></div></div></div><a class="indexterm" name="id2553656"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether
4146
</h3></div></div></div><a class="indexterm" name="id2560298"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether
4080
4147
connections with usernames not in the <em class="parameter"><code>user</code></em>
4081
4148
list will be allowed. By default this option is disabled so that a
4082
4149
client can supply a username to be used by the server. Enabling
4089
4156
will be just the service name, which for home directories is the
4090
4157
name of the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>only user</code></em> = <code class="literal">no</code>
4091
4158
</em></span>
4092
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553744"></a>
4159
</p></dd></dl></div></div><div class="section" title="oplock break wait time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560386"></a>
4093
4160
4094
4161
oplock break wait time (G)
4095
</h3></div></div></div><a class="indexterm" name="id2553745"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4162
</h3></div></div></div><a class="indexterm" name="id2560387"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4096
4163
This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too
4097
4164
quickly when that client issues an SMB that can cause an oplock break request, then the network client can
4098
4165
fail and not respond to the break request. This tuning parameter (which is set in milliseconds) is the amount
4099
4166
of time Samba will wait before sending an oplock break request to such (broken) clients.
4100
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
4167
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
4101
4168
DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
4102
4169
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock break wait time</code></em> = <code class="literal">0</code>
4103
4170
</em></span>
4104
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553798"></a>
4171
</p></dd></dl></div></div><div class="section" title="oplock contention limit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560441"></a>
4105
4172
4106
4173
oplock contention limit (S)
4107
</h3></div></div></div><a class="indexterm" name="id2553800"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4174
</h3></div></div></div><a class="indexterm" name="id2560442"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4108
4175
This is a <span class="emphasis"><em>very</em></span> advanced <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> tuning option to improve the efficiency of the
4109
4176
granting of oplocks under multiple client contention for the same file.
4110
4177
</p><p>
4112
4179
approximate number of clients contending for an oplock on the same file goes over this
4113
4180
limit. This causes <code class="literal">smbd</code> to behave in a similar
4114
4181
way to Windows NT.
4115
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
4182
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
4116
4183
DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
4117
4184
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock contention limit</code></em> = <code class="literal">2</code>
4118
4185
</em></span>
4119
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553881"></a>
4186
</p></dd></dl></div></div><div class="section" title="oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560523"></a>
4120
4187
4121
4188
oplocks (S)
4122
</h3></div></div></div><a class="indexterm" name="id2553882"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4189
</h3></div></div></div><a class="indexterm" name="id2560524"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4123
4190
This boolean option tells <code class="literal">smbd</code> whether to
4124
4191
issue oplocks (opportunistic locks) to file open requests on this
4125
4192
share. The oplock code can dramatically (approx. 30% or more) improve
4126
4193
the speed of access to files on Samba servers. It allows the clients
4127
4194
to aggressively cache files locally and you may want to disable this
4128
4195
option for unreliable network environments (it is turned on by
4129
default in Windows NT Servers). For more information see the file
4130
<code class="filename">Speed.txt</code> in the Samba
4131
<code class="filename">docs/</code> directory.
4196
default in Windows NT Servers).
4132
4197
</p><p>
4133
4198
Oplocks may be selectively turned off on certain files with a share. See
4134
4199
the <a class="link" href="smb.conf.5.html#VETOOPLOCKFILES" target="_top">veto oplock files</a> parameter. On some systems
4138
4203
<a class="link" href="smb.conf.5.html#KERNELOPLOCKS" target="_top">kernel oplocks</a> parameter for details.
4139
4204
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplocks</code></em> = <code class="literal">yes</code>
4140
4205
</em></span>
4141
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553979"></a>
4206
</p></dd></dl></div></div><div class="section" title="os2 driver map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560609"></a>
4142
4207
4143
4208
os2 driver map (G)
4144
</h3></div></div></div><a class="indexterm" name="id2553980"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute
4209
</h3></div></div></div><a class="indexterm" name="id2560610"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute
4145
4210
path to a file containing a mapping of Windows NT printer driver
4146
4211
names to OS/2 printer driver names. The format is:</p><p><nt driver name> = <os2 driver name>.<device name></p><p>For example, a valid entry using the HP LaserJet 5
4147
4212
printer driver would appear as <code class="literal">HP LaserJet 5L = LASERJET.HP
4151
4216
details on OS/2 clients, please refer to chapter on other clients in the Samba3-HOWTO book.
4152
4217
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>os2 driver map</code></em> = <code class="literal"></code>
4153
4218
</em></span>
4154
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554047"></a>
4219
</p></dd></dl></div></div><div class="section" title="os level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560676"></a>
4155
4220
4156
4221
os level (G)
4157
</h3></div></div></div><a class="indexterm" name="id2554048"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
4222
</h3></div></div></div><a class="indexterm" name="id2560677"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
4158
4223
This integer value controls what level Samba advertises itself as for browse elections. The value of this
4159
4224
parameter determines whether <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> in the local broadcast area.
4160
4225
</p><p><span class="emphasis"><em>
4170
4235
</em></span>
4171
4236
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>os level</code></em> = <code class="literal">65</code>
4172
4237
</em></span>
4173
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554146"></a>
4238
</p></dd></dl></div></div><div class="section" title="pam password change (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560776"></a>
4174
4239
4175
4240
pam password change (G)
4176
</h3></div></div></div><a class="indexterm" name="id2554147"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,
4241
</h3></div></div></div><a class="indexterm" name="id2560777"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,
4177
4242
this parameter, it is possible to use PAM's password change control
4178
4243
flag for Samba. If enabled, then PAM will be used for password
4179
4244
changes when requested by an SMB client instead of the program listed in
4181
4246
It should be possible to enable this without changing your
4182
4247
<a class="link" href="smb.conf.5.html#PASSWDCHAT" target="_top">passwd chat</a> parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = <code class="literal">no</code>
4183
4248
</em></span>
4184
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554219"></a>
4249
</p></dd></dl></div></div><div class="section" title="panic action (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560848"></a>
4185
4250
4186
4251
panic action (G)
4187
</h3></div></div></div><a class="indexterm" name="id2554220"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a
4252
</h3></div></div></div><a class="indexterm" name="id2560850"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a
4188
4253
system command to be called when either <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> or <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> crashes. This is usually used to
4189
4254
draw attention to the fact that a problem occurred.
4190
4255
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>panic action</code></em> = <code class="literal"></code>
4191
4256
</em></span>
4192
4257
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>panic action</code></em> = <code class="literal">"/bin/sleep 90000"</code>
4193
4258
</em></span>
4194
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554295"></a>
4259
</p></dd></dl></div></div><div class="section" title="paranoid server security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560924"></a>
4195
4260
4196
4261
paranoid server security (G)
4197
</h3></div></div></div><a class="indexterm" name="id2554296"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest
4262
</h3></div></div></div><a class="indexterm" name="id2560925"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest
4198
4263
users with a bad passowrd. When this option is enabled, samba will not
4199
4264
use a broken NT 4.x server as password server, but instead complain
4200
4265
to the logs and exit.
4202
4267
this check, which involves deliberatly attempting a
4203
4268
bad logon to the remote server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>paranoid server security</code></em> = <code class="literal">yes</code>
4204
4269
</em></span>
4205
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554346"></a>
4270
</p></dd></dl></div></div><div class="section" title="passdb backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560976"></a>
4206
4271
4207
4272
passdb backend (G)
4208
</h3></div></div></div><a class="indexterm" name="id2554347"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend
4273
</h3></div></div></div><a class="indexterm" name="id2560977"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend
4209
4274
will be used for storing user and possibly group information. This allows
4210
4275
you to swap between different storage mechanisms without recompile. </p><p>The parameter value is divided into two parts, the backend's name, and a 'location'
4211
4276
string that has meaning only to that particular backed. These are separated
4212
4277
by a : character.</p><p>Available backends can include:
4213
</p><div class="itemizedlist"><ul type="disc"><li><p><code class="literal">smbpasswd</code> - The old plaintext passdb
4278
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="literal">smbpasswd</code> - The old plaintext passdb
4214
4279
backend. Some Samba features will not work if this passdb
4215
4280
backend is used. Takes a path to the smbpasswd file as an
4216
4281
optional argument.
4217
</p></li><li><p><code class="literal">tdbsam</code> - The TDB based password storage
4282
</p></li><li class="listitem"><p><code class="literal">tdbsam</code> - The TDB based password storage
4218
4283
backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb
4219
in the <a class="link" href="smb.conf.5.html#PRIVATEDIR" target="_top">private dir</a> directory.</p></li><li><p><code class="literal">ldapsam</code> - The LDAP based passdb
4284
in the <a class="link" href="smb.conf.5.html#PRIVATEDIR" target="_top">private dir</a> directory.</p></li><li class="listitem"><p><code class="literal">ldapsam</code> - The LDAP based passdb
4220
4285
backend. Takes an LDAP URL as an optional argument (defaults to
4221
4286
<code class="literal">ldap://localhost</code>)</p><p>LDAP connections should be secured where possible. This may be done using either
4222
4287
Start-TLS (see <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a>) or by
4240
4305
passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"
4241
4306
</pre><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb backend</code></em> = <code class="literal">tdbsam</code>
4242
4307
</em></span>
4243
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554505"></a>
4308
</p></dd></dl></div></div><div class="section" title="passdb expand explicit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561134"></a>
4244
4309
4245
4310
passdb expand explicit (G)
4246
</h3></div></div></div><a class="indexterm" name="id2554506"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4311
</h3></div></div></div><a class="indexterm" name="id2561135"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4247
4312
This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We
4248
4313
used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable
4249
4314
%G_osver% in which %G would have been substituted by the user's primary group.
4250
4315
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb expand explicit</code></em> = <code class="literal">no</code>
4251
4316
</em></span>
4252
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554552"></a>
4317
</p></dd></dl></div></div><div class="section" title="passwd chat debug (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561181"></a>
4253
4318
4254
4319
passwd chat debug (G)
4255
</h3></div></div></div><a class="indexterm" name="id2554553"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script
4320
</h3></div></div></div><a class="indexterm" name="id2561182"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script
4256
4321
parameter is run in <span class="emphasis"><em>debug</em></span> mode. In this mode the
4257
4322
strings passed to and received from the passwd chat are printed
4258
4323
in the <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> log with a
4265
4330
<a class="link" href="smb.conf.5.html#PAMPASSWORDCHANGE" target="_top">pam password change</a>
4266
4331
parameter is set. This parameter is off by default.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat debug</code></em> = <code class="literal">no</code>
4267
4332
</em></span>
4268
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554655"></a>
4333
</p></dd></dl></div></div><div class="section" title="passwd chat timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561284"></a>
4269
4334
4270
4335
passwd chat timeout (G)
4271
</h3></div></div></div><a class="indexterm" name="id2554656"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial
4336
</h3></div></div></div><a class="indexterm" name="id2561286"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial
4272
4337
answer from a passwd chat script being run. Once the initial answer is received
4273
4338
the subsequent answers must be received in one tenth of this time. The default it
4274
4339
two seconds.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat timeout</code></em> = <code class="literal">2</code>
4275
4340
</em></span>
4276
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554700"></a>
4341
</p></dd></dl></div></div><div class="section" title="passwd chat (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561330"></a>
4277
4342
4278
4343
passwd chat (G)
4279
</h3></div></div></div><a class="indexterm" name="id2554701"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>
4344
</h3></div></div></div><a class="indexterm" name="id2561331"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>
4280
4345
conversation that takes places between <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and the local password changing
4281
4346
program to change the user's password. The string describes a
4282
4347
sequence of response-receive pairs that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> uses to determine what to send to the
4307
4372
</em></span>
4308
4373
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd chat</code></em> = <code class="literal">"*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"</code>
4309
4374
</em></span>
4310
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554905"></a>
4375
</p></dd></dl></div></div><div class="section" title="passwd program (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561534"></a>
4311
4376
4312
4377
passwd program (G)
4313
</h3></div></div></div><a class="indexterm" name="id2554906"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set
4378
</h3></div></div></div><a class="indexterm" name="id2561535"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set
4314
4379
UNIX user passwords. Any occurrences of <em class="parameter"><code>%u</code></em>
4315
4380
will be replaced with the user name. The user name is checked for
4316
4381
existence before calling the password changing program.</p><p>Also note that many passwd programs insist in <span class="emphasis"><em>reasonable
4331
4396
</em></span>
4332
4397
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd program</code></em> = <code class="literal">/bin/passwd %u</code>
4333
4398
</em></span>
4334
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555041"></a>
4399
</p></dd></dl></div></div><div class="section" title="password level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561670"></a>
4335
4400
4336
4401
password level (G)
4337
</h3></div></div></div><a class="indexterm" name="id2555042"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty
4402
</h3></div></div></div><a class="indexterm" name="id2561671"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty
4338
4403
with mixed-case passwords. One offending client is Windows for
4339
4404
Workgroups, which for some reason forces passwords to upper
4340
4405
case when using the LANMAN1 protocol, but leaves them alone when
4356
4421
</em></span>
4357
4422
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = <code class="literal">4</code>
4358
4423
</em></span>
4359
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555178"></a>
4424
</p></dd></dl></div></div><div class="section" title="password server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561807"></a>
4360
4425
4361
4426
password server (G)
4362
</h3></div></div></div><a class="indexterm" name="id2555179"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server
4427
</h3></div></div></div><a class="indexterm" name="id2561808"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server
4363
4428
or Active Directory domain controller with this option,
4364
4429
and using <code class="literal">security = [ads|domain|server]</code>
4365
4430
it is possible to get Samba
4374
4439
parameter <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER" target="_top">name resolve order</a> and so may resolved
4375
4440
by any method and order described in that parameter.</p><p>The password server must be a machine capable of using
4376
4441
the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
4377
user level security mode.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Using a password server means your UNIX box (running
4442
user level security mode.</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Using a password server means your UNIX box (running
4378
4443
Samba) is only as secure as your password server. <span class="emphasis"><em>DO NOT
4379
4444
CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST</em></span>.
4380
4445
</p></div><p>Never point a Samba server at itself for password serving.
4403
4468
this list by locating the closest DC.</p><p>If the <em class="parameter"><code>security</code></em> parameter is
4404
4469
set to <code class="constant">server</code>, then there are different
4405
4470
restrictions that <code class="literal">security = domain</code> doesn't
4406
suffer from:</p><div class="itemizedlist"><ul type="disc"><li><p>You may list several password servers in
4471
suffer from:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>You may list several password servers in
4407
4472
the <em class="parameter"><code>password server</code></em> parameter, however if an
4408
4473
<code class="literal">smbd</code> makes a connection to a password server,
4409
4474
and then the password server fails, no more users will be able
4410
4475
to be authenticated from this <code class="literal">smbd</code>. This is a
4411
4476
restriction of the SMB/CIFS protocol when in <code class="literal">security = server
4412
</code> mode and cannot be fixed in Samba.</p></li><li><p>If you are using a Windows NT server as your
4477
</code> mode and cannot be fixed in Samba.</p></li><li class="listitem"><p>If you are using a Windows NT server as your
4413
4478
password server then you will have to ensure that your users
4414
4479
are able to login from the Samba server, as when in <code class="literal">
4415
4480
security = server</code> mode the network logon will appear to
4419
4484
</em></span>
4420
4485
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">windc.mydomain.com:389 192.168.1.101 *</code>
4421
4486
</em></span>
4422
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555476"></a>
4487
</p></dd></dl></div></div><div class="section" title="directory"><div class="titlepage"><div><div><h3 class="title"><a name="id2562106"></a>
4423
4488
4424
4489
<a name="DIRECTORY"></a>directory
4425
</h3></div></div></div><a class="indexterm" name="id2555477"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555507"></a>
4490
</h3></div></div></div><a class="indexterm" name="id2562107"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" title="path (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562137"></a>
4426
4491
4427
4492
path (S)
4428
</h3></div></div></div><a class="indexterm" name="id2555508"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which
4493
</h3></div></div></div><a class="indexterm" name="id2562138"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which
4429
4494
the user of the service is to be given access. In the case of
4430
4495
printable services, this is where print data will spool prior to
4431
4496
being submitted to the host for printing.</p><p>For a printable service offering guest access, the service
4442
4507
</em></span>
4443
4508
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>path</code></em> = <code class="literal">/home/fred</code>
4444
4509
</em></span>
4445
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555611"></a>
4510
</p></dd></dl></div></div><div class="section" title="perfcount module (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562241"></a>
4446
4511
4447
4512
perfcount module (G)
4448
</h3></div></div></div><a class="indexterm" name="id2555612"></a><a name="PERFCOUNTMODULE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the perfcount backend to be used when monitoring SMB
4513
</h3></div></div></div><a class="indexterm" name="id2562242"></a><a name="PERFCOUNTMODULE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the perfcount backend to be used when monitoring SMB
4449
4514
operations. Only one perfcount module may be used, and it must implement all of the
4450
4515
apis contained in the smb_perfcount_handler structure defined in smb.h.
4451
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555645"></a>
4516
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="pid directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562274"></a>
4452
4517
4453
4518
pid directory (G)
4454
</h3></div></div></div><a class="indexterm" name="id2555646"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
4519
</h3></div></div></div><a class="indexterm" name="id2562276"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
4455
4520
This option specifies the directory where pid files will be placed.
4456
4521
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">${prefix}/var/locks</code>
4457
4522
</em></span>
4458
4523
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">pid directory = /var/run/</code>
4459
4524
</em></span>
4460
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555705"></a>
4525
</p></dd></dl></div></div><div class="section" title="posix locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562334"></a>
4461
4526
4462
4527
posix locking (S)
4463
</h3></div></div></div><a class="indexterm" name="id2555706"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
4528
</h3></div></div></div><a class="indexterm" name="id2562335"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
4464
4529
The <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
4465
4530
daemon maintains an database of file locks obtained by SMB clients. The default behavior is
4466
4531
to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are
4468
4533
method (e.g. NFS or local file access). You should never need to disable this parameter.
4469
4534
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>posix locking</code></em> = <code class="literal">yes</code>
4470
4535
</em></span>
4471
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555760"></a>
4536
</p></dd></dl></div></div><div class="section" title="postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562390"></a>
4472
4537
4473
4538
postexec (S)
4474
</h3></div></div></div><a class="indexterm" name="id2555761"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run
4539
</h3></div></div></div><a class="indexterm" name="id2562391"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run
4475
4540
whenever the service is disconnected. It takes the usual
4476
4541
substitutions. The command may be run as the root on some
4477
4542
systems.</p><p>An interesting example may be to unmount server
4479
4544
</em></span>
4480
4545
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>postexec</code></em> = <code class="literal">echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log</code>
4481
4546
</em></span>
4482
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555833"></a>
4547
</p></dd></dl></div></div><div class="section" title="preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562462"></a>
4483
4548
4484
4549
preexec close (S)
4485
</h3></div></div></div><a class="indexterm" name="id2555834"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4550
</h3></div></div></div><a class="indexterm" name="id2562464"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4486
4551
This boolean option controls whether a non-zero return code from <a class="link" href="smb.conf.5.html#PREEXEC" target="_top">preexec</a>
4487
4552
should close the service being connected to.
4488
4553
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec close</code></em> = <code class="literal">no</code>
4489
4554
</em></span>
4490
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555888"></a>
4555
</p></dd></dl></div></div><div class="section" title="exec"><div class="titlepage"><div><div><h3 class="title"><a name="id2562518"></a>
4491
4556
4492
4557
<a name="EXEC"></a>exec
4493
</h3></div></div></div><a class="indexterm" name="id2555889"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555920"></a>
4558
</h3></div></div></div><a class="indexterm" name="id2562519"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" title="preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562549"></a>
4494
4559
4495
4560
preexec (S)
4496
</h3></div></div></div><a class="indexterm" name="id2555921"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever
4561
</h3></div></div></div><a class="indexterm" name="id2562550"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever
4497
4562
the service is connected to. It takes the usual substitutions.</p><p>An interesting example is to send the users a welcome
4498
4563
message every time they log in. Maybe a message of the day? Here
4499
4564
is an example:</p><p>
4505
4570
</em></span>
4506
4571
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preexec</code></em> = <code class="literal">echo \"%u connected to %S from %m (%I)\" >> /tmp/log</code>
4507
4572
</em></span>
4508
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556028"></a>
4573
</p></dd></dl></div></div><div class="section" title="prefered master"><div class="titlepage"><div><div><h3 class="title"><a name="id2562657"></a>
4509
4574
4510
4575
<a name="PREFEREDMASTER"></a>prefered master
4511
</h3></div></div></div><a class="indexterm" name="id2556029"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556061"></a>
4576
</h3></div></div></div><a class="indexterm" name="id2562658"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" title="preferred master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562691"></a>
4512
4577
4513
4578
preferred master (G)
4514
</h3></div></div></div><a class="indexterm" name="id2556062"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
4579
</h3></div></div></div><a class="indexterm" name="id2562692"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
4515
4580
This boolean parameter controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> is a preferred master browser for its workgroup.
4516
4581
</p><p>
4517
4582
If this is set to <code class="constant">yes</code>, on startup, <code class="literal">nmbd</code> will force
4525
4590
capabilities.
4526
4591
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preferred master</code></em> = <code class="literal">auto</code>
4527
4592
</em></span>
4528
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556154"></a>
4593
</p></dd></dl></div></div><div class="section" title="preload modules (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562784"></a>
4529
4594
4530
4595
preload modules (G)
4531
</h3></div></div></div><a class="indexterm" name="id2556155"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should
4596
</h3></div></div></div><a class="indexterm" name="id2562785"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should
4532
4597
be loaded into smbd before a client connects. This improves
4533
4598
the speed of smbd when reacting to new connections somewhat. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal"></code>
4534
4599
</em></span>
4535
4600
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal">/usr/lib/samba/passdb/mysql.so</code>
4536
4601
</em></span>
4537
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556215"></a>
4602
</p></dd></dl></div></div><div class="section" title="auto services"><div class="titlepage"><div><div><h3 class="title"><a name="id2562845"></a>
4538
4603
4539
4604
<a name="AUTOSERVICES"></a>auto services
4540
</h3></div></div></div><a class="indexterm" name="id2556216"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556248"></a>
4605
</h3></div></div></div><a class="indexterm" name="id2562846"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" title="preload (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562878"></a>
4541
4606
4542
4607
preload (G)
4543
</h3></div></div></div><a class="indexterm" name="id2556249"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be
4608
</h3></div></div></div><a class="indexterm" name="id2562879"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be
4544
4609
automatically added to the browse lists. This is most useful
4545
4610
for homes and printers services that would otherwise not be
4546
4611
visible.</p><p>
4551
4616
</em></span>
4552
4617
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload</code></em> = <code class="literal">fred lp colorlp</code>
4553
4618
</em></span>
4554
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556326"></a>
4619
</p></dd></dl></div></div><div class="section" title="preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562956"></a>
4555
4620
4556
4621
preserve case (S)
4557
</h3></div></div></div><a class="indexterm" name="id2556327"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4622
</h3></div></div></div><a class="indexterm" name="id2562957"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4558
4623
This controls if new filenames are created with the case that the client passes, or if
4559
4624
they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>.
4560
4625
</p><p>
4561
4626
See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a> for a fuller discussion.
4562
4627
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preserve case</code></em> = <code class="literal">yes</code>
4563
4628
</em></span>
4564
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556393"></a>
4629
</p></dd></dl></div></div><div class="section" title="print ok"><div class="titlepage"><div><div><h3 class="title"><a name="id2563022"></a>
4565
4630
4566
4631
<a name="PRINTOK"></a>print ok
4567
</h3></div></div></div><a class="indexterm" name="id2556394"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556424"></a>
4632
</h3></div></div></div><a class="indexterm" name="id2563023"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" title="printable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563053"></a>
4568
4633
4569
4634
printable (S)
4570
</h3></div></div></div><a class="indexterm" name="id2556425"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then
4635
</h3></div></div></div><a class="indexterm" name="id2563054"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then
4571
4636
clients may open, write to and submit spool files on the directory
4572
4637
specified for the service. </p><p>Note that a printable service will ALWAYS allow writing
4573
4638
to the service path (user privileges permitting) via the spooling
4574
4639
of print data. The <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> parameter controls only non-printing access to
4575
4640
the resource.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printable</code></em> = <code class="literal">no</code>
4576
4641
</em></span>
4577
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556487"></a>
4642
</p></dd></dl></div></div><div class="section" title="printcap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563116"></a>
4578
4643
4579
4644
printcap cache time (G)
4580
</h3></div></div></div><a class="indexterm" name="id2556488"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing
4645
</h3></div></div></div><a class="indexterm" name="id2563118"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing
4581
4646
subsystem is again asked for the known printers. If the value
4582
4647
is greater than 60 the initial waiting time is set to 60 seconds
4583
4648
to allow an earlier first rescan of the printing subsystem.
4587
4652
</em></span>
4588
4653
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap cache time</code></em> = <code class="literal">600</code>
4589
4654
</em></span>
4590
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556556"></a>
4655
</p></dd></dl></div></div><div class="section" title="printcap"><div class="titlepage"><div><div><h3 class="title"><a name="id2563185"></a>
4591
4656
4592
4657
<a name="PRINTCAP"></a>printcap
4593
</h3></div></div></div><a class="indexterm" name="id2556557"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556589"></a>
4658
</h3></div></div></div><a class="indexterm" name="id2563186"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" title="printcap name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563218"></a>
4594
4659
4595
4660
printcap name (G)
4596
</h3></div></div></div><a class="indexterm" name="id2556590"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4661
</h3></div></div></div><a class="indexterm" name="id2563219"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4597
4662
This parameter may be used to override the compiled-in default printcap name used by the server (usually
4598
4663
<code class="filename"> /etc/printcap</code>). See the discussion of the <a class="link" href="#PRINTERSSECT" title="The [printers] section">[printers]</a> section above for reasons why you might want to do this.
4599
4664
</p><p>
4621
4686
</pre><p>
4622
4687
where the '|' separates aliases of a printer. The fact that the second alias has a space in
4623
4688
it gives a hint to Samba that it's a comment.
4624
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
4689
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
4625
4690
Under AIX the default printcap name is <code class="filename">/etc/qconfig</code>. Samba will
4626
4691
assume the file is in AIX <code class="filename">qconfig</code> format if the string <code class="filename">qconfig</code> appears in the printcap filename.
4627
4692
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>printcap name</code></em> = <code class="literal">/etc/printcap</code>
4628
4693
</em></span>
4629
4694
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap name</code></em> = <code class="literal">/etc/myprintcap</code>
4630
4695
</em></span>
4631
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556773"></a>
4696
</p></dd></dl></div></div><div class="section" title="print command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563403"></a>
4632
4697
4633
4698
print command (S)
4634
</h3></div></div></div><a class="indexterm" name="id2556774"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to
4699
</h3></div></div></div><a class="indexterm" name="id2563404"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to
4635
4700
a service, this command will be used via a <code class="literal">system()</code>
4636
4701
call to process the spool file. Typically the command specified will
4637
4702
submit the spool file to the host's printing subsystem, but there
4673
4738
and if SAMBA is compiled against libcups, any manually
4674
4739
set print command will be ignored.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>print command</code></em> = <code class="literal">/usr/local/samba/bin/myprintscript %p %s</code>
4675
4740
</em></span>
4676
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557043"></a>
4741
</p></dd></dl></div></div><div class="section" title="printer admin (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563672"></a>
4677
4742
4678
4743
printer admin (S)
4679
</h3></div></div></div><a class="indexterm" name="id2557044"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
4744
</h3></div></div></div><a class="indexterm" name="id2563674"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
4680
4745
This lists users who can do anything to printers
4681
4746
via the remote administration interfaces offered
4682
4747
by MS-RPC (usually using a NT workstation).
4692
4757
</em></span>
4693
4758
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer admin</code></em> = <code class="literal">admin, @staff</code>
4694
4759
</em></span>
4695
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557112"></a>
4760
</p></dd></dl></div></div><div class="section" title="printer"><div class="titlepage"><div><div><h3 class="title"><a name="id2563742"></a>
4696
4761
4697
4762
<a name="PRINTER"></a>printer
4698
</h3></div></div></div><a class="indexterm" name="id2557113"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557143"></a>
4763
</h3></div></div></div><a class="indexterm" name="id2563743"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" title="printer name (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563773"></a>
4699
4764
4700
4765
printer name (S)
4701
</h3></div></div></div><a class="indexterm" name="id2557144"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4766
</h3></div></div></div><a class="indexterm" name="id2563774"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4702
4767
This parameter specifies the name of the printer to which print jobs spooled through a printable service
4703
4768
will be sent.
4704
4769
</p><p>
4711
4776
</em></span>
4712
4777
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer name</code></em> = <code class="literal">laserwriter</code>
4713
4778
</em></span>
4714
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557231"></a>
4779
</p></dd></dl></div></div><div class="section" title="printing (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563861"></a>
4715
4780
4716
4781
printing (S)
4717
</h3></div></div></div><a class="indexterm" name="id2557232"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status information is
4782
</h3></div></div></div><a class="indexterm" name="id2563862"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status information is
4718
4783
interpreted on your system. It also affects the default values for
4719
4784
the <em class="parameter"><code>print command</code></em>, <em class="parameter"><code>lpq command</code></em>, <em class="parameter"><code>lppause command </code></em>, <em class="parameter"><code>lpresume command</code></em>, and <em class="parameter"><code>lprm command</code></em> if specified in the
4720
4785
[global] section.</p><p>Currently nine printing styles are supported. They are
4731
4796
[printers]</a> section.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printing</code></em> = <code class="literal">Depends on the operating system, see
4732
4797
<code class="literal">testparm -v.</code></code>
4733
4798
</em></span>
4734
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557385"></a>
4799
</p></dd></dl></div></div><div class="section" title="printjob username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564014"></a>
4735
4800
4736
4801
printjob username (S)
4737
</h3></div></div></div><a class="indexterm" name="id2557386"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be
4802
</h3></div></div></div><a class="indexterm" name="id2564015"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be
4738
4803
passed to the printing system. Usually, the username is sent,
4739
4804
but in some cases, e.g. the domain prefix is useful, too.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%U</code>
4740
4805
</em></span>
4741
4806
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%D\%U</code>
4742
4807
</em></span>
4743
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557446"></a>
4808
</p></dd></dl></div></div><div class="section" title="private dir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564076"></a>
4744
4809
4745
4810
private dir (G)
4746
</h3></div></div></div><a class="indexterm" name="id2557447"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory
4811
</h3></div></div></div><a class="indexterm" name="id2564077"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory
4747
4812
smbd will use for storing such files as <code class="filename">smbpasswd</code>
4748
4813
and <code class="filename">secrets.tdb</code>.
4749
4814
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>private dir</code></em> = <code class="literal">${prefix}/private</code>
4750
4815
</em></span>
4751
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557500"></a>
4816
</p></dd></dl></div></div><div class="section" title="profile acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564130"></a>
4752
4817
4753
4818
profile acls (S)
4754
</h3></div></div></div><a class="indexterm" name="id2557501"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4819
</h3></div></div></div><a class="indexterm" name="id2564131"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4755
4820
This boolean parameter was added to fix the problems that people have been
4756
4821
having with storing user profiles on Samba shares from Windows 2000 or
4757
4822
Windows XP clients. New versions of Windows 2000 or Windows XP service
4779
4844
tree to the owning user.
4780
4845
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>profile acls</code></em> = <code class="literal">no</code>
4781
4846
</em></span>
4782
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557573"></a>
4847
</p></dd></dl></div></div><div class="section" title="queuepause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564202"></a>
4783
4848
4784
4849
queuepause command (S)
4785
</h3></div></div></div><a class="indexterm" name="id2557574"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4850
</h3></div></div></div><a class="indexterm" name="id2564204"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4786
4851
executed on the server host in order to pause the printer queue.</p><p>This command should be a program or script which takes
4787
4852
a printer name as its only parameter and stops the printer queue,
4788
4853
such that no longer jobs are submitted to the printer.</p><p>This command is not supported by Windows for Workgroups,
4793
4858
path in the command as the PATH may not be available to the
4794
4859
server.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queuepause command</code></em> = <code class="literal">disable %p</code>
4795
4860
</em></span>
4796
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557650"></a>
4861
</p></dd></dl></div></div><div class="section" title="queueresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564279"></a>
4797
4862
4798
4863
queueresume command (S)
4799
</h3></div></div></div><a class="indexterm" name="id2557651"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4864
</h3></div></div></div><a class="indexterm" name="id2564280"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4800
4865
executed on the server host in order to resume the printer queue. It
4801
4866
is the command to undo the behavior that is caused by the
4802
4867
previous parameter (<a class="link" href="smb.conf.5.html#QUEUEPAUSECOMMAND" target="_top">queuepause command</a>).</p><p>This command should be a program or script which takes
4811
4876
</em></span>
4812
4877
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queueresume command</code></em> = <code class="literal">enable %p</code>
4813
4878
</em></span>
4814
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557753"></a>
4879
</p></dd></dl></div></div><div class="section" title="read list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564382"></a>
4815
4880
4816
4881
read list (S)
4817
</h3></div></div></div><a class="indexterm" name="id2557754"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
4882
</h3></div></div></div><a class="indexterm" name="id2564383"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
4818
4883
This is a list of users that are given read-only access to a service. If the connecting user is in this list
4819
4884
then they will not be given write access, no matter what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set
4820
4885
to. The list can include group names using the syntax described in the <a class="link" href="smb.conf.5.html#INVALIDUSERS" target="_top">invalid users</a>
4824
4889
</em></span>
4825
4890
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> = <code class="literal">mary, @students</code>
4826
4891
</em></span>
4827
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557852"></a>
4892
</p></dd></dl></div></div><div class="section" title="read only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564482"></a>
4828
4893
4829
4894
read only (S)
4830
</h3></div></div></div><a class="indexterm" name="id2557853"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users
4895
</h3></div></div></div><a class="indexterm" name="id2564483"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users
4831
4896
of a service may not create or modify files in the service's
4832
4897
directory.</p><p>Note that a printable service (<code class="literal">printable = yes</code>)
4833
4898
will <span class="emphasis"><em>ALWAYS</em></span> allow writing to the directory
4834
4899
(user privileges permitting), but only via spooling operations.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read only</code></em> = <code class="literal">yes</code>
4835
4900
</em></span>
4836
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557929"></a>
4901
</p></dd></dl></div></div><div class="section" title="read raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564559"></a>
4837
4902
4838
4903
read raw (G)
4839
</h3></div></div></div><a class="indexterm" name="id2557930"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
4904
</h3></div></div></div><a class="indexterm" name="id2564560"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
4840
4905
will support the raw read SMB requests when transferring data
4841
4906
to clients.</p><p>If enabled, raw reads allow reads of 65535 bytes in
4842
4907
one packet. This typically provides a major performance benefit.
4845
4910
sizes, and for these clients you may need to disable raw reads.</p><p>In general this parameter should be viewed as a system tuning
4846
4911
tool and left severely alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read raw</code></em> = <code class="literal">yes</code>
4847
4912
</em></span>
4848
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557989"></a>
4913
</p></dd></dl></div></div><div class="section" title="realm (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564619"></a>
4849
4914
4850
4915
realm (G)
4851
</h3></div></div></div><a class="indexterm" name="id2557990"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is
4916
</h3></div></div></div><a class="indexterm" name="id2564620"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is
4852
4917
used as the ADS equivalent of the NT4 <code class="literal">domain</code>. It
4853
4918
is usually set to the DNS name of the kerberos server.
4854
4919
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>realm</code></em> = <code class="literal"></code>
4855
4920
</em></span>
4856
4921
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>realm</code></em> = <code class="literal">mysambabox.mycompany.com</code>
4857
4922
</em></span>
4858
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558054"></a>
4923
</p></dd></dl></div></div><div class="section" title="registry shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564684"></a>
4859
4924
4860
4925
registry shares (G)
4861
</h3></div></div></div><a class="indexterm" name="id2558055"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>
4926
</h3></div></div></div><a class="indexterm" name="id2564685"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>
4862
4927
This turns on or off support for share definitions read from
4863
4928
registry. Shares defined in <span class="emphasis"><em>smb.conf</em></span> take
4864
4929
precedence over shares with the same name defined in
4873
4938
</em></span>
4874
4939
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>registry shares</code></em> = <code class="literal">yes</code>
4875
4940
</em></span>
4876
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558140"></a>
4941
</p></dd></dl></div></div><div class="section" title="remote announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564770"></a>
4877
4942
4878
4943
remote announce (G)
4879
</h3></div></div></div><a class="indexterm" name="id2558142"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4944
</h3></div></div></div><a class="indexterm" name="id2564771"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4880
4945
This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically announce itself
4881
4946
to arbitrary IP addresses with an arbitrary workgroup name.
4882
4947
</p><p>
4900
4965
See the chapter on Network Browsing in the Samba-HOWTO book.
4901
4966
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote announce</code></em> = <code class="literal"></code>
4902
4967
</em></span>
4903
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558246"></a>
4968
</p></dd></dl></div></div><div class="section" title="remote browse sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564875"></a>
4904
4969
4905
4970
remote browse sync (G)
4906
</h3></div></div></div><a class="indexterm" name="id2558247"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4971
</h3></div></div></div><a class="indexterm" name="id2564876"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4907
4972
This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically request
4908
4973
synchronization of browse lists with the master browser of a Samba
4909
4974
server that is on a remote segment. This option will allow you to
4935
5000
each network has its own WINS server.
4936
5001
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote browse sync</code></em> = <code class="literal"></code>
4937
5002
</em></span>
4938
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558359"></a>
5003
</p></dd></dl></div></div><div class="section" title="rename user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564993"></a>
4939
5004
4940
5005
rename user script (G)
4941
</h3></div></div></div><a class="indexterm" name="id2558360"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
5006
</h3></div></div></div><a class="indexterm" name="id2564994"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4942
5007
This is the full pathname to a script that will be run as root by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> under special circumstances described below.
4943
5008
</p><p>
4944
5009
When a user with admin authority or SeAddUserPrivilege rights renames a user (e.g.: from the NT4 User Manager
4945
5010
for Domains), this script will be run to rename the POSIX user. Two variables, <code class="literal">%uold</code> and
4946
5011
<code class="literal">%unew</code>, will be substituted with the old and new usernames, respectively. The script should
4947
5012
return 0 upon successful completion, and nonzero otherwise.
4948
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
5013
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
4949
5014
The script has all responsibility to rename all the necessary data that is accessible in this posix method.
4950
5015
This can mean different requirements for different backends. The tdbsam and smbpasswd backends will take care
4951
5016
of the contents of their respective files, so the script is responsible only for changing the POSIX username, and
4956
5021
needs to change for other applications using the same directory.
4957
5022
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>rename user script</code></em> = <code class="literal">no</code>
4958
5023
</em></span>
4959
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558449"></a>
5024
</p></dd></dl></div></div><div class="section" title="reset on zero vc (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565083"></a>
4960
5025
4961
5026
reset on zero vc (G)
4962
</h3></div></div></div><a class="indexterm" name="id2558450"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p>
5027
</h3></div></div></div><a class="indexterm" name="id2565084"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4963
5028
This boolean option controls whether an incoming session setup
4964
5029
should kill other connections coming from the same IP. This matches
4965
5030
the default Windows 2003 behaviour.
4978
5043
4979
5044
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>reset on zero vc</code></em> = <code class="literal">no</code>
4980
5045
</em></span>
4981
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558502"></a>
5046
</p></dd></dl></div></div><div class="section" title="restrict anonymous (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565148"></a>
4982
5047
4983
5048
restrict anonymous (G)
4984
</h3></div></div></div><a class="indexterm" name="id2558503"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and
5049
</h3></div></div></div><a class="indexterm" name="id2565149"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and
4985
5050
group list information is returned for an anonymous connection.
4986
5051
and mirrors the effects of the
4987
5052
</p><pre class="programlisting">
4999
5064
The security advantage of using restrict anonymous = 1 is dubious,
5000
5065
as user and group list information can be obtained using other
5001
5066
means.
5002
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
5067
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
5003
5068
The security advantage of using restrict anonymous = 2 is removed
5004
5069
by setting <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok = yes</a> on any share.
5005
5070
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>restrict anonymous</code></em> = <code class="literal">0</code>
5006
5071
</em></span>
5007
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558586"></a>
5072
</p></dd></dl></div></div><div class="section" title="root"><div class="titlepage"><div><div><h3 class="title"><a name="id2565232"></a>
5008
5073
5009
5074
<a name="ROOT"></a>root
5010
</h3></div></div></div><a class="indexterm" name="id2558587"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558619"></a>
5075
</h3></div></div></div><a class="indexterm" name="id2565233"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root dir"><div class="titlepage"><div><div><h3 class="title"><a name="id2565265"></a>
5011
5076
5012
5077
<a name="ROOTDIR"></a>root dir
5013
</h3></div></div></div><a class="indexterm" name="id2558620"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558650"></a>
5078
</h3></div></div></div><a class="indexterm" name="id2565266"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565296"></a>
5014
5079
5015
5080
root directory (G)
5016
</h3></div></div></div><a class="indexterm" name="id2558652"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.
5081
</h3></div></div></div><a class="indexterm" name="id2565297"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.
5017
5082
Change its root directory) to this directory on startup. This is
5018
5083
not strictly necessary for secure operation. Even without it the
5019
5084
server will deny access to files not in one of the service entries.
5036
5101
</em></span>
5037
5102
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>root directory</code></em> = <code class="literal">/homes/smb</code>
5038
5103
</em></span>
5039
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558774"></a>
5104
</p></dd></dl></div></div><div class="section" title="root postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565420"></a>
5040
5105
5041
5106
root postexec (S)
5042
</h3></div></div></div><a class="indexterm" name="id2558776"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
5107
</h3></div></div></div><a class="indexterm" name="id2565421"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
5043
5108
This is the same as the <em class="parameter"><code>postexec</code></em>
5044
5109
parameter except that the command is run as root. This is useful for
5045
5110
unmounting filesystems (such as CDROMs) after a connection is closed.
5046
5111
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root postexec</code></em> = <code class="literal"></code>
5047
5112
</em></span>
5048
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558823"></a>
5113
</p></dd></dl></div></div><div class="section" title="root preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565469"></a>
5049
5114
5050
5115
root preexec close (S)
5051
</h3></div></div></div><a class="indexterm" name="id2558824"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close
5116
</h3></div></div></div><a class="indexterm" name="id2565470"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close
5052
5117
</code></em> parameter except that the command is run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec close</code></em> = <code class="literal">no</code>
5053
5118
</em></span>
5054
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558872"></a>
5119
</p></dd></dl></div></div><div class="section" title="root preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565517"></a>
5055
5120
5056
5121
root preexec (S)
5057
</h3></div></div></div><a class="indexterm" name="id2558873"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
5122
</h3></div></div></div><a class="indexterm" name="id2565518"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
5058
5123
This is the same as the <em class="parameter"><code>preexec</code></em>
5059
5124
parameter except that the command is run as root. This is useful for
5060
5125
mounting filesystems (such as CDROMs) when a connection is opened.
5061
5126
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec</code></em> = <code class="literal"></code>
5062
5127
</em></span>
5063
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558920"></a>
5128
</p></dd></dl></div></div><div class="section" title="security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565566"></a>
5064
5129
5065
5130
security mask (S)
5066
</h3></div></div></div><a class="indexterm" name="id2558921"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
5131
</h3></div></div></div><a class="indexterm" name="id2565567"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
5067
5132
This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the
5068
5133
UNIX permission on a file using the native NT security dialog box.
5069
5134
</p><p>
5082
5147
</em></span>
5083
5148
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security mask</code></em> = <code class="literal">0770</code>
5084
5149
</em></span>
5085
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559026"></a>
5150
</p></dd></dl></div></div><div class="section" title="security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565672"></a>
5086
5151
5087
5152
security (G)
5088
</h3></div></div></div><a class="indexterm" name="id2559027"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to
5153
</h3></div></div></div><a class="indexterm" name="id2565673"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to
5089
5154
Samba and is one of the most important settings in the <code class="filename">
5090
5155
smb.conf</code> file.</p><p>The option sets the "security mode bit" in replies to
5091
5156
protocol negotiations with <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to turn share level security on or off. Clients decide
5124
5189
in share level security, <code class="literal">smbd</code> uses several
5125
5190
techniques to determine the correct UNIX user to use on behalf
5126
5191
of the client.</p><p>A list of possible UNIX usernames to match with the given
5127
client password is constructed using the following methods :</p><div class="itemizedlist"><ul type="disc"><li><p>If the <a class="link" href="smb.conf.5.html#GUESTONLY" target="_top">guest only</a> parameter is set, then all the other
5192
client password is constructed using the following methods :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>If the <a class="link" href="smb.conf.5.html#GUESTONLY" target="_top">guest only</a> parameter is set, then all the other
5128
5193
stages are missed and only the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a> username is checked.
5129
</p></li><li><p>Is a username is sent with the share connection
5194
</p></li><li class="listitem"><p>Is a username is sent with the share connection
5130
5195
request, then this username (after mapping - see <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a>),
5131
5196
is added as a potential username.
5132
</p></li><li><p>If the client did a previous <span class="emphasis"><em>logon
5197
</p></li><li class="listitem"><p>If the client did a previous <span class="emphasis"><em>logon
5133
5198
</em></span> request (the SessionSetup SMB call) then the
5134
5199
username sent in this SMB will be added as a potential username.
5135
</p></li><li><p>The name of the service the client requested is
5200
</p></li><li class="listitem"><p>The name of the service the client requested is
5136
5201
added as a potential username.
5137
</p></li><li><p>The NetBIOS name of the client is added to
5202
</p></li><li class="listitem"><p>The NetBIOS name of the client is added to
5138
5203
the list as a potential username.
5139
</p></li><li><p>Any users on the <a class="link" href="smb.conf.5.html#USER" target="_top">user</a> list are added as potential usernames.
5204
</p></li><li class="listitem"><p>Any users on the <a class="link" href="smb.conf.5.html#USER" target="_top">user</a> list are added as potential usernames.
5140
5205
</p></li></ul></div><p>If the <em class="parameter"><code>guest only</code></em> parameter is
5141
5206
not set, then this list is then tried with the supplied password.
5142
5207
The first user for whom the password matches will be used as the
5182
5247
server does not support them. However note that if encrypted passwords have been negotiated then Samba cannot
5183
5248
revert back to checking the UNIX password file, it must have a valid <code class="filename">smbpasswd</code> file to check users against. See the chapter about the User Database in
5184
5249
the Samba HOWTO Collection for details on how to set this up.
5185
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This mode of operation has
5250
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This mode of operation has
5186
5251
significant pitfalls since it is more vulnerable to
5187
5252
man-in-the-middle attacks and server impersonation. In particular,
5188
5253
this mode of operation can cause significant resource consuption on
5190
5255
of the user's session. Furthermore, if this connection is lost,
5191
5256
there is no way to reestablish it, and futher authentications to the
5192
5257
Samba server may fail (from a single client, till it disconnects).
5193
</p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>From the client's point of
5258
</p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>From the client's point of
5194
5259
view, <code class="literal">security = server</code> is the
5195
5260
same as <code class="literal">security = user</code>. It
5196
5261
only affects how the server deals with the authentication, it does
5209
5274
</em></span>
5210
5275
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security</code></em> = <code class="literal">DOMAIN</code>
5211
5276
</em></span>
5212
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559905"></a>
5277
</p></dd></dl></div></div><div class="section" title="server schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566551"></a>
5213
5278
5214
5279
server schannel (G)
5215
</h3></div></div></div><a class="indexterm" name="id2559906"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
5280
</h3></div></div></div><a class="indexterm" name="id2566552"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
5216
5281
This controls whether the server offers or even demands the use of the netlogon schannel.
5217
5282
<a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = no</a> does not offer the schannel, <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = auto</a> offers the schannel but does not enforce it, and <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = yes</a> denies access if the client is not able to speak netlogon schannel.
5218
5283
This is only the case for Windows NT4 before SP4.
5223
5288
</em></span>
5224
5289
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server schannel</code></em> = <code class="literal">yes</code>
5225
5290
</em></span>
5226
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560021"></a>
5291
</p></dd></dl></div></div><div class="section" title="server signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566667"></a>
5227
5292
5228
5293
server signing (G)
5229
</h3></div></div></div><a class="indexterm" name="id2560022"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
5294
</h3></div></div></div><a class="indexterm" name="id2566668"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
5230
5295
are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
5231
5296
and <span class="emphasis"><em>disabled</em></span>.
5232
5297
</p><p>When set to auto, SMB signing is offered, but not enforced.
5233
5298
When set to mandatory, SMB signing is required and if set
5234
5299
to disabled, SMB signing is not offered either.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>server signing</code></em> = <code class="literal">Disabled</code>
5235
5300
</em></span>
5236
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560082"></a>
5301
</p></dd></dl></div></div><div class="section" title="server string (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566728"></a>
5237
5302
5238
5303
server string (G)
5239
</h3></div></div></div><a class="indexterm" name="id2560083"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print
5304
</h3></div></div></div><a class="indexterm" name="id2566729"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print
5240
5305
manager and next to the IPC connection in <code class="literal">net view</code>. It
5241
5306
can be any string that you wish to show to your users.</p><p>It also sets what will appear in browse lists next
5242
5307
to the machine name.</p><p>A <em class="parameter"><code>%v</code></em> will be replaced with the Samba
5245
5310
</em></span>
5246
5311
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server string</code></em> = <code class="literal">University of GNUs Samba Server</code>
5247
5312
</em></span>
5248
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560173"></a>
5313
</p></dd></dl></div></div><div class="section" title="set directory (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566819"></a>
5249
5314
5250
5315
set directory (S)
5251
</h3></div></div></div><a class="indexterm" name="id2560174"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5316
</h3></div></div></div><a class="indexterm" name="id2566820"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5252
5317
If <code class="literal">set directory = no</code>, then users of the
5253
5318
service may not use the setdir command to change directory.
5254
5319
</p><p>
5257
5322
for details.
5258
5323
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set directory</code></em> = <code class="literal">no</code>
5259
5324
</em></span>
5260
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560233"></a>
5325
</p></dd></dl></div></div><div class="section" title="set primary group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566879"></a>
5261
5326
5262
5327
set primary group script (G)
5263
</h3></div></div></div><a class="indexterm" name="id2560234"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a
5328
</h3></div></div></div><a class="indexterm" name="id2566880"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a
5264
5329
primary group in addition to the auxiliary groups. This script
5265
5330
sets the primary group in the unix userdatase when an
5266
5331
administrator sets the primary group from the windows user
5272
5337
</em></span>
5273
5338
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set primary group script</code></em> = <code class="literal">/usr/sbin/usermod -g '%g' '%u'</code>
5274
5339
</em></span>
5275
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560315"></a>
5340
</p></dd></dl></div></div><div class="section" title="set quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566961"></a>
5276
5341
5277
5342
set quota command (G)
5278
</h3></div></div></div><a class="indexterm" name="id2560316"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used
5343
</h3></div></div></div><a class="indexterm" name="id2566962"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used
5279
5344
whenever there is no operating system API available from the OS that
5280
5345
samba can use.</p><p>This option is only available if Samba was configured with the argument <code class="literal">--with-sys-quotas</code> or
5281
5346
on linux when <code class="literal">./configure --with-quotas</code> was used and a working quota api
5282
5347
was found in the system. Most packages are configured with these options already.</p><p>This parameter should specify the path to a script that
5283
can set quota for the specified arguments.</p><p>The specified script should take the following arguments:</p><div class="itemizedlist"><ul type="disc"><li><p>1 - quota type
5284
</p><div class="itemizedlist"><ul type="circle"><li><p>1 - user quotas</p></li><li><p>2 - user default quotas (uid = -1)</p></li><li><p>3 - group quotas</p></li><li><p>4 - group default quotas (gid = -1)</p></li></ul></div></li><li><p>2 - id (uid for user, gid for group, -1 if N/A)</p></li><li><p>3 - quota state (0 = disable, 1 = enable, 2 = enable and enforce)</p></li><li><p>4 - block softlimit</p></li><li><p>5 - block hardlimit</p></li><li><p>6 - inode softlimit</p></li><li><p>7 - inode hardlimit</p></li><li><p>8(optional) - block size, defaults to 1024</p></li></ul></div><p>The script should output at least one line of data on success. And nothing on failure.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal"></code>
5348
can set quota for the specified arguments.</p><p>The specified script should take the following arguments:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>1 - quota type
5349
</p><div class="itemizedlist"><ul class="itemizedlist" type="circle"><li class="listitem"><p>1 - user quotas</p></li><li class="listitem"><p>2 - user default quotas (uid = -1)</p></li><li class="listitem"><p>3 - group quotas</p></li><li class="listitem"><p>4 - group default quotas (gid = -1)</p></li></ul></div></li><li class="listitem"><p>2 - id (uid for user, gid for group, -1 if N/A)</p></li><li class="listitem"><p>3 - quota state (0 = disable, 1 = enable, 2 = enable and enforce)</p></li><li class="listitem"><p>4 - block softlimit</p></li><li class="listitem"><p>5 - block hardlimit</p></li><li class="listitem"><p>6 - inode softlimit</p></li><li class="listitem"><p>7 - inode hardlimit</p></li><li class="listitem"><p>8(optional) - block size, defaults to 1024</p></li></ul></div><p>The script should output at least one line of data on success. And nothing on failure.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal"></code>
5285
5350
</em></span>
5286
5351
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal">/usr/local/sbin/set_quota</code>
5287
5352
</em></span>
5288
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560478"></a>
5353
</p></dd></dl></div></div><div class="section" title="share:fake_fscaps (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567124"></a>
5289
5354
5290
5355
share:fake_fscaps (G)
5291
</h3></div></div></div><a class="indexterm" name="id2560479"></a><a name="SHARE:FAKE_FSCAPS"></a><div class="variablelist"><dl><dt></dt><dd><p>
5356
</h3></div></div></div><a class="indexterm" name="id2567126"></a><a name="SHARE:FAKE_FSCAPS"></a><div class="variablelist"><dl><dt></dt><dd><p>
5292
5357
This is needed to support some special application that makes
5293
5358
QFSINFO calls to check whether we set the SPARSE_FILES bit
5294
5359
(0x40). If this bit is not set that particular application
5298
5363
decimal values to specify the bitmask you need to fake.
5299
5364
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>share:fake_fscaps</code></em> = <code class="literal">0</code>
5300
5365
</em></span>
5301
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560538"></a>
5366
</p></dd></dl></div></div><div class="section" title="share modes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567184"></a>
5302
5367
5303
5368
share modes (S)
5304
</h3></div></div></div><a class="indexterm" name="id2560539"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of
5369
</h3></div></div></div><a class="indexterm" name="id2567185"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of
5305
5370
the <em class="parameter"><code>share modes</code></em> during a file open. These
5306
5371
modes are used by clients to gain exclusive read or write access
5307
5372
to a file.</p><p>This is a deprecated option from old versions of
5313
5378
by default.</p><p>You should <span class="emphasis"><em>NEVER</em></span> turn this parameter
5314
5379
off as many Windows applications will break if you do so.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>share modes</code></em> = <code class="literal">yes</code>
5315
5380
</em></span>
5316
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560614"></a>
5381
</p></dd></dl></div></div><div class="section" title="short preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567261"></a>
5317
5382
5318
5383
short preserve case (S)
5319
</h3></div></div></div><a class="indexterm" name="id2560616"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
5384
</h3></div></div></div><a class="indexterm" name="id2567262"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
5320
5385
This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of
5321
5386
suitable length, are created upper case, or if they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>.
5322
5387
This option can be use with <a class="link" href="smb.conf.5.html#PRESERVECASE" target="_top">preserve case = yes</a> to permit long filenames
5323
5388
to retain their case, while short names are lowered.
5324
5389
</p><p>See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>short preserve case</code></em> = <code class="literal">yes</code>
5325
5390
</em></span>
5326
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560694"></a>
5391
</p></dd></dl></div></div><div class="section" title="show add printer wizard (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567340"></a>
5327
5392
5328
5393
show add printer wizard (G)
5329
</h3></div></div></div><a class="indexterm" name="id2560695"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support
5394
</h3></div></div></div><a class="indexterm" name="id2567341"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support
5330
5395
for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will
5331
5396
appear on Samba hosts in the share listing. Normally this folder will
5332
5397
contain an icon for the MS Add Printer Wizard (APW). However, it is
5341
5406
icon will not be displayed.</p><p>Disabling the <em class="parameter"><code>show add printer wizard</code></em>
5342
5407
parameter will always cause the OpenPrinterEx() on the server
5343
5408
to fail. Thus the APW icon will never be displayed.
5344
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This does not prevent the same user from having
5409
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This does not prevent the same user from having
5345
5410
administrative privilege on an individual printer.</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>show add printer wizard</code></em> = <code class="literal">yes</code>
5346
5411
</em></span>
5347
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560777"></a>
5412
</p></dd></dl></div></div><div class="section" title="shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567423"></a>
5348
5413
5349
5414
shutdown script (G)
5350
</h3></div></div></div><a class="indexterm" name="id2560778"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by
5415
</h3></div></div></div><a class="indexterm" name="id2567424"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by
5351
5416
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that should
5352
5417
start a shutdown procedure.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>,
5353
right, this command will be run as root.</p><p>The %z %t %r %f variables are expanded as follows:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>%z</code></em> will be substituted with the
5354
shutdown message sent to the server.</p></li><li><p><em class="parameter"><code>%t</code></em> will be substituted with the
5418
right, this command will be run as root.</p><p>The %z %t %r %f variables are expanded as follows:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>%z</code></em> will be substituted with the
5419
shutdown message sent to the server.</p></li><li class="listitem"><p><em class="parameter"><code>%t</code></em> will be substituted with the
5355
5420
number of seconds to wait before effectively starting the
5356
shutdown procedure.</p></li><li><p><em class="parameter"><code>%r</code></em> will be substituted with the
5421
shutdown procedure.</p></li><li class="listitem"><p><em class="parameter"><code>%r</code></em> will be substituted with the
5357
5422
switch <span class="emphasis"><em>-r</em></span>. It means reboot after shutdown
5358
for NT.</p></li><li><p><em class="parameter"><code>%f</code></em> will be substituted with the
5423
for NT.</p></li><li class="listitem"><p><em class="parameter"><code>%f</code></em> will be substituted with the
5359
5424
switch <span class="emphasis"><em>-f</em></span>. It means force the shutdown
5360
5425
even if applications do not respond for NT.</p></li></ul></div><p>Shutdown script example:
5361
5426
</p><pre class="programlisting">
5372
5437
</em></span>
5373
5438
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>shutdown script</code></em> = <code class="literal">/usr/local/samba/sbin/shutdown %m %t %r %f</code>
5374
5439
</em></span>
5375
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560930"></a>
5440
</p></dd></dl></div></div><div class="section" title="smb encrypt (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567577"></a>
5376
5441
5377
5442
smb encrypt (S)
5378
</h3></div></div></div><a class="indexterm" name="id2560931"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an
5443
</h3></div></div></div><a class="indexterm" name="id2567578"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an
5379
5444
extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions.
5380
5445
SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt
5381
5446
and sign every request/response in a SMB protocol stream. When
5403
5468
When set to mandatory, SMB encryption is required and if set
5404
5469
to disabled, SMB encryption can not be negotiated.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb encrypt</code></em> = <code class="literal">auto</code>
5405
5470
</em></span>
5406
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561047"></a>
5471
</p></dd></dl></div></div><div class="section" title="smb passwd file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567683"></a>
5407
5472
5408
5473
smb passwd file (G)
5409
</h3></div></div></div><a class="indexterm" name="id2561048"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By
5474
</h3></div></div></div><a class="indexterm" name="id2567684"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By
5410
5475
default the path to the smbpasswd file is compiled into Samba.</p><p>
5411
5476
An example of use is:
5412
5477
</p><pre class="programlisting">
5414
5479
</pre><p>
5415
5480
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb passwd file</code></em> = <code class="literal">${prefix}/private/smbpasswd</code>
5416
5481
</em></span>
5417
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561101"></a>
5482
</p></dd></dl></div></div><div class="section" title="smb ports (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567736"></a>
5418
5483
5419
5484
smb ports (G)
5420
</h3></div></div></div><a class="indexterm" name="id2561102"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>
5485
</h3></div></div></div><a class="indexterm" name="id2567737"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>
5421
5486
</em></span>
5422
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561142"></a>
5487
</p></dd></dl></div></div><div class="section" title="socket address (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567778"></a>
5423
5488
5424
5489
socket address (G)
5425
</h3></div></div></div><a class="indexterm" name="id2561144"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what
5490
</h3></div></div></div><a class="indexterm" name="id2567779"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what
5426
5491
address Samba will listen for connections on. This is used to
5427
5492
support multiple virtual interfaces on the one server, each
5428
5493
with a different configuration.</p><p>Setting this option should never be necessary on usual Samba
5431
5496
</em></span>
5432
5497
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket address</code></em> = <code class="literal">192.168.2.20</code>
5433
5498
</em></span>
5434
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561213"></a>
5499
</p></dd></dl></div></div><div class="section" title="socket options (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567848"></a>
5435
5500
5436
5501
socket options (G)
5437
</h3></div></div></div><a class="indexterm" name="id2561214"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options
5502
</h3></div></div></div><a class="indexterm" name="id2567849"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options
5438
5503
to be used when talking with the client.</p><p>Socket options are controls on the networking layer
5439
5504
of the operating systems which allow the connection to be
5440
5505
tuned.</p><p>This option will typically be used to tune your Samba server
5450
5515
send the patch to <a class="ulink" href="mailto:samba-technical@samba.org" target="_top">
5451
5516
samba-technical@samba.org</a>.</p><p>Any of the supported socket options may be combined
5452
5517
in any way you like, as long as your OS allows it.</p><p>This is the list of socket options currently settable
5453
using this option:</p><div class="itemizedlist"><ul type="disc"><li><p>SO_KEEPALIVE</p></li><li><p>SO_REUSEADDR</p></li><li><p>SO_BROADCAST</p></li><li><p>TCP_NODELAY</p></li><li><p>IPTOS_LOWDELAY</p></li><li><p>IPTOS_THROUGHPUT</p></li><li><p>SO_SNDBUF *</p></li><li><p>SO_RCVBUF *</p></li><li><p>SO_SNDLOWAT *</p></li><li><p>SO_RCVLOWAT *</p></li></ul></div><p>Those marked with a <span class="emphasis"><em>'*'</em></span> take an integer
5518
using this option:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>SO_KEEPALIVE</p></li><li class="listitem"><p>SO_REUSEADDR</p></li><li class="listitem"><p>SO_BROADCAST</p></li><li class="listitem"><p>TCP_NODELAY</p></li><li class="listitem"><p>IPTOS_LOWDELAY</p></li><li class="listitem"><p>IPTOS_THROUGHPUT</p></li><li class="listitem"><p>SO_SNDBUF *</p></li><li class="listitem"><p>SO_RCVBUF *</p></li><li class="listitem"><p>SO_SNDLOWAT *</p></li><li class="listitem"><p>SO_RCVLOWAT *</p></li></ul></div><p>Those marked with a <span class="emphasis"><em>'*'</em></span> take an integer
5454
5519
argument. The others can optionally take a 1 or 0 argument to enable
5455
5520
or disable the option, by default they will be enabled if you
5456
5521
don't specify 1 or 0.</p><p>To specify an argument use the syntax SOME_OPTION = VALUE
5462
5527
</em></span>
5463
5528
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket options</code></em> = <code class="literal">IPTOS_LOWDELAY</code>
5464
5529
</em></span>
5465
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561423"></a>
5530
</p></dd></dl></div></div><div class="section" title="stat cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568059"></a>
5466
5531
5467
5532
stat cache (G)
5468
</h3></div></div></div><a class="indexterm" name="id2561424"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to
5533
</h3></div></div></div><a class="indexterm" name="id2568060"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to
5469
5534
speed up case insensitive name mappings. You should never need
5470
5535
to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>stat cache</code></em> = <code class="literal">yes</code>
5471
5536
</em></span>
5472
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561474"></a>
5537
</p></dd></dl></div></div><div class="section" title="state directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568110"></a>
5538
5539
state directory (G)
5540
</h3></div></div></div><a class="indexterm" name="id2568111"></a><a name="STATEDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>Usually, most of the TDB files are stored in the
5541
<em class="parameter"><code>lock directory</code></em>. Since
5542
Samba 3.4.0, it is possible to differentiate between TDB files
5543
with persistent data and TDB files with non-persistent data using
5544
the <em class="parameter"><code>state directory</code></em> and the
5545
<em class="parameter"><code>cache directory</code></em> options.
5546
</p><p> This option specifies the directory where TDB files containing
5547
persistent data will be stored.
5548
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>state directory</code></em> = <code class="literal">${prefix}/var/locks</code>
5549
</em></span>
5550
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>state directory</code></em> = <code class="literal">/var/run/samba/locks/state</code>
5551
</em></span>
5552
</p></dd></dl></div></div><div class="section" title="store dos attributes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568196"></a>
5473
5553
5474
5554
store dos attributes (S)
5475
</h3></div></div></div><a class="indexterm" name="id2561476"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>
5555
</h3></div></div></div><a class="indexterm" name="id2568197"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>
5476
5556
If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or
5477
5557
READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such
5478
5558
as occurs with <a class="link" href="smb.conf.5.html#MAPHIDDEN" target="_top">map hidden</a> and <a class="link" href="smb.conf.5.html#MAPREADONLY" target="_top">map readonly</a>). When set, DOS
5484
5564
extended attributes to work, also extended attributes must be compiled into the Linux kernel.
5485
5565
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>store dos attributes</code></em> = <code class="literal">no</code>
5486
5566
</em></span>
5487
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561596"></a>
5567
</p></dd></dl></div></div><div class="section" title="strict allocate (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568318"></a>
5488
5568
5489
5569
strict allocate (S)
5490
</h3></div></div></div><a class="indexterm" name="id2561597"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of
5570
</h3></div></div></div><a class="indexterm" name="id2568319"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of
5491
5571
disk space allocation in the server. When this is set to <code class="constant">yes</code>
5492
5572
the server will change from UNIX behaviour of not committing real
5493
5573
disk storage blocks when a file is extended to the Windows behaviour
5499
5579
out of quota messages on systems that are restricting the disk quota
5500
5580
of users.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict allocate</code></em> = <code class="literal">no</code>
5501
5581
</em></span>
5502
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561667"></a>
5582
</p></dd></dl></div></div><div class="section" title="strict locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568388"></a>
5503
5583
5504
5584
strict locking (S)
5505
</h3></div></div></div><a class="indexterm" name="id2561668"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
5585
</h3></div></div></div><a class="indexterm" name="id2568389"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
5506
5586
This is an enumerated type that controls the handling of file locking in the server. When this is set to <code class="constant">yes</code>,
5507
5587
the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on
5508
5588
some systems.
5518
5598
<code class="literal">strict locking = no</code> is acceptable.
5519
5599
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict locking</code></em> = <code class="literal">Auto</code>
5520
5600
</em></span>
5521
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561746"></a>
5601
</p></dd></dl></div></div><div class="section" title="strict sync (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568467"></a>
5522
5602
5523
5603
strict sync (S)
5524
</h3></div></div></div><a class="indexterm" name="id2561747"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer
5604
</h3></div></div></div><a class="indexterm" name="id2568468"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer
5525
5605
shell) seem to confuse flushing buffer contents to disk with doing
5526
5606
a sync to disk. Under UNIX, a sync call forces the process to be
5527
5607
suspended until the kernel has ensured that all outstanding data in
5535
5615
addition, this fixes many performance problems that people have
5536
5616
reported with the new Windows98 explorer shell file copies.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict sync</code></em> = <code class="literal">no</code>
5537
5617
</em></span>
5538
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561811"></a>
5618
</p></dd></dl></div></div><div class="section" title="svcctl list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568532"></a>
5539
5619
5540
5620
svcctl list (G)
5541
</h3></div></div></div><a class="indexterm" name="id2561812"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd
5621
</h3></div></div></div><a class="indexterm" name="id2568533"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd
5542
5622
will use for starting and stopping Unix services via the Win32
5543
5623
ServiceControl API. This allows Windows administrators to
5544
5624
utilize the MS Management Console plug-ins to manage a
5551
5631
</em></span>
5552
5632
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>svcctl list</code></em> = <code class="literal">cups postfix portmap httpd</code>
5553
5633
</em></span>
5554
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561897"></a>
5634
</p></dd></dl></div></div><div class="section" title="sync always (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568618"></a>
5555
5635
5556
5636
sync always (S)
5557
</h3></div></div></div><a class="indexterm" name="id2561898"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls
5637
</h3></div></div></div><a class="indexterm" name="id2568619"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls
5558
5638
whether writes will always be written to stable storage before
5559
5639
the write call returns. If this is <code class="constant">no</code> then the server will be
5560
5640
guided by the client's request in each write call (clients can
5565
5645
<code class="constant">yes</code> in order for this parameter to have
5566
5646
any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>sync always</code></em> = <code class="literal">no</code>
5567
5647
</em></span>
5568
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561968"></a>
5648
</p></dd></dl></div></div><div class="section" title="syslog only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568689"></a>
5569
5649
5570
5650
syslog only (G)
5571
</h3></div></div></div><a class="indexterm" name="id2561969"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5651
</h3></div></div></div><a class="indexterm" name="id2568690"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5572
5652
If this parameter is set then Samba debug messages are logged into the system
5573
5653
syslog only, and not to the debug log files. There still will be some
5574
5654
logging to log.[sn]mbd even if <span class="emphasis"><em>syslog only</em></span> is enabled.
5575
5655
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog only</code></em> = <code class="literal">no</code>
5576
5656
</em></span>
5577
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562015"></a>
5657
</p></dd></dl></div></div><div class="section" title="syslog (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568736"></a>
5578
5658
5579
5659
syslog (G)
5580
</h3></div></div></div><a class="indexterm" name="id2562016"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>
5660
</h3></div></div></div><a class="indexterm" name="id2568738"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>
5581
5661
This parameter maps how Samba debug messages are logged onto the system syslog logging levels.
5582
5662
Samba debug level zero maps onto syslog <code class="constant">LOG_ERR</code>, debug level one maps onto
5583
5663
<code class="constant">LOG_WARNING</code>, debug level two maps onto <code class="constant">LOG_NOTICE</code>,
5588
5668
logging to log.[sn]mbd even if <span class="emphasis"><em>syslog only</em></span> is enabled.
5589
5669
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog</code></em> = <code class="literal">1</code>
5590
5670
</em></span>
5591
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562086"></a>
5671
</p></dd></dl></div></div><div class="section" title="template homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568807"></a>
5592
5672
5593
5673
template homedir (G)
5594
</h3></div></div></div><a class="indexterm" name="id2562087"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5674
</h3></div></div></div><a class="indexterm" name="id2568808"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5595
5675
user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this
5596
5676
parameter to fill in the home directory for that user. If the
5597
5677
string <em class="parameter"><code>%D</code></em> is present it
5599
5679
string <em class="parameter"><code>%U</code></em> is present it
5600
5680
is substituted with the user's Windows NT user name.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>template homedir</code></em> = <code class="literal">/home/%D/%U</code>
5601
5681
</em></span>
5602
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562151"></a>
5682
</p></dd></dl></div></div><div class="section" title="template shell (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568873"></a>
5603
5683
5604
5684
template shell (G)
5605
</h3></div></div></div><a class="indexterm" name="id2562152"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5685
</h3></div></div></div><a class="indexterm" name="id2568874"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5606
5686
user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this
5607
parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562190"></a>
5687
parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="time offset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568912"></a>
5608
5688
5609
5689
time offset (G)
5610
</h3></div></div></div><a class="indexterm" name="id2562191"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add
5690
</h3></div></div></div><a class="indexterm" name="id2568913"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add
5611
5691
to the normal GMT to local time conversion. This is useful if
5612
5692
you are serving a lot of PCs that have incorrect daylight
5613
5693
saving time handling.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">0</code>
5614
5694
</em></span>
5615
5695
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">60</code>
5616
5696
</em></span>
5617
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562250"></a>
5697
</p></dd></dl></div></div><div class="section" title="time server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568972"></a>
5618
5698
5619
5699
time server (G)
5620
</h3></div></div></div><a class="indexterm" name="id2562251"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows
5700
</h3></div></div></div><a class="indexterm" name="id2568973"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows
5621
5701
clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time server</code></em> = <code class="literal">no</code>
5622
5702
</em></span>
5623
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562301"></a>
5703
</p></dd></dl></div></div><div class="section" title="unix charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569022"></a>
5624
5704
5625
5705
unix charset (G)
5626
</h3></div></div></div><a class="indexterm" name="id2562302"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine
5706
</h3></div></div></div><a class="indexterm" name="id2569023"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine
5627
5707
Samba runs on uses. Samba needs to know this in order to be able to
5628
5708
convert text to the charsets other SMB clients use.
5629
5709
</p><p>This is also the charset Samba will use when specifying arguments
5632
5712
</em></span>
5633
5713
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>unix charset</code></em> = <code class="literal">ASCII</code>
5634
5714
</em></span>
5635
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562367"></a>
5715
</p></dd></dl></div></div><div class="section" title="unix extensions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569088"></a>
5636
5716
5637
5717
unix extensions (G)
5638
</h3></div></div></div><a class="indexterm" name="id2562368"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5718
</h3></div></div></div><a class="indexterm" name="id2569089"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5639
5719
implements the CIFS UNIX extensions, as defined by HP.
5640
5720
These extensions enable Samba to better serve UNIX CIFS clients
5641
5721
by supporting features such as symbolic links, hard links, etc...
5642
5722
These extensions require a similarly enabled client, and are of
5643
5723
no current use to Windows clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix extensions</code></em> = <code class="literal">yes</code>
5644
5724
</em></span>
5645
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562414"></a>
5725
</p></dd></dl></div></div><div class="section" title="unix password sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569136"></a>
5646
5726
5647
5727
unix password sync (G)
5648
</h3></div></div></div><a class="indexterm" name="id2562415"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5728
</h3></div></div></div><a class="indexterm" name="id2569137"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5649
5729
attempts to synchronize the UNIX password with the SMB password
5650
5730
when the encrypted SMB password in the smbpasswd file is changed.
5651
5731
If this is set to <code class="constant">yes</code> the program specified in the <em class="parameter"><code>passwd
5654
5734
old UNIX password (as the SMB password change code has no
5655
5735
access to the old password cleartext, only the new).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix password sync</code></em> = <code class="literal">no</code>
5656
5736
</em></span>
5657
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562475"></a>
5737
</p></dd></dl></div></div><div class="section" title="update encrypted (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569197"></a>
5658
5738
5659
5739
update encrypted (G)
5660
</h3></div></div></div><a class="indexterm" name="id2562476"></a><a name="UPDATEENCRYPTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
5740
</h3></div></div></div><a class="indexterm" name="id2569198"></a><a name="UPDATEENCRYPTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
5661
5741
This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed)
5662
5742
password in the smbpasswd file to be updated automatically as they log on. This option allows a site to
5663
5743
migrate from plaintext password authentication (users authenticate with plaintext password over the
5675
5755
passwords.
5676
5756
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>update encrypted</code></em> = <code class="literal">no</code>
5677
5757
</em></span>
5678
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562594"></a>
5758
</p></dd></dl></div></div><div class="section" title="use client driver (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569315"></a>
5679
5759
5680
5760
use client driver (S)
5681
</h3></div></div></div><a class="indexterm" name="id2562595"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/2000
5761
</h3></div></div></div><a class="indexterm" name="id2569316"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/2000
5682
5762
clients. It has no effect on Windows 95/98/ME clients. When
5683
5763
serving a printer to Windows NT/2000 clients without first installing
5684
5764
a valid printer driver on the Samba host, the client will be required
5703
5783
on a print share which has valid print driver installed on the Samba
5704
5784
server.</em></span></p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use client driver</code></em> = <code class="literal">no</code>
5705
5785
</em></span>
5706
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562675"></a>
5786
</p></dd></dl></div></div><div class="section" title="use mmap (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569396"></a>
5707
5787
5708
5788
use mmap (G)
5709
</h3></div></div></div><a class="indexterm" name="id2562676"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can
5789
</h3></div></div></div><a class="indexterm" name="id2569397"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can
5710
5790
depend on mmap working correctly on the running system. Samba requires a coherent
5711
5791
mmap/read-write system memory cache. Currently only HPUX does not have such a
5712
5792
coherent cache, and so this parameter is set to <code class="constant">no</code> by
5715
5795
the tdb internal code.
5716
5796
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use mmap</code></em> = <code class="literal">yes</code>
5717
5797
</em></span>
5718
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562727"></a>
5798
</p></dd></dl></div></div><div class="section" title="username level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569448"></a>
5719
5799
5720
5800
username level (G)
5721
</h3></div></div></div><a class="indexterm" name="id2562728"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at
5801
</h3></div></div></div><a class="indexterm" name="id2569449"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at
5722
5802
the real UNIX username, as many DOS clients send an all-uppercase
5723
5803
username. By default Samba tries all lowercase, followed by the
5724
5804
username with the first letter capitalized, and fails if the
5733
5813
</em></span>
5734
5814
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username level</code></em> = <code class="literal">5</code>
5735
5815
</em></span>
5736
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562808"></a>
5816
</p></dd></dl></div></div><div class="section" title="username map script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569530"></a>
5737
5817
5738
5818
username map script (G)
5739
</h3></div></div></div><a class="indexterm" name="id2562810"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the
5819
</h3></div></div></div><a class="indexterm" name="id2569531"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the
5740
5820
<a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a> parameter. This parameter
5741
5821
specifies and external program or script that must accept a single
5742
5822
command line option (the username transmitted in the authentication
5747
5827
</em></span>
5748
5828
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username map script</code></em> = <code class="literal">/etc/samba/scripts/mapusers.sh</code>
5749
5829
</em></span>
5750
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562885"></a>
5830
</p></dd></dl></div></div><div class="section" title="username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569607"></a>
5751
5831
5752
5832
username map (G)
5753
</h3></div></div></div><a class="indexterm" name="id2562886"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
5833
</h3></div></div></div><a class="indexterm" name="id2569608"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
5754
5834
This option allows you to specify a file containing a mapping of usernames from the clients to the server.
5755
5835
This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows
5756
5836
machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they
5834
5914
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>username map</code></em> = <code class="literal">
5835
5915
# no username map</code>
5836
5916
</em></span>
5837
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563165"></a>
5917
</p></dd></dl></div></div><div class="section" title="user"><div class="titlepage"><div><div><h3 class="title"><a name="id2569892"></a>
5838
5918
5839
5919
<a name="USER"></a>user
5840
</h3></div></div></div><a class="indexterm" name="id2563166"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563197"></a>
5920
</h3></div></div></div><a class="indexterm" name="id2569893"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="users"><div class="titlepage"><div><div><h3 class="title"><a name="id2569924"></a>
5841
5921
5842
5922
<a name="USERS"></a>users
5843
</h3></div></div></div><a class="indexterm" name="id2563198"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563229"></a>
5923
</h3></div></div></div><a class="indexterm" name="id2569925"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569956"></a>
5844
5924
5845
5925
username (S)
5846
</h3></div></div></div><a class="indexterm" name="id2563230"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited
5926
</h3></div></div></div><a class="indexterm" name="id2569957"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited
5847
5927
list, in which case the supplied password will be tested against
5848
5928
each username in turn (left to right).</p><p>The <em class="parameter"><code>username</code></em> line is needed only when
5849
5929
the PC is unable to supply its own username. This is the case
5881
5961
</em></span>
5882
5962
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username</code></em> = <code class="literal">fred, mary, jack, jane, @users, @pcgroup</code>
5883
5963
</em></span>
5884
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563399"></a>
5964
</p></dd></dl></div></div><div class="section" title="usershare allow guests (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570126"></a>
5885
5965
5886
5966
usershare allow guests (G)
5887
</h3></div></div></div><a class="indexterm" name="id2563400"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed
5967
</h3></div></div></div><a class="indexterm" name="id2570127"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed
5888
5968
to be accessed by non-authenticated users or not. It is the equivalent
5889
5969
of allowing people who can create a share the option of setting
5890
5970
<em class="parameter"><code>guest ok = yes</code></em> in a share
5891
5971
definition. Due to its security sensitive nature, the default
5892
5972
is set to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare allow guests</code></em> = <code class="literal">no</code>
5893
5973
</em></span>
5894
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563452"></a>
5974
</p></dd></dl></div></div><div class="section" title="usershare max shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570179"></a>
5895
5975
5896
5976
usershare max shares (G)
5897
</h3></div></div></div><a class="indexterm" name="id2563453"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares
5977
</h3></div></div></div><a class="indexterm" name="id2570180"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares
5898
5978
that are allowed to be created by users belonging to the group owning the
5899
5979
usershare directory. If set to zero (the default) user defined shares are ignored.
5900
5980
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare max shares</code></em> = <code class="literal">0</code>
5901
5981
</em></span>
5902
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563497"></a>
5982
</p></dd></dl></div></div><div class="section" title="usershare owner only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570224"></a>
5903
5983
5904
5984
usershare owner only (G)
5905
</h3></div></div></div><a class="indexterm" name="id2563498"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by
5985
</h3></div></div></div><a class="indexterm" name="id2570225"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by
5906
5986
a user defined shares must be owned by the user creating the
5907
5987
user defined share or not. If set to True (the default) then
5908
5988
smbd checks that the directory path being shared is owned by
5912
5992
regardless of who owns it.
5913
5993
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare owner only</code></em> = <code class="literal">True</code>
5914
5994
</em></span>
5915
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563547"></a>
5995
</p></dd></dl></div></div><div class="section" title="usershare path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570274"></a>
5916
5996
5917
5997
usershare path (G)
5918
</h3></div></div></div><a class="indexterm" name="id2563548"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the
5998
</h3></div></div></div><a class="indexterm" name="id2570275"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the
5919
5999
filesystem used to store the user defined share definition files.
5920
6000
This directory must be owned by root, and have no access for
5921
6001
other, and be writable only by the group owner. In addition the
5936
6016
In this case, only members of the group "power_users" can create user defined shares.
5937
6017
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare path</code></em> = <code class="literal">NULL</code>
5938
6018
</em></span>
5939
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563618"></a>
6019
</p></dd></dl></div></div><div class="section" title="usershare prefix allow list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570345"></a>
5940
6020
5941
6021
usershare prefix allow list (G)
5942
</h3></div></div></div><a class="indexterm" name="id2563619"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
6022
</h3></div></div></div><a class="indexterm" name="id2570346"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
5943
6023
the root of which are allowed to be exported by user defined share definitions.
5944
6024
If the pathname to be exported doesn't start with one of the strings in this
5945
6025
list, the user defined share will not be allowed. This allows the Samba
5954
6034
</em></span>
5955
6035
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix allow list</code></em> = <code class="literal">/home /data /space</code>
5956
6036
</em></span>
5957
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563690"></a>
6037
</p></dd></dl></div></div><div class="section" title="usershare prefix deny list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570418"></a>
5958
6038
5959
6039
usershare prefix deny list (G)
5960
</h3></div></div></div><a class="indexterm" name="id2563692"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
6040
</h3></div></div></div><a class="indexterm" name="id2570419"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
5961
6041
the root of which are NOT allowed to be exported by user defined share definitions.
5962
6042
If the pathname exported starts with one of the strings in this
5963
6043
list the user defined share will not be allowed. Any pathname not
5973
6053
</em></span>
5974
6054
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix deny list</code></em> = <code class="literal">/etc /dev /private</code>
5975
6055
</em></span>
5976
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563765"></a>
6056
</p></dd></dl></div></div><div class="section" title="usershare template share (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570492"></a>
5977
6057
5978
6058
usershare template share (G)
5979
</h3></div></div></div><a class="indexterm" name="id2563766"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters
6059
</h3></div></div></div><a class="indexterm" name="id2570493"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters
5980
6060
such as path, guest ok, etc. This parameter allows usershares to
5981
6061
"cloned" from an existing share. If "usershare template share"
5982
6062
is set to the name of an existing share, then all usershares
5991
6071
</em></span>
5992
6072
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare template share</code></em> = <code class="literal">template_share</code>
5993
6073
</em></span>
5994
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563838"></a>
6074
</p></dd></dl></div></div><div class="section" title="use sendfile (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570565"></a>
5995
6075
5996
6076
use sendfile (S)
5997
</h3></div></div></div><a class="indexterm" name="id2563839"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>
6077
</h3></div></div></div><a class="indexterm" name="id2570566"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>
5998
6078
system call is supported by the underlying operating system, then some SMB read calls
5999
6079
(mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that
6000
6080
are exclusively oplocked. This may make more efficient use of the system CPU's
6003
6083
Windows 9x (using sendfile from Linux will cause these clients to fail).
6004
6084
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use sendfile</code></em> = <code class="literal">false</code>
6005
6085
</em></span>
6006
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563896"></a>
6086
</p></dd></dl></div></div><div class="section" title="use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570623"></a>
6007
6087
6008
6088
use spnego (G)
6009
</h3></div></div></div><a class="indexterm" name="id2563897"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This variable controls controls whether samba will try
6089
</h3></div></div></div><a class="indexterm" name="id2570624"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This variable controls controls whether samba will try
6010
6090
to use Simple and Protected NEGOciation (as specified by rfc2478) with
6011
6091
WindowsXP and Windows2000 clients to agree upon an authentication mechanism.
6012
6092
</p><p>
6014
6094
implementation, there is no reason this should ever be
6015
6095
disabled.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use spnego</code></em> = <code class="literal">yes</code>
6016
6096
</em></span>
6017
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563945"></a>
6097
</p></dd></dl></div></div><div class="section" title="utmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570672"></a>
6018
6098
6019
6099
utmp directory (G)
6020
</h3></div></div></div><a class="indexterm" name="id2563946"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has
6100
</h3></div></div></div><a class="indexterm" name="id2570673"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has
6021
6101
been configured and compiled with the option <code class="literal">
6022
6102
--with-utmp</code>. It specifies a directory pathname that is
6023
6103
used to store the utmp or utmpx files (depending on the UNIX system) that
6029
6109
</em></span>
6030
6110
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>utmp directory</code></em> = <code class="literal">/var/run/utmp</code>
6031
6111
</em></span>
6032
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564023"></a>
6112
</p></dd></dl></div></div><div class="section" title="utmp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570750"></a>
6033
6113
6034
6114
utmp (G)
6035
</h3></div></div></div><a class="indexterm" name="id2564024"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
6115
</h3></div></div></div><a class="indexterm" name="id2570751"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
6036
6116
This boolean parameter is only available if Samba has been configured and compiled
6037
6117
with the option <code class="literal">--with-utmp</code>. If set to
6038
6118
<code class="constant">yes</code> then Samba will attempt to add utmp or utmpx records
6044
6124
to find this number. This may impede performance on large installations.
6045
6125
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>utmp</code></em> = <code class="literal">no</code>
6046
6126
</em></span>
6047
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564086"></a>
6127
</p></dd></dl></div></div><div class="section" title="valid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570813"></a>
6048
6128
6049
6129
valid users (S)
6050
</h3></div></div></div><a class="indexterm" name="id2564087"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>
6130
</h3></div></div></div><a class="indexterm" name="id2570814"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>
6051
6131
This is a list of users that should be allowed to login to this service. Names starting with
6052
6132
'@', '+' and '&' are interpreted using the same rules as described in the
6053
6133
<em class="parameter"><code>invalid users</code></em> parameter.
6063
6143
</em></span>
6064
6144
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>valid users</code></em> = <code class="literal">greg, @pcusers</code>
6065
6145
</em></span>
6066
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564177"></a>
6146
</p></dd></dl></div></div><div class="section" title="-valid (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570904"></a>
6067
6147
6068
6148
-valid (S)
6069
</h3></div></div></div><a class="indexterm" name="id2564178"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is
6149
</h3></div></div></div><a class="indexterm" name="id2570905"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is
6070
6150
valid and thus can be used. When this parameter is set to false,
6071
6151
the share will be in no way visible nor accessible.
6072
6152
</p><p>
6075
6155
Samba uses this option internally to mark shares as deleted.
6076
6156
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>-valid</code></em> = <code class="literal">yes</code>
6077
6157
</em></span>
6078
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564227"></a>
6158
</p></dd></dl></div></div><div class="section" title="veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570954"></a>
6079
6159
6080
6160
veto files (S)
6081
</h3></div></div></div><a class="indexterm" name="id2564228"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
6161
</h3></div></div></div><a class="indexterm" name="id2570955"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
6082
6162
This is a list of files and directories that are neither visible nor accessible. Each entry in
6083
6163
the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?'
6084
6164
can be used to specify multiple files or directories as in DOS wildcards.
6109
6189
</pre><p>
6110
6190
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>veto files</code></em> = <code class="literal">No files or directories are vetoed.</code>
6111
6191
</em></span>
6112
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564346"></a>
6192
</p></dd></dl></div></div><div class="section" title="veto oplock files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571073"></a>
6113
6193
6114
6194
veto oplock files (S)
6115
</h3></div></div></div><a class="indexterm" name="id2564347"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
6195
</h3></div></div></div><a class="indexterm" name="id2571074"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
6116
6196
This parameter is only valid when the <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
6117
6197
parameter is turned on for a share. It allows the Samba administrator
6118
6198
to selectively turn off the granting of oplocks on selected files that
6133
6213
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>veto oplock files</code></em> = <code class="literal">
6134
6214
# No files are vetoed for oplock grants</code>
6135
6215
</em></span>
6136
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564439"></a>
6216
</p></dd></dl></div></div><div class="section" title="vfs object"><div class="titlepage"><div><div><h3 class="title"><a name="id2571166"></a>
6137
6217
6138
6218
<a name="VFSOBJECT"></a>vfs object
6139
</h3></div></div></div><a class="indexterm" name="id2564440"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564471"></a>
6219
</h3></div></div></div><a class="indexterm" name="id2571167"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" title="vfs objects (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571198"></a>
6140
6220
6141
6221
vfs objects (S)
6142
</h3></div></div></div><a class="indexterm" name="id2564472"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which
6222
</h3></div></div></div><a class="indexterm" name="id2571199"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which
6143
6223
are used for Samba VFS I/O operations. By default, normal
6144
6224
disk I/O operations are used but these can be overloaded
6145
6225
with one or more VFS objects. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>vfs objects</code></em> = <code class="literal"></code>
6146
6226
</em></span>
6147
6227
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>vfs objects</code></em> = <code class="literal">extd_audit recycle</code>
6148
6228
</em></span>
6149
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564531"></a>
6229
</p></dd></dl></div></div><div class="section" title="volume (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571258"></a>
6150
6230
6151
6231
volume (S)
6152
</h3></div></div></div><a class="indexterm" name="id2564532"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label
6232
</h3></div></div></div><a class="indexterm" name="id2571259"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label
6153
6233
returned for a share. Useful for CDROMs with installation programs
6154
6234
that insist on a particular volume label.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>volume</code></em> = <code class="literal">
6155
6235
# the name of the share</code>
6156
6236
</em></span>
6157
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564574"></a>
6237
</p></dd></dl></div></div><div class="section" title="wide links (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571301"></a>
6158
6238
6159
6239
wide links (S)
6160
</h3></div></div></div><a class="indexterm" name="id2564575"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links
6240
</h3></div></div></div><a class="indexterm" name="id2571302"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links
6161
6241
in the UNIX file system may be followed by the server. Links
6162
6242
that point to areas within the directory tree exported by the
6163
6243
server are always allowed; this parameter controls access only
6165
6245
effect on your server performance due to the extra system calls
6166
6246
that Samba has to do in order to perform the link checks.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wide links</code></em> = <code class="literal">yes</code>
6167
6247
</em></span>
6168
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564626"></a>
6248
</p></dd></dl></div></div><div class="section" title="winbind cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571354"></a>
6169
6249
6170
6250
winbind cache time (G)
6171
</h3></div></div></div><a class="indexterm" name="id2564628"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6251
</h3></div></div></div><a class="indexterm" name="id2571355"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6172
6252
seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will cache
6173
6253
user and group information before querying a Windows NT server
6174
6254
again.</p><p>
6176
6256
evaluated in real time unless the <a class="link" href="smb.conf.5.html#WINBINDOFFLINELOGON" target="_top">winbind offline logon</a> option has been enabled.
6177
6257
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind cache time</code></em> = <code class="literal">300</code>
6178
6258
</em></span>
6179
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564698"></a>
6259
</p></dd></dl></div></div><div class="section" title="winbind enum groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571425"></a>
6180
6260
6181
6261
winbind enum groups (G)
6182
</h3></div></div></div><a class="indexterm" name="id2564699"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
6262
</h3></div></div></div><a class="indexterm" name="id2571426"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
6183
6263
the enumeration of groups through the <code class="literal">setgrent()</code>,
6184
6264
<code class="literal">getgrent()</code> and
6185
6265
<code class="literal">endgrent()</code> group of system calls. If
6186
6266
the <em class="parameter"><code>winbind enum groups</code></em> parameter is
6187
6267
<code class="constant">no</code>, calls to the <code class="literal">getgrent()</code> system
6188
call will not return any data. </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off group enumeration may cause some programs to behave oddly. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum groups</code></em> = <code class="literal">no</code>
6268
call will not return any data. </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off group enumeration may cause some programs to behave oddly. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum groups</code></em> = <code class="literal">no</code>
6189
6269
</em></span>
6190
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564789"></a>
6270
</p></dd></dl></div></div><div class="section" title="winbind enum users (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571516"></a>
6191
6271
6192
6272
winbind enum users (G)
6193
</h3></div></div></div><a class="indexterm" name="id2564790"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be
6273
</h3></div></div></div><a class="indexterm" name="id2571517"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be
6194
6274
necessary to suppress the enumeration of users through the <code class="literal">setpwent()</code>,
6195
6275
<code class="literal">getpwent()</code> and
6196
6276
<code class="literal">endpwent()</code> group of system calls. If
6197
6277
the <em class="parameter"><code>winbind enum users</code></em> parameter is
6198
6278
<code class="constant">no</code>, calls to the <code class="literal">getpwent</code> system call
6199
will not return any data. </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off user
6279
will not return any data. </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off user
6200
6280
enumeration may cause some programs to behave oddly. For
6201
6281
example, the finger program relies on having access to the
6202
6282
full user list when searching for matching
6203
6283
usernames. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum users</code></em> = <code class="literal">no</code>
6204
6284
</em></span>
6205
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564882"></a>
6285
</p></dd></dl></div></div><div class="section" title="winbind expand groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571609"></a>
6206
6286
6207
6287
winbind expand groups (G)
6208
</h3></div></div></div><a class="indexterm" name="id2564883"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd
6288
</h3></div></div></div><a class="indexterm" name="id2571610"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd
6209
6289
will traverse when flattening nested group memberships
6210
6290
of Windows domain groups. This is different from the
6211
6291
<a class="link" href="smb.conf.5.html#WINBINDNESTEDGROUPS" target="_top">winbind nested groups</a> option
6217
6297
must perform the group unrolling and will be unable to answer
6218
6298
incoming NSS or authentication requests during this time.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind expand groups</code></em> = <code class="literal">1</code>
6219
6299
</em></span>
6220
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564951"></a>
6300
</p></dd></dl></div></div><div class="section" title="winbind nested groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571678"></a>
6221
6301
6222
6302
winbind nested groups (G)
6223
</h3></div></div></div><a class="indexterm" name="id2564952"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested
6303
</h3></div></div></div><a class="indexterm" name="id2571679"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested
6224
6304
groups. Nested groups are also called local groups or
6225
6305
aliases. They work like their counterparts in Windows: Nested
6226
6306
groups are defined locally on any machine (they are shared
6228
6308
global groups from any trusted SAM. To be able to use nested
6229
6309
groups, you need to run nss_winbind.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind nested groups</code></em> = <code class="literal">yes</code>
6230
6310
</em></span>
6231
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565001"></a>
6311
</p></dd></dl></div></div><div class="section" title="winbind normalize names (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571736"></a>
6232
6312
6233
6313
winbind normalize names (G)
6234
</h3></div></div></div><a class="indexterm" name="id2565002"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace
6314
</h3></div></div></div><a class="indexterm" name="id2571738"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace
6235
6315
whitespace in user and group names with an underscore (_) character.
6236
6316
For example, whether the name "Space Kadet" should be
6237
6317
replaced with the string "space_kadet".
6251
6331
</em></span>
6252
6332
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind normalize names</code></em> = <code class="literal">yes</code>
6253
6333
</em></span>
6254
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565086"></a>
6334
</p></dd></dl></div></div><div class="section" title="winbind nss info (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571814"></a>
6255
6335
6256
6336
winbind nss info (G)
6257
</h3></div></div></div><a class="indexterm" name="id2565087"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name
6337
</h3></div></div></div><a class="indexterm" name="id2571815"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name
6258
6338
Service Information to construct a user's home directory and login shell.
6259
6339
Currently the following settings are available:
6260
6340
6261
</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>template</code></em>
6341
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>template</code></em>
6262
6342
- The default, using the parameters of <em class="parameter"><code>template
6263
6343
shell</code></em> and <em class="parameter"><code>template homedir</code></em>)
6264
</p></li><li><p><em class="parameter"><code><sfu | rfc2307 ></code></em>
6344
</p></li><li class="listitem"><p><em class="parameter"><code><sfu | rfc2307 ></code></em>
6265
6345
- When Samba is running in security = ads and your Active Directory
6266
6346
Domain Controller does support the Microsoft "Services for Unix" (SFU)
6267
6347
LDAP schema, winbind can retrieve the login shell and the home
6276
6356
</em></span>
6277
6357
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind nss info</code></em> = <code class="literal">template sfu</code>
6278
6358
</em></span>
6279
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565206"></a>
6359
</p></dd></dl></div></div><div class="section" title="winbind offline logon (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571934"></a>
6280
6360
6281
6361
winbind offline logon (G)
6282
</h3></div></div></div><a class="indexterm" name="id2565207"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should
6362
</h3></div></div></div><a class="indexterm" name="id2571935"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should
6283
6363
allow to login with the <em class="parameter"><code>pam_winbind</code></em>
6284
6364
module using Cached Credentials. If enabled, winbindd will store user credentials
6285
6365
from successful logins encrypted in a local cache.
6287
6367
</em></span>
6288
6368
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind offline logon</code></em> = <code class="literal">true</code>
6289
6369
</em></span>
6290
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565275"></a>
6370
</p></dd></dl></div></div><div class="section" title="winbind reconnect delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572003"></a>
6291
6371
6292
6372
winbind reconnect delay (G)
6293
</h3></div></div></div><a class="indexterm" name="id2565276"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6373
</h3></div></div></div><a class="indexterm" name="id2572004"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6294
6374
seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will wait between
6295
6375
attempts to contact a Domain controller for a domain that is
6296
6376
determined to be down or not contactable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind reconnect delay</code></em> = <code class="literal">30</code>
6297
6377
</em></span>
6298
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565328"></a>
6378
</p></dd></dl></div></div><div class="section" title="winbind refresh tickets (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572056"></a>
6299
6379
6300
6380
winbind refresh tickets (G)
6301
</h3></div></div></div><a class="indexterm" name="id2565329"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets
6381
</h3></div></div></div><a class="indexterm" name="id2572057"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets
6302
6382
retrieved using the <em class="parameter"><code>pam_winbind</code></em> module.
6303
6383
6304
6384
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind refresh tickets</code></em> = <code class="literal">false</code>
6305
6385
</em></span>
6306
6386
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind refresh tickets</code></em> = <code class="literal">true</code>
6307
6387
</em></span>
6308
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565395"></a>
6388
</p></dd></dl></div></div><div class="section" title="winbind rpc only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572123"></a>
6309
6389
6310
6390
winbind rpc only (G)
6311
</h3></div></div></div><a class="indexterm" name="id2565396"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6391
</h3></div></div></div><a class="indexterm" name="id2572124"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6312
6392
Setting this parameter to <code class="literal">yes</code> forces
6313
6393
winbindd to use RPC instead of LDAP to retrieve information from Domain
6314
6394
Controllers.
6315
6395
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind rpc only</code></em> = <code class="literal">no</code>
6316
6396
</em></span>
6317
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565443"></a>
6397
</p></dd></dl></div></div><div class="section" title="winbind separator (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572172"></a>
6318
6398
6319
6399
winbind separator (G)
6320
</h3></div></div></div><a class="indexterm" name="id2565444"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character
6400
</h3></div></div></div><a class="indexterm" name="id2572173"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character
6321
6401
used when listing a username of the form of <em class="replaceable"><code>DOMAIN
6322
6402
</code></em>\<em class="replaceable"><code>user</code></em>. This parameter
6323
6403
is only applicable when using the <code class="filename">pam_winbind.so</code>
6328
6408
</em></span>
6329
6409
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind separator</code></em> = <code class="literal">+</code>
6330
6410
</em></span>
6331
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565531"></a>
6411
</p></dd></dl></div></div><div class="section" title="winbind trusted domains only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572259"></a>
6332
6412
6333
6413
winbind trusted domains only (G)
6334
</h3></div></div></div><a class="indexterm" name="id2565532"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6414
</h3></div></div></div><a class="indexterm" name="id2572260"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6335
6415
This parameter is designed to allow Samba servers that are members
6336
6416
of a Samba controlled domain to use UNIX accounts distributed via NIS,
6337
6417
rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
6342
6422
Refer to the <a class="citerefentry" href="idmap_nss.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_nss</span>(8)</span></a> man page for more information.
6343
6423
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind trusted domains only</code></em> = <code class="literal">no</code>
6344
6424
</em></span>
6345
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565598"></a>
6425
</p></dd></dl></div></div><div class="section" title="winbind use default domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572326"></a>
6346
6426
6347
6427
winbind use default domain (G)
6348
</h3></div></div></div><a class="indexterm" name="id2565599"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the
6428
</h3></div></div></div><a class="indexterm" name="id2572328"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the
6349
6429
<a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon should operate on users
6350
6430
without domain component in their username. Users without a domain
6351
6431
component are treated as is part of the winbindd server's own
6355
6435
</em></span>
6356
6436
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind use default domain</code></em> = <code class="literal">yes</code>
6357
6437
</em></span>
6358
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565671"></a>
6438
</p></dd></dl></div></div><div class="section" title="wins hook (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572399"></a>
6359
6439
6360
6440
wins hook (G)
6361
</h3></div></div></div><a class="indexterm" name="id2565672"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this
6441
</h3></div></div></div><a class="indexterm" name="id2572400"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this
6362
6442
allows you to call an external program for all changes to the
6363
6443
WINS database. The primary use for this option is to allow the
6364
6444
dynamic update of external name resolution databases such as
6365
6445
dynamic DNS.</p><p>The wins hook parameter specifies the name of a script
6366
or executable that will be called as follows:</p><p><code class="literal">wins_hook operation name nametype ttl IP_list</code></p><div class="itemizedlist"><ul type="disc"><li><p>The first argument is the operation and is
6446
or executable that will be called as follows:</p><p><code class="literal">wins_hook operation name nametype ttl IP_list</code></p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>The first argument is the operation and is
6367
6447
one of "add", "delete", or
6368
6448
"refresh". In most cases the operation
6369
6449
can be ignored as the rest of the parameters
6370
6450
provide sufficient information. Note that
6371
6451
"refresh" may sometimes be called when
6372
6452
the name has not previously been added, in that
6373
case it should be treated as an add.</p></li><li><p>The second argument is the NetBIOS name. If the
6453
case it should be treated as an add.</p></li><li class="listitem"><p>The second argument is the NetBIOS name. If the
6374
6454
name is not a legal name then the wins hook is not called.
6375
6455
Legal names contain only letters, digits, hyphens, underscores
6376
and periods.</p></li><li><p>The third argument is the NetBIOS name
6377
type as a 2 digit hexadecimal number. </p></li><li><p>The fourth argument is the TTL (time to live)
6378
for the name in seconds.</p></li><li><p>The fifth and subsequent arguments are the IP
6456
and periods.</p></li><li class="listitem"><p>The third argument is the NetBIOS name
6457
type as a 2 digit hexadecimal number. </p></li><li class="listitem"><p>The fourth argument is the TTL (time to live)
6458
for the name in seconds.</p></li><li class="listitem"><p>The fifth and subsequent arguments are the IP
6379
6459
addresses currently registered for that name. If this list is
6380
6460
empty then the name should be deleted.</p></li></ul></div><p>An example script that calls the BIND dynamic DNS update
6381
6461
program <code class="literal">nsupdate</code> is provided in the examples
6382
directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565777"></a>
6462
directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="wins proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572506"></a>
6383
6463
6384
6464
wins proxy (G)
6385
</h3></div></div></div><a class="indexterm" name="id2565778"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name
6465
</h3></div></div></div><a class="indexterm" name="id2572507"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name
6386
6466
queries on behalf of other hosts. You may need to set this
6387
6467
to <code class="constant">yes</code> for some older clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins proxy</code></em> = <code class="literal">no</code>
6388
6468
</em></span>
6389
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565832"></a>
6469
</p></dd></dl></div></div><div class="section" title="wins server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572560"></a>
6390
6470
6391
6471
wins server (G)
6392
</h3></div></div></div><a class="indexterm" name="id2565833"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP
6472
</h3></div></div></div><a class="indexterm" name="id2572562"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP
6393
6473
address for preference) of the WINS server that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> should register with. If you have a WINS server on
6394
6474
your network then you should set this to the WINS server's IP.</p><p>You should point this at your WINS server if you have a
6395
6475
multi-subnetted network.</p><p>If you want to work in multiple namespaces, you can
6396
6476
give every wins server a 'tag'. For each tag, only one
6397
6477
(working) server will be queried for a name. The tag should be
6398
6478
separated from the ip address by a colon.
6399
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>You need to set up Samba to point
6479
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>You need to set up Samba to point
6400
6480
to a WINS server if you have multiple subnets and wish cross-subnet
6401
6481
browsing to work correctly.</p></div><p>See the chapter in the Samba3-HOWTO on Network Browsing.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins server</code></em> = <code class="literal"></code>
6402
6482
</em></span>
6408
6488
</em></span>
6409
6489
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wins server</code></em> = <code class="literal">192.9.200.1 192.168.2.61</code>
6410
6490
</em></span>
6411
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565942"></a>
6491
</p></dd></dl></div></div><div class="section" title="wins support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572671"></a>
6412
6492
6413
6493
wins support (G)
6414
</h3></div></div></div><a class="indexterm" name="id2565943"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should
6494
</h3></div></div></div><a class="indexterm" name="id2572672"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should
6415
6495
not set this to <code class="constant">yes</code> unless you have a multi-subnetted network and
6416
6496
you wish a particular <code class="literal">nmbd</code> to be your WINS server.
6417
6497
Note that you should <span class="emphasis"><em>NEVER</em></span> set this to <code class="constant">yes</code>
6418
6498
on more than one machine in your network.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins support</code></em> = <code class="literal">no</code>
6419
6499
</em></span>
6420
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566012"></a>
6500
</p></dd></dl></div></div><div class="section" title="workgroup (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572740"></a>
6421
6501
6422
6502
workgroup (G)
6423
</h3></div></div></div><a class="indexterm" name="id2566013"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will
6503
</h3></div></div></div><a class="indexterm" name="id2572741"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will
6424
6504
appear to be in when queried by clients. Note that this parameter
6425
6505
also controls the Domain name used with
6426
6506
the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a>
6428
6508
</em></span>
6429
6509
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = <code class="literal">MYGROUP</code>
6430
6510
</em></span>
6431
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566084"></a>
6511
</p></dd></dl></div></div><div class="section" title="writable"><div class="titlepage"><div><div><h3 class="title"><a name="id2572812"></a>
6432
6512
6433
6513
<a name="WRITABLE"></a>writable
6434
</h3></div></div></div><a class="indexterm" name="id2566085"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566116"></a>
6514
</h3></div></div></div><a class="indexterm" name="id2572813"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" title="writeable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572843"></a>
6435
6515
6436
6516
writeable (S)
6437
</h3></div></div></div><a class="indexterm" name="id2566117"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>
6517
</h3></div></div></div><a class="indexterm" name="id2572844"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>
6438
6518
</em></span>
6439
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566167"></a>
6519
</p></dd></dl></div></div><div class="section" title="write cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572895"></a>
6440
6520
6441
6521
write cache size (S)
6442
</h3></div></div></div><a class="indexterm" name="id2566168"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,
6522
</h3></div></div></div><a class="indexterm" name="id2572896"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,
6443
6523
Samba will create an in-memory cache for each oplocked file
6444
6524
(it does <span class="emphasis"><em>not</em></span> do this for
6445
6525
non-oplocked files). All writes that the client does not request
6457
6537
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>write cache size</code></em> = <code class="literal">262144
6458
6538
# for a 256k cache size per file</code>
6459
6539
</em></span>
6460
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566250"></a>
6540
</p></dd></dl></div></div><div class="section" title="write list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572979"></a>
6461
6541
6462
6542
write list (S)
6463
</h3></div></div></div><a class="indexterm" name="id2566251"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
6543
</h3></div></div></div><a class="indexterm" name="id2572980"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
6464
6544
This is a list of users that are given read-write access to a service. If the
6465
6545
connecting user is in this list then they will be given write access, no matter
6466
6546
what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set to. The list can
6475
6555
</em></span>
6476
6556
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>write list</code></em> = <code class="literal">admin, root, @staff</code>
6477
6557
</em></span>
6478
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566343"></a>
6558
</p></dd></dl></div></div><div class="section" title="write raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2573072"></a>
6479
6559
6480
6560
write raw (G)
6481
</h3></div></div></div><a class="indexterm" name="id2566344"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
6561
</h3></div></div></div><a class="indexterm" name="id2573073"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
6482
6562
will support raw write SMB's when transferring data from clients.
6483
6563
You should never need to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>write raw</code></em> = <code class="literal">yes</code>
6484
6564
</em></span>
6485
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566387"></a>
6565
</p></dd></dl></div></div><div class="section" title="wtmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2573116"></a>
6486
6566
6487
6567
wtmp directory (G)
6488
</h3></div></div></div><a class="indexterm" name="id2566388"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6568
</h3></div></div></div><a class="indexterm" name="id2573117"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6489
6569
This parameter is only available if Samba has been configured and compiled with the option <code class="literal">
6490
6570
--with-utmp</code>. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on
6491
6571
the UNIX system) that record user connections to a Samba server. The difference with the utmp directory is the fact
6497
6577
</em></span>
6498
6578
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wtmp directory</code></em> = <code class="literal">/var/log/wtmp</code>
6499
6579
</em></span>
6500
</p></dd></dl></div></div></div></div><div class="refsect1" lang="en"><a name="id2566471"></a><h2>WARNINGS</h2><p>
6580
</p></dd></dl></div></div></div></div><div class="refsect1" title="WARNINGS"><a name="id2573200"></a><h2>WARNINGS</h2><p>
6501
6581
Although the configuration file permits service names to contain spaces, your client software may not.
6502
6582
Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.
6503
6583
</p><p>
6510
6590
for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme
6511
6591
care when designing these sections. In particular, ensure that the permissions on spool directories are
6512
6592
correct.
6513
</p></div><div class="refsect1" lang="en"><a name="id2566521"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2566532"></a><h2>SEE ALSO</h2><p>
6514
<a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id2566611"></a><h2>AUTHOR</h2><p>
6593
</p></div><div class="refsect1" title="VERSION"><a name="id2573250"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id2573260"></a><h2>SEE ALSO</h2><p>
6594
<a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" title="AUTHOR"><a name="id2573340"></a><h2>AUTHOR</h2><p>
6515
6595
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
6516
6596
by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
6517
6597
</p><p>
Loggerhead is a web-based interface for Breezy
Version: 2.0.1