1
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smb.conf</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smb.conf.5"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smb.conf — The configuration file for the Samba suite</p></div><div class="refsect1" lang="en"><a name="id2522915"></a><h2>SYNOPSIS</h2><p>
1
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smb.conf</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="smb.conf"><a name="smb.conf.5"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smb.conf — The configuration file for the Samba suite</p></div><div class="refsect1" title="SYNOPSIS"><a name="id2528887"></a><h2>SYNOPSIS</h2><p>
2
2
The <code class="filename">smb.conf</code> file is a configuration file for the Samba suite. <code class="filename">smb.conf</code> contains runtime configuration information for the Samba programs. The
3
3
<code class="filename">smb.conf</code> file is designed to be configured and administered by the
4
4
<a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a> program. The
5
5
complete description of the file format and possible parameters held within are here for reference purposes.
6
</p></div><div class="refsect1" lang="en"><a name="FILEFORMATSECT"></a><h2>FILE FORMAT</h2><p>
6
</p></div><div class="refsect1" title="FILE FORMAT"><a name="FILEFORMATSECT"></a><h2>FILE FORMAT</h2><p>
7
7
The file consists of sections and parameters. A section begins with the name of the section in square brackets
8
8
and continues until the next section begins. Sections contain parameters of the form:
9
9
</p><pre class="programlisting">
18
18
and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value is
21
Any line beginning with a semicolon (“<span class="quote">;</span>”) or a hash (“<span class="quote">#</span>”)
21
Any line beginning with a semicolon (<span class="quote">“<span class="quote">;</span>”</span>) or a hash (<span class="quote">“<span class="quote">#</span>”</span>)
22
22
character is ignored, as are lines containing only whitespace.
24
Any line ending in a “<span class="quote"><code class="literal">\</code></span>” is continued on the next line in the customary UNIX fashion.
24
Any line ending in a <span class="quote">“<span class="quote"><code class="literal">\</code></span>”</span> is continued on the next line in the customary UNIX fashion.
26
26
The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean,
27
27
which may be given as yes/no, 1/0 or true/false. Case is not significant in boolean values, but is preserved
28
28
in string values. Some items such as create masks are numeric.
29
</p></div><div class="refsect1" lang="en"><a name="id2483408"></a><h2>SECTION DESCRIPTIONS</h2><p>
29
</p></div><div class="refsect1" title="SECTION DESCRIPTIONS"><a name="id2489374"></a><h2>SECTION DESCRIPTIONS</h2><p>
30
30
Each section in the configuration file (except for the [global] section) describes a shared resource (known as
31
a “<span class="quote">share</span>”). The section name is the name of the shared resource and the parameters within the
31
a <span class="quote">“<span class="quote">share</span>”</span>). The section name is the name of the shared resource and the parameters within the
32
32
section define the shares attributes.
34
34
There are three special sections, [global], [homes] and [printers], which are described under
69
69
<a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable = yes</a>
70
70
<a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok = yes</a>
72
</p></div><div class="refsect1" lang="en"><a name="id2481484"></a><h2>SPECIAL SECTIONS</h2><div class="refsect2" lang="en"><a name="id2481490"></a><h3>The [global] section</h3><p>
72
</p></div><div class="refsect1" title="SPECIAL SECTIONS"><a name="id2487452"></a><h2>SPECIAL SECTIONS</h2><div class="refsect2" title="The [global] section"><a name="id2487457"></a><h3>The [global] section</h3><p>
73
73
Parameters in this section apply to the server as a whole, or are defaults for sections that do not
74
74
specifically define certain items. See the notes under PARAMETERS for more information.
75
</p></div><div class="refsect2" lang="en"><a name="HOMESECT"></a><h3>The [homes] section</h3><p>
75
</p></div><div class="refsect2" title="The [homes] section"><a name="HOMESECT"></a><h3>The [homes] section</h3><p>
76
76
If a section called [homes] is included in the configuration file, services connecting clients
77
77
to their home directories can be created on the fly by the server.
157
157
An alias, by the way, is defined as any component of the first entry of a printcap record. Records are separated by newlines,
158
158
components (if there are more than one) are separated by vertical bar symbols (<code class="literal">|</code>).
159
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
159
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
160
160
On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use
161
161
<code class="literal">printcap name = lpstat</code> to automatically obtain a list of printers. See the
162
162
<code class="literal">printcap name</code> option for more details.
163
</p></div></div></div><div class="refsect1" lang="en"><a name="id2481804"></a><h2>USERSHARES</h2><p>Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete
163
</p></div></div></div><div class="refsect1" title="USERSHARES"><a name="id2487774"></a><h2>USERSHARES</h2><p>Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete
164
164
their own share definitions has been added. This capability is called <span class="emphasis"><em>usershares</em></span> and
165
165
is controlled by a set of parameters in the [global] section of the smb.conf.
166
166
The relevant parameters are :
196
196
Parameters are arranged here in alphabetical order - this may not create best bedfellows, but at least you can
197
197
find them! Where there are synonyms, the preferred synonym is described, others refer to the preferred
199
</p></div><div class="refsect1" lang="en"><a name="id2532544"></a><h2>VARIABLE SUBSTITUTIONS</h2><p>
199
</p></div><div class="refsect1" title="VARIABLE SUBSTITUTIONS"><a name="id2538515"></a><h2>VARIABLE SUBSTITUTIONS</h2><p>
200
200
Many of the strings that are settable in the config file can take substitutions. For example the option
201
“<span class="quote">path = /tmp/%u</span>” is interpreted as “<span class="quote">path = /tmp/john</span>” if the user connected with the
201
<span class="quote">“<span class="quote">path = /tmp/%u</span>”</span> is interpreted as <span class="quote">“<span class="quote">path = /tmp/john</span>”</span> if the user connected with the
204
204
These substitutions are mostly noted in the descriptions below, but there are some general substitutions
276
276
options are set as follows, "case sensitive = yes", "case preserve = no", "short preserve case = no"
277
277
then the "default case" option will be applied and will modify all filenames sent from the client
278
278
when accessing this share.
279
</p></div><div class="refsect1" lang="en"><a name="VALIDATIONSECT"></a><h2>NOTE ABOUT USERNAME/PASSWORD VALIDATION</h2><p>
279
</p></div><div class="refsect1" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION"><a name="VALIDATIONSECT"></a><h2>NOTE ABOUT USERNAME/PASSWORD VALIDATION</h2><p>
280
280
There are a number of ways in which a user can connect to a service. The server uses the following steps
281
281
in determining if it will allow a connection to a specified service. If all the steps fail, the connection
282
282
request is rejected. However, if one of the steps succeeds, the following steps are not checked.
284
If the service is marked “<span class="quote">guest only = yes</span>” and the server is running with share-level
285
security (“<span class="quote">security = share</span>”, steps 1 to 5 are skipped.
286
</p><div class="orderedlist"><ol type="1"><li><p>
284
If the service is marked <span class="quote">“<span class="quote">guest only = yes</span>”</span> and the server is running with share-level
285
security (<span class="quote">“<span class="quote">security = share</span>”</span>, steps 1 to 5 are skipped.
286
</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
287
287
If the client has passed a username/password pair and that username/password pair is validated by the UNIX
288
288
system's password programs, the connection is made as that username. This includes the
289
289
<code class="literal">\\server\service</code>%<em class="replaceable"><code>username</code></em> method of passing a username.
290
</p></li><li class="listitem"><p>
291
291
If the client has previously registered a username with the system and now supplies a correct password for that
292
292
username, the connection is allowed.
293
</p></li><li class="listitem"><p>
294
294
The client's NetBIOS name and any previously used usernames are checked against the supplied password. If
295
295
they match, the connection is allowed as the corresponding user.
296
</p></li><li class="listitem"><p>
297
297
If the client has previously validated a username/password pair with the server and the client has passed
298
298
the validation token, that username is used.
299
</p></li><li class="listitem"><p>
300
300
If a <code class="literal">user = </code> field is given in the <code class="filename">smb.conf</code> file for the
301
301
service and the client has supplied a password, and that password matches (according to the UNIX system's
302
302
password checking) with one of the usernames from the <code class="literal">user =</code> field, the connection is made as
303
303
the username in the <code class="literal">user =</code> line. If one of the usernames in the <code class="literal">user =</code> list
304
304
begins with a <code class="literal">@</code>, that name expands to a list of names in the group of the same name.
305
</p></li><li class="listitem"><p>
306
306
If the service is a guest service, a connection is made as the username given in the <code class="literal">guest account
307
307
=</code> for the service, irrespective of the supplied password.
308
</p></li></ol></div></div><div class="refsect1" lang="en"><a name="id2533244"></a><h2>REGISTRY-BASED CONFIGURATION</h2><p>
308
</p></li></ol></div></div><div class="refsect1" title="REGISTRY-BASED CONFIGURATION"><a name="id2539216"></a><h2>REGISTRY-BASED CONFIGURATION</h2><p>
309
309
Starting with Samba version 3.2.0, the capability to
310
310
store Samba configuration in the registry is available.
311
311
The configuration is stored in the registry key
312
312
<span class="emphasis"><em><code class="literal">HKLM\Software\Samba\smbconf</code></em></span>.
313
313
There are two levels of registry configuration:
314
</p><div class="orderedlist"><ol type="1"><li><p>Share definitions stored in registry are used.
314
</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Share definitions stored in registry are used.
315
315
This is triggered by setting the global
316
316
parameter <em class="parameter"><code>registry shares</code></em>
317
to “<span class="quote">yes</span>” in <span class="emphasis"><em>smb.conf</em></span>.
317
to <span class="quote">“<span class="quote">yes</span>”</span> in <span class="emphasis"><em>smb.conf</em></span>.
318
318
</p><p>The registry shares are loaded not at startup but
319
319
on demand at runtime by <span class="emphasis"><em>smbd</em></span>.
320
320
Shares defined in <span class="emphasis"><em>smb.conf</em></span> take
321
321
priority over shares of the same name defined in
322
registry.</p></li><li><p>Global <span class="emphasis"><em>smb.conf</em></span>
322
registry.</p></li><li class="listitem"><p>Global <span class="emphasis"><em>smb.conf</em></span>
323
323
options stored in registry are used. This can be activated
324
324
in two different ways:</p><p>Firstly, a registry only configuration is triggered
360
360
registry based configuration locally, i.e. directly
361
361
accessing the database file, circumventing the
363
</p></div><div class="refsect1" lang="en"><a name="id2533419"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="section" lang="en"><div class="titlepage"></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533430"></a>
363
</p></div><div class="refsect1" title="EXPLANATION OF EACH PARAMETER"><a name="id2539391"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="section"><div class="titlepage"></div><div class="section" title="abort shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539402"></a>
365
365
abort shutdown script (G)
366
</h3></div></div></div><a class="indexterm" name="id2533431"></a><a name="ABORTSHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that
366
</h3></div></div></div><a class="indexterm" name="id2539403"></a><a name="ABORTSHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that
367
367
should stop a shutdown procedure issued by the <a class="link" href="smb.conf.5.html#SHUTDOWNSCRIPT" target="_top">shutdown script</a>.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>,
368
368
right, this command will be run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = <code class="literal">""</code>
370
370
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = <code class="literal">/sbin/shutdown -c</code>
372
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533509"></a>
372
</p></dd></dl></div></div><div class="section" title="access based share enum (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539481"></a>
374
374
access based share enum (S)
375
</h3></div></div></div><a class="indexterm" name="id2533510"></a><a name="ACCESSBASEDSHAREENUM"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for a
375
</h3></div></div></div><a class="indexterm" name="id2539482"></a><a name="ACCESSBASEDSHAREENUM"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for a
376
376
service, then the share hosted by the service will only be visible
377
377
to users who have read or write access to the share during share
378
378
enumeration (for example net view \\sambaserver). This has
381
381
descriptors on files contained on the share are not used in
382
382
computing enumeration access rights.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>access based share enum</code></em> = <code class="literal">no</code>
384
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533557"></a>
384
</p></dd></dl></div></div><div class="section" title="acl check permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539530"></a>
386
386
acl check permissions (S)
387
</h3></div></div></div><a class="indexterm" name="id2533558"></a><a name="ACLCHECKPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls what <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>does on receiving a protocol request of "open for delete"
387
</h3></div></div></div><a class="indexterm" name="id2539531"></a><a name="ACLCHECKPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls what <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>does on receiving a protocol request of "open for delete"
388
388
from a Windows client. If a Windows client doesn't have permissions to delete a file then they
389
389
expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by
390
390
actually attempting to delete the file or directory. As Windows clients can (and do) "back out" a
404
404
with slightly different semantics was introduced in 3.0.20. That older version is not documented here.
405
405
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl check permissions</code></em> = <code class="literal">True</code>
407
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533654"></a>
407
</p></dd></dl></div></div><div class="section" title="acl compatibility (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539626"></a>
409
409
acl compatibility (G)
410
</h3></div></div></div><a class="indexterm" name="id2533655"></a><a name="ACLCOMPATIBILITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies what OS ACL semantics should
410
</h3></div></div></div><a class="indexterm" name="id2539627"></a><a name="ACLCOMPATIBILITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies what OS ACL semantics should
411
411
be compatible with. Possible values are <span class="emphasis"><em>winnt</em></span> for Windows NT 4,
412
412
<span class="emphasis"><em>win2k</em></span> for Windows 2000 and above and <span class="emphasis"><em>auto</em></span>.
413
413
If you specify <span class="emphasis"><em>auto</em></span>, the value for this parameter
417
417
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>acl compatibility</code></em> = <code class="literal">win2k</code>
419
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533724"></a>
419
</p></dd></dl></div></div><div class="section" title="acl group control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539696"></a>
421
421
acl group control (S)
422
</h3></div></div></div><a class="indexterm" name="id2533725"></a><a name="ACLGROUPCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
422
</h3></div></div></div><a class="indexterm" name="id2539697"></a><a name="ACLGROUPCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
423
423
In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions
424
424
and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the
425
425
<span class="emphasis"><em>primary group owner</em></span> of a file or directory to modify the permissions and ACLs
446
446
<em class="parameter"><code>dos filemode</code></em> option.
447
447
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl group control</code></em> = <code class="literal">no</code>
449
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533820"></a>
449
</p></dd></dl></div></div><div class="section" title="acl map full control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539792"></a>
451
451
acl map full control (S)
452
</h3></div></div></div><a class="indexterm" name="id2533821"></a><a name="ACLMAPFULLCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
452
</h3></div></div></div><a class="indexterm" name="id2539793"></a><a name="ACLMAPFULLCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
453
453
This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum
454
454
allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX
455
455
ACE entry of "rwx" will be returned in a Windows ACL as "FULL CONTROL", is this parameter is set to false any
485
485
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add machine script</code></em> = <code class="literal">/usr/sbin/adduser -n -g machines -c Machine -d /var/lib/nobody -s /bin/false %u</code>
487
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534025"></a>
487
</p></dd></dl></div></div><div class="section" title="add port command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539997"></a>
489
489
add port command (G)
490
</h3></div></div></div><a class="indexterm" name="id2534026"></a><a name="ADDPORTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>Samba 3.0.23 introduced support for adding printer ports
490
</h3></div></div></div><a class="indexterm" name="id2539998"></a><a name="ADDPORTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>Samba 3.0.23 introduced support for adding printer ports
491
491
remotely using the Windows "Add Standard TCP/IP Port Wizard".
492
492
This option defines an external program to be executed when
493
493
smbd receives a request to add a new Port to the system.
494
The script is passed two parameters:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>port name</code></em></p></li><li><p><em class="parameter"><code>device URI</code></em></p></li></ul></div><p>The deviceURI is in the for of socket://<hostname>[:<portnumber>]
494
The script is passed two parameters:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>port name</code></em></p></li><li class="listitem"><p><em class="parameter"><code>device URI</code></em></p></li></ul></div><p>The deviceURI is in the for of socket://<hostname>[:<portnumber>]
495
495
or lpd://<hostname>/<queuename>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>add port command</code></em> = <code class="literal"></code>
497
497
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add port command</code></em> = <code class="literal">/etc/samba/scripts/addport.sh</code>
499
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534108"></a>
499
</p></dd></dl></div></div><div class="section" title="addprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540082"></a>
501
501
addprinter command (G)
502
</h3></div></div></div><a class="indexterm" name="id2534110"></a><a name="ADDPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing
502
</h3></div></div></div><a class="indexterm" name="id2540083"></a><a name="ADDPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing
503
503
support for Windows NT/2000 clients in Samba 2.2, The MS Add
504
504
Printer Wizard (APW) icon is now also available in the
505
505
"Printers..." folder displayed a share listing. The APW
550
550
When executed, <code class="literal">smbd</code> will automatically invoke the
551
551
<em class="parameter"><code>add share command</code></em> with five parameters.
552
</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>configFile</code></em> - the location of the global <code class="filename">smb.conf</code> file.
553
</p></li><li><p><em class="parameter"><code>shareName</code></em> - the name of the new share.
554
</p></li><li><p><em class="parameter"><code>pathName</code></em> - path to an **existing**
552
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>configFile</code></em> - the location of the global <code class="filename">smb.conf</code> file.
553
</p></li><li class="listitem"><p><em class="parameter"><code>shareName</code></em> - the name of the new share.
554
</p></li><li class="listitem"><p><em class="parameter"><code>pathName</code></em> - path to an **existing**
555
555
directory on disk.
556
</p></li><li><p><em class="parameter"><code>comment</code></em> - comment string to associate with the new
556
</p></li><li class="listitem"><p><em class="parameter"><code>comment</code></em> - comment string to associate with the new
558
</p></li><li><p><em class="parameter"><code>max
558
</p></li><li class="listitem"><p><em class="parameter"><code>max
559
559
connections</code></em>
560
560
Number of maximum simultaneous connections to this
604
604
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add user script</code></em> = <code class="literal">/usr/local/samba/bin/add_user %u</code>
606
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534694"></a>
606
</p></dd></dl></div></div><div class="section" title="add user to group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540666"></a>
608
608
add user to group script (G)
609
</h3></div></div></div><a class="indexterm" name="id2534695"></a><a name="ADDUSERTOGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
609
</h3></div></div></div><a class="indexterm" name="id2540667"></a><a name="ADDUSERTOGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
610
610
Full path to the script that will be called when a user is added to a group using the Windows NT domain administration
611
611
tools. It will be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
612
612
<span class="emphasis"><em>AS ROOT</em></span>. Any <em class="parameter"><code>%g</code></em> will be replaced with the group name and
619
619
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add user to group script</code></em> = <code class="literal">/usr/sbin/adduser %u %g</code>
621
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534780"></a>
621
</p></dd></dl></div></div><div class="section" title="administrative share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540753"></a>
623
623
administrative share (S)
624
</h3></div></div></div><a class="indexterm" name="id2534782"></a><a name="ADMINISTRATIVESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is set to <code class="constant">yes</code> for
624
</h3></div></div></div><a class="indexterm" name="id2540754"></a><a name="ADMINISTRATIVESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is set to <code class="constant">yes</code> for
625
625
a share, then the share will be an administrative share. The Administrative
626
626
Shares are the default network shares created by all Windows NT-based
627
627
operating systems. These are shares like C$, D$ or ADMIN$. The type of these
628
628
shares is STYPE_DISKTREE_HIDDEN.</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> for more
629
629
information about this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>administrative share</code></em> = <code class="literal">no</code>
631
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534839"></a>
631
</p></dd></dl></div></div><div class="section" title="admin users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540811"></a>
634
</h3></div></div></div><a class="indexterm" name="id2534840"></a><a name="ADMINUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users who will be granted
634
</h3></div></div></div><a class="indexterm" name="id2540812"></a><a name="ADMINUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users who will be granted
635
635
administrative privileges on the share. This means that they
636
636
will do all file operations as the super-user (root).</p><p>You should use this option very carefully, as any user in
637
637
this list will be able to do anything they like on the share,
641
641
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>admin users</code></em> = <code class="literal">jason</code>
643
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534911"></a>
643
</p></dd></dl></div></div><div class="section" title="afs share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540883"></a>
646
</h3></div></div></div><a class="indexterm" name="id2534912"></a><a name="AFSSHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether special AFS features are enabled
646
</h3></div></div></div><a class="indexterm" name="id2540884"></a><a name="AFSSHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether special AFS features are enabled
647
647
for this share. If enabled, it assumes that the directory exported via
648
648
the <em class="parameter"><code>path</code></em> parameter is a local AFS import. The
649
649
special AFS features include the attempt to hand-craft an AFS token
650
650
if you enabled --with-fake-kaserver in configure.
651
651
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>afs share</code></em> = <code class="literal">no</code>
653
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534958"></a>
653
</p></dd></dl></div></div><div class="section" title="afs username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540931"></a>
655
655
afs username map (G)
656
</h3></div></div></div><a class="indexterm" name="id2534960"></a><a name="AFSUSERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>If you are using the fake kaserver AFS feature, you might
656
</h3></div></div></div><a class="indexterm" name="id2540932"></a><a name="AFSUSERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>If you are using the fake kaserver AFS feature, you might
657
657
want to hand-craft the usernames you are creating tokens for.
658
658
For example this is necessary if you have users from several domain
659
659
in your AFS Protection Database. One possible scheme to code users
677
677
# Use asynchronous I/O for reads bigger than 16KB
678
678
request size</code>
680
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535108"></a>
680
</p></dd></dl></div></div><div class="section" title="aio write behind (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541080"></a>
683
</h3></div></div></div><a class="indexterm" name="id2541081"></a><a name="AIOWRITEBEHIND"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support,
684
Samba will not wait until write requests are finished before returning
685
the result to the client for files listed in this parameter.
686
Instead, Samba will immediately return that the write
687
request has been finished successfully, no matter if the
688
operation will succeed or not. This might speed up clients without
689
aio support, but is really dangerous, because data could be lost
690
and files could be damaged.
692
The syntax is identical to the <a class="link" href="smb.conf.5.html#VETOFILES" target="_top">veto files</a>
694
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>aio write behind</code></em> = <code class="literal"></code>
696
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>aio write behind</code></em> = <code class="literal">/*.tmp/</code>
698
</p></dd></dl></div></div><div class="section" title="aio write size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541159"></a>
682
700
aio write size (S)
683
</h3></div></div></div><a class="indexterm" name="id2535109"></a><a name="AIOWRITESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
701
</h3></div></div></div><a class="indexterm" name="id2541160"></a><a name="AIOWRITESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
684
702
integer parameter is set to non-zero value,
685
703
Samba will write to file asynchronously when size of request is bigger
686
704
than this value. Note that it happens only for non-chained and non-chaining
710
728
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>algorithmic rid base</code></em> = <code class="literal">100000</code>
712
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535264"></a>
730
</p></dd></dl></div></div><div class="section" title="allocation roundup size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541315"></a>
714
732
allocation roundup size (S)
715
</h3></div></div></div><a class="indexterm" name="id2535265"></a><a name="ALLOCATIONROUNDUPSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an administrator to tune the
733
</h3></div></div></div><a class="indexterm" name="id2541316"></a><a name="ALLOCATIONROUNDUPSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an administrator to tune the
716
734
allocation size reported to Windows clients. The default
717
735
size of 1Mb generally results in improved Windows client
718
736
performance. However, rounding the allocation size may cause
724
742
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>allocation roundup size</code></em> = <code class="literal">0
725
743
# (to disable roundups)</code>
727
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535329"></a>
745
</p></dd></dl></div></div><div class="section" title="allow trusted domains (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541379"></a>
729
747
allow trusted domains (G)
730
</h3></div></div></div><a class="indexterm" name="id2535330"></a><a name="ALLOWTRUSTEDDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p>
748
</h3></div></div></div><a class="indexterm" name="id2541380"></a><a name="ALLOWTRUSTEDDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p>
731
749
This option only takes effect when the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> option is set to
732
750
<code class="constant">server</code>, <code class="constant">domain</code> or <code class="constant">ads</code>.
733
751
If it is set to no, then attempts to connect to a resource from
742
760
Samba server even if they do not have an account in DOMA. This
743
761
can make implementing a security boundary difficult.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>allow trusted domains</code></em> = <code class="literal">yes</code>
745
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535401"></a>
763
</p></dd></dl></div></div><div class="section" title="announce as (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541452"></a>
748
</h3></div></div></div><a class="indexterm" name="id2535402"></a><a name="ANNOUNCEAS"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what type of server <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse
766
</h3></div></div></div><a class="indexterm" name="id2541453"></a><a name="ANNOUNCEAS"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what type of server <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse
749
767
list. By default this is set to Windows NT. The valid options
750
768
are : "NT Server" (which can also be written as "NT"),
751
769
"NT Workstation", "Win95" or "WfW" meaning Windows NT Server,
758
776
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>announce as</code></em> = <code class="literal">Win95</code>
760
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535470"></a>
778
</p></dd></dl></div></div><div class="section" title="announce version (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541521"></a>
762
780
announce version (G)
763
</h3></div></div></div><a class="indexterm" name="id2535471"></a><a name="ANNOUNCEVERSION"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the major and minor version numbers
781
</h3></div></div></div><a class="indexterm" name="id2541522"></a><a name="ANNOUNCEVERSION"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the major and minor version numbers
764
782
that nmbd will use when announcing itself as a server. The default
765
783
is 4.9. Do not change this parameter unless you have a specific
766
784
need to set a Samba server to be a downlevel server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>announce version</code></em> = <code class="literal">4.9</code>
768
786
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>announce version</code></em> = <code class="literal">2.0</code>
770
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535527"></a>
788
</p></dd></dl></div></div><div class="section" title="auth methods (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541578"></a>
773
</h3></div></div></div><a class="indexterm" name="id2535528"></a><a name="AUTHMETHODS"></a><div class="variablelist"><dl><dt></dt><dd><p>
791
</h3></div></div></div><a class="indexterm" name="id2541579"></a><a name="AUTHMETHODS"></a><div class="variablelist"><dl><dt></dt><dd><p>
774
792
This option allows the administrator to chose what authentication methods <code class="literal">smbd</code>
775
793
will use when authenticating a user. This option defaults to sensible values based on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a>.
776
794
This should be considered a developer option and used only in rare circumstances. In the majority (if not all)
792
810
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>auth methods</code></em> = <code class="literal">guest sam winbind</code>
794
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535632"></a>
812
</p></dd></dl></div></div><div class="section" title="available (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541684"></a>
797
</h3></div></div></div><a class="indexterm" name="id2535633"></a><a name="AVAILABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter lets you "turn off" a service. If
815
</h3></div></div></div><a class="indexterm" name="id2541685"></a><a name="AVAILABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter lets you "turn off" a service. If
798
816
<em class="parameter"><code>available = no</code></em>, then <span class="emphasis"><em>ALL</em></span>
799
817
attempts to connect to the service will fail. Such failures are
800
818
logged.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>available</code></em> = <code class="literal">yes</code>
802
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535680"></a>
820
</p></dd></dl></div></div><div class="section" title="bind interfaces only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541731"></a>
804
822
bind interfaces only (G)
805
</h3></div></div></div><a class="indexterm" name="id2535681"></a><a name="BINDINTERFACESONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter allows the Samba admin
823
</h3></div></div></div><a class="indexterm" name="id2541732"></a><a name="BINDINTERFACESONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter allows the Samba admin
806
824
to limit what interfaces on a machine will serve SMB requests. It
807
825
affects file service <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and name service <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> in a slightly different ways.</p><p>
808
826
For name service it causes <code class="literal">nmbd</code> to bind to ports 137 and 138 on the
843
861
from starting/stopping/restarting <code class="literal">smbd</code> and <code class="literal">nmbd</code>.
844
862
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>bind interfaces only</code></em> = <code class="literal">no</code>
846
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536007"></a>
864
</p></dd></dl></div></div><div class="section" title="blocking locks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542058"></a>
848
866
blocking locks (S)
849
</h3></div></div></div><a class="indexterm" name="id2536008"></a><a name="BLOCKINGLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior
867
</h3></div></div></div><a class="indexterm" name="id2542059"></a><a name="BLOCKINGLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior
850
868
of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when given a request by a client
851
869
to obtain a byte range lock on a region of an open file, and the
852
870
request has a time limit associated with it.</p><p>If this parameter is set and the lock range requested
857
875
will fail the lock request immediately if the lock range
858
876
cannot be obtained.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>blocking locks</code></em> = <code class="literal">yes</code>
860
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536071"></a>
878
</p></dd></dl></div></div><div class="section" title="block size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542122"></a>
863
</h3></div></div></div><a class="indexterm" name="id2536072"></a><a name="BLOCKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when reporting disk free
881
</h3></div></div></div><a class="indexterm" name="id2542124"></a><a name="BLOCKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when reporting disk free
864
882
sizes. By default, this reports a disk block size of 1024 bytes.
865
883
</p><p>Changing this parameter may have some effect on the
866
884
efficiency of client writes, this is not yet confirmed. This
875
893
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>block size</code></em> = <code class="literal">4096</code>
877
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536149"></a>
895
</p></dd></dl></div></div><div class="section" title="browsable"><div class="titlepage"><div><div><h3 class="title"><a name="id2542200"></a>
879
897
<a name="BROWSABLE"></a>browsable
880
</h3></div></div></div><a class="indexterm" name="id2536150"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#BROWSEABLE">browseable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536176"></a>
898
</h3></div></div></div><a class="indexterm" name="id2542202"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#BROWSEABLE">browseable</a>.</p></dd></dl></div></div><div class="section" title="browseable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542227"></a>
883
</h3></div></div></div><a class="indexterm" name="id2536177"></a><a name="BROWSEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether this share is seen in
901
</h3></div></div></div><a class="indexterm" name="id2542228"></a><a name="BROWSEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether this share is seen in
884
902
the list of available shares in a net view and in the browse list.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browseable</code></em> = <code class="literal">yes</code>
886
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536215"></a>
904
</p></dd></dl></div></div><div class="section" title="browse list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542266"></a>
889
</h3></div></div></div><a class="indexterm" name="id2536216"></a><a name="BROWSELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will serve a browse list to
907
</h3></div></div></div><a class="indexterm" name="id2542267"></a><a name="BROWSELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will serve a browse list to
890
908
a client doing a <code class="literal">NetServerEnum</code> call. Normally
891
909
set to <code class="constant">yes</code>. You should never need to change
892
910
this.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browse list</code></em> = <code class="literal">yes</code>
894
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536269"></a>
912
</p></dd></dl></div></div><div class="section" title="cache directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542321"></a>
915
</h3></div></div></div><a class="indexterm" name="id2542322"></a><a name="CACHEDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>Usually, most of the TDB files are stored in the <em class="parameter"><code>lock directory</code></em>. Since Samba 3.4.0, it is
916
possible to differentiate between TDB files with persistent data and
917
TDB files with non-persistent data using the
918
<em class="parameter"><code>state directory</code></em> and the
919
<em class="parameter"><code>cache directory</code></em> options.
920
</p><p> This option specifies the directory where TDB files containing
921
non-persistent data will be stored.
922
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>cache directory</code></em> = <code class="literal">${prefix}/var/locks</code>
924
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cache directory</code></em> = <code class="literal">/var/run/samba/locks/cache</code>
926
</p></dd></dl></div></div><div class="section" title="casesignames"><div class="titlepage"><div><div><h3 class="title"><a name="id2542397"></a>
896
928
<a name="CASESIGNAMES"></a>casesignames
897
</h3></div></div></div><a class="indexterm" name="id2536270"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CASESENSITIVE">case sensitive</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536296"></a>
929
</h3></div></div></div><a class="indexterm" name="id2542398"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CASESENSITIVE">case sensitive</a>.</p></dd></dl></div></div><div class="section" title="case sensitive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542424"></a>
899
931
case sensitive (S)
900
</h3></div></div></div><a class="indexterm" name="id2536297"></a><a name="CASESENSITIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the discussion in the section <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = <code class="literal">no</code>
932
</h3></div></div></div><a class="indexterm" name="id2542425"></a><a name="CASESENSITIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the discussion in the section <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = <code class="literal">no</code>
902
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536343"></a>
934
</p></dd></dl></div></div><div class="section" title="change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542471"></a>
904
936
change notify (S)
905
</h3></div></div></div><a class="indexterm" name="id2536344"></a><a name="CHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should reply
937
</h3></div></div></div><a class="indexterm" name="id2542472"></a><a name="CHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should reply
906
938
to a client's file change notify requests.
907
939
</p><p>You should never need to change this parameter</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>change notify</code></em> = <code class="literal">yes</code>
909
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536386"></a>
941
</p></dd></dl></div></div><div class="section" title="change share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542514"></a>
911
943
change share command (G)
912
</h3></div></div></div><a class="indexterm" name="id2536387"></a><a name="CHANGESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
944
</h3></div></div></div><a class="indexterm" name="id2542515"></a><a name="CHANGESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
913
945
Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
914
946
Manager. The <em class="parameter"><code>change share command</code></em> is used to define an external
915
947
program or script which will modify an existing service definition in <code class="filename">smb.conf</code>.
925
957
When executed, <code class="literal">smbd</code> will automatically invoke the
926
958
<em class="parameter"><code>change share command</code></em> with five parameters.
927
</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>configFile</code></em> - the location
959
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>configFile</code></em> - the location
928
960
of the global <code class="filename">smb.conf</code> file.
929
</p></li><li><p><em class="parameter"><code>shareName</code></em> - the name of the new
961
</p></li><li class="listitem"><p><em class="parameter"><code>shareName</code></em> - the name of the new
931
</p></li><li><p><em class="parameter"><code>pathName</code></em> - path to an **existing**
963
</p></li><li class="listitem"><p><em class="parameter"><code>pathName</code></em> - path to an **existing**
932
964
directory on disk.
933
</p></li><li><p><em class="parameter"><code>comment</code></em> - comment string to associate
965
</p></li><li class="listitem"><p><em class="parameter"><code>comment</code></em> - comment string to associate
934
966
with the new share.
935
</p></li><li><p><em class="parameter"><code>max
967
</p></li><li class="listitem"><p><em class="parameter"><code>max
936
968
connections</code></em>
937
969
Number of maximum simultaneous connections to this
957
989
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>check password script</code></em> = <code class="literal">/usr/local/sbin/crackcheck</code>
959
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536638"></a>
991
</p></dd></dl></div></div><div class="section" title="client lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542766"></a>
961
993
client lanman auth (G)
962
</h3></div></div></div><a class="indexterm" name="id2536639"></a><a name="CLIENTLANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba client
994
</h3></div></div></div><a class="indexterm" name="id2542767"></a><a name="CLIENTLANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba client
963
995
tools will attempt to authenticate itself to servers using the
964
996
weaker LANMAN password hash. If disabled, only server which support NT
965
997
password hashes (e.g. Windows NT/2000, Samba, etc... but not
970
1002
auth</code> parameter is enabled, then only NTLMv2 logins will be
971
1003
attempted.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client lanman auth</code></em> = <code class="literal">no</code>
973
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536714"></a>
1005
</p></dd></dl></div></div><div class="section" title="client ldap sasl wrapping (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542842"></a>
975
1007
client ldap sasl wrapping (G)
976
</h3></div></div></div><a class="indexterm" name="id2536715"></a><a name="CLIENTLDAPSASLWRAPPING"></a><div class="variablelist"><dl><dt></dt><dd><p>
1008
</h3></div></div></div><a class="indexterm" name="id2542843"></a><a name="CLIENTLDAPSASLWRAPPING"></a><div class="variablelist"><dl><dt></dt><dd><p>
977
1009
The <a class="link" href="smb.conf.5.html#CLIENTLDAPSASLWRAPPING" target="_top">client ldap sasl wrapping</a> defines whether
978
1010
ldap traffic will be signed or signed and encrypted (sealed).
979
1011
Possible values are <span class="emphasis"><em>plain</em></span>, <span class="emphasis"><em>sign</em></span>
1001
1033
<span class="emphasis"><em>seal</em></span>.
1002
1034
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ldap sasl wrapping</code></em> = <code class="literal">plain</code>
1004
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536829"></a>
1036
</p></dd></dl></div></div><div class="section" title="client ntlmv2 auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542957"></a>
1006
1038
client ntlmv2 auth (G)
1007
</h3></div></div></div><a class="indexterm" name="id2536830"></a><a name="CLIENTNTLMV2AUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to
1039
</h3></div></div></div><a class="indexterm" name="id2542958"></a><a name="CLIENTNTLMV2AUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to
1008
1040
authenticate itself to servers using the NTLMv2 encrypted password
1009
1041
response.</p><p>If enabled, only an NTLMv2 and LMv2 response (both much more
1010
1042
secure than earlier versions) will be sent. Many servers
1016
1048
those following 'best practice' security polices) only allow NTLMv2
1017
1049
responses, and not the weaker LM or NTLM.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ntlmv2 auth</code></em> = <code class="literal">no</code>
1019
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536917"></a>
1051
</p></dd></dl></div></div><div class="section" title="client plaintext auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543045"></a>
1021
1053
client plaintext auth (G)
1022
</h3></div></div></div><a class="indexterm" name="id2536918"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext
1054
</h3></div></div></div><a class="indexterm" name="id2543046"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext
1023
1055
password if the server does not support encrypted passwords.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client plaintext auth</code></em> = <code class="literal">no</code>
1025
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536956"></a>
1057
</p></dd></dl></div></div><div class="section" title="client schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543084"></a>
1027
1059
client schannel (G)
1028
</h3></div></div></div><a class="indexterm" name="id2536957"></a><a name="CLIENTSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
1060
</h3></div></div></div><a class="indexterm" name="id2543085"></a><a name="CLIENTSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
1029
1061
This controls whether the client offers or even demands the use of the netlogon schannel.
1030
1062
<a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" target="_top">client schannel = no</a> does not offer the schannel,
1031
1063
<a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" target="_top">client schannel = auto</a> offers the schannel but does not
1036
1068
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>client schannel</code></em> = <code class="literal">yes</code>
1038
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537040"></a>
1070
</p></dd></dl></div></div><div class="section" title="client signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543168"></a>
1040
1072
client signing (G)
1041
</h3></div></div></div><a class="indexterm" name="id2537041"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
1073
</h3></div></div></div><a class="indexterm" name="id2543169"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
1042
1074
are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
1043
1075
and <span class="emphasis"><em>disabled</em></span>.
1044
1076
</p><p>When set to auto, SMB signing is offered, but not enforced.
1046
1078
to disabled, SMB signing is not offered either.
1047
1079
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client signing</code></em> = <code class="literal">auto</code>
1049
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537094"></a>
1081
</p></dd></dl></div></div><div class="section" title="client use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543222"></a>
1051
1083
client use spnego (G)
1052
</h3></div></div></div><a class="indexterm" name="id2537096"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try
1084
</h3></div></div></div><a class="indexterm" name="id2543224"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try
1053
1085
to use Simple and Protected NEGOciation (as specified by rfc2478) with
1054
1086
supporting servers (including WindowsXP, Windows2000 and Samba
1055
1087
3.0) to agree upon an authentication
1056
1088
mechanism. This enables Kerberos authentication in particular.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client use spnego</code></em> = <code class="literal">yes</code>
1058
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537136"></a>
1090
</p></dd></dl></div></div><div class="section" title="cluster addresses (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543264"></a>
1060
1092
cluster addresses (G)
1061
</h3></div></div></div><a class="indexterm" name="id2537138"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses
1093
</h3></div></div></div><a class="indexterm" name="id2543266"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses
1062
1094
nmbd will register with a WINS server. These addresses are not
1063
1095
necessarily present on all nodes simultaneously, but they will
1064
1096
be registered with the WINS server so that clients can contact
1068
1100
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cluster addresses</code></em> = <code class="literal">10.0.0.1 10.0.0.2 10.0.0.3</code>
1070
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537192"></a>
1102
</p></dd></dl></div></div><div class="section" title="clustering (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543320"></a>
1073
</h3></div></div></div><a class="indexterm" name="id2537194"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact
1105
</h3></div></div></div><a class="indexterm" name="id2543322"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact
1074
1106
ctdb for accessing its tdb files and use ctdb as a backend
1075
1107
for its messaging backend.
1076
1108
</p><p>Set this parameter to <code class="literal">yes</code> only if
1077
1109
you have a cluster setup with ctdb running.
1078
1110
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>clustering</code></em> = <code class="literal">no</code>
1080
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537241"></a>
1112
</p></dd></dl></div></div><div class="section" title="comment (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543369"></a>
1083
</h3></div></div></div><a class="indexterm" name="id2537242"></a><a name="COMMENT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a text field that is seen next to a share
1115
</h3></div></div></div><a class="indexterm" name="id2543370"></a><a name="COMMENT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a text field that is seen next to a share
1084
1116
when a client does a queries the server, either via the network
1085
1117
neighborhood or via <code class="literal">net view</code> to list what shares
1086
1118
are available.</p><p>If you want to set the string that is displayed next to the
1111
1143
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>config backend</code></em> = <code class="literal">registry</code>
1113
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537405"></a>
1145
</p></dd></dl></div></div><div class="section" title="config file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543533"></a>
1115
1147
config file (G)
1116
</h3></div></div></div><a class="indexterm" name="id2537406"></a><a name="CONFIGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the config file
1148
</h3></div></div></div><a class="indexterm" name="id2543534"></a><a name="CONFIGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the config file
1117
1149
to use, instead of the default (usually <code class="filename">smb.conf</code>).
1118
1150
There is a chicken and egg problem here as this option is set
1119
1151
in the config file!</p><p>For this reason, if the name of the config file has changed
1123
1155
(allowing you to special case the config files of just a few
1124
1156
clients).</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>config file</code></em> = <code class="literal">/usr/local/samba/lib/smb.conf.%m</code>
1126
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537470"></a>
1158
</p></dd></dl></div></div><div class="section" title="copy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543598"></a>
1129
</h3></div></div></div><a class="indexterm" name="id2537471"></a><a name="COPY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows you to "clone" service
1161
</h3></div></div></div><a class="indexterm" name="id2543599"></a><a name="COPY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows you to "clone" service
1130
1162
entries. The specified service is simply duplicated under the
1131
1163
current service's name. Any parameters specified in the current
1132
1164
section will override those in the section being copied.</p><p>This feature lets you set up a 'template' service and
1137
1169
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>copy</code></em> = <code class="literal">otherservice</code>
1139
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537532"></a>
1171
</p></dd></dl></div></div><div class="section" title="create mode"><div class="titlepage"><div><div><h3 class="title"><a name="id2543660"></a>
1141
1173
<a name="CREATEMODE"></a>create mode
1142
</h3></div></div></div><a class="indexterm" name="id2537534"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CREATEMASK">create mask</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537559"></a>
1174
</h3></div></div></div><a class="indexterm" name="id2543662"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CREATEMASK">create mask</a>.</p></dd></dl></div></div><div class="section" title="create mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543687"></a>
1144
1176
create mask (S)
1145
</h3></div></div></div><a class="indexterm" name="id2537560"></a><a name="CREATEMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
1177
</h3></div></div></div><a class="indexterm" name="id2543688"></a><a name="CREATEMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
1146
1178
When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to
1147
1179
UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may
1148
1180
be thought of as a bit-wise MASK for the UNIX modes of a file. Any bit <span class="emphasis"><em>not</em></span> set here will
1270
1302
section about <a class="link" href="smb.conf.5.html#LOGLEVEL" target="_top">log level</a>.
1271
1303
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug class</code></em> = <code class="literal">no</code>
1273
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538212"></a>
1305
</p></dd></dl></div></div><div class="section" title="debug hires timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544488"></a>
1275
1307
debug hires timestamp (G)
1276
</h3></div></div></div><a class="indexterm" name="id2538213"></a><a name="DEBUGHIRESTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
1308
</h3></div></div></div><a class="indexterm" name="id2544489"></a><a name="DEBUGHIRESTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
1277
1309
Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this
1278
1310
boolean parameter adds microsecond resolution to the timestamp message header when turned on.
1280
1312
Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> must be on for this to have an effect.
1281
1313
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug hires timestamp</code></em> = <code class="literal">no</code>
1283
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538267"></a>
1315
</p></dd></dl></div></div><div class="section" title="debug pid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544543"></a>
1286
</h3></div></div></div><a class="indexterm" name="id2538268"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1318
</h3></div></div></div><a class="indexterm" name="id2544544"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1287
1319
When using only one log file for more then one forked <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>-process there may be hard to follow which process outputs which
1288
1320
message. This boolean parameter is adds the process-id to the timestamp message headers in the
1289
1321
logfile when turned on.
1291
1323
Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> must be on for this to have an effect.
1292
1324
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug pid</code></em> = <code class="literal">no</code>
1294
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538329"></a>
1326
</p></dd></dl></div></div><div class="section" title="debug prefix timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544605"></a>
1296
1328
debug prefix timestamp (G)
1297
</h3></div></div></div><a class="indexterm" name="id2538330"></a><a name="DEBUGPREFIXTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
1329
</h3></div></div></div><a class="indexterm" name="id2544606"></a><a name="DEBUGPREFIXTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
1298
1330
With this option enabled, the timestamp message header is prefixed to the debug message without the
1299
1331
filename and function information that is included with the <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a>
1300
1332
parameter. This gives timestamps to the messages without adding an additional line.
1302
1334
Note that this parameter overrides the <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> parameter.
1303
1335
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug prefix timestamp</code></em> = <code class="literal">no</code>
1305
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538392"></a>
1337
</p></dd></dl></div></div><div class="section" title="timestamp logs"><div class="titlepage"><div><div><h3 class="title"><a name="id2544668"></a>
1307
1339
<a name="TIMESTAMPLOGS"></a>timestamp logs
1308
</h3></div></div></div><a class="indexterm" name="id2538393"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEBUGTIMESTAMP">debug timestamp</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538419"></a>
1340
</h3></div></div></div><a class="indexterm" name="id2544669"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEBUGTIMESTAMP">debug timestamp</a>.</p></dd></dl></div></div><div class="section" title="debug timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544695"></a>
1310
1342
debug timestamp (G)
1311
</h3></div></div></div><a class="indexterm" name="id2538420"></a><a name="DEBUGTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
1343
</h3></div></div></div><a class="indexterm" name="id2544696"></a><a name="DEBUGTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
1312
1344
Samba debug log messages are timestamped by default. If you are running at a high
1313
1345
<a class="link" href="smb.conf.5.html#DEBUGLEVEL" target="_top">debug level</a> these timestamps can be distracting. This
1314
1346
boolean parameter allows timestamping to be turned off.
1315
1347
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug timestamp</code></em> = <code class="literal">yes</code>
1317
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538468"></a>
1349
</p></dd></dl></div></div><div class="section" title="debug uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544743"></a>
1320
</h3></div></div></div><a class="indexterm" name="id2538469"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1352
</h3></div></div></div><a class="indexterm" name="id2544744"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
1321
1353
Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the
1322
1354
current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.
1324
1356
Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> must be on for this to have an effect.
1325
1357
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug uid</code></em> = <code class="literal">no</code>
1327
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538521"></a>
1359
</p></dd></dl></div></div><div class="section" title="dedicated keytab file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544797"></a>
1329
1361
dedicated keytab file (G)
1330
</h3></div></div></div><a class="indexterm" name="id2538522"></a><a name="DEDICATEDKEYTABFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
1362
</h3></div></div></div><a class="indexterm" name="id2544798"></a><a name="DEDICATEDKEYTABFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
1331
1363
Specifies the path to the kerberos keytab file when
1332
1364
<a class="link" href="smb.conf.5.html#KERBEROSMETHOD" target="_top">kerberos method</a> is set to "dedicated
1336
1368
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dedicated keytab file</code></em> = <code class="literal">/usr/local/etc/krb5.keytab</code>
1338
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538584"></a>
1370
</p></dd></dl></div></div><div class="section" title="default case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544860"></a>
1340
1372
default case (S)
1341
</h3></div></div></div><a class="indexterm" name="id2538585"></a><a name="DEFAULTCASE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.
1373
</h3></div></div></div><a class="indexterm" name="id2544861"></a><a name="DEFAULTCASE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.
1342
1374
Also note the <a class="link" href="smb.conf.5.html#SHORTPRESERVECASE" target="_top">short preserve case</a> parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default case</code></em> = <code class="literal">lower</code>
1344
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538638"></a>
1376
</p></dd></dl></div></div><div class="section" title="default devmode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544914"></a>
1346
1378
default devmode (S)
1347
</h3></div></div></div><a class="indexterm" name="id2538639"></a><a name="DEFAULTDEVMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only applicable to <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable</a> services.
1379
</h3></div></div></div><a class="indexterm" name="id2544915"></a><a name="DEFAULTDEVMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only applicable to <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable</a> services.
1348
1380
When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
1349
1381
server has a Device Mode which defines things such as paper size and
1350
1382
orientation and duplex settings. The device mode can only correctly be
1367
1399
see the <a class="ulink" href="http://msdn.microsoft.com/" target="_top">MSDN documentation</a>.
1368
1400
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default devmode</code></em> = <code class="literal">yes</code>
1370
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538726"></a>
1402
</p></dd></dl></div></div><div class="section" title="default"><div class="titlepage"><div><div><h3 class="title"><a name="id2545002"></a>
1372
1404
<a name="DEFAULT"></a>default
1373
</h3></div></div></div><a class="indexterm" name="id2538727"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEFAULTSERVICE">default service</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538753"></a>
1405
</h3></div></div></div><a class="indexterm" name="id2545003"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEFAULTSERVICE">default service</a>.</p></dd></dl></div></div><div class="section" title="default service (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545029"></a>
1375
1407
default service (G)
1376
</h3></div></div></div><a class="indexterm" name="id2538754"></a><a name="DEFAULTSERVICE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a service
1408
</h3></div></div></div><a class="indexterm" name="id2545030"></a><a name="DEFAULTSERVICE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a service
1377
1409
which will be connected to if the service actually requested cannot
1378
1410
be found. Note that the square brackets are <span class="emphasis"><em>NOT</em></span>
1379
1411
given in the parameter value (see example below).</p><p>There is no default value for this parameter. If this
1403
1435
designed to enable Samba to more correctly emulate Windows.
1404
1436
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>defer sharing violations</code></em> = <code class="literal">True</code>
1406
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538909"></a>
1438
</p></dd></dl></div></div><div class="section" title="delete group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545185"></a>
1408
1440
delete group script (G)
1409
</h3></div></div></div><a class="indexterm" name="id2538910"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
1441
</h3></div></div></div><a class="indexterm" name="id2545186"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
1410
1442
be run <span class="emphasis"><em>AS ROOT</em></span> <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a group is requested to be deleted.
1411
1443
It will expand any <em class="parameter"><code>%g</code></em> to the group name passed.
1412
1444
This script is only useful for installations using the Windows NT domain administration tools.
1413
1445
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete group script</code></em> = <code class="literal"></code>
1415
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538965"></a>
1447
</p></dd></dl></div></div><div class="section" title="deleteprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545241"></a>
1417
1449
deleteprinter command (G)
1418
</h3></div></div></div><a class="indexterm" name="id2538966"></a><a name="DELETEPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printer
1450
</h3></div></div></div><a class="indexterm" name="id2545242"></a><a name="DELETEPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printer
1419
1451
support for Windows NT/2000 clients in Samba 2.2, it is now
1420
1452
possible to delete a printer at run time by issuing the
1421
1453
DeletePrinter() RPC call.</p><p>For a Samba host this means that the printer must be
1434
1466
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deleteprinter command</code></em> = <code class="literal">/usr/bin/removeprinter</code>
1436
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539093"></a>
1468
</p></dd></dl></div></div><div class="section" title="delete readonly (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545369"></a>
1438
1470
delete readonly (S)
1439
</h3></div></div></div><a class="indexterm" name="id2539094"></a><a name="DELETEREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows readonly files to be deleted.
1471
</h3></div></div></div><a class="indexterm" name="id2545370"></a><a name="DELETEREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows readonly files to be deleted.
1440
1472
This is not normal DOS semantics, but is allowed by UNIX.</p><p>This option may be useful for running applications such
1441
1473
as rcs, where UNIX file ownership prevents changing file
1442
1474
permissions, and DOS semantics prevent deletion of a read only file.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete readonly</code></em> = <code class="literal">no</code>
1444
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539138"></a>
1476
</p></dd></dl></div></div><div class="section" title="delete share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545414"></a>
1446
1478
delete share command (G)
1447
</h3></div></div></div><a class="indexterm" name="id2539139"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1479
</h3></div></div></div><a class="indexterm" name="id2545415"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1448
1480
Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
1449
1481
Manager. The <em class="parameter"><code>delete share command</code></em> is used to define an external
1450
1482
program or script which will remove an existing service definition from
1471
1503
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete share command</code></em> = <code class="literal">/usr/local/bin/delshare</code>
1473
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539290"></a>
1505
</p></dd></dl></div></div><div class="section" title="delete user from group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545566"></a>
1475
1507
delete user from group script (G)
1476
</h3></div></div></div><a class="indexterm" name="id2539291"></a><a name="DELETEUSERFROMGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Full path to the script that will be called when
1508
</h3></div></div></div><a class="indexterm" name="id2545567"></a><a name="DELETEUSERFROMGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Full path to the script that will be called when
1477
1509
a user is removed from a group using the Windows NT domain administration
1478
1510
tools. It will be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> <span class="emphasis"><em>AS ROOT</em></span>.
1479
1511
Any <em class="parameter"><code>%g</code></em> will be replaced with the group name and
1511
1543
directories to be transparently deleted when the parent directory
1512
1544
is deleted (so long as the user has permissions to do so).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete veto files</code></em> = <code class="literal">no</code>
1514
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539531"></a>
1546
</p></dd></dl></div></div><div class="section" title="dfree cache time (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545807"></a>
1516
1548
dfree cache time (S)
1517
</h3></div></div></div><a class="indexterm" name="id2539532"></a><a name="DFREECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
1549
</h3></div></div></div><a class="indexterm" name="id2545808"></a><a name="DFREECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
1518
1550
The <em class="parameter"><code>dfree cache time</code></em> should only be used on systems where a problem
1519
1551
occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur
1520
1552
with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore" at the
1527
1559
By default this parameter is zero, meaning no caching will be done.
1528
1560
</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree cache time</code></em> = <code class="literal">dfree cache time = 60</code>
1530
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539604"></a>
1562
</p></dd></dl></div></div><div class="section" title="dfree command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545880"></a>
1532
1564
dfree command (S)
1533
</h3></div></div></div><a class="indexterm" name="id2539605"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1565
</h3></div></div></div><a class="indexterm" name="id2545881"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
1534
1566
The <em class="parameter"><code>dfree command</code></em> setting should only be used on systems where a
1535
1567
problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may
1536
1568
occur with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore"
1568
1600
By default internal routines for determining the disk capacity and remaining space will be used.
1569
1601
</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree command</code></em> = <code class="literal">/usr/local/samba/bin/dfree</code>
1571
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539726"></a>
1603
</p></dd></dl></div></div><div class="section" title="directory mode"><div class="titlepage"><div><div><h3 class="title"><a name="id2546001"></a>
1573
1605
<a name="DIRECTORYMODE"></a>directory mode
1574
</h3></div></div></div><a class="indexterm" name="id2539727"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DIRECTORYMASK">directory mask</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539752"></a>
1606
</h3></div></div></div><a class="indexterm" name="id2546002"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DIRECTORYMASK">directory mask</a>.</p></dd></dl></div></div><div class="section" title="directory mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546028"></a>
1576
1608
directory mask (S)
1577
</h3></div></div></div><a class="indexterm" name="id2539754"></a><a name="DIRECTORYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is the octal modes which are
1609
</h3></div></div></div><a class="indexterm" name="id2546029"></a><a name="DIRECTORYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is the octal modes which are
1578
1610
used when converting DOS modes to UNIX modes when creating UNIX
1579
1611
directories.</p><p>When a directory is created, the necessary permissions are
1580
1612
calculated according to the mapping from DOS modes to UNIX permissions,
1593
1625
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = <code class="literal">0775</code>
1595
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539858"></a>
1627
</p></dd></dl></div></div><div class="section" title="directory name cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546134"></a>
1629
directory name cache size (S)
1630
</h3></div></div></div><a class="indexterm" name="id2546135"></a><a name="DIRECTORYNAMECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
1631
This parameter specifies the the size of the directory name cache.
1632
It will be needed to turn this off for *BSD systems.
1633
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>directory name cache size</code></em> = <code class="literal">100</code>
1635
</p></dd></dl></div></div><div class="section" title="directory security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546173"></a>
1597
1637
directory security mask (S)
1598
</h3></div></div></div><a class="indexterm" name="id2539859"></a><a name="DIRECTORYSECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls what UNIX permission bits
1638
</h3></div></div></div><a class="indexterm" name="id2546174"></a><a name="DIRECTORYSECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls what UNIX permission bits
1599
1639
will be set when a Windows NT client is manipulating the UNIX
1600
1640
permission on a directory using the native NT security dialog
1616
1656
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory security mask</code></em> = <code class="literal">0700</code>
1618
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539958"></a>
1658
</p></dd></dl></div></div><div class="section" title="disable netbios (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546274"></a>
1620
1660
disable netbios (G)
1621
</h3></div></div></div><a class="indexterm" name="id2539959"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support
1661
</h3></div></div></div><a class="indexterm" name="id2546275"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support
1622
1662
in Samba. Netbios is the only available form of browsing in
1623
all windows versions except for 2000 and XP. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Clients that only support netbios won't be able to
1663
all windows versions except for 2000 and XP. </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Clients that only support netbios won't be able to
1624
1664
see your samba server when netbios support is disabled.
1625
1665
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable netbios</code></em> = <code class="literal">no</code>
1627
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540004"></a>
1667
</p></dd></dl></div></div><div class="section" title="disable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546320"></a>
1629
1669
disable spoolss (G)
1630
</h3></div></div></div><a class="indexterm" name="id2540005"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support
1670
</h3></div></div></div><a class="indexterm" name="id2546321"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support
1631
1671
for the SPOOLSS set of MS-RPC's and will yield identical behavior
1632
1672
as Samba 2.0.x. Windows NT/2000 clients will downgrade to using
1633
1673
Lanman style printing commands. Windows 9x/ME will be unaffected by
1639
1679
<span class="emphasis"><em>Be very careful about enabling this parameter.</em></span>
1640
1680
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable spoolss</code></em> = <code class="literal">no</code>
1642
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540055"></a>
1682
</p></dd></dl></div></div><div class="section" title="display charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546371"></a>
1644
1684
display charset (G)
1645
</h3></div></div></div><a class="indexterm" name="id2540056"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>
1685
</h3></div></div></div><a class="indexterm" name="id2546372"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>
1646
1686
Specifies the charset that samba will use to print messages to stdout and stderr.
1647
1687
The default value is "LOCALE", which means automatically set, depending on the
1648
1688
current locale. The value should generally be the same as the value of the parameter
1670
1710
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dmapi support</code></em> = <code class="literal">no</code>
1672
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540181"></a>
1712
</p></dd></dl></div></div><div class="section" title="dns proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546496"></a>
1675
</h3></div></div></div><a class="indexterm" name="id2540182"></a><a name="DNSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> when acting as a WINS server and
1715
</h3></div></div></div><a class="indexterm" name="id2546497"></a><a name="DNSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> when acting as a WINS server and
1676
1716
finding that a NetBIOS name has not been registered, should treat the
1677
1717
NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server
1678
1718
for that name on behalf of the name-querying client.</p><p>Note that the maximum length for a NetBIOS name is 15
1681
1721
DNS name lookup requests, as doing a name lookup is a blocking
1682
1722
action.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dns proxy</code></em> = <code class="literal">yes</code>
1684
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540244"></a>
1724
</p></dd></dl></div></div><div class="section" title="domain logons (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546560"></a>
1686
1726
domain logons (G)
1687
</h3></div></div></div><a class="indexterm" name="id2540245"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1727
</h3></div></div></div><a class="indexterm" name="id2546561"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1688
1728
If set to <code class="constant">yes</code>, the Samba server will
1689
1729
provide the netlogon service for Windows 9X network logons for the
1690
1730
<a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> it is in.
1723
1763
Samba will function as a BDC. In general, this parameter should be set to 'No' only on a BDC.
1724
1764
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain master</code></em> = <code class="literal">auto</code>
1726
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540489"></a>
1766
</p></dd></dl></div></div><div class="section" title="dont descend (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546804"></a>
1728
1768
dont descend (S)
1729
</h3></div></div></div><a class="indexterm" name="id2540490"></a><a name="DONTDESCEND"></a><div class="variablelist"><dl><dt></dt><dd><p>There are certain directories on some systems
1769
</h3></div></div></div><a class="indexterm" name="id2546805"></a><a name="DONTDESCEND"></a><div class="variablelist"><dl><dt></dt><dd><p>There are certain directories on some systems
1730
1770
(e.g., the <code class="filename">/proc</code> tree under Linux) that are either not
1731
1771
of interest to clients or are infinitely deep (recursive). This
1732
1772
parameter allows you to specify a comma-delimited list of directories
1738
1778
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dont descend</code></em> = <code class="literal">/proc,/dev</code>
1740
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540567"></a>
1780
</p></dd></dl></div></div><div class="section" title="dos charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546882"></a>
1742
1782
dos charset (G)
1743
</h3></div></div></div><a class="indexterm" name="id2540568"></a><a name="DOSCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>DOS SMB clients assume the server has
1783
</h3></div></div></div><a class="indexterm" name="id2546883"></a><a name="DOSCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>DOS SMB clients assume the server has
1744
1784
the same charset as they do. This option specifies which
1745
1785
charset Samba should talk to DOS clients.
1746
1786
</p><p>The default depends on which charsets you have installed.
1747
1787
Samba tries to use charset 850 but falls back to ASCII in
1748
case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540608"></a>
1788
case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="dos filemode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546924"></a>
1750
1790
dos filemode (S)
1751
</h3></div></div></div><a class="indexterm" name="id2540609"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide
1791
</h3></div></div></div><a class="indexterm" name="id2546925"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide
1752
1792
UNIX-like behavior where only the owner of a file/directory is
1753
1793
able to change the permissions on it. However, this behavior
1754
1794
is often confusing to DOS/Windows users. Enabling this parameter
1759
1799
the group is only granted read access. Ownership of the
1760
1800
file/directory may also be changed.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filemode</code></em> = <code class="literal">no</code>
1762
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540655"></a>
1802
</p></dd></dl></div></div><div class="section" title="dos filetime resolution (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546970"></a>
1764
1804
dos filetime resolution (S)
1765
</h3></div></div></div><a class="indexterm" name="id2540656"></a><a name="DOSFILETIMERESOLUTION"></a><div class="variablelist"><dl><dt></dt><dd><p>Under the DOS and Windows FAT filesystem, the finest
1805
</h3></div></div></div><a class="indexterm" name="id2546971"></a><a name="DOSFILETIMERESOLUTION"></a><div class="variablelist"><dl><dt></dt><dd><p>Under the DOS and Windows FAT filesystem, the finest
1766
1806
granularity on time resolution is two seconds. Setting this parameter
1767
1807
for a share causes Samba to round the reported time down to the
1768
1808
nearest two second boundary when a query call that requires one second
1777
1817
this option causes the two timestamps to match, and Visual C++ is
1778
1818
happy.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetime resolution</code></em> = <code class="literal">no</code>
1780
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540718"></a>
1820
</p></dd></dl></div></div><div class="section" title="dos filetimes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547034"></a>
1782
1822
dos filetimes (S)
1783
</h3></div></div></div><a class="indexterm" name="id2540719"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a
1823
</h3></div></div></div><a class="indexterm" name="id2547035"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a
1784
1824
file they can change the timestamp on it. Under POSIX semantics,
1785
1825
only the owner of the file or root may change the timestamp. By
1786
1826
default, Samba runs with POSIX semantics and refuses to change the
1794
1834
shared between users.
1795
1835
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetimes</code></em> = <code class="literal">yes</code>
1797
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540784"></a>
1837
</p></dd></dl></div></div><div class="section" title="ea support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547099"></a>
1800
</h3></div></div></div><a class="indexterm" name="id2540785"></a><a name="EASUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow clients to attempt to store OS/2 style Extended
1840
</h3></div></div></div><a class="indexterm" name="id2547100"></a><a name="EASUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow clients to attempt to store OS/2 style Extended
1801
1841
attributes on a share. In order to enable this parameter the underlying filesystem exported by
1802
1842
the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the
1803
1843
correct kernel patches). On Linux the filesystem must have been mounted with the mount
1804
1844
option user_xattr in order for extended attributes to work, also
1805
1845
extended attributes must be compiled into the Linux kernel.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ea support</code></em> = <code class="literal">no</code>
1807
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540837"></a>
1847
</p></dd></dl></div></div><div class="section" title="enable asu support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547161"></a>
1809
1849
enable asu support (G)
1810
</h3></div></div></div><a class="indexterm" name="id2540838"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product
1850
</h3></div></div></div><a class="indexterm" name="id2547162"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product
1811
1851
require some special accomodations such as creating a builtin [ADMIN$]
1812
1852
share that only supports IPC connections. The has been the default
1813
1853
behavior in smbd for many years. However, certain Microsoft applications
1815
1855
an [ADMIN$} file share. Disabling this parameter allows for creating
1816
1856
an [ADMIN$] file share in smb.conf.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable asu support</code></em> = <code class="literal">no</code>
1818
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540882"></a>
1858
</p></dd></dl></div></div><div class="section" title="enable core files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547205"></a>
1860
enable core files (G)
1861
</h3></div></div></div><a class="indexterm" name="id2547206"></a><a name="ENABLECOREFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether core dumps should be written
1862
on internal exits. Normally set to <code class="constant">yes</code>.
1863
You should never need to change this.
1864
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable core files</code></em> = <code class="literal">yes</code>
1866
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>enable core files</code></em> = <code class="literal">no</code>
1868
</p></dd></dl></div></div><div class="section" title="enable privileges (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547264"></a>
1820
1870
enable privileges (G)
1821
</h3></div></div></div><a class="indexterm" name="id2540883"></a><a name="ENABLEPRIVILEGES"></a><div class="variablelist"><dl><dt></dt><dd><p>
1871
</h3></div></div></div><a class="indexterm" name="id2547265"></a><a name="ENABLEPRIVILEGES"></a><div class="variablelist"><dl><dt></dt><dd><p>
1822
1872
This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
1823
1873
<code class="literal">net rpc rights</code> or one of the Windows user and group manager tools. This parameter is
1824
1874
enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to
1831
1881
Please read the extended description provided in the Samba HOWTO documentation.
1832
1882
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable privileges</code></em> = <code class="literal">yes</code>
1834
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540942"></a>
1884
</p></dd></dl></div></div><div class="section" title="enable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547324"></a>
1887
</h3></div></div></div><a class="indexterm" name="id2547325"></a><a name="ENABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#DISABLESPOOLSS" target="_top">disable spoolss</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable spoolss</code></em> = <code class="literal">yes</code>
1889
</p></dd></dl></div></div><div class="section" title="encrypt passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547370"></a>
1836
1891
encrypt passwords (G)
1837
</h3></div></div></div><a class="indexterm" name="id2540943"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords
1892
</h3></div></div></div><a class="indexterm" name="id2547371"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords
1838
1893
will be negotiated with the client. Note that Windows NT 4.0 SP3 and
1839
1894
above and also Windows 98 will by default expect encrypted passwords
1840
1895
unless a registry entry is changed. To use encrypted passwords in
1857
1912
causes <code class="literal">smbd</code> to authenticate against another
1858
1913
server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>encrypt passwords</code></em> = <code class="literal">yes</code>
1860
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541047"></a>
1915
</p></dd></dl></div></div><div class="section" title="enhanced browsing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547474"></a>
1862
1917
enhanced browsing (G)
1863
</h3></div></div></div><a class="indexterm" name="id2541048"></a><a name="ENHANCEDBROWSING"></a><div class="variablelist"><dl><dt></dt><dd><p>This option enables a couple of enhancements to
1918
</h3></div></div></div><a class="indexterm" name="id2547475"></a><a name="ENHANCEDBROWSING"></a><div class="variablelist"><dl><dt></dt><dd><p>This option enables a couple of enhancements to
1864
1919
cross-subnet browse propagation that have been added in Samba
1865
1920
but which are not standard in Microsoft implementations.
1866
1921
</p><p>The first enhancement to browse propagation consists of a regular
1873
1928
to stay around forever which can be annoying.</p><p>In general you should leave this option enabled as it makes
1874
1929
cross-subnet browse propagation much more reliable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enhanced browsing</code></em> = <code class="literal">yes</code>
1876
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541108"></a>
1931
</p></dd></dl></div></div><div class="section" title="enumports command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547535"></a>
1878
1933
enumports command (G)
1879
</h3></div></div></div><a class="indexterm" name="id2541109"></a><a name="ENUMPORTSCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The concept of a "port" is fairly foreign
1934
</h3></div></div></div><a class="indexterm" name="id2547536"></a><a name="ENUMPORTSCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The concept of a "port" is fairly foreign
1880
1935
to UNIX hosts. Under Windows NT/2000 print servers, a port
1881
1936
is associated with a port monitor and generally takes the form of
1882
1937
a local port (i.e. LPT1:, COM1:, FILE:) or a remote port
1910
1965
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>eventlog list</code></em> = <code class="literal">Security Application Syslog Apache</code>
1912
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541262"></a>
1967
</p></dd></dl></div></div><div class="section" title="fake directory create times (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547689"></a>
1914
1969
fake directory create times (S)
1915
</h3></div></div></div><a class="indexterm" name="id2541263"></a><a name="FAKEDIRECTORYCREATETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>NTFS and Windows VFAT file systems keep a create
1970
</h3></div></div></div><a class="indexterm" name="id2547690"></a><a name="FAKEDIRECTORYCREATETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>NTFS and Windows VFAT file systems keep a create
1916
1971
time for all files and directories. This is not the same as the
1917
1972
ctime - status change time - that Unix keeps, so Samba by default
1918
1973
reports the earliest of the various times Unix does keep. Setting
1934
1989
ensures directories always predate their contents and an NMAKE build
1935
1990
will proceed as expected.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake directory create times</code></em> = <code class="literal">no</code>
1937
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541329"></a>
1992
</p></dd></dl></div></div><div class="section" title="fake oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547756"></a>
1939
1994
fake oplocks (S)
1940
</h3></div></div></div><a class="indexterm" name="id2541330"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission
1995
</h3></div></div></div><a class="indexterm" name="id2547758"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission
1941
1996
from a server to locally cache file operations. If a server grants
1942
1997
an oplock (opportunistic lock) then the client is free to assume
1943
1998
that it is the only one accessing the file and it will aggressively
1953
2008
files read-write at the same time you can get data corruption. Use
1954
2009
this option carefully!</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake oplocks</code></em> = <code class="literal">no</code>
1956
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541413"></a>
2011
</p></dd></dl></div></div><div class="section" title="follow symlinks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547846"></a>
1958
2013
follow symlinks (S)
1959
</h3></div></div></div><a class="indexterm" name="id2541414"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2014
</h3></div></div></div><a class="indexterm" name="id2547847"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
1960
2015
This parameter allows the Samba administrator to stop <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> from following symbolic links in a particular share. Setting this
1961
2016
parameter to <code class="constant">no</code> prevents any file or directory that is a symbolic link from being
1962
2017
followed (the user will get an error). This option is very useful to stop users from adding a symbolic
1966
2021
This option is enabled (i.e. <code class="literal">smbd</code> will follow symbolic links) by default.
1967
2022
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>follow symlinks</code></em> = <code class="literal">yes</code>
1969
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541483"></a>
2024
</p></dd></dl></div></div><div class="section" title="force create mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547921"></a>
1971
2026
force create mode (S)
1972
</h3></div></div></div><a class="indexterm" name="id2541484"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
2027
</h3></div></div></div><a class="indexterm" name="id2547922"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
1973
2028
permissions that will <span class="emphasis"><em>always</em></span> be set on a
1974
2029
file created by Samba. This is done by bitwise 'OR'ing these bits onto
1975
2030
the mode bits of a file that is being created. The default for this parameter is (in octal)
2022
2077
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory security mode</code></em> = <code class="literal">700</code>
2024
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541738"></a>
2079
</p></dd></dl></div></div><div class="section" title="group"><div class="titlepage"><div><div><h3 class="title"><a name="id2548187"></a>
2026
2081
<a name="GROUP"></a>group
2027
</h3></div></div></div><a class="indexterm" name="id2541739"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#FORCEGROUP">force group</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541770"></a>
2082
</h3></div></div></div><a class="indexterm" name="id2548188"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#FORCEGROUP">force group</a>.</p></dd></dl></div></div><div class="section" title="force group (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548220"></a>
2029
2084
force group (S)
2030
</h3></div></div></div><a class="indexterm" name="id2541772"></a><a name="FORCEGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX group name that will be
2085
</h3></div></div></div><a class="indexterm" name="id2548221"></a><a name="FORCEGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX group name that will be
2031
2086
assigned as the default primary group for all users connecting
2032
2087
to this service. This is useful for sharing files by ensuring
2033
2088
that all access to files on service will use the named group for
2101
2156
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force security mode</code></em> = <code class="literal">700</code>
2103
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542215"></a>
2158
</p></dd></dl></div></div><div class="section" title="force unknown acl user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544326"></a>
2105
2160
force unknown acl user (S)
2106
</h3></div></div></div><a class="indexterm" name="id2542216"></a><a name="FORCEUNKNOWNACLUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>
2161
</h3></div></div></div><a class="indexterm" name="id2544327"></a><a name="FORCEUNKNOWNACLUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>
2107
2162
If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or
2108
2163
representation of a user or group id) as the owner or group owner of the file will be silently
2109
2164
mapped into the current UNIX uid or gid of the currently connected user.
2117
2172
Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
2118
2173
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force unknown acl user</code></em> = <code class="literal">no</code>
2120
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542278"></a>
2175
</p></dd></dl></div></div><div class="section" title="force user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548864"></a>
2123
</h3></div></div></div><a class="indexterm" name="id2542279"></a><a name="FORCEUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX user name that will be
2178
</h3></div></div></div><a class="indexterm" name="id2548865"></a><a name="FORCEUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX user name that will be
2124
2179
assigned as the default user for all users connecting to this service.
2125
2180
This is useful for sharing files. You should also use it carefully
2126
2181
as using it incorrectly can cause security problems.</p><p>This user name only gets used once a connection is established.
2158
2213
was found in the system.</p><p>This parameter should specify the path to a script that
2159
2214
queries the quota information for the specified
2160
2215
user/group for the partition that
2161
the specified directory is on.</p><p>Such a script should take 3 arguments:</p><div class="itemizedlist"><ul type="disc"><li><p>directory</p></li><li><p>type of query</p></li><li><p>uid of user or gid of group</p></li></ul></div><p>The type of query can be one of :</p><div class="itemizedlist"><ul type="disc"><li><p>1 - user quotas</p></li><li><p>2 - user default quotas (uid = -1)</p></li><li><p>3 - group quotas</p></li><li><p>4 - group default quotas (gid = -1)</p></li></ul></div><p>This script should print one line as output with spaces between the arguments. The arguments are:
2162
</p><div class="itemizedlist"><ul type="disc"><li><p>Arg 1 - quota flags (0 = no quotas, 1 = quotas enabled, 2 = quotas enabled and enforced)</p></li><li><p>Arg 2 - number of currently used blocks</p></li><li><p>Arg 3 - the softlimit number of blocks</p></li><li><p>Arg 4 - the hardlimit number of blocks</p></li><li><p>Arg 5 - currently used number of inodes</p></li><li><p>Arg 6 - the softlimit number of inodes</p></li><li><p>Arg 7 - the hardlimit number of inodes</p></li><li><p>Arg 8(optional) - the number of bytes in a block(default is 1024)</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal"></code>
2216
the specified directory is on.</p><p>Such a script should take 3 arguments:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>directory</p></li><li class="listitem"><p>type of query</p></li><li class="listitem"><p>uid of user or gid of group</p></li></ul></div><p>The type of query can be one of :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>1 - user quotas</p></li><li class="listitem"><p>2 - user default quotas (uid = -1)</p></li><li class="listitem"><p>3 - group quotas</p></li><li class="listitem"><p>4 - group default quotas (gid = -1)</p></li></ul></div><p>This script should print one line as output with spaces between the arguments. The arguments are:
2217
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Arg 1 - quota flags (0 = no quotas, 1 = quotas enabled, 2 = quotas enabled and enforced)</p></li><li class="listitem"><p>Arg 2 - number of currently used blocks</p></li><li class="listitem"><p>Arg 3 - the softlimit number of blocks</p></li><li class="listitem"><p>Arg 4 - the hardlimit number of blocks</p></li><li class="listitem"><p>Arg 5 - currently used number of inodes</p></li><li class="listitem"><p>Arg 6 - the softlimit number of inodes</p></li><li class="listitem"><p>Arg 7 - the hardlimit number of inodes</p></li><li class="listitem"><p>Arg 8(optional) - the number of bytes in a block(default is 1024)</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal"></code>
2164
2219
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal">/usr/local/sbin/query_quota</code>
2166
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542623"></a>
2221
</p></dd></dl></div></div><div class="section" title="getwd cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549208"></a>
2168
2223
getwd cache (G)
2169
</h3></div></div></div><a class="indexterm" name="id2542624"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a
2224
</h3></div></div></div><a class="indexterm" name="id2549210"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a
2170
2225
caching algorithm will be used to reduce the time taken for getwd()
2171
2226
calls. This can have a significant impact on performance, especially
2172
2227
when the <a class="link" href="smb.conf.5.html#WIDESMBCONFOPTIONS" target="_top">wide smbconfoptions</a> parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = <code class="literal">yes</code>
2174
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542683"></a>
2229
</p></dd></dl></div></div><div class="section" title="guest account (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549269"></a>
2176
2231
guest account (G)
2177
</h3></div></div></div><a class="indexterm" name="id2542684"></a><a name="GUESTACCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a username which will be used for access
2232
</h3></div></div></div><a class="indexterm" name="id2549270"></a><a name="GUESTACCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a username which will be used for access
2178
2233
to services which are specified as <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a> (see below). Whatever privileges this
2179
2234
user has will be available to any client connecting to the guest service.
2180
2235
This user must exist in the password file, but does not require
2193
2248
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>guest account</code></em> = <code class="literal">ftp</code>
2195
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542791"></a>
2250
</p></dd></dl></div></div><div class="section" title="public"><div class="titlepage"><div><div><h3 class="title"><a name="id2549377"></a>
2197
2252
<a name="PUBLIC"></a>public
2198
</h3></div></div></div><a class="indexterm" name="id2542792"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542822"></a>
2253
</h3></div></div></div><a class="indexterm" name="id2549378"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" title="guest ok (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549408"></a>
2201
</h3></div></div></div><a class="indexterm" name="id2542823"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
2256
</h3></div></div></div><a class="indexterm" name="id2549409"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
2202
2257
a service, then no password is required to connect to the service.
2203
2258
Privileges will be those of the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p><p>This paramater nullifies the benifits of setting
2204
2259
<a class="link" href="smb.conf.5.html#RESTRICTANONYMOUS" target="_top">restrict anonymous = 2</a>
2205
2260
</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> for more information about this option.
2206
2261
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest ok</code></em> = <code class="literal">no</code>
2208
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542910"></a>
2263
</p></dd></dl></div></div><div class="section" title="only guest"><div class="titlepage"><div><div><h3 class="title"><a name="id2549496"></a>
2210
2265
<a name="ONLYGUEST"></a>only guest
2211
</h3></div></div></div><a class="indexterm" name="id2542911"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTONLY">guest only</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542943"></a>
2266
</h3></div></div></div><a class="indexterm" name="id2549497"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTONLY">guest only</a>.</p></dd></dl></div></div><div class="section" title="guest only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549529"></a>
2214
</h3></div></div></div><a class="indexterm" name="id2542944"></a><a name="GUESTONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
2269
</h3></div></div></div><a class="indexterm" name="id2549530"></a><a name="GUESTONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
2215
2270
a service, then only guest connections to the service are permitted.
2216
2271
This parameter will have no effect if <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a> is not set for the service.</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> for more information about this option.
2217
2272
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest only</code></em> = <code class="literal">no</code>
2219
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543016"></a>
2274
</p></dd></dl></div></div><div class="section" title="hide dot files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549601"></a>
2221
2276
hide dot files (S)
2222
</h3></div></div></div><a class="indexterm" name="id2543017"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether
2277
</h3></div></div></div><a class="indexterm" name="id2549602"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether
2223
2278
files starting with a dot appear as hidden files.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide dot files</code></em> = <code class="literal">yes</code>
2225
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543058"></a>
2280
</p></dd></dl></div></div><div class="section" title="hide files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549644"></a>
2228
</h3></div></div></div><a class="indexterm" name="id2543059"></a><a name="HIDEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of files or directories that are not
2283
</h3></div></div></div><a class="indexterm" name="id2549645"></a><a name="HIDEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of files or directories that are not
2229
2284
visible but are accessible. The DOS 'hidden' attribute is applied
2230
2285
to any files or directories that match.</p><p>Each entry in the list must be separated by a '/',
2231
2286
which allows spaces to be included in the entry. '*'
2247
2302
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide files</code></em> = <code class="literal">
2248
2303
# no file are hidden</code>
2250
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543147"></a>
2305
</p></dd></dl></div></div><div class="section" title="hide special files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549733"></a>
2252
2307
hide special files (S)
2253
</h3></div></div></div><a class="indexterm" name="id2543148"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
2308
</h3></div></div></div><a class="indexterm" name="id2549734"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
2254
2309
This parameter prevents clients from seeing special files such as sockets, devices and
2255
2310
fifo's in directory listings.
2256
2311
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide special files</code></em> = <code class="literal">no</code>
2258
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543190"></a>
2313
</p></dd></dl></div></div><div class="section" title="hide unreadable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549776"></a>
2260
2315
hide unreadable (S)
2261
</h3></div></div></div><a class="indexterm" name="id2543191"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the
2316
</h3></div></div></div><a class="indexterm" name="id2549777"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the
2262
2317
existance of files that cannot be read. Defaults to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unreadable</code></em> = <code class="literal">no</code>
2264
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543233"></a>
2319
</p></dd></dl></div></div><div class="section" title="hide unwriteable files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549818"></a>
2266
2321
hide unwriteable files (S)
2267
</h3></div></div></div><a class="indexterm" name="id2543234"></a><a name="HIDEUNWRITEABLEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
2322
</h3></div></div></div><a class="indexterm" name="id2549819"></a><a name="HIDEUNWRITEABLEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
2268
2323
This parameter prevents clients from seeing the existance of files that cannot be written to.
2269
2324
Defaults to off. Note that unwriteable directories are shown as usual.
2270
2325
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unwriteable files</code></em> = <code class="literal">no</code>
2272
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543277"></a>
2327
</p></dd></dl></div></div><div class="section" title="homedir map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549863"></a>
2274
2329
homedir map (G)
2275
</h3></div></div></div><a class="indexterm" name="id2543278"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
2330
</h3></div></div></div><a class="indexterm" name="id2549864"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
2276
2331
If <a class="link" href="smb.conf.5.html#NISHOMEDIR" target="_top">nis homedir</a> is <code class="constant">yes</code>, and <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting as a Win95/98 <em class="parameter"><code>logon server</code></em>
2277
2332
then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted.
2278
2333
At present, only the Sun auto.home map format is understood. The form of the map is:
2282
2337
and the program will extract the servername from before the first ':'. There should probably be a better parsing system
2283
2338
that copes with different map formats and also Amd (another automounter) maps.
2284
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
2339
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
2285
2340
A working NIS client is required on the system for this option to work.
2286
2341
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>homedir map</code></em> = <code class="literal"></code>
2288
2343
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>homedir map</code></em> = <code class="literal">amd.homedir</code>
2290
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543390"></a>
2345
</p></dd></dl></div></div><div class="section" title="host msdfs (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549976"></a>
2293
</h3></div></div></div><a class="indexterm" name="id2543391"></a><a name="HOSTMSDFS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2348
</h3></div></div></div><a class="indexterm" name="id2549977"></a><a name="HOSTMSDFS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2294
2349
If set to <code class="constant">yes</code>, Samba will act as a Dfs server, and allow Dfs-aware clients to browse
2295
2350
Dfs trees hosted on the server.
2298
2353
setting up a Dfs tree on Samba, refer to the MSFDS chapter in the book Samba3-HOWTO.
2299
2354
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>host msdfs</code></em> = <code class="literal">yes</code>
2301
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543454"></a>
2356
</p></dd></dl></div></div><div class="section" title="hostname lookups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550040"></a>
2303
2358
hostname lookups (G)
2304
</h3></div></div></div><a class="indexterm" name="id2543455"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive)
2359
</h3></div></div></div><a class="indexterm" name="id2550041"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive)
2305
2360
hostname lookups or use the ip addresses instead. An example place
2306
2361
where hostname lookups are currently used is when checking
2307
2362
the <code class="literal">hosts deny</code> and <code class="literal">hosts allow</code>.
2310
2365
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hostname lookups</code></em> = <code class="literal">yes</code>
2312
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543528"></a>
2367
</p></dd></dl></div></div><div class="section" title="allow hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id2550114"></a>
2314
2369
<a name="ALLOWHOSTS"></a>allow hosts
2315
</h3></div></div></div><a class="indexterm" name="id2543529"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSALLOW">hosts allow</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543560"></a>
2370
</h3></div></div></div><a class="indexterm" name="id2550115"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSALLOW">hosts allow</a>.</p></dd></dl></div></div><div class="section" title="hosts allow (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550146"></a>
2317
2372
hosts allow (S)
2318
</h3></div></div></div><a class="indexterm" name="id2543561"></a><a name="HOSTSALLOW"></a><div class="variablelist"><dl><dt></dt><dd><p>A synonym for this parameter is <a class="link" href="smb.conf.5.html#ALLOWHOSTS" target="_top">allow hosts</a>.</p><p>This parameter is a comma, space, or tab delimited
2373
</h3></div></div></div><a class="indexterm" name="id2550147"></a><a name="HOSTSALLOW"></a><div class="variablelist"><dl><dt></dt><dd><p>A synonym for this parameter is <a class="link" href="smb.conf.5.html#ALLOWHOSTS" target="_top">allow hosts</a>.</p><p>This parameter is a comma, space, or tab delimited
2319
2374
set of hosts which are permitted to access a service.</p><p>If specified in the [global] section then it will
2320
2375
apply to all services, regardless of whether the individual
2321
2376
service has a different setting.</p><p>You can specify the hosts by name or IP number. For
2329
2384
by netgroup names if your system supports netgroups. The
2330
2385
<span class="emphasis"><em>EXCEPT</em></span> keyword can also be used to limit a
2331
2386
wildcard list. The following examples may provide some help:</p><p>Example 1: allow all IPs in 150.203.*.*; except one</p><p><code class="literal">hosts allow = 150.203. EXCEPT 150.203.6.66</code></p><p>Example 2: allow hosts that match the given network/netmask</p><p><code class="literal">hosts allow = 150.203.15.0/255.255.255.0</code></p><p>Example 3: allow a couple of hosts</p><p><code class="literal">hosts allow = lapland, arvidsjaur</code></p><p>Example 4: allow only hosts in NIS netgroup "foonet", but
2332
deny access from one particular host</p><p><code class="literal">hosts allow = @foonet</code></p><p><code class="literal">hosts deny = pirate</code></p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Note that access still requires suitable user-level passwords.</p></div><p>See <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> for a way of testing your host access
2387
deny access from one particular host</p><p><code class="literal">hosts allow = @foonet</code></p><p><code class="literal">hosts deny = pirate</code></p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Note that access still requires suitable user-level passwords.</p></div><p>See <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> for a way of testing your host access
2333
2388
to see if it does what you expect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hosts allow</code></em> = <code class="literal">
2334
2389
# none (i.e., all hosts permitted access)</code>
2336
2391
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts allow</code></em> = <code class="literal">150.203.5. myhost.mynet.edu.au</code>
2338
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543762"></a>
2393
</p></dd></dl></div></div><div class="section" title="deny hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id2550348"></a>
2340
2395
<a name="DENYHOSTS"></a>deny hosts
2341
</h3></div></div></div><a class="indexterm" name="id2543763"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543794"></a>
2396
</h3></div></div></div><a class="indexterm" name="id2550349"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" title="hosts deny (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550379"></a>
2344
</h3></div></div></div><a class="indexterm" name="id2543795"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em>
2399
</h3></div></div></div><a class="indexterm" name="id2550380"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em>
2345
2400
- hosts listed here are <span class="emphasis"><em>NOT</em></span> permitted access to
2346
2401
services unless the specific services have their own lists to override
2347
2402
this one. Where the lists conflict, the <em class="parameter"><code>allow</code></em>
2375
2430
Also refer to the <a class="link" href="smb.conf.5.html#IDMAPALLOCCONFIG" target="_top">idmap alloc config</a> option.
2376
2431
</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap alloc backend</code></em> = <code class="literal">tdb</code>
2378
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544001"></a>
2433
</p></dd></dl></div></div><div class="section" title="idmap alloc config (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550587"></a>
2380
2435
idmap alloc config (G)
2381
</h3></div></div></div><a class="indexterm" name="id2544002"></a><a name="IDMAPALLOCCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
2436
</h3></div></div></div><a class="indexterm" name="id2550588"></a><a name="IDMAPALLOCCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
2382
2437
The idmap alloc config prefix provides a means of managing settings
2383
2438
for the backend defined by the <a class="link" href="smb.conf.5.html#IDMAPALLOCBACKEND" target="_top">idmap alloc backend</a>
2384
2439
parameter. Refer to the man page for each idmap plugin regarding
2385
2440
specific configuration details.
2386
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544045"></a>
2441
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="idmap backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550631"></a>
2388
2443
idmap backend (G)
2389
</h3></div></div></div><a class="indexterm" name="id2544046"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
2444
</h3></div></div></div><a class="indexterm" name="id2550632"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
2390
2445
The idmap backend provides a plugin interface for Winbind to use
2391
2446
varying backends to store SID/uid/gid mapping tables.
2407
2462
and ad (<a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a>).
2408
2463
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> = <code class="literal">tdb</code>
2410
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544217"></a>
2465
</p></dd></dl></div></div><div class="section" title="idmap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550803"></a>
2412
2467
idmap cache time (G)
2413
</h3></div></div></div><a class="indexterm" name="id2544218"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2468
</h3></div></div></div><a class="indexterm" name="id2550804"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2414
2469
idmap interface will cache positive SID/uid/gid query results.
2415
2470
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap cache time</code></em> = <code class="literal">604800 (one week)</code>
2417
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544261"></a>
2472
</p></dd></dl></div></div><div class="section" title="idmap config (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550847"></a>
2419
2474
idmap config (G)
2420
</h3></div></div></div><a class="indexterm" name="id2544262"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
2475
</h3></div></div></div><a class="indexterm" name="id2550848"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
2421
2476
The idmap config prefix provides a means of managing each trusted
2422
2477
domain separately. The idmap config prefix should be followed by the
2423
2478
name of the domain, a colon, and a setting specific to the chosen
2450
2505
idmap config CORP : backend = ad
2451
2506
idmap config CORP : range = 1000-999999
2452
</pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544394"></a>
2507
</pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="winbind gid"><div class="titlepage"><div><div><h3 class="title"><a name="id2550980"></a>
2454
2509
<a name="WINBINDGID"></a>winbind gid
2455
</h3></div></div></div><a class="indexterm" name="id2544395"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544426"></a>
2510
</h3></div></div></div><a class="indexterm" name="id2550981"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" title="idmap gid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551012"></a>
2458
</h3></div></div></div><a class="indexterm" name="id2544427"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>The idmap gid parameter specifies the range of group ids
2513
</h3></div></div></div><a class="indexterm" name="id2551013"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>The idmap gid parameter specifies the range of group ids
2459
2514
that are allocated for the purpose of mapping UNX groups to NT group
2460
2515
SIDs. This range of group ids should have no
2461
2516
existing local or NIS groups within it as strange conflicts can
2466
2521
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal">10000-20000</code>
2468
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544512"></a>
2523
</p></dd></dl></div></div><div class="section" title="idmap negative cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551098"></a>
2470
2525
idmap negative cache time (G)
2471
</h3></div></div></div><a class="indexterm" name="id2544513"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2526
</h3></div></div></div><a class="indexterm" name="id2551099"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
2472
2527
idmap interface will cache negative SID/uid/gid query results.
2473
2528
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap negative cache time</code></em> = <code class="literal">120</code>
2475
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544557"></a>
2530
</p></dd></dl></div></div><div class="section" title="winbind uid"><div class="titlepage"><div><div><h3 class="title"><a name="id2551142"></a>
2477
2532
<a name="WINBINDUID"></a>winbind uid
2478
</h3></div></div></div><a class="indexterm" name="id2544558"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPUID">idmap uid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544588"></a>
2533
</h3></div></div></div><a class="indexterm" name="id2551143"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPUID">idmap uid</a>.</p></dd></dl></div></div><div class="section" title="idmap uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551173"></a>
2481
</h3></div></div></div><a class="indexterm" name="id2544589"></a><a name="IDMAPUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
2536
</h3></div></div></div><a class="indexterm" name="id2551174"></a><a name="IDMAPUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
2482
2537
The idmap uid parameter specifies the range of user ids that are
2483
2538
allocated for use in mapping UNIX users to NT user SIDs. This
2484
2539
range of ids should have no existing local
2520
2575
default directory acls are propagated.
2521
2576
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit acls</code></em> = <code class="literal">no</code>
2523
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544822"></a>
2578
</p></dd></dl></div></div><div class="section" title="inherit owner (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551407"></a>
2525
2580
inherit owner (S)
2526
</h3></div></div></div><a class="indexterm" name="id2544823"></a><a name="INHERITOWNER"></a><div class="variablelist"><dl><dt></dt><dd><p>The ownership of new files and directories
2581
</h3></div></div></div><a class="indexterm" name="id2551408"></a><a name="INHERITOWNER"></a><div class="variablelist"><dl><dt></dt><dd><p>The ownership of new files and directories
2527
2582
is normally governed by effective uid of the connected user.
2528
2583
This option allows the Samba administrator to specify that
2529
2584
the ownership for new files and directories should be controlled
2532
2587
delete them and to ensure that newly create files in a user's
2533
2588
roaming profile directory are actually owner by the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit owner</code></em> = <code class="literal">no</code>
2535
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544875"></a>
2590
</p></dd></dl></div></div><div class="section" title="inherit permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551461"></a>
2537
2592
inherit permissions (S)
2538
</h3></div></div></div><a class="indexterm" name="id2544876"></a><a name="INHERITPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2593
</h3></div></div></div><a class="indexterm" name="id2551462"></a><a name="INHERITPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2539
2594
The permissions on new files and directories are normally governed by <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a>,
2540
2595
<a class="link" href="smb.conf.5.html#DIRECTORYMASK" target="_top">directory mask</a>, <a class="link" href="smb.conf.5.html#FORCECREATEMODE" target="_top">force create mode</a> and <a class="link" href="smb.conf.5.html#FORCEDIRECTORYMODE" target="_top">force directory mode</a> but the boolean inherit permissions parameter overrides this.
2541
2596
</p><p>New directories inherit the mode of the parent directory,
2547
2602
many users, perhaps several thousand, to allow a single [homes]
2548
2603
share to be used flexibly by each user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit permissions</code></em> = <code class="literal">no</code>
2550
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545024"></a>
2605
</p></dd></dl></div></div><div class="section" title="init logon delayed hosts (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551610"></a>
2552
2607
init logon delayed hosts (G)
2553
</h3></div></div></div><a class="indexterm" name="id2545025"></a><a name="INITLOGONDELAYEDHOSTS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2608
</h3></div></div></div><a class="indexterm" name="id2551611"></a><a name="INITLOGONDELAYEDHOSTS"></a><div class="variablelist"><dl><dt></dt><dd><p>
2554
2609
This parameter takes a list of host names, addresses or networks for
2555
2610
which the initial samlogon reply should be delayed (so other DCs get
2556
2611
preferred by XP workstations if there are any).
2562
2617
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>init logon delayed hosts</code></em> = <code class="literal">150.203.5. myhost.mynet.de</code>
2564
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545102"></a>
2619
</p></dd></dl></div></div><div class="section" title="init logon delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551688"></a>
2566
2621
init logon delay (G)
2567
</h3></div></div></div><a class="indexterm" name="id2545103"></a><a name="INITLOGONDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>
2622
</h3></div></div></div><a class="indexterm" name="id2551689"></a><a name="INITLOGONDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>
2568
2623
This parameter specifies a delay in milliseconds for the hosts configured
2569
2624
for delayed initial samlogon with
2570
2625
<a class="link" href="smb.conf.5.html#INITLOGONDELAYEDHOSTS" target="_top">init logon delayed hosts</a>.
2571
2626
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>init logon delay</code></em> = <code class="literal">100</code>
2573
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545156"></a>
2628
</p></dd></dl></div></div><div class="section" title="interfaces (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551742"></a>
2576
</h3></div></div></div><a class="indexterm" name="id2545157"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default
2631
</h3></div></div></div><a class="indexterm" name="id2551743"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default
2577
2632
network interfaces list that Samba will use for browsing, name
2578
2633
registration and other NetBIOS over TCP/IP (NBT) traffic. By default Samba will query
2579
2634
the kernel for the list of all active interfaces and use any
2580
2635
interfaces except 127.0.0.1 that are broadcast capable.</p><p>The option takes a list of interface strings. Each string
2581
can be in any of the following forms:</p><div class="itemizedlist"><ul type="disc"><li><p>a network interface name (such as eth0).
2636
can be in any of the following forms:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>a network interface name (such as eth0).
2582
2637
This may include shell-like wildcards so eth* will match
2583
any interface starting with the substring "eth"</p></li><li><p>an IP address. In this case the netmask is
2638
any interface starting with the substring "eth"</p></li><li class="listitem"><p>an IP address. In this case the netmask is
2584
2639
determined from the list of interfaces obtained from the
2585
kernel</p></li><li><p>an IP/mask pair. </p></li><li><p>a broadcast/mask pair.</p></li></ul></div><p>The "mask" parameters can either be a bit length (such
2640
kernel</p></li><li class="listitem"><p>an IP/mask pair. </p></li><li class="listitem"><p>a broadcast/mask pair.</p></li></ul></div><p>The "mask" parameters can either be a bit length (such
2586
2641
as 24 for a C class network) or a full netmask in dotted
2587
2642
decimal form.</p><p>The "IP" parameters above can either be a full dotted
2588
2643
decimal IP address or a hostname which will be looked up via
2633
2688
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>iprint server</code></em> = <code class="literal">MYCUPSSERVER</code>
2635
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545474"></a>
2690
</p></dd></dl></div></div><div class="section" title="keepalive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552060"></a>
2638
</h3></div></div></div><a class="indexterm" name="id2545475"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents
2693
</h3></div></div></div><a class="indexterm" name="id2552061"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents
2639
2694
the number of seconds between <em class="parameter"><code>keepalive</code></em>
2640
2695
packets. If this parameter is zero, no keepalive packets will be
2641
2696
sent. Keepalive packets, if sent, allow the server to tell whether
2646
2701
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>keepalive</code></em> = <code class="literal">600</code>
2648
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545562"></a>
2703
</p></dd></dl></div></div><div class="section" title="kerberos method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552147"></a>
2650
2705
kerberos method (G)
2651
</h3></div></div></div><a class="indexterm" name="id2545563"></a><a name="KERBEROSMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p>
2706
</h3></div></div></div><a class="indexterm" name="id2552148"></a><a name="KERBEROSMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p>
2652
2707
Controls how kerberos tickets are verified.
2653
</p><p>Valid options are:</p><div class="itemizedlist"><ul type="disc"><li><p>secrets only - use only the secrets.tdb for
2654
ticket verification (default)</p></li><li><p>system keytab - use only the system keytab
2655
for ticket verification</p></li><li><p>dedicated keytab - use a dedicated keytab
2656
for ticket verification</p></li><li><p>secrets and keytab - use the secrets.tdb
2708
</p><p>Valid options are:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>secrets only - use only the secrets.tdb for
2709
ticket verification (default)</p></li><li class="listitem"><p>system keytab - use only the system keytab
2710
for ticket verification</p></li><li class="listitem"><p>dedicated keytab - use a dedicated keytab
2711
for ticket verification</p></li><li class="listitem"><p>secrets and keytab - use the secrets.tdb
2657
2712
first, then the system keytab</p></li></ul></div><p>
2658
2713
The major difference between "system keytab" and "dedicated
2659
2714
keytab" is that the latter method relies on kerberos to find the
2665
2720
specify the location of the keytab file.
2666
2721
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kerberos method</code></em> = <code class="literal">secrets only</code>
2668
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545658"></a>
2723
</p></dd></dl></div></div><div class="section" title="kernel change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552243"></a>
2670
2725
kernel change notify (S)
2671
</h3></div></div></div><a class="indexterm" name="id2545659"></a><a name="KERNELCHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should ask the
2726
</h3></div></div></div><a class="indexterm" name="id2552244"></a><a name="KERNELCHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should ask the
2672
2727
kernel for change notifications in directories so that
2673
2728
SMB clients can refresh whenever the data on the server changes.
2674
2729
</p><p>This parameter is only used when your kernel supports
2675
2730
change notification to user programs using the inotify interface.
2676
2731
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel change notify</code></em> = <code class="literal">yes</code>
2678
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545708"></a>
2733
</p></dd></dl></div></div><div class="section" title="kernel oplocks (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552293"></a>
2680
2735
kernel oplocks (G)
2681
</h3></div></div></div><a class="indexterm" name="id2545709"></a><a name="KERNELOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>For UNIXes that support kernel based <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
2736
</h3></div></div></div><a class="indexterm" name="id2552294"></a><a name="KERNELOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>For UNIXes that support kernel based <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
2682
2737
(currently only IRIX and the Linux 2.4 kernel), this parameter
2683
2738
allows the use of them to be turned on or off.</p><p>Kernel oplocks support allows Samba <em class="parameter"><code>oplocks
2684
2739
</code></em> to be broken whenever a local UNIX process or NFS operation
2688
2743
to a no-op on systems that no not have the necessary kernel support.
2689
2744
You should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel oplocks</code></em> = <code class="literal">yes</code>
2691
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545796"></a>
2746
</p></dd></dl></div></div><div class="section" title="lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552382"></a>
2693
2748
lanman auth (G)
2694
</h3></div></div></div><a class="indexterm" name="id2545798"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
2749
</h3></div></div></div><a class="indexterm" name="id2552383"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
2695
2750
authenticate users or permit password changes
2696
2751
using the LANMAN password hash. If disabled, only clients which support NT
2697
2752
password hashes (e.g. Windows NT/2000 clients, smbclient, but not
2708
2763
permited. Not all clients support NTLMv2, and most will require
2709
2764
special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lanman auth</code></em> = <code class="literal">no</code>
2711
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545889"></a>
2766
</p></dd></dl></div></div><div class="section" title="large readwrite (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552474"></a>
2713
2768
large readwrite (G)
2714
</h3></div></div></div><a class="indexterm" name="id2545890"></a><a name="LARGEREADWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not
2769
</h3></div></div></div><a class="indexterm" name="id2552475"></a><a name="LARGEREADWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not
2715
2770
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> supports the new 64k
2716
2771
streaming read and write varient SMB requests introduced with
2717
2772
Windows 2000. Note that due to Windows 2000 client redirector bugs
2720
2775
performance by 10% with Windows 2000 clients. Defaults to on. Not as
2721
2776
tested as some other Samba code paths.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>large readwrite</code></em> = <code class="literal">yes</code>
2723
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545952"></a>
2778
</p></dd></dl></div></div><div class="section" title="ldap admin dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552531"></a>
2725
2780
ldap admin dn (G)
2726
</h3></div></div></div><a class="indexterm" name="id2545953"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>
2781
</h3></div></div></div><a class="indexterm" name="id2552532"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>
2727
2782
The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> defines the Distinguished Name (DN) name used by Samba to contact
2728
2783
the ldap server when retreiving user account information. The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> is used
2729
2784
in conjunction with the admin dn password stored in the <code class="filename">private/secrets.tdb</code>
2731
2786
man page for more information on how to accomplish this.
2733
2788
The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> requires a fully specified DN. The <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> is not appended to the <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a>.
2734
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546062"></a>
2789
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="ldap connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552640"></a>
2736
2791
ldap connection timeout (G)
2737
</h3></div></div></div><a class="indexterm" name="id2546063"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
2792
</h3></div></div></div><a class="indexterm" name="id2552641"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
2738
2793
This parameter tells the LDAP library calls which timeout in seconds
2739
2794
they should honor during initial connection establishments to LDAP servers.
2740
2795
It is very useful in failover scenarios in particular. If one or more LDAP
2746
2801
and not establishing an initial connection.
2747
2802
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap connection timeout</code></em> = <code class="literal">2</code>
2749
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546127"></a>
2804
</p></dd></dl></div></div><div class="section" title="ldap debug level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552705"></a>
2751
2806
ldap debug level (G)
2752
</h3></div></div></div><a class="indexterm" name="id2546128"></a><a name="LDAPDEBUGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
2807
</h3></div></div></div><a class="indexterm" name="id2552706"></a><a name="LDAPDEBUGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
2753
2808
This parameter controls the debug level of the LDAP library
2754
2809
calls. In the case of OpenLDAP, it is the same
2755
2810
bit-field as understood by the server and documented in the
2779
2834
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug threshold</code></em> = <code class="literal">5</code>
2781
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546282"></a>
2836
</p></dd></dl></div></div><div class="section" title="ldap delete dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552861"></a>
2783
2838
ldap delete dn (G)
2784
</h3></div></div></div><a class="indexterm" name="id2546283"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete
2839
</h3></div></div></div><a class="indexterm" name="id2552862"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete
2785
2840
operation in the ldapsam deletes the complete entry or only the attributes
2786
2841
specific to Samba.
2787
2842
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap delete dn</code></em> = <code class="literal">no</code>
2789
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546326"></a>
2844
</p></dd></dl></div></div><div class="section" title="ldap group suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552905"></a>
2791
2846
ldap group suffix (G)
2792
</h3></div></div></div><a class="indexterm" name="id2546327"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is
2847
</h3></div></div></div><a class="indexterm" name="id2552906"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is
2793
2848
used for groups when these are added to the LDAP directory.
2794
2849
If this parameter is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix string is pre-pended to the
2795
2850
<a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = <code class="literal"></code>
2797
2852
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = <code class="literal">ou=Groups</code>
2799
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546410"></a>
2854
</p></dd></dl></div></div><div class="section" title="ldap idmap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552988"></a>
2801
2856
ldap idmap suffix (G)
2802
</h3></div></div></div><a class="indexterm" name="id2546411"></a><a name="LDAPIDMAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2857
</h3></div></div></div><a class="indexterm" name="id2552990"></a><a name="LDAPIDMAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2803
2858
This parameters specifies the suffix that is used when storing idmap mappings. If this parameter
2804
2859
is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix
2805
2860
string is pre-pended to the <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.
2819
2874
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap machine suffix</code></em> = <code class="literal">ou=Computers</code>
2821
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546574"></a>
2876
</p></dd></dl></div></div><div class="section" title="ldap page size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553153"></a>
2879
</h3></div></div></div><a class="indexterm" name="id2553154"></a><a name="LDAPPAGESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
2880
This parameter specifies the number of entries per page.
2881
</p><p>If the LDAP server supports paged results, clients can
2882
request subsets of search results (pages) instead of the entire list.
2883
This parameter specifies the size of these pages.
2884
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap page size</code></em> = <code class="literal">1024</code>
2886
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap page size</code></em> = <code class="literal">512</code>
2888
</p></dd></dl></div></div><div class="section" title="ldap passwd sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553220"></a>
2823
2890
ldap passwd sync (G)
2824
</h3></div></div></div><a class="indexterm" name="id2546575"></a><a name="LDAPPASSWDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
2891
</h3></div></div></div><a class="indexterm" name="id2553221"></a><a name="LDAPPASSWDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
2825
2892
This option is used to define whether or not Samba should sync the LDAP password with the NT
2826
2893
and LM hashes for normal accounts (NOT for workstation, server or domain trusts) on a password
2827
2894
change via SAMBA.
2829
2896
The <a class="link" href="smb.conf.5.html#LDAPPASSWDSYNC" target="_top">ldap passwd sync</a> can be set to one of three values:
2830
</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Yes</code></em> = Try
2831
to update the LDAP, NT and LM passwords and update the pwdLastSet time.</p></li><li><p><em class="parameter"><code>No</code></em> = Update NT and
2832
LM passwords and update the pwdLastSet time.</p></li><li><p><em class="parameter"><code>Only</code></em> = Only update
2897
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>Yes</code></em> = Try
2898
to update the LDAP, NT and LM passwords and update the pwdLastSet time.</p></li><li class="listitem"><p><em class="parameter"><code>No</code></em> = Update NT and
2899
LM passwords and update the pwdLastSet time.</p></li><li class="listitem"><p><em class="parameter"><code>Only</code></em> = Only update
2833
2900
the LDAP password and let the LDAP server do the rest.</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap passwd sync</code></em> = <code class="literal">no</code>
2835
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546676"></a>
2902
</p></dd></dl></div></div><div class="section" title="ldap replication sleep (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553321"></a>
2837
2904
ldap replication sleep (G)
2838
</h3></div></div></div><a class="indexterm" name="id2546677"></a><a name="LDAPREPLICATIONSLEEP"></a><div class="variablelist"><dl><dt></dt><dd><p>
2905
</h3></div></div></div><a class="indexterm" name="id2553322"></a><a name="LDAPREPLICATIONSLEEP"></a><div class="variablelist"><dl><dt></dt><dd><p>
2839
2906
When Samba is asked to write to a read-only LDAP replica, we are redirected to talk to the read-write master server.
2840
2907
This server then replicates our changes back to the 'local' server, however the replication might take some seconds,
2841
2908
especially over slow links. Certain client activities, particularly domain joins, can become confused by the 'success'
2848
2915
The value is specified in milliseconds, the maximum value is 5000 (5 seconds).
2849
2916
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap replication sleep</code></em> = <code class="literal">1000</code>
2851
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546739"></a>
2918
</p></dd></dl></div></div><div class="section" title="ldapsam:editposix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553385"></a>
2853
2920
ldapsam:editposix (G)
2854
</h3></div></div></div><a class="indexterm" name="id2546740"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2921
</h3></div></div></div><a class="indexterm" name="id2553386"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
2855
2922
Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller
2856
2923
eliminating the need to set up custom scripts to add and manage the posix users and groups. This option
2857
2924
will instead directly manipulate the ldap tree to create, remove and modify user and group entries.
2963
3030
for more information on <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a>.
2964
3031
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl ads</code></em> = <code class="literal">no</code>
2966
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547040"></a>
3033
</p></dd></dl></div></div><div class="section" title="ldap ssl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553685"></a>
2969
</h3></div></div></div><a class="indexterm" name="id2547041"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
3036
</h3></div></div></div><a class="indexterm" name="id2553686"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
2970
3037
use SSL when connecting to the ldap server
2971
3038
This is <span class="emphasis"><em>NOT</em></span> related to
2972
3039
Samba's previous SSL support which was enabled by specifying the
2977
3044
<em class="parameter"><code>Start_tls</code></em>
2978
3045
<span class="emphasis"><em>or</em></span> by specifying <em class="parameter"><code>ldaps://</code></em> in
2979
3046
the URL argument of <a class="link" href="smb.conf.5.html#PASSDBBACKEND" target="_top">passdb backend</a>.</p><p>The <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a> can be set to one of
2980
two values:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Off</code></em> = Never
2981
use SSL when querying the directory.</p></li><li><p><em class="parameter"><code>start tls</code></em> = Use
3047
two values:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>Off</code></em> = Never
3048
use SSL when querying the directory.</p></li><li class="listitem"><p><em class="parameter"><code>start tls</code></em> = Use
2982
3049
the LDAPv3 StartTLS extended operation (RFC2830) for
2983
3050
communicating with the directory server.</p></li></ul></div><p>
2984
3051
Please note that this parameter does only affect <span class="emphasis"><em>rpc</em></span>
2991
3058
for more information on <a class="link" href="smb.conf.5.html#LDAPSSLADS" target="_top">ldap ssl ads</a>.
2992
3059
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = <code class="literal">start tls</code>
2994
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547233"></a>
3061
</p></dd></dl></div></div><div class="section" title="ldap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553878"></a>
2996
3063
ldap suffix (G)
2997
</h3></div></div></div><a class="indexterm" name="id2547234"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
3064
</h3></div></div></div><a class="indexterm" name="id2553879"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
2998
3065
The ldap suffix will be appended to the values specified for the <a class="link" href="smb.conf.5.html#LDAPUSERSUFFIX" target="_top">ldap user suffix</a>,
2999
3066
<a class="link" href="smb.conf.5.html#LDAPGROUPSUFFIX" target="_top">ldap group suffix</a>, <a class="link" href="smb.conf.5.html#LDAPMACHINESUFFIX" target="_top">ldap machine suffix</a>, and the
3000
3067
<a class="link" href="smb.conf.5.html#LDAPIDMAPSUFFIX" target="_top">ldap idmap suffix</a>. Each of these should be given only a DN relative to the
3004
3071
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap suffix</code></em> = <code class="literal">dc=samba,dc=org</code>
3006
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547355"></a>
3073
</p></dd></dl></div></div><div class="section" title="ldap timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554001"></a>
3008
3075
ldap timeout (G)
3009
</h3></div></div></div><a class="indexterm" name="id2547356"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3076
</h3></div></div></div><a class="indexterm" name="id2554002"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3010
3077
This parameter defines the number of seconds that Samba should use as timeout for LDAP operations.
3011
3078
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap timeout</code></em> = <code class="literal">15</code>
3013
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547398"></a>
3080
</p></dd></dl></div></div><div class="section" title="ldap user suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554043"></a>
3015
3082
ldap user suffix (G)
3016
</h3></div></div></div><a class="indexterm" name="id2547399"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
3083
</h3></div></div></div><a class="indexterm" name="id2554044"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
3017
3084
This parameter specifies where users are added to the tree. If this parameter is unset,
3018
3085
the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix
3019
3086
string is pre-pended to the <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.
3044
3111
parameter must be set to <code class="constant">yes</code> on this share in order for
3045
3112
this parameter to have any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>level2 oplocks</code></em> = <code class="literal">yes</code>
3047
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547586"></a>
3114
</p></dd></dl></div></div><div class="section" title="lm announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554232"></a>
3049
3116
lm announce (G)
3050
</h3></div></div></div><a class="indexterm" name="id2547588"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce
3117
</h3></div></div></div><a class="indexterm" name="id2554233"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce
3051
3118
broadcasts that are needed by OS/2 clients in order for them to see
3052
3119
the Samba server in their browse list. This parameter can have three
3053
3120
values, <code class="constant">yes</code>, <code class="constant">no</code>, or
3077
3144
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm interval</code></em> = <code class="literal">120</code>
3079
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547793"></a>
3146
</p></dd></dl></div></div><div class="section" title="load printers (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554438"></a>
3081
3148
load printers (G)
3082
</h3></div></div></div><a class="indexterm" name="id2547794"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all
3149
</h3></div></div></div><a class="indexterm" name="id2554439"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all
3083
3150
printers in the printcap will be loaded for browsing by default.
3084
3151
See the <a class="link" href="smb.conf.5.html#PRINTERS" target="_top">printers</a> section for
3085
3152
more details.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>load printers</code></em> = <code class="literal">yes</code>
3087
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547849"></a>
3154
</p></dd></dl></div></div><div class="section" title="local master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554494"></a>
3089
3156
local master (G)
3090
</h3></div></div></div><a class="indexterm" name="id2547850"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser
3157
</h3></div></div></div><a class="indexterm" name="id2554495"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser
3091
3158
on a subnet. If set to <code class="constant">no</code> then <code class="literal">
3092
3159
nmbd</code> will not attempt to become a local master browser
3093
3160
on a subnet and will also lose in all browsing elections. By
3097
3164
will <span class="emphasis"><em>participate</em></span> in elections for local master browser.</p><p>Setting this value to <code class="constant">no</code> will cause <code class="literal">nmbd</code> <span class="emphasis"><em>never</em></span> to become a local
3098
3165
master browser.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>local master</code></em> = <code class="literal">yes</code>
3100
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547949"></a>
3167
</p></dd></dl></div></div><div class="section" title="lock dir"><div class="titlepage"><div><div><h3 class="title"><a name="id2554594"></a>
3102
3169
<a name="LOCKDIR"></a>lock dir
3103
</h3></div></div></div><a class="indexterm" name="id2547950"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547981"></a>
3170
</h3></div></div></div><a class="indexterm" name="id2554595"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" title="lock directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554626"></a>
3105
3172
lock directory (G)
3106
</h3></div></div></div><a class="indexterm" name="id2547982"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock
3173
</h3></div></div></div><a class="indexterm" name="id2554627"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock
3107
3174
files will be placed. The lock files are used to implement the
3108
3175
<a class="link" href="smb.conf.5.html#MAXCONNECTIONS" target="_top">max connections</a> option.
3126
3193
CDROM drives), although setting this parameter of <code class="constant">no</code>
3127
3194
is not really recommended even in this case.</p><p>Be careful about disabling locking either globally or in a
3128
3195
specific service, as lack of locking may result in data corruption.
3129
You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548135"></a>
3196
You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="lock spin count (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554780"></a>
3131
3198
lock spin count (G)
3132
</h3></div></div></div><a class="indexterm" name="id2548136"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
3199
</h3></div></div></div><a class="indexterm" name="id2554781"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
3133
3200
The functionality it contolled is now controlled by the parameter
3134
3201
<a class="link" href="smb.conf.5.html#LOCKSPINTIME" target="_top">lock spin time</a>.
3135
3202
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin count</code></em> = <code class="literal">0</code>
3137
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548191"></a>
3204
</p></dd></dl></div></div><div class="section" title="lock spin time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554836"></a>
3139
3206
lock spin time (G)
3140
</h3></div></div></div><a class="indexterm" name="id2548192"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in microseconds that smbd should
3207
</h3></div></div></div><a class="indexterm" name="id2554837"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in microseconds that smbd should
3141
3208
keep waiting to see if a failed lock request can
3142
3209
be granted. This parameter has changed in default
3143
3210
value from Samba 3.0.23 from 10 to 200. The associated
3145
3212
no longer used in Samba 3.0.24. You should not need
3146
3213
to change the value of this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin time</code></em> = <code class="literal">200</code>
3148
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548249"></a>
3215
</p></dd></dl></div></div><div class="section" title="log file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554894"></a>
3151
</h3></div></div></div><a class="indexterm" name="id2548250"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3218
</h3></div></div></div><a class="indexterm" name="id2554895"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3152
3219
This option allows you to override the name of the Samba log file (also known as the debug file).
3154
3221
This option takes the standard substitutions, allowing you to have separate log files for each user or machine.
3155
3222
</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log file</code></em> = <code class="literal">/usr/local/samba/var/log.%m</code>
3157
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548301"></a>
3224
</p></dd></dl></div></div><div class="section" title="debuglevel"><div class="titlepage"><div><div><h3 class="title"><a name="id2554947"></a>
3159
3226
<a name="DEBUGLEVEL"></a>debuglevel
3160
</h3></div></div></div><a class="indexterm" name="id2548302"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548332"></a>
3227
</h3></div></div></div><a class="indexterm" name="id2554948"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" title="log level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554978"></a>
3163
</h3></div></div></div><a class="indexterm" name="id2548334"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
3230
</h3></div></div></div><a class="indexterm" name="id2554979"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
3164
3231
The value of the parameter (a astring) allows the debug level (logging level) to be specified in the
3165
3232
<code class="filename">smb.conf</code> file.
3166
3233
</p><p>This parameter has been extended since the 2.2.x
3167
3234
series, now it allows to specify the debug level for multiple
3168
3235
debug classes. This is to give greater flexibility in the configuration
3169
3236
of the system. The following debug classes are currently implemented:
3170
</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>all</code></em></p></li><li><p><em class="parameter"><code>tdb</code></em></p></li><li><p><em class="parameter"><code>printdrivers</code></em></p></li><li><p><em class="parameter"><code>lanman</code></em></p></li><li><p><em class="parameter"><code>smb</code></em></p></li><li><p><em class="parameter"><code>rpc_parse</code></em></p></li><li><p><em class="parameter"><code>rpc_srv</code></em></p></li><li><p><em class="parameter"><code>rpc_cli</code></em></p></li><li><p><em class="parameter"><code>passdb</code></em></p></li><li><p><em class="parameter"><code>sam</code></em></p></li><li><p><em class="parameter"><code>auth</code></em></p></li><li><p><em class="parameter"><code>winbind</code></em></p></li><li><p><em class="parameter"><code>vfs</code></em></p></li><li><p><em class="parameter"><code>idmap</code></em></p></li><li><p><em class="parameter"><code>quota</code></em></p></li><li><p><em class="parameter"><code>acls</code></em></p></li><li><p><em class="parameter"><code>locking</code></em></p></li><li><p><em class="parameter"><code>msdfs</code></em></p></li><li><p><em class="parameter"><code>dmapi</code></em></p></li><li><p><em class="parameter"><code>registry</code></em></p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">0</code>
3237
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>all</code></em></p></li><li class="listitem"><p><em class="parameter"><code>tdb</code></em></p></li><li class="listitem"><p><em class="parameter"><code>printdrivers</code></em></p></li><li class="listitem"><p><em class="parameter"><code>lanman</code></em></p></li><li class="listitem"><p><em class="parameter"><code>smb</code></em></p></li><li class="listitem"><p><em class="parameter"><code>rpc_parse</code></em></p></li><li class="listitem"><p><em class="parameter"><code>rpc_srv</code></em></p></li><li class="listitem"><p><em class="parameter"><code>rpc_cli</code></em></p></li><li class="listitem"><p><em class="parameter"><code>passdb</code></em></p></li><li class="listitem"><p><em class="parameter"><code>sam</code></em></p></li><li class="listitem"><p><em class="parameter"><code>auth</code></em></p></li><li class="listitem"><p><em class="parameter"><code>winbind</code></em></p></li><li class="listitem"><p><em class="parameter"><code>vfs</code></em></p></li><li class="listitem"><p><em class="parameter"><code>idmap</code></em></p></li><li class="listitem"><p><em class="parameter"><code>quota</code></em></p></li><li class="listitem"><p><em class="parameter"><code>acls</code></em></p></li><li class="listitem"><p><em class="parameter"><code>locking</code></em></p></li><li class="listitem"><p><em class="parameter"><code>msdfs</code></em></p></li><li class="listitem"><p><em class="parameter"><code>dmapi</code></em></p></li><li class="listitem"><p><em class="parameter"><code>registry</code></em></p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">0</code>
3172
3239
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">3 passdb:5 auth:10 winbind:2</code>
3174
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548566"></a>
3241
</p></dd></dl></div></div><div class="section" title="logon drive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555211"></a>
3176
3243
logon drive (G)
3177
</h3></div></div></div><a class="indexterm" name="id2548567"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3244
</h3></div></div></div><a class="indexterm" name="id2555212"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
3178
3245
This parameter specifies the local path to which the home directory will be
3179
3246
connected (see <a class="link" href="smb.conf.5.html#LOGONHOME" target="_top">logon home</a>) and is only used by NT
3219
3286
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon home</code></em> = <code class="literal">\\remote_smb_server\%U</code>
3221
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548806"></a>
3288
</p></dd></dl></div></div><div class="section" title="logon path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555451"></a>
3224
</h3></div></div></div><a class="indexterm" name="id2548807"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>
3291
</h3></div></div></div><a class="indexterm" name="id2555452"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>
3225
3292
This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are
3226
3293
stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming
3227
3294
profiles. To find out how to handle roaming profiles for Win 9X system, see the
3243
3310
this parameter to \\%N\homes\profile_path will cause problems).
3245
3312
This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine.
3246
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
3247
Do not quote the value. Setting this as “<span class="quote">\\%N\profile\%U</span>”
3313
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
3314
Do not quote the value. Setting this as <span class="quote">“<span class="quote">\\%N\profile\%U</span>”</span>
3248
3315
will break profile handling. Where the tdbsam or ldapsam passdb backend
3249
3316
is used, at the time the user account is created the value configured
3250
3317
for this parameter is written to the passdb backend and that value will
3383
3450
parameter is <code class="constant">SYSV</code>, in which case the default is:</p><p><code class="literal">lp -i %p-%j -H resume</code></p><p>or if the value of the <em class="parameter"><code>printing</code></em> parameter
3384
3451
is <code class="constant">SOFTQ</code>, then the default is:</p><p><code class="literal">qstat -s -j%j -r</code></p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpresume command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p2</code>
3386
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549698"></a>
3453
</p></dd></dl></div></div><div class="section" title="lprm command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556335"></a>
3388
3455
lprm command (S)
3389
</h3></div></div></div><a class="indexterm" name="id2549700"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3456
</h3></div></div></div><a class="indexterm" name="id2556336"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
3390
3457
executed on the server host in order to delete a print job.</p><p>This command should be a program or script which takes
3391
3458
a printer name and job number, and deletes the print job.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name
3392
3459
is put in its place. A <em class="parameter"><code>%j</code></em> is replaced with
3404
3471
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lprm command</code></em> = <code class="literal"> determined by printing parameter</code>
3406
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549786"></a>
3473
</p></dd></dl></div></div><div class="section" title="machine password timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556423"></a>
3408
3475
machine password timeout (G)
3409
</h3></div></div></div><a class="indexterm" name="id2549787"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3476
</h3></div></div></div><a class="indexterm" name="id2556424"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3410
3477
If a Samba server is a member of a Windows NT Domain (see the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter) then periodically a running smbd process will try and change
3411
3478
the MACHINE ACCOUNT PASSWORD stored in the TDB called <code class="filename">private/secrets.tdb
3412
3479
</code>. This parameter specifies how often this password will be changed, in seconds. The default is one
3416
3483
and the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter.
3417
3484
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>machine password timeout</code></em> = <code class="literal">604800</code>
3419
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549874"></a>
3486
</p></dd></dl></div></div><div class="section" title="magic output (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556510"></a>
3421
3488
magic output (S)
3422
</h3></div></div></div><a class="indexterm" name="id2549875"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3489
</h3></div></div></div><a class="indexterm" name="id2556512"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
3423
3490
This parameter specifies the name of a file which will contain output created by a magic script (see the
3424
3491
<a class="link" href="smb.conf.5.html#MAGICSCRIPT" target="_top">magic script</a> parameter below).
3425
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>If two clients use the same <em class="parameter"><code>magic script
3492
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>If two clients use the same <em class="parameter"><code>magic script
3426
3493
</code></em> in the same directory the output file content is undefined.
3427
3494
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>magic output</code></em> = <code class="literal"><magic script name>.out</code>
3429
3496
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic output</code></em> = <code class="literal">myfile.txt</code>
3431
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549958"></a>
3498
</p></dd></dl></div></div><div class="section" title="magic script (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556594"></a>
3433
3500
magic script (S)
3434
</h3></div></div></div><a class="indexterm" name="id2549959"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,
3501
</h3></div></div></div><a class="indexterm" name="id2556596"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,
3435
3502
if opened, will be executed by the server when the file is closed.
3436
3503
This allows a UNIX script to be sent to the Samba host and
3437
3504
executed on behalf of the connected user.</p><p>Scripts executed in this way will be deleted upon
3448
3515
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic script</code></em> = <code class="literal">user.csh</code>
3450
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550063"></a>
3517
</p></dd></dl></div></div><div class="section" title="mangled names (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556700"></a>
3452
3519
mangled names (S)
3453
</h3></div></div></div><a class="indexterm" name="id2550064"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX
3520
</h3></div></div></div><a class="indexterm" name="id2556701"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX
3454
3521
should be mapped to DOS-compatible names ("mangled") and made visible,
3455
3522
or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a> for
3456
details on how to control the mangling process.</p><p>If mangling is used then the mangling algorithm is as follows:</p><div class="itemizedlist"><ul type="disc"><li><p>The first (up to) five alphanumeric characters
3523
details on how to control the mangling process.</p><p>If mangling is used then the mangling method is as follows:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>The first (up to) five alphanumeric characters
3457
3524
before the rightmost dot of the filename are preserved, forced
3458
3525
to upper case, and appear as the first (up to) five characters
3459
of the mangled name.</p></li><li><p>A tilde "~" is appended to the first part of the mangled
3526
of the mangled name.</p></li><li class="listitem"><p>A tilde "~" is appended to the first part of the mangled
3460
3527
name, followed by a two-character unique sequence, based on the
3461
3528
original root name (i.e., the original filename minus its final
3462
3529
extension). The final extension is included in the hash calculation
3463
3530
only if it contains any upper case characters or is longer than three
3464
3531
characters.</p><p>Note that the character to use may be specified using
3465
3532
the <a class="link" href="smb.conf.5.html#MANGLINGCHAR" target="_top">mangling char</a>
3466
option, if you don't like '~'.</p></li><li><p>Files whose UNIX name begins with a dot will be
3533
option, if you don't like '~'.</p></li><li class="listitem"><p>Files whose UNIX name begins with a dot will be
3467
3534
presented as DOS hidden files. The mangled name will be created as
3468
3535
for other filenames, but with the leading dot removed and "___" as
3469
3536
its extension regardless of actual original extension (that's three
3475
3542
from Windows/DOS and will retain the same basename. Mangled names
3476
3543
do not change between sessions.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangled names</code></em> = <code class="literal">yes</code>
3478
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550200"></a>
3545
</p></dd></dl></div></div><div class="section" title="mangle prefix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556837"></a>
3480
3547
mangle prefix (G)
3481
</h3></div></div></div><a class="indexterm" name="id2550201"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix
3548
</h3></div></div></div><a class="indexterm" name="id2556838"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix
3482
3549
characters from the original name used when generating
3483
3550
the mangled names. A larger value will give a weaker
3484
3551
hash and therefore more name collisions. The minimum
3489
3556
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangle prefix</code></em> = <code class="literal">4</code>
3491
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550267"></a>
3558
</p></dd></dl></div></div><div class="section" title="mangling char (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556904"></a>
3493
3560
mangling char (S)
3494
</h3></div></div></div><a class="indexterm" name="id2550268"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as
3561
</h3></div></div></div><a class="indexterm" name="id2556905"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as
3495
3562
the <span class="emphasis"><em>magic</em></span> character in <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>. The
3496
3563
default is a '~' but this may interfere with some software. Use this option to set
3497
3564
it to whatever you prefer. This is effective only when mangling method is hash.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">~</code>
3499
3566
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">^</code>
3501
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550344"></a>
3568
</p></dd></dl></div></div><div class="section" title="mangling method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556981"></a>
3503
3570
mangling method (G)
3504
</h3></div></div></div><a class="indexterm" name="id2550345"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating
3571
</h3></div></div></div><a class="indexterm" name="id2556982"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating
3505
3572
the mangled names. Can take two different values, "hash" and
3506
3573
"hash2". "hash" is the algorithm that was used
3507
3574
used in Samba for many years and was the default in Samba 2.2.x "hash2" is
3513
3580
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling method</code></em> = <code class="literal">hash</code>
3515
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550412"></a>
3582
</p></dd></dl></div></div><div class="section" title="map acl inherit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557048"></a>
3517
3584
map acl inherit (S)
3518
</h3></div></div></div><a class="indexterm" name="id2550413"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'
3585
</h3></div></div></div><a class="indexterm" name="id2557049"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'
3519
3586
access control entry flags stored in Windows ACLs into an extended attribute
3520
3587
called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
3521
3588
on a platform that supports extended attributes (Linux and IRIX so far) and
3539
3606
<a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> for details.
3540
3607
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map archive</code></em> = <code class="literal">yes</code>
3542
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550544"></a>
3609
</p></dd></dl></div></div><div class="section" title="map hidden (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557181"></a>
3545
</h3></div></div></div><a class="indexterm" name="id2550545"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>
3612
</h3></div></div></div><a class="indexterm" name="id2557182"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>
3546
3613
This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
3548
3615
Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> to be set such that the world execute
3549
3616
bit is not masked out (i.e. it must include 001). See the parameter <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a>
3551
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550601"></a>
3618
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="map read only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557238"></a>
3553
3620
map read only (S)
3554
</h3></div></div></div><a class="indexterm" name="id2550602"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
3621
</h3></div></div></div><a class="indexterm" name="id2557239"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
3555
3622
This controls how the DOS read only attribute should be mapped from a UNIX filesystem.
3557
3624
This parameter can take three different values, which tell <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> how to display the read only attribute on files, where either
3558
3625
<a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> is set to <code class="constant">No</code>, or no extended attribute is
3559
3626
present. If <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> is set to <code class="constant">yes</code> then this
3560
3627
parameter is <span class="emphasis"><em>ignored</em></span>. This is a new parameter introduced in Samba version 3.0.21.
3561
</p><p>The three settings are :</p><div class="itemizedlist"><ul type="disc"><li><p>
3628
</p><p>The three settings are :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
3562
3629
<code class="constant">Yes</code> - The read only DOS attribute is mapped to the inverse of the user
3563
3630
or owner write bit in the unix permission mode set. If the owner write bit is not set, the
3564
3631
read only attribute is reported as being set on the file.
3566
3633
others write bits to zero. Write bits set in an ACL are ignored by Samba.
3567
3634
If the read only DOS attribute is unset, Samba simply sets the write bit of the
3636
</p></li><li class="listitem"><p>
3570
3637
<code class="constant">Permissions</code> - The read only DOS attribute is mapped to the effective permissions of
3571
3638
the connecting user, as evaluated by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> by reading the unix permissions and POSIX ACL (if present).
3572
3639
If the connecting user does not have permission to modify the file, the read only attribute
3573
3640
is reported as being set on the file.
3641
</p></li><li class="listitem"><p>
3575
3642
<code class="constant">No</code> - The read only DOS attribute is unaffected by permissions, and can only be set by
3576
3643
the <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> method. This may be useful for exporting mounted CDs.
3577
3644
</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>map read only</code></em> = <code class="literal">yes</code>
3579
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550758"></a>
3646
</p></dd></dl></div></div><div class="section" title="map system (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557395"></a>
3582
</h3></div></div></div><a class="indexterm" name="id2550759"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>
3649
</h3></div></div></div><a class="indexterm" name="id2557396"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>
3583
3650
This controls whether DOS style system files should be mapped to the UNIX group execute bit.
3585
3652
Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> to be set such that the group
3587
3654
<a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> for details.
3588
3655
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map system</code></em> = <code class="literal">no</code>
3590
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550827"></a>
3657
</p></dd></dl></div></div><div class="section" title="map to guest (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557464"></a>
3592
3659
map to guest (G)
3593
</h3></div></div></div><a class="indexterm" name="id2550828"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =
3660
</h3></div></div></div><a class="indexterm" name="id2557465"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =
3594
3661
security</a> modes other than <em class="parameter"><code>security = share</code></em>
3595
3662
and <em class="parameter"><code>security = server</code></em>
3596
3663
- i.e. <code class="constant">user</code>, and <code class="constant">domain</code>.</p><p>This parameter can take four different values, which tell
3597
3664
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> what to do with user
3598
login requests that don't match a valid UNIX user in some way.</p><p>The four settings are :</p><div class="itemizedlist"><ul type="disc"><li><p><code class="constant">Never</code> - Means user login
3665
login requests that don't match a valid UNIX user in some way.</p><p>The four settings are :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="constant">Never</code> - Means user login
3599
3666
requests with an invalid password are rejected. This is the
3600
default.</p></li><li><p><code class="constant">Bad User</code> - Means user
3667
default.</p></li><li class="listitem"><p><code class="constant">Bad User</code> - Means user
3601
3668
logins with an invalid password are rejected, unless the username
3602
3669
does not exist, in which case it is treated as a guest login and
3603
mapped into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p></li><li><p><code class="constant">Bad Password</code> - Means user logins
3670
mapped into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p></li><li class="listitem"><p><code class="constant">Bad Password</code> - Means user logins
3604
3671
with an invalid password are treated as a guest login and mapped
3605
3672
into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. Note that
3606
3673
this can cause problems as it means that any user incorrectly typing
3633
3700
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>map to guest</code></em> = <code class="literal">Bad User</code>
3635
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551067"></a>
3702
</p></dd></dl></div></div><div class="section" title="map untrusted to domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557704"></a>
3637
3704
map untrusted to domain (G)
3638
</h3></div></div></div><a class="indexterm" name="id2551068"></a><a name="MAPUNTRUSTEDTODOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
3705
</h3></div></div></div><a class="indexterm" name="id2557705"></a><a name="MAPUNTRUSTEDTODOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
3639
3706
If a client connects to smbd using an untrusted domain name, such as
3640
3707
BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before
3641
3708
attempting to authenticate that user. In the case where smbd is acting as
3654
3721
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map untrusted to domain</code></em> = <code class="literal">no</code>
3656
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551134"></a>
3723
</p></dd></dl></div></div><div class="section" title="max connections (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557771"></a>
3658
3725
max connections (S)
3659
</h3></div></div></div><a class="indexterm" name="id2551135"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.
3726
</h3></div></div></div><a class="indexterm" name="id2557772"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.
3660
3727
If <em class="parameter"><code>max connections</code></em> is greater than 0 then connections
3661
3728
will be refused if this number of connections to the service are already open. A value
3662
3729
of zero mean an unlimited number of connections may be made.</p><p>Record lock files are used to implement this feature. The lock files will be stored in
3694
3761
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max log size</code></em> = <code class="literal">1000</code>
3696
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551383"></a>
3763
</p></dd></dl></div></div><div class="section" title="max mux (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558020"></a>
3699
</h3></div></div></div><a class="indexterm" name="id2551384"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of
3766
</h3></div></div></div><a class="indexterm" name="id2558021"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of
3700
3767
outstanding simultaneous SMB operations that Samba tells the client
3701
3768
it will allow. You should never need to set this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max mux</code></em> = <code class="literal">50</code>
3703
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551426"></a>
3770
</p></dd></dl></div></div><div class="section" title="max open files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558063"></a>
3705
3772
max open files (G)
3706
</h3></div></div></div><a class="indexterm" name="id2551427"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3773
</h3></div></div></div><a class="indexterm" name="id2558064"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3707
3774
open files that one <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> file
3708
3775
serving process may have open for a client at any one time. The
3709
3776
default for this parameter is set very high (10,000) as Samba uses
3711
3778
by the UNIX per-process file descriptor limit rather than
3712
3779
this parameter so you should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max open files</code></em> = <code class="literal">10000</code>
3714
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551487"></a>
3781
</p></dd></dl></div></div><div class="section" title="max print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558123"></a>
3716
3783
max print jobs (S)
3717
</h3></div></div></div><a class="indexterm" name="id2551488"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3784
</h3></div></div></div><a class="indexterm" name="id2558124"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
3718
3785
jobs allowable in a Samba printer queue at any given moment.
3719
3786
If this number is exceeded, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will remote "Out of Space" to the client.
3720
3787
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max print jobs</code></em> = <code class="literal">1000</code>
3722
3789
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max print jobs</code></em> = <code class="literal">5000</code>
3724
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551557"></a>
3791
</p></dd></dl></div></div><div class="section" title="protocol"><div class="titlepage"><div><div><h3 class="title"><a name="id2558193"></a>
3726
3793
<a name="PROTOCOL"></a>protocol
3727
</h3></div></div></div><a class="indexterm" name="id2551558"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551590"></a>
3794
</h3></div></div></div><a class="indexterm" name="id2558194"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" title="max protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558226"></a>
3729
3796
max protocol (G)
3730
</h3></div></div></div><a class="indexterm" name="id2551591"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest
3731
protocol level that will be supported by the server.</p><p>Possible values are :</p><div class="itemizedlist"><ul type="disc"><li><p><code class="constant">CORE</code>: Earliest version. No
3732
concept of user names.</p></li><li><p><code class="constant">COREPLUS</code>: Slight improvements on
3733
CORE for efficiency.</p></li><li><p><code class="constant">LANMAN1</code>: First <span class="emphasis"><em>
3797
</h3></div></div></div><a class="indexterm" name="id2558227"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest
3798
protocol level that will be supported by the server.</p><p>Possible values are :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="constant">CORE</code>: Earliest version. No
3799
concept of user names.</p></li><li class="listitem"><p><code class="constant">COREPLUS</code>: Slight improvements on
3800
CORE for efficiency.</p></li><li class="listitem"><p><code class="constant">LANMAN1</code>: First <span class="emphasis"><em>
3734
3801
modern</em></span> version of the protocol. Long filename
3735
support.</p></li><li><p><code class="constant">LANMAN2</code>: Updates to Lanman1 protocol.</p></li><li><p><code class="constant">NT1</code>: Current up to date version of the protocol.
3802
support.</p></li><li class="listitem"><p><code class="constant">LANMAN2</code>: Updates to Lanman1 protocol.</p></li><li class="listitem"><p><code class="constant">NT1</code>: Current up to date version of the protocol.
3736
3803
Used by Windows NT. Known as CIFS.</p></li></ul></div><p>Normally this option should not be set as the automatic
3737
3804
negotiation phase in the SMB protocol takes care of choosing
3738
3805
the appropriate protocol.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max protocol</code></em> = <code class="literal">NT1</code>
3740
3807
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max protocol</code></em> = <code class="literal">LANMAN1</code>
3742
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551715"></a>
3809
</p></dd></dl></div></div><div class="section" title="max reported print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558351"></a>
3744
3811
max reported print jobs (S)
3745
</h3></div></div></div><a class="indexterm" name="id2551716"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>
3812
</h3></div></div></div><a class="indexterm" name="id2558352"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>
3746
3813
This parameter limits the maximum number of jobs displayed in a port monitor for
3747
3814
Samba printer queue at any given moment. If this number is exceeded, the excess
3748
3815
jobs will not be shown. A value of zero means there is no limit on the number of
3752
3819
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max reported print jobs</code></em> = <code class="literal">1000</code>
3754
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551779"></a>
3821
</p></dd></dl></div></div><div class="section" title="max smbd processes (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558415"></a>
3756
3823
max smbd processes (G)
3757
</h3></div></div></div><a class="indexterm" name="id2551780"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended
3824
</h3></div></div></div><a class="indexterm" name="id2558416"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended
3758
3825
as a stopgap to prevent degrading service to clients in the event that the server has insufficient
3759
3826
resources to handle more than this number of connections. Remember that under normal operating
3760
3827
conditions, each user will have an <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> associated with him or her to handle connections to all
3777
3844
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max stat cache size</code></em> = <code class="literal">100</code>
3779
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551930"></a>
3846
</p></dd></dl></div></div><div class="section" title="max ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558566"></a>
3782
</h3></div></div></div><a class="indexterm" name="id2551931"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'
3849
</h3></div></div></div><a class="indexterm" name="id2558567"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'
3783
3850
of NetBIOS names should be (in seconds) when <code class="literal">nmbd</code> is
3784
3851
requesting a name using either a broadcast packet or from a WINS server. You should
3785
3852
never need to change this parameter. The default is 3 days.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max ttl</code></em> = <code class="literal">259200</code>
3787
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551989"></a>
3854
</p></dd></dl></div></div><div class="section" title="max wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558625"></a>
3789
3856
max wins ttl (G)
3790
</h3></div></div></div><a class="indexterm" name="id2551990"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
3857
</h3></div></div></div><a class="indexterm" name="id2558626"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
3791
3858
(<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the maximum
3792
3859
'time to live' of NetBIOS names that <code class="literal">nmbd</code>
3793
3860
will grant will be (in seconds). You should never need to change this
3794
3861
parameter. The default is 6 days (518400 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max wins ttl</code></em> = <code class="literal">518400</code>
3796
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552060"></a>
3863
</p></dd></dl></div></div><div class="section" title="max xmit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558696"></a>
3799
</h3></div></div></div><a class="indexterm" name="id2552061"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size
3866
</h3></div></div></div><a class="indexterm" name="id2558697"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size
3800
3867
that will be negotiated by Samba. The default is 16644, which
3801
3868
matches the behavior of Windows 2000. A value below 2048 is likely to cause problems.
3802
3869
You should never need to change this parameter from its default value.
3823
3890
The command takes the standard substitutions, although <em class="parameter"><code>
3824
3891
%u</code></em> won't work (<em class="parameter"><code>%U</code></em> may be better
3825
3892
in this case).</p><p>Apart from the standard substitutions, some additional
3826
ones apply. In particular:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>%s</code></em> = the filename containing
3827
the message.</p></li><li><p><em class="parameter"><code>%t</code></em> = the destination that
3828
the message was sent to (probably the server name).</p></li><li><p><em class="parameter"><code>%f</code></em> = who the message
3893
ones apply. In particular:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>%s</code></em> = the filename containing
3894
the message.</p></li><li class="listitem"><p><em class="parameter"><code>%t</code></em> = the destination that
3895
the message was sent to (probably the server name).</p></li><li class="listitem"><p><em class="parameter"><code>%f</code></em> = who the message
3829
3896
is from.</p></li></ul></div><p>You could make this command send mail, or whatever else
3830
3897
takes your fancy. Please let us know of any really interesting
3831
3898
ideas you have.</p><p>
3847
3914
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>message command</code></em> = <code class="literal">csh -c 'xedit %s; rm %s' &</code>
3849
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552333"></a>
3916
</p></dd></dl></div></div><div class="section" title="min print space (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558969"></a>
3851
3918
min print space (S)
3852
</h3></div></div></div><a class="indexterm" name="id2552334"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk
3919
</h3></div></div></div><a class="indexterm" name="id2558970"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk
3853
3920
space that must be available before a user will be able to spool
3854
3921
a print job. It is specified in kilobytes. The default is 0, which
3855
3922
means a user can always spool a print job.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min print space</code></em> = <code class="literal">0</code>
3857
3924
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min print space</code></em> = <code class="literal">2000</code>
3859
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552395"></a>
3926
</p></dd></dl></div></div><div class="section" title="min protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559032"></a>
3861
3928
min protocol (G)
3862
</h3></div></div></div><a class="indexterm" name="id2552396"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the
3929
</h3></div></div></div><a class="indexterm" name="id2559033"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the
3863
3930
lowest SMB protocol dialect than Samba will support. Please refer
3864
3931
to the <a class="link" href="smb.conf.5.html#MAXPROTOCOL" target="_top">max protocol</a>
3865
3932
parameter for a list of valid protocol names and a brief description
3872
3939
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min protocol</code></em> = <code class="literal">NT1</code>
3874
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552494"></a>
3941
</p></dd></dl></div></div><div class="section" title="min receivefile size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559130"></a>
3876
3943
min receivefile size (G)
3877
</h3></div></div></div><a class="indexterm" name="id2552495"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming
3944
</h3></div></div></div><a class="indexterm" name="id2559132"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming
3878
3945
SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will
3879
3946
be passed to any underlying kernel recvfile or splice system call (if there is no such
3880
3947
call Samba will emulate in user space). This allows zero-copy writes directly from network
3883
3950
normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be
3884
3951
nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</p><p>Note this option will have NO EFFECT if set on a SMB signed connection.</p><p>The default is zero, which diables this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min receivefile size</code></em> = <code class="literal">0</code>
3886
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552563"></a>
3953
</p></dd></dl></div></div><div class="section" title="min wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559200"></a>
3888
3955
min wins ttl (G)
3889
</h3></div></div></div><a class="indexterm" name="id2552564"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
3956
</h3></div></div></div><a class="indexterm" name="id2559201"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
3890
3957
when acting as a WINS server (<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the minimum 'time to live'
3891
3958
of NetBIOS names that <code class="literal">nmbd</code> will grant will be (in
3892
3959
seconds). You should never need to change this parameter. The default
3893
3960
is 6 hours (21600 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min wins ttl</code></em> = <code class="literal">21600</code>
3895
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552634"></a>
3962
</p></dd></dl></div></div><div class="section" title="msdfs proxy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559270"></a>
3897
3964
msdfs proxy (S)
3898
</h3></div></div></div><a class="indexterm" name="id2552635"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a
3965
</h3></div></div></div><a class="indexterm" name="id2559271"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a
3899
3966
stand-in for another CIFS share whose location is specified by
3900
3967
the value of the parameter. When clients attempt to connect to
3901
3968
this share, they are redirected to the proxied share using
3903
3970
<a class="link" href="smb.conf.5.html#MSDFSROOT" target="_top">msdfs root</a> and <a class="link" href="smb.conf.5.html#HOSTMSDFS" target="_top">host msdfs</a>
3904
3971
options to find out how to set up a Dfs root share.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>msdfs proxy</code></em> = <code class="literal">\otherserver\someshare</code>
3906
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552712"></a>
3973
</p></dd></dl></div></div><div class="section" title="msdfs root (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559348"></a>
3909
</h3></div></div></div><a class="indexterm" name="id2552713"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the
3976
</h3></div></div></div><a class="indexterm" name="id2559349"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the
3910
3977
share as a Dfs root and allows clients to browse the
3911
3978
distributed file system tree rooted at the share directory.
3912
3979
Dfs links are specified in the share directory by symbolic
3914
3981
and so on. For more information on setting up a Dfs tree on
3915
3982
Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>msdfs root</code></em> = <code class="literal">no</code>
3917
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552767"></a>
3984
</p></dd></dl></div></div><div class="section" title="name cache timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559404"></a>
3919
3986
name cache timeout (G)
3920
</h3></div></div></div><a class="indexterm" name="id2552768"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before
3987
</h3></div></div></div><a class="indexterm" name="id2559405"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before
3921
3988
entries in samba's hostname resolve cache time out. If
3922
3989
the timeout is set to 0. the caching is disabled.
3923
3990
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>name cache timeout</code></em> = <code class="literal">660</code>
3925
3992
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name cache timeout</code></em> = <code class="literal">0</code>
3927
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552828"></a>
3994
</p></dd></dl></div></div><div class="section" title="name resolve order (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559465"></a>
3929
3996
name resolve order (G)
3930
</h3></div></div></div><a class="indexterm" name="id2552829"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba
3997
</h3></div></div></div><a class="indexterm" name="id2559466"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba
3931
3998
suite to determine what naming services to use and in what order
3932
3999
to resolve host names to IP addresses. Its main purpose to is to
3933
4000
control how netbios name resolution is performed. The option takes a space
3934
4001
separated string of name resolution options.</p><p>The options are: "lmhosts", "host",
3935
4002
"wins" and "bcast". They cause names to be
3936
resolved as follows:</p><div class="itemizedlist"><ul type="disc"><li><p>
4003
resolved as follows:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
3937
4004
<code class="constant">lmhosts</code> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has
3938
4005
no name type attached to the NetBIOS name (see the manpage for lmhosts for details) then
3939
4006
any name type matches for lookup.
4007
</p></li><li class="listitem"><p>
3941
4008
<code class="constant">host</code> : Do a standard host name to IP address resolution, using the system
3942
4009
<code class="filename">/etc/hosts </code>, NIS, or DNS lookups. This method of name resolution is
3943
4010
operating system depended for instance on IRIX or Solaris this may be controlled by the <code class="filename">/etc/nsswitch.conf</code> file. Note that this method is used only if the NetBIOS name
3944
4011
type being queried is the 0x20 (server) name type or 0x1c (domain controllers). The latter case is only
3945
4012
useful for active directory domains and results in a DNS query for the SRV RR entry matching
3946
4013
_ldap._tcp.domain.
3947
</p></li><li><p><code class="constant">wins</code> : Query a name with
4014
</p></li><li class="listitem"><p><code class="constant">wins</code> : Query a name with
3948
4015
the IP address listed in the <a class="link" href="smb.conf.5.html#WINSSERVER" target="_top">WINSSERVER</a> parameter. If no WINS server has
3949
been specified this method will be ignored.</p></li><li><p><code class="constant">bcast</code> : Do a broadcast on
4016
been specified this method will be ignored.</p></li><li class="listitem"><p><code class="constant">bcast</code> : Do a broadcast on
3950
4017
each of the known local interfaces listed in the <a class="link" href="smb.conf.5.html#INTERFACES" target="_top">interfaces</a>
3951
4018
parameter. This is the least reliable of the name resolution
3952
4019
methods as it depends on the target host being on a locally
3988
4055
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios name</code></em> = <code class="literal">MYNAME</code>
3990
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553178"></a>
4057
</p></dd></dl></div></div><div class="section" title="netbios scope (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559814"></a>
3992
4059
netbios scope (G)
3993
</h3></div></div></div><a class="indexterm" name="id2553179"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will
4060
</h3></div></div></div><a class="indexterm" name="id2559816"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will
3994
4061
operate under. This should not be set unless every machine
3995
4062
on your LAN also sets this value.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>netbios scope</code></em> = <code class="literal"></code>
3997
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553220"></a>
4064
</p></dd></dl></div></div><div class="section" title="nis homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559857"></a>
3999
4066
nis homedir (G)
4000
</h3></div></div></div><a class="indexterm" name="id2553221"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For
4067
</h3></div></div></div><a class="indexterm" name="id2559858"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For
4001
4068
UNIX systems that use an automounter, the user's home directory
4002
4069
will often be mounted on a workstation on demand from a remote
4003
4070
server. </p><p>When the Samba logon server is not the actual home directory
4016
4083
NIS system and the Samba server with this option must also
4017
4084
be a logon server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nis homedir</code></em> = <code class="literal">no</code>
4019
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553300"></a>
4086
</p></dd></dl></div></div><div class="section" title="nt acl support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559943"></a>
4021
4088
nt acl support (S)
4022
</h3></div></div></div><a class="indexterm" name="id2553301"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map
4089
</h3></div></div></div><a class="indexterm" name="id2559944"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map
4023
4090
UNIX permissions into Windows NT access control lists. The UNIX
4024
4091
permissions considered are the the traditional UNIX owner and
4025
4092
group permissions, as well as POSIX ACLs set on any files or
4026
4093
directories. This parameter was formally a global parameter in
4027
4094
releases prior to 2.2.2.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt acl support</code></em> = <code class="literal">yes</code>
4029
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553355"></a>
4096
</p></dd></dl></div></div><div class="section" title="ntlm auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559998"></a>
4032
</h3></div></div></div><a class="indexterm" name="id2553356"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
4099
</h3></div></div></div><a class="indexterm" name="id2559999"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
4033
4100
authenticate users using the NTLM encrypted password response.
4034
4101
If disabled, either the lanman password hash or an NTLMv2 response
4035
4102
will need to be sent by the client.</p><p>If this option, and <code class="literal">lanman
4037
4104
permited. Not all clients support NTLMv2, and most will require
4038
4105
special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ntlm auth</code></em> = <code class="literal">yes</code>
4040
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553419"></a>
4107
</p></dd></dl></div></div><div class="section" title="nt pipe support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560062"></a>
4042
4109
nt pipe support (G)
4043
</h3></div></div></div><a class="indexterm" name="id2553420"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether
4110
</h3></div></div></div><a class="indexterm" name="id2560063"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether
4044
4111
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow Windows NT
4045
4112
clients to connect to the NT SMB specific <code class="constant">IPC$</code>
4046
4113
pipes. This is a developer debugging option and can be left
4047
4114
alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt pipe support</code></em> = <code class="literal">yes</code>
4049
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553475"></a>
4116
</p></dd></dl></div></div><div class="section" title="nt status support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560118"></a>
4051
4118
nt status support (G)
4052
</h3></div></div></div><a class="indexterm" name="id2553476"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status
4119
</h3></div></div></div><a class="indexterm" name="id2560119"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status
4053
4120
support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone.
4054
4121
If this option is set to <code class="constant">no</code> then Samba offers
4055
4122
exactly the same DOS error codes that versions prior to Samba 2.2.3
4056
4123
reported.</p><p>You should not need to ever disable this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt status support</code></em> = <code class="literal">yes</code>
4058
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553537"></a>
4125
</p></dd></dl></div></div><div class="section" title="null passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560179"></a>
4060
4127
null passwords (G)
4061
</h3></div></div></div><a class="indexterm" name="id2553538"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>
4128
</h3></div></div></div><a class="indexterm" name="id2560180"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>
4063
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553590"></a>
4130
</p></dd></dl></div></div><div class="section" title="obey pam restrictions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560233"></a>
4065
4132
obey pam restrictions (G)
4066
</h3></div></div></div><a class="indexterm" name="id2553591"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support
4133
</h3></div></div></div><a class="indexterm" name="id2560234"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support
4067
4134
(i.e. --with-pam), this parameter will control whether or not Samba
4068
4135
should obey PAM's account and session management directives. The
4069
4136
default behavior is to use PAM for clear text authentication only
4073
4140
authentication mechanism needed in the presence of SMB password encryption.
4074
4141
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>obey pam restrictions</code></em> = <code class="literal">no</code>
4076
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553655"></a>
4143
</p></dd></dl></div></div><div class="section" title="only user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560297"></a>
4079
</h3></div></div></div><a class="indexterm" name="id2553656"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether
4146
</h3></div></div></div><a class="indexterm" name="id2560298"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether
4080
4147
connections with usernames not in the <em class="parameter"><code>user</code></em>
4081
4148
list will be allowed. By default this option is disabled so that a
4082
4149
client can supply a username to be used by the server. Enabling
4089
4156
will be just the service name, which for home directories is the
4090
4157
name of the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>only user</code></em> = <code class="literal">no</code>
4092
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553744"></a>
4159
</p></dd></dl></div></div><div class="section" title="oplock break wait time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560386"></a>
4094
4161
oplock break wait time (G)
4095
</h3></div></div></div><a class="indexterm" name="id2553745"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4162
</h3></div></div></div><a class="indexterm" name="id2560387"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4096
4163
This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too
4097
4164
quickly when that client issues an SMB that can cause an oplock break request, then the network client can
4098
4165
fail and not respond to the break request. This tuning parameter (which is set in milliseconds) is the amount
4099
4166
of time Samba will wait before sending an oplock break request to such (broken) clients.
4100
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
4167
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
4101
4168
DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
4102
4169
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock break wait time</code></em> = <code class="literal">0</code>
4104
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553798"></a>
4171
</p></dd></dl></div></div><div class="section" title="oplock contention limit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560441"></a>
4106
4173
oplock contention limit (S)
4107
</h3></div></div></div><a class="indexterm" name="id2553800"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4174
</h3></div></div></div><a class="indexterm" name="id2560442"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4108
4175
This is a <span class="emphasis"><em>very</em></span> advanced <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> tuning option to improve the efficiency of the
4109
4176
granting of oplocks under multiple client contention for the same file.
4112
4179
approximate number of clients contending for an oplock on the same file goes over this
4113
4180
limit. This causes <code class="literal">smbd</code> to behave in a similar
4114
4181
way to Windows NT.
4115
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
4182
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
4116
4183
DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
4117
4184
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock contention limit</code></em> = <code class="literal">2</code>
4119
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553881"></a>
4186
</p></dd></dl></div></div><div class="section" title="oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560523"></a>
4122
</h3></div></div></div><a class="indexterm" name="id2553882"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4189
</h3></div></div></div><a class="indexterm" name="id2560524"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4123
4190
This boolean option tells <code class="literal">smbd</code> whether to
4124
4191
issue oplocks (opportunistic locks) to file open requests on this
4125
4192
share. The oplock code can dramatically (approx. 30% or more) improve
4126
4193
the speed of access to files on Samba servers. It allows the clients
4127
4194
to aggressively cache files locally and you may want to disable this
4128
4195
option for unreliable network environments (it is turned on by
4129
default in Windows NT Servers). For more information see the file
4130
<code class="filename">Speed.txt</code> in the Samba
4131
<code class="filename">docs/</code> directory.
4196
default in Windows NT Servers).
4133
4198
Oplocks may be selectively turned off on certain files with a share. See
4134
4199
the <a class="link" href="smb.conf.5.html#VETOOPLOCKFILES" target="_top">veto oplock files</a> parameter. On some systems
4138
4203
<a class="link" href="smb.conf.5.html#KERNELOPLOCKS" target="_top">kernel oplocks</a> parameter for details.
4139
4204
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplocks</code></em> = <code class="literal">yes</code>
4141
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553979"></a>
4206
</p></dd></dl></div></div><div class="section" title="os2 driver map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560609"></a>
4143
4208
os2 driver map (G)
4144
</h3></div></div></div><a class="indexterm" name="id2553980"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute
4209
</h3></div></div></div><a class="indexterm" name="id2560610"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute
4145
4210
path to a file containing a mapping of Windows NT printer driver
4146
4211
names to OS/2 printer driver names. The format is:</p><p><nt driver name> = <os2 driver name>.<device name></p><p>For example, a valid entry using the HP LaserJet 5
4147
4212
printer driver would appear as <code class="literal">HP LaserJet 5L = LASERJET.HP
4151
4216
details on OS/2 clients, please refer to chapter on other clients in the Samba3-HOWTO book.
4152
4217
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>os2 driver map</code></em> = <code class="literal"></code>
4154
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554047"></a>
4219
</p></dd></dl></div></div><div class="section" title="os level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560676"></a>
4157
</h3></div></div></div><a class="indexterm" name="id2554048"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
4222
</h3></div></div></div><a class="indexterm" name="id2560677"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
4158
4223
This integer value controls what level Samba advertises itself as for browse elections. The value of this
4159
4224
parameter determines whether <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> in the local broadcast area.
4160
4225
</p><p><span class="emphasis"><em>
4171
4236
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>os level</code></em> = <code class="literal">65</code>
4173
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554146"></a>
4238
</p></dd></dl></div></div><div class="section" title="pam password change (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560776"></a>
4175
4240
pam password change (G)
4176
</h3></div></div></div><a class="indexterm" name="id2554147"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,
4241
</h3></div></div></div><a class="indexterm" name="id2560777"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,
4177
4242
this parameter, it is possible to use PAM's password change control
4178
4243
flag for Samba. If enabled, then PAM will be used for password
4179
4244
changes when requested by an SMB client instead of the program listed in
4181
4246
It should be possible to enable this without changing your
4182
4247
<a class="link" href="smb.conf.5.html#PASSWDCHAT" target="_top">passwd chat</a> parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = <code class="literal">no</code>
4184
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554219"></a>
4249
</p></dd></dl></div></div><div class="section" title="panic action (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560848"></a>
4186
4251
panic action (G)
4187
</h3></div></div></div><a class="indexterm" name="id2554220"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a
4252
</h3></div></div></div><a class="indexterm" name="id2560850"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a
4188
4253
system command to be called when either <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> or <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> crashes. This is usually used to
4189
4254
draw attention to the fact that a problem occurred.
4190
4255
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>panic action</code></em> = <code class="literal"></code>
4192
4257
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>panic action</code></em> = <code class="literal">"/bin/sleep 90000"</code>
4194
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554295"></a>
4259
</p></dd></dl></div></div><div class="section" title="paranoid server security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560924"></a>
4196
4261
paranoid server security (G)
4197
</h3></div></div></div><a class="indexterm" name="id2554296"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest
4262
</h3></div></div></div><a class="indexterm" name="id2560925"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest
4198
4263
users with a bad passowrd. When this option is enabled, samba will not
4199
4264
use a broken NT 4.x server as password server, but instead complain
4200
4265
to the logs and exit.
4202
4267
this check, which involves deliberatly attempting a
4203
4268
bad logon to the remote server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>paranoid server security</code></em> = <code class="literal">yes</code>
4205
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554346"></a>
4270
</p></dd></dl></div></div><div class="section" title="passdb backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560976"></a>
4207
4272
passdb backend (G)
4208
</h3></div></div></div><a class="indexterm" name="id2554347"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend
4273
</h3></div></div></div><a class="indexterm" name="id2560977"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend
4209
4274
will be used for storing user and possibly group information. This allows
4210
4275
you to swap between different storage mechanisms without recompile. </p><p>The parameter value is divided into two parts, the backend's name, and a 'location'
4211
4276
string that has meaning only to that particular backed. These are separated
4212
4277
by a : character.</p><p>Available backends can include:
4213
</p><div class="itemizedlist"><ul type="disc"><li><p><code class="literal">smbpasswd</code> - The old plaintext passdb
4278
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="literal">smbpasswd</code> - The old plaintext passdb
4214
4279
backend. Some Samba features will not work if this passdb
4215
4280
backend is used. Takes a path to the smbpasswd file as an
4216
4281
optional argument.
4217
</p></li><li><p><code class="literal">tdbsam</code> - The TDB based password storage
4282
</p></li><li class="listitem"><p><code class="literal">tdbsam</code> - The TDB based password storage
4218
4283
backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb
4219
in the <a class="link" href="smb.conf.5.html#PRIVATEDIR" target="_top">private dir</a> directory.</p></li><li><p><code class="literal">ldapsam</code> - The LDAP based passdb
4284
in the <a class="link" href="smb.conf.5.html#PRIVATEDIR" target="_top">private dir</a> directory.</p></li><li class="listitem"><p><code class="literal">ldapsam</code> - The LDAP based passdb
4220
4285
backend. Takes an LDAP URL as an optional argument (defaults to
4221
4286
<code class="literal">ldap://localhost</code>)</p><p>LDAP connections should be secured where possible. This may be done using either
4222
4287
Start-TLS (see <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a>) or by
4240
4305
passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"
4241
4306
</pre><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb backend</code></em> = <code class="literal">tdbsam</code>
4243
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554505"></a>
4308
</p></dd></dl></div></div><div class="section" title="passdb expand explicit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561134"></a>
4245
4310
passdb expand explicit (G)
4246
</h3></div></div></div><a class="indexterm" name="id2554506"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4311
</h3></div></div></div><a class="indexterm" name="id2561135"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4247
4312
This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We
4248
4313
used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable
4249
4314
%G_osver% in which %G would have been substituted by the user's primary group.
4250
4315
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb expand explicit</code></em> = <code class="literal">no</code>
4252
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554552"></a>
4317
</p></dd></dl></div></div><div class="section" title="passwd chat debug (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561181"></a>
4254
4319
passwd chat debug (G)
4255
</h3></div></div></div><a class="indexterm" name="id2554553"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script
4320
</h3></div></div></div><a class="indexterm" name="id2561182"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script
4256
4321
parameter is run in <span class="emphasis"><em>debug</em></span> mode. In this mode the
4257
4322
strings passed to and received from the passwd chat are printed
4258
4323
in the <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> log with a
4265
4330
<a class="link" href="smb.conf.5.html#PAMPASSWORDCHANGE" target="_top">pam password change</a>
4266
4331
parameter is set. This parameter is off by default.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat debug</code></em> = <code class="literal">no</code>
4268
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554655"></a>
4333
</p></dd></dl></div></div><div class="section" title="passwd chat timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561284"></a>
4270
4335
passwd chat timeout (G)
4271
</h3></div></div></div><a class="indexterm" name="id2554656"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial
4336
</h3></div></div></div><a class="indexterm" name="id2561286"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial
4272
4337
answer from a passwd chat script being run. Once the initial answer is received
4273
4338
the subsequent answers must be received in one tenth of this time. The default it
4274
4339
two seconds.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat timeout</code></em> = <code class="literal">2</code>
4276
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554700"></a>
4341
</p></dd></dl></div></div><div class="section" title="passwd chat (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561330"></a>
4278
4343
passwd chat (G)
4279
</h3></div></div></div><a class="indexterm" name="id2554701"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>
4344
</h3></div></div></div><a class="indexterm" name="id2561331"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>
4280
4345
conversation that takes places between <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and the local password changing
4281
4346
program to change the user's password. The string describes a
4282
4347
sequence of response-receive pairs that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> uses to determine what to send to the
4403
4468
this list by locating the closest DC.</p><p>If the <em class="parameter"><code>security</code></em> parameter is
4404
4469
set to <code class="constant">server</code>, then there are different
4405
4470
restrictions that <code class="literal">security = domain</code> doesn't
4406
suffer from:</p><div class="itemizedlist"><ul type="disc"><li><p>You may list several password servers in
4471
suffer from:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>You may list several password servers in
4407
4472
the <em class="parameter"><code>password server</code></em> parameter, however if an
4408
4473
<code class="literal">smbd</code> makes a connection to a password server,
4409
4474
and then the password server fails, no more users will be able
4410
4475
to be authenticated from this <code class="literal">smbd</code>. This is a
4411
4476
restriction of the SMB/CIFS protocol when in <code class="literal">security = server
4412
</code> mode and cannot be fixed in Samba.</p></li><li><p>If you are using a Windows NT server as your
4477
</code> mode and cannot be fixed in Samba.</p></li><li class="listitem"><p>If you are using a Windows NT server as your
4413
4478
password server then you will have to ensure that your users
4414
4479
are able to login from the Samba server, as when in <code class="literal">
4415
4480
security = server</code> mode the network logon will appear to
4420
4485
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">windc.mydomain.com:389 192.168.1.101 *</code>
4422
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555476"></a>
4487
</p></dd></dl></div></div><div class="section" title="directory"><div class="titlepage"><div><div><h3 class="title"><a name="id2562106"></a>
4424
4489
<a name="DIRECTORY"></a>directory
4425
</h3></div></div></div><a class="indexterm" name="id2555477"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555507"></a>
4490
</h3></div></div></div><a class="indexterm" name="id2562107"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" title="path (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562137"></a>
4428
</h3></div></div></div><a class="indexterm" name="id2555508"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which
4493
</h3></div></div></div><a class="indexterm" name="id2562138"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which
4429
4494
the user of the service is to be given access. In the case of
4430
4495
printable services, this is where print data will spool prior to
4431
4496
being submitted to the host for printing.</p><p>For a printable service offering guest access, the service
4443
4508
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>path</code></em> = <code class="literal">/home/fred</code>
4445
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555611"></a>
4510
</p></dd></dl></div></div><div class="section" title="perfcount module (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562241"></a>
4447
4512
perfcount module (G)
4448
</h3></div></div></div><a class="indexterm" name="id2555612"></a><a name="PERFCOUNTMODULE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the perfcount backend to be used when monitoring SMB
4513
</h3></div></div></div><a class="indexterm" name="id2562242"></a><a name="PERFCOUNTMODULE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the perfcount backend to be used when monitoring SMB
4449
4514
operations. Only one perfcount module may be used, and it must implement all of the
4450
4515
apis contained in the smb_perfcount_handler structure defined in smb.h.
4451
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555645"></a>
4516
</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="pid directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562274"></a>
4453
4518
pid directory (G)
4454
</h3></div></div></div><a class="indexterm" name="id2555646"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
4519
</h3></div></div></div><a class="indexterm" name="id2562276"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
4455
4520
This option specifies the directory where pid files will be placed.
4456
4521
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">${prefix}/var/locks</code>
4458
4523
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">pid directory = /var/run/</code>
4460
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555705"></a>
4525
</p></dd></dl></div></div><div class="section" title="posix locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562334"></a>
4462
4527
posix locking (S)
4463
</h3></div></div></div><a class="indexterm" name="id2555706"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
4528
</h3></div></div></div><a class="indexterm" name="id2562335"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
4464
4529
The <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
4465
4530
daemon maintains an database of file locks obtained by SMB clients. The default behavior is
4466
4531
to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are
4468
4533
method (e.g. NFS or local file access). You should never need to disable this parameter.
4469
4534
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>posix locking</code></em> = <code class="literal">yes</code>
4471
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555760"></a>
4536
</p></dd></dl></div></div><div class="section" title="postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562390"></a>
4474
</h3></div></div></div><a class="indexterm" name="id2555761"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run
4539
</h3></div></div></div><a class="indexterm" name="id2562391"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run
4475
4540
whenever the service is disconnected. It takes the usual
4476
4541
substitutions. The command may be run as the root on some
4477
4542
systems.</p><p>An interesting example may be to unmount server
4480
4545
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>postexec</code></em> = <code class="literal">echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log</code>
4482
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555833"></a>
4547
</p></dd></dl></div></div><div class="section" title="preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562462"></a>
4484
4549
preexec close (S)
4485
</h3></div></div></div><a class="indexterm" name="id2555834"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4550
</h3></div></div></div><a class="indexterm" name="id2562464"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4486
4551
This boolean option controls whether a non-zero return code from <a class="link" href="smb.conf.5.html#PREEXEC" target="_top">preexec</a>
4487
4552
should close the service being connected to.
4488
4553
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec close</code></em> = <code class="literal">no</code>
4490
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555888"></a>
4555
</p></dd></dl></div></div><div class="section" title="exec"><div class="titlepage"><div><div><h3 class="title"><a name="id2562518"></a>
4492
4557
<a name="EXEC"></a>exec
4493
</h3></div></div></div><a class="indexterm" name="id2555889"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555920"></a>
4558
</h3></div></div></div><a class="indexterm" name="id2562519"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" title="preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562549"></a>
4496
</h3></div></div></div><a class="indexterm" name="id2555921"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever
4561
</h3></div></div></div><a class="indexterm" name="id2562550"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever
4497
4562
the service is connected to. It takes the usual substitutions.</p><p>An interesting example is to send the users a welcome
4498
4563
message every time they log in. Maybe a message of the day? Here
4499
4564
is an example:</p><p>
4506
4571
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preexec</code></em> = <code class="literal">echo \"%u connected to %S from %m (%I)\" >> /tmp/log</code>
4508
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556028"></a>
4573
</p></dd></dl></div></div><div class="section" title="prefered master"><div class="titlepage"><div><div><h3 class="title"><a name="id2562657"></a>
4510
4575
<a name="PREFEREDMASTER"></a>prefered master
4511
</h3></div></div></div><a class="indexterm" name="id2556029"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556061"></a>
4576
</h3></div></div></div><a class="indexterm" name="id2562658"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" title="preferred master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562691"></a>
4513
4578
preferred master (G)
4514
</h3></div></div></div><a class="indexterm" name="id2556062"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
4579
</h3></div></div></div><a class="indexterm" name="id2562692"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
4515
4580
This boolean parameter controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> is a preferred master browser for its workgroup.
4517
4582
If this is set to <code class="constant">yes</code>, on startup, <code class="literal">nmbd</code> will force
4526
4591
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preferred master</code></em> = <code class="literal">auto</code>
4528
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556154"></a>
4593
</p></dd></dl></div></div><div class="section" title="preload modules (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562784"></a>
4530
4595
preload modules (G)
4531
</h3></div></div></div><a class="indexterm" name="id2556155"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should
4596
</h3></div></div></div><a class="indexterm" name="id2562785"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should
4532
4597
be loaded into smbd before a client connects. This improves
4533
4598
the speed of smbd when reacting to new connections somewhat. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal"></code>
4535
4600
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal">/usr/lib/samba/passdb/mysql.so</code>
4537
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556215"></a>
4602
</p></dd></dl></div></div><div class="section" title="auto services"><div class="titlepage"><div><div><h3 class="title"><a name="id2562845"></a>
4539
4604
<a name="AUTOSERVICES"></a>auto services
4540
</h3></div></div></div><a class="indexterm" name="id2556216"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556248"></a>
4605
</h3></div></div></div><a class="indexterm" name="id2562846"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" title="preload (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562878"></a>
4543
</h3></div></div></div><a class="indexterm" name="id2556249"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be
4608
</h3></div></div></div><a class="indexterm" name="id2562879"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be
4544
4609
automatically added to the browse lists. This is most useful
4545
4610
for homes and printers services that would otherwise not be
4546
4611
visible.</p><p>
4552
4617
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload</code></em> = <code class="literal">fred lp colorlp</code>
4554
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556326"></a>
4619
</p></dd></dl></div></div><div class="section" title="preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562956"></a>
4556
4621
preserve case (S)
4557
</h3></div></div></div><a class="indexterm" name="id2556327"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4622
</h3></div></div></div><a class="indexterm" name="id2562957"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
4558
4623
This controls if new filenames are created with the case that the client passes, or if
4559
4624
they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>.
4561
4626
See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a> for a fuller discussion.
4562
4627
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preserve case</code></em> = <code class="literal">yes</code>
4564
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556393"></a>
4629
</p></dd></dl></div></div><div class="section" title="print ok"><div class="titlepage"><div><div><h3 class="title"><a name="id2563022"></a>
4566
4631
<a name="PRINTOK"></a>print ok
4567
</h3></div></div></div><a class="indexterm" name="id2556394"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556424"></a>
4632
</h3></div></div></div><a class="indexterm" name="id2563023"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" title="printable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563053"></a>
4570
</h3></div></div></div><a class="indexterm" name="id2556425"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then
4635
</h3></div></div></div><a class="indexterm" name="id2563054"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then
4571
4636
clients may open, write to and submit spool files on the directory
4572
4637
specified for the service. </p><p>Note that a printable service will ALWAYS allow writing
4573
4638
to the service path (user privileges permitting) via the spooling
4574
4639
of print data. The <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> parameter controls only non-printing access to
4575
4640
the resource.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printable</code></em> = <code class="literal">no</code>
4577
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556487"></a>
4642
</p></dd></dl></div></div><div class="section" title="printcap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563116"></a>
4579
4644
printcap cache time (G)
4580
</h3></div></div></div><a class="indexterm" name="id2556488"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing
4645
</h3></div></div></div><a class="indexterm" name="id2563118"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing
4581
4646
subsystem is again asked for the known printers. If the value
4582
4647
is greater than 60 the initial waiting time is set to 60 seconds
4583
4648
to allow an earlier first rescan of the printing subsystem.
4588
4653
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap cache time</code></em> = <code class="literal">600</code>
4590
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556556"></a>
4655
</p></dd></dl></div></div><div class="section" title="printcap"><div class="titlepage"><div><div><h3 class="title"><a name="id2563185"></a>
4592
4657
<a name="PRINTCAP"></a>printcap
4593
</h3></div></div></div><a class="indexterm" name="id2556557"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556589"></a>
4658
</h3></div></div></div><a class="indexterm" name="id2563186"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" title="printcap name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563218"></a>
4595
4660
printcap name (G)
4596
</h3></div></div></div><a class="indexterm" name="id2556590"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4661
</h3></div></div></div><a class="indexterm" name="id2563219"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4597
4662
This parameter may be used to override the compiled-in default printcap name used by the server (usually
4598
4663
<code class="filename"> /etc/printcap</code>). See the discussion of the <a class="link" href="#PRINTERSSECT" title="The [printers] section">[printers]</a> section above for reasons why you might want to do this.
4622
4687
where the '|' separates aliases of a printer. The fact that the second alias has a space in
4623
4688
it gives a hint to Samba that it's a comment.
4624
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
4689
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
4625
4690
Under AIX the default printcap name is <code class="filename">/etc/qconfig</code>. Samba will
4626
4691
assume the file is in AIX <code class="filename">qconfig</code> format if the string <code class="filename">qconfig</code> appears in the printcap filename.
4627
4692
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>printcap name</code></em> = <code class="literal">/etc/printcap</code>
4629
4694
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap name</code></em> = <code class="literal">/etc/myprintcap</code>
4631
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556773"></a>
4696
</p></dd></dl></div></div><div class="section" title="print command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563403"></a>
4633
4698
print command (S)
4634
</h3></div></div></div><a class="indexterm" name="id2556774"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to
4699
</h3></div></div></div><a class="indexterm" name="id2563404"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to
4635
4700
a service, this command will be used via a <code class="literal">system()</code>
4636
4701
call to process the spool file. Typically the command specified will
4637
4702
submit the spool file to the host's printing subsystem, but there
4673
4738
and if SAMBA is compiled against libcups, any manually
4674
4739
set print command will be ignored.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>print command</code></em> = <code class="literal">/usr/local/samba/bin/myprintscript %p %s</code>
4676
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557043"></a>
4741
</p></dd></dl></div></div><div class="section" title="printer admin (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563672"></a>
4678
4743
printer admin (S)
4679
</h3></div></div></div><a class="indexterm" name="id2557044"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
4744
</h3></div></div></div><a class="indexterm" name="id2563674"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
4680
4745
This lists users who can do anything to printers
4681
4746
via the remote administration interfaces offered
4682
4747
by MS-RPC (usually using a NT workstation).
4693
4758
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer admin</code></em> = <code class="literal">admin, @staff</code>
4695
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557112"></a>
4760
</p></dd></dl></div></div><div class="section" title="printer"><div class="titlepage"><div><div><h3 class="title"><a name="id2563742"></a>
4697
4762
<a name="PRINTER"></a>printer
4698
</h3></div></div></div><a class="indexterm" name="id2557113"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557143"></a>
4763
</h3></div></div></div><a class="indexterm" name="id2563743"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" title="printer name (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563773"></a>
4700
4765
printer name (S)
4701
</h3></div></div></div><a class="indexterm" name="id2557144"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4766
</h3></div></div></div><a class="indexterm" name="id2563774"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
4702
4767
This parameter specifies the name of the printer to which print jobs spooled through a printable service
4712
4777
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer name</code></em> = <code class="literal">laserwriter</code>
4714
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557231"></a>
4779
</p></dd></dl></div></div><div class="section" title="printing (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563861"></a>
4717
</h3></div></div></div><a class="indexterm" name="id2557232"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status information is
4782
</h3></div></div></div><a class="indexterm" name="id2563862"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status information is
4718
4783
interpreted on your system. It also affects the default values for
4719
4784
the <em class="parameter"><code>print command</code></em>, <em class="parameter"><code>lpq command</code></em>, <em class="parameter"><code>lppause command </code></em>, <em class="parameter"><code>lpresume command</code></em>, and <em class="parameter"><code>lprm command</code></em> if specified in the
4720
4785
[global] section.</p><p>Currently nine printing styles are supported. They are
4731
4796
[printers]</a> section.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printing</code></em> = <code class="literal">Depends on the operating system, see
4732
4797
<code class="literal">testparm -v.</code></code>
4734
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557385"></a>
4799
</p></dd></dl></div></div><div class="section" title="printjob username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564014"></a>
4736
4801
printjob username (S)
4737
</h3></div></div></div><a class="indexterm" name="id2557386"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be
4802
</h3></div></div></div><a class="indexterm" name="id2564015"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be
4738
4803
passed to the printing system. Usually, the username is sent,
4739
4804
but in some cases, e.g. the domain prefix is useful, too.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%U</code>
4741
4806
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%D\%U</code>
4743
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557446"></a>
4808
</p></dd></dl></div></div><div class="section" title="private dir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564076"></a>
4745
4810
private dir (G)
4746
</h3></div></div></div><a class="indexterm" name="id2557447"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory
4811
</h3></div></div></div><a class="indexterm" name="id2564077"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory
4747
4812
smbd will use for storing such files as <code class="filename">smbpasswd</code>
4748
4813
and <code class="filename">secrets.tdb</code>.
4749
4814
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>private dir</code></em> = <code class="literal">${prefix}/private</code>
4751
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557500"></a>
4816
</p></dd></dl></div></div><div class="section" title="profile acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564130"></a>
4753
4818
profile acls (S)
4754
</h3></div></div></div><a class="indexterm" name="id2557501"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4819
</h3></div></div></div><a class="indexterm" name="id2564131"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>
4755
4820
This boolean parameter was added to fix the problems that people have been
4756
4821
having with storing user profiles on Samba shares from Windows 2000 or
4757
4822
Windows XP clients. New versions of Windows 2000 or Windows XP service
4779
4844
tree to the owning user.
4780
4845
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>profile acls</code></em> = <code class="literal">no</code>
4782
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557573"></a>
4847
</p></dd></dl></div></div><div class="section" title="queuepause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564202"></a>
4784
4849
queuepause command (S)
4785
</h3></div></div></div><a class="indexterm" name="id2557574"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4850
</h3></div></div></div><a class="indexterm" name="id2564204"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4786
4851
executed on the server host in order to pause the printer queue.</p><p>This command should be a program or script which takes
4787
4852
a printer name as its only parameter and stops the printer queue,
4788
4853
such that no longer jobs are submitted to the printer.</p><p>This command is not supported by Windows for Workgroups,
4793
4858
path in the command as the PATH may not be available to the
4794
4859
server.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queuepause command</code></em> = <code class="literal">disable %p</code>
4796
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557650"></a>
4861
</p></dd></dl></div></div><div class="section" title="queueresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564279"></a>
4798
4863
queueresume command (S)
4799
</h3></div></div></div><a class="indexterm" name="id2557651"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4864
</h3></div></div></div><a class="indexterm" name="id2564280"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
4800
4865
executed on the server host in order to resume the printer queue. It
4801
4866
is the command to undo the behavior that is caused by the
4802
4867
previous parameter (<a class="link" href="smb.conf.5.html#QUEUEPAUSECOMMAND" target="_top">queuepause command</a>).</p><p>This command should be a program or script which takes
4812
4877
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queueresume command</code></em> = <code class="literal">enable %p</code>
4814
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557753"></a>
4879
</p></dd></dl></div></div><div class="section" title="read list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564382"></a>
4817
</h3></div></div></div><a class="indexterm" name="id2557754"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
4882
</h3></div></div></div><a class="indexterm" name="id2564383"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
4818
4883
This is a list of users that are given read-only access to a service. If the connecting user is in this list
4819
4884
then they will not be given write access, no matter what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set
4820
4885
to. The list can include group names using the syntax described in the <a class="link" href="smb.conf.5.html#INVALIDUSERS" target="_top">invalid users</a>
4825
4890
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> = <code class="literal">mary, @students</code>
4827
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557852"></a>
4892
</p></dd></dl></div></div><div class="section" title="read only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564482"></a>
4830
</h3></div></div></div><a class="indexterm" name="id2557853"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users
4895
</h3></div></div></div><a class="indexterm" name="id2564483"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users
4831
4896
of a service may not create or modify files in the service's
4832
4897
directory.</p><p>Note that a printable service (<code class="literal">printable = yes</code>)
4833
4898
will <span class="emphasis"><em>ALWAYS</em></span> allow writing to the directory
4834
4899
(user privileges permitting), but only via spooling operations.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read only</code></em> = <code class="literal">yes</code>
4836
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557929"></a>
4901
</p></dd></dl></div></div><div class="section" title="read raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564559"></a>
4839
</h3></div></div></div><a class="indexterm" name="id2557930"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
4904
</h3></div></div></div><a class="indexterm" name="id2564560"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
4840
4905
will support the raw read SMB requests when transferring data
4841
4906
to clients.</p><p>If enabled, raw reads allow reads of 65535 bytes in
4842
4907
one packet. This typically provides a major performance benefit.
4845
4910
sizes, and for these clients you may need to disable raw reads.</p><p>In general this parameter should be viewed as a system tuning
4846
4911
tool and left severely alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read raw</code></em> = <code class="literal">yes</code>
4848
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557989"></a>
4913
</p></dd></dl></div></div><div class="section" title="realm (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564619"></a>
4851
</h3></div></div></div><a class="indexterm" name="id2557990"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is
4916
</h3></div></div></div><a class="indexterm" name="id2564620"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is
4852
4917
used as the ADS equivalent of the NT4 <code class="literal">domain</code>. It
4853
4918
is usually set to the DNS name of the kerberos server.
4854
4919
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>realm</code></em> = <code class="literal"></code>
4856
4921
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>realm</code></em> = <code class="literal">mysambabox.mycompany.com</code>
4858
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558054"></a>
4923
</p></dd></dl></div></div><div class="section" title="registry shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564684"></a>
4860
4925
registry shares (G)
4861
</h3></div></div></div><a class="indexterm" name="id2558055"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>
4926
</h3></div></div></div><a class="indexterm" name="id2564685"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>
4862
4927
This turns on or off support for share definitions read from
4863
4928
registry. Shares defined in <span class="emphasis"><em>smb.conf</em></span> take
4864
4929
precedence over shares with the same name defined in
4900
4965
See the chapter on Network Browsing in the Samba-HOWTO book.
4901
4966
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote announce</code></em> = <code class="literal"></code>
4903
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558246"></a>
4968
</p></dd></dl></div></div><div class="section" title="remote browse sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564875"></a>
4905
4970
remote browse sync (G)
4906
</h3></div></div></div><a class="indexterm" name="id2558247"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4971
</h3></div></div></div><a class="indexterm" name="id2564876"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
4907
4972
This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically request
4908
4973
synchronization of browse lists with the master browser of a Samba
4909
4974
server that is on a remote segment. This option will allow you to
4935
5000
each network has its own WINS server.
4936
5001
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote browse sync</code></em> = <code class="literal"></code>
4938
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558359"></a>
5003
</p></dd></dl></div></div><div class="section" title="rename user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564993"></a>
4940
5005
rename user script (G)
4941
</h3></div></div></div><a class="indexterm" name="id2558360"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
5006
</h3></div></div></div><a class="indexterm" name="id2564994"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
4942
5007
This is the full pathname to a script that will be run as root by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> under special circumstances described below.
4944
5009
When a user with admin authority or SeAddUserPrivilege rights renames a user (e.g.: from the NT4 User Manager
4945
5010
for Domains), this script will be run to rename the POSIX user. Two variables, <code class="literal">%uold</code> and
4946
5011
<code class="literal">%unew</code>, will be substituted with the old and new usernames, respectively. The script should
4947
5012
return 0 upon successful completion, and nonzero otherwise.
4948
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
5013
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
4949
5014
The script has all responsibility to rename all the necessary data that is accessible in this posix method.
4950
5015
This can mean different requirements for different backends. The tdbsam and smbpasswd backends will take care
4951
5016
of the contents of their respective files, so the script is responsible only for changing the POSIX username, and
4999
5064
The security advantage of using restrict anonymous = 1 is dubious,
5000
5065
as user and group list information can be obtained using other
5002
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
5067
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
5003
5068
The security advantage of using restrict anonymous = 2 is removed
5004
5069
by setting <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok = yes</a> on any share.
5005
5070
</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>restrict anonymous</code></em> = <code class="literal">0</code>
5007
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558586"></a>
5072
</p></dd></dl></div></div><div class="section" title="root"><div class="titlepage"><div><div><h3 class="title"><a name="id2565232"></a>
5009
5074
<a name="ROOT"></a>root
5010
</h3></div></div></div><a class="indexterm" name="id2558587"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558619"></a>
5075
</h3></div></div></div><a class="indexterm" name="id2565233"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root dir"><div class="titlepage"><div><div><h3 class="title"><a name="id2565265"></a>
5012
5077
<a name="ROOTDIR"></a>root dir
5013
</h3></div></div></div><a class="indexterm" name="id2558620"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558650"></a>
5078
</h3></div></div></div><a class="indexterm" name="id2565266"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565296"></a>
5015
5080
root directory (G)
5016
</h3></div></div></div><a class="indexterm" name="id2558652"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.
5081
</h3></div></div></div><a class="indexterm" name="id2565297"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.
5017
5082
Change its root directory) to this directory on startup. This is
5018
5083
not strictly necessary for secure operation. Even without it the
5019
5084
server will deny access to files not in one of the service entries.
5037
5102
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>root directory</code></em> = <code class="literal">/homes/smb</code>
5039
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558774"></a>
5104
</p></dd></dl></div></div><div class="section" title="root postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565420"></a>
5041
5106
root postexec (S)
5042
</h3></div></div></div><a class="indexterm" name="id2558776"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
5107
</h3></div></div></div><a class="indexterm" name="id2565421"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
5043
5108
This is the same as the <em class="parameter"><code>postexec</code></em>
5044
5109
parameter except that the command is run as root. This is useful for
5045
5110
unmounting filesystems (such as CDROMs) after a connection is closed.
5046
5111
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root postexec</code></em> = <code class="literal"></code>
5048
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558823"></a>
5113
</p></dd></dl></div></div><div class="section" title="root preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565469"></a>
5050
5115
root preexec close (S)
5051
</h3></div></div></div><a class="indexterm" name="id2558824"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close
5116
</h3></div></div></div><a class="indexterm" name="id2565470"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close
5052
5117
</code></em> parameter except that the command is run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec close</code></em> = <code class="literal">no</code>
5054
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558872"></a>
5119
</p></dd></dl></div></div><div class="section" title="root preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565517"></a>
5056
5121
root preexec (S)
5057
</h3></div></div></div><a class="indexterm" name="id2558873"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
5122
</h3></div></div></div><a class="indexterm" name="id2565518"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
5058
5123
This is the same as the <em class="parameter"><code>preexec</code></em>
5059
5124
parameter except that the command is run as root. This is useful for
5060
5125
mounting filesystems (such as CDROMs) when a connection is opened.
5061
5126
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec</code></em> = <code class="literal"></code>
5063
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558920"></a>
5128
</p></dd></dl></div></div><div class="section" title="security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565566"></a>
5065
5130
security mask (S)
5066
</h3></div></div></div><a class="indexterm" name="id2558921"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
5131
</h3></div></div></div><a class="indexterm" name="id2565567"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
5067
5132
This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the
5068
5133
UNIX permission on a file using the native NT security dialog box.
5124
5189
in share level security, <code class="literal">smbd</code> uses several
5125
5190
techniques to determine the correct UNIX user to use on behalf
5126
5191
of the client.</p><p>A list of possible UNIX usernames to match with the given
5127
client password is constructed using the following methods :</p><div class="itemizedlist"><ul type="disc"><li><p>If the <a class="link" href="smb.conf.5.html#GUESTONLY" target="_top">guest only</a> parameter is set, then all the other
5192
client password is constructed using the following methods :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>If the <a class="link" href="smb.conf.5.html#GUESTONLY" target="_top">guest only</a> parameter is set, then all the other
5128
5193
stages are missed and only the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a> username is checked.
5129
</p></li><li><p>Is a username is sent with the share connection
5194
</p></li><li class="listitem"><p>Is a username is sent with the share connection
5130
5195
request, then this username (after mapping - see <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a>),
5131
5196
is added as a potential username.
5132
</p></li><li><p>If the client did a previous <span class="emphasis"><em>logon
5197
</p></li><li class="listitem"><p>If the client did a previous <span class="emphasis"><em>logon
5133
5198
</em></span> request (the SessionSetup SMB call) then the
5134
5199
username sent in this SMB will be added as a potential username.
5135
</p></li><li><p>The name of the service the client requested is
5200
</p></li><li class="listitem"><p>The name of the service the client requested is
5136
5201
added as a potential username.
5137
</p></li><li><p>The NetBIOS name of the client is added to
5202
</p></li><li class="listitem"><p>The NetBIOS name of the client is added to
5138
5203
the list as a potential username.
5139
</p></li><li><p>Any users on the <a class="link" href="smb.conf.5.html#USER" target="_top">user</a> list are added as potential usernames.
5204
</p></li><li class="listitem"><p>Any users on the <a class="link" href="smb.conf.5.html#USER" target="_top">user</a> list are added as potential usernames.
5140
5205
</p></li></ul></div><p>If the <em class="parameter"><code>guest only</code></em> parameter is
5141
5206
not set, then this list is then tried with the supplied password.
5142
5207
The first user for whom the password matches will be used as the
5190
5255
of the user's session. Furthermore, if this connection is lost,
5191
5256
there is no way to reestablish it, and futher authentications to the
5192
5257
Samba server may fail (from a single client, till it disconnects).
5193
</p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>From the client's point of
5258
</p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>From the client's point of
5194
5259
view, <code class="literal">security = server</code> is the
5195
5260
same as <code class="literal">security = user</code>. It
5196
5261
only affects how the server deals with the authentication, it does
5210
5275
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security</code></em> = <code class="literal">DOMAIN</code>
5212
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559905"></a>
5277
</p></dd></dl></div></div><div class="section" title="server schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566551"></a>
5214
5279
server schannel (G)
5215
</h3></div></div></div><a class="indexterm" name="id2559906"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
5280
</h3></div></div></div><a class="indexterm" name="id2566552"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
5216
5281
This controls whether the server offers or even demands the use of the netlogon schannel.
5217
5282
<a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = no</a> does not offer the schannel, <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = auto</a> offers the schannel but does not enforce it, and <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = yes</a> denies access if the client is not able to speak netlogon schannel.
5218
5283
This is only the case for Windows NT4 before SP4.
5224
5289
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server schannel</code></em> = <code class="literal">yes</code>
5226
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560021"></a>
5291
</p></dd></dl></div></div><div class="section" title="server signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566667"></a>
5228
5293
server signing (G)
5229
</h3></div></div></div><a class="indexterm" name="id2560022"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
5294
</h3></div></div></div><a class="indexterm" name="id2566668"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
5230
5295
are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
5231
5296
and <span class="emphasis"><em>disabled</em></span>.
5232
5297
</p><p>When set to auto, SMB signing is offered, but not enforced.
5233
5298
When set to mandatory, SMB signing is required and if set
5234
5299
to disabled, SMB signing is not offered either.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>server signing</code></em> = <code class="literal">Disabled</code>
5236
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560082"></a>
5301
</p></dd></dl></div></div><div class="section" title="server string (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566728"></a>
5238
5303
server string (G)
5239
</h3></div></div></div><a class="indexterm" name="id2560083"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print
5304
</h3></div></div></div><a class="indexterm" name="id2566729"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print
5240
5305
manager and next to the IPC connection in <code class="literal">net view</code>. It
5241
5306
can be any string that you wish to show to your users.</p><p>It also sets what will appear in browse lists next
5242
5307
to the machine name.</p><p>A <em class="parameter"><code>%v</code></em> will be replaced with the Samba
5258
5323
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set directory</code></em> = <code class="literal">no</code>
5260
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560233"></a>
5325
</p></dd></dl></div></div><div class="section" title="set primary group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566879"></a>
5262
5327
set primary group script (G)
5263
</h3></div></div></div><a class="indexterm" name="id2560234"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a
5328
</h3></div></div></div><a class="indexterm" name="id2566880"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a
5264
5329
primary group in addition to the auxiliary groups. This script
5265
5330
sets the primary group in the unix userdatase when an
5266
5331
administrator sets the primary group from the windows user
5273
5338
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set primary group script</code></em> = <code class="literal">/usr/sbin/usermod -g '%g' '%u'</code>
5275
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560315"></a>
5340
</p></dd></dl></div></div><div class="section" title="set quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566961"></a>
5277
5342
set quota command (G)
5278
</h3></div></div></div><a class="indexterm" name="id2560316"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used
5343
</h3></div></div></div><a class="indexterm" name="id2566962"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used
5279
5344
whenever there is no operating system API available from the OS that
5280
5345
samba can use.</p><p>This option is only available if Samba was configured with the argument <code class="literal">--with-sys-quotas</code> or
5281
5346
on linux when <code class="literal">./configure --with-quotas</code> was used and a working quota api
5282
5347
was found in the system. Most packages are configured with these options already.</p><p>This parameter should specify the path to a script that
5283
can set quota for the specified arguments.</p><p>The specified script should take the following arguments:</p><div class="itemizedlist"><ul type="disc"><li><p>1 - quota type
5284
</p><div class="itemizedlist"><ul type="circle"><li><p>1 - user quotas</p></li><li><p>2 - user default quotas (uid = -1)</p></li><li><p>3 - group quotas</p></li><li><p>4 - group default quotas (gid = -1)</p></li></ul></div></li><li><p>2 - id (uid for user, gid for group, -1 if N/A)</p></li><li><p>3 - quota state (0 = disable, 1 = enable, 2 = enable and enforce)</p></li><li><p>4 - block softlimit</p></li><li><p>5 - block hardlimit</p></li><li><p>6 - inode softlimit</p></li><li><p>7 - inode hardlimit</p></li><li><p>8(optional) - block size, defaults to 1024</p></li></ul></div><p>The script should output at least one line of data on success. And nothing on failure.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal"></code>
5348
can set quota for the specified arguments.</p><p>The specified script should take the following arguments:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>1 - quota type
5349
</p><div class="itemizedlist"><ul class="itemizedlist" type="circle"><li class="listitem"><p>1 - user quotas</p></li><li class="listitem"><p>2 - user default quotas (uid = -1)</p></li><li class="listitem"><p>3 - group quotas</p></li><li class="listitem"><p>4 - group default quotas (gid = -1)</p></li></ul></div></li><li class="listitem"><p>2 - id (uid for user, gid for group, -1 if N/A)</p></li><li class="listitem"><p>3 - quota state (0 = disable, 1 = enable, 2 = enable and enforce)</p></li><li class="listitem"><p>4 - block softlimit</p></li><li class="listitem"><p>5 - block hardlimit</p></li><li class="listitem"><p>6 - inode softlimit</p></li><li class="listitem"><p>7 - inode hardlimit</p></li><li class="listitem"><p>8(optional) - block size, defaults to 1024</p></li></ul></div><p>The script should output at least one line of data on success. And nothing on failure.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal"></code>
5286
5351
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal">/usr/local/sbin/set_quota</code>
5288
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560478"></a>
5353
</p></dd></dl></div></div><div class="section" title="share:fake_fscaps (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567124"></a>
5290
5355
share:fake_fscaps (G)
5291
</h3></div></div></div><a class="indexterm" name="id2560479"></a><a name="SHARE:FAKE_FSCAPS"></a><div class="variablelist"><dl><dt></dt><dd><p>
5356
</h3></div></div></div><a class="indexterm" name="id2567126"></a><a name="SHARE:FAKE_FSCAPS"></a><div class="variablelist"><dl><dt></dt><dd><p>
5292
5357
This is needed to support some special application that makes
5293
5358
QFSINFO calls to check whether we set the SPARSE_FILES bit
5294
5359
(0x40). If this bit is not set that particular application
5298
5363
decimal values to specify the bitmask you need to fake.
5299
5364
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>share:fake_fscaps</code></em> = <code class="literal">0</code>
5301
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560538"></a>
5366
</p></dd></dl></div></div><div class="section" title="share modes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567184"></a>
5303
5368
share modes (S)
5304
</h3></div></div></div><a class="indexterm" name="id2560539"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of
5369
</h3></div></div></div><a class="indexterm" name="id2567185"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of
5305
5370
the <em class="parameter"><code>share modes</code></em> during a file open. These
5306
5371
modes are used by clients to gain exclusive read or write access
5307
5372
to a file.</p><p>This is a deprecated option from old versions of
5313
5378
by default.</p><p>You should <span class="emphasis"><em>NEVER</em></span> turn this parameter
5314
5379
off as many Windows applications will break if you do so.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>share modes</code></em> = <code class="literal">yes</code>
5316
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560614"></a>
5381
</p></dd></dl></div></div><div class="section" title="short preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567261"></a>
5318
5383
short preserve case (S)
5319
</h3></div></div></div><a class="indexterm" name="id2560616"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
5384
</h3></div></div></div><a class="indexterm" name="id2567262"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
5320
5385
This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of
5321
5386
suitable length, are created upper case, or if they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>.
5322
5387
This option can be use with <a class="link" href="smb.conf.5.html#PRESERVECASE" target="_top">preserve case = yes</a> to permit long filenames
5323
5388
to retain their case, while short names are lowered.
5324
5389
</p><p>See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>short preserve case</code></em> = <code class="literal">yes</code>
5326
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560694"></a>
5391
</p></dd></dl></div></div><div class="section" title="show add printer wizard (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567340"></a>
5328
5393
show add printer wizard (G)
5329
</h3></div></div></div><a class="indexterm" name="id2560695"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support
5394
</h3></div></div></div><a class="indexterm" name="id2567341"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support
5330
5395
for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will
5331
5396
appear on Samba hosts in the share listing. Normally this folder will
5332
5397
contain an icon for the MS Add Printer Wizard (APW). However, it is
5341
5406
icon will not be displayed.</p><p>Disabling the <em class="parameter"><code>show add printer wizard</code></em>
5342
5407
parameter will always cause the OpenPrinterEx() on the server
5343
5408
to fail. Thus the APW icon will never be displayed.
5344
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This does not prevent the same user from having
5409
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This does not prevent the same user from having
5345
5410
administrative privilege on an individual printer.</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>show add printer wizard</code></em> = <code class="literal">yes</code>
5347
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560777"></a>
5412
</p></dd></dl></div></div><div class="section" title="shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567423"></a>
5349
5414
shutdown script (G)
5350
</h3></div></div></div><a class="indexterm" name="id2560778"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by
5415
</h3></div></div></div><a class="indexterm" name="id2567424"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by
5351
5416
<a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that should
5352
5417
start a shutdown procedure.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>,
5353
right, this command will be run as root.</p><p>The %z %t %r %f variables are expanded as follows:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>%z</code></em> will be substituted with the
5354
shutdown message sent to the server.</p></li><li><p><em class="parameter"><code>%t</code></em> will be substituted with the
5418
right, this command will be run as root.</p><p>The %z %t %r %f variables are expanded as follows:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>%z</code></em> will be substituted with the
5419
shutdown message sent to the server.</p></li><li class="listitem"><p><em class="parameter"><code>%t</code></em> will be substituted with the
5355
5420
number of seconds to wait before effectively starting the
5356
shutdown procedure.</p></li><li><p><em class="parameter"><code>%r</code></em> will be substituted with the
5421
shutdown procedure.</p></li><li class="listitem"><p><em class="parameter"><code>%r</code></em> will be substituted with the
5357
5422
switch <span class="emphasis"><em>-r</em></span>. It means reboot after shutdown
5358
for NT.</p></li><li><p><em class="parameter"><code>%f</code></em> will be substituted with the
5423
for NT.</p></li><li class="listitem"><p><em class="parameter"><code>%f</code></em> will be substituted with the
5359
5424
switch <span class="emphasis"><em>-f</em></span>. It means force the shutdown
5360
5425
even if applications do not respond for NT.</p></li></ul></div><p>Shutdown script example:
5361
5426
</p><pre class="programlisting">
5403
5468
When set to mandatory, SMB encryption is required and if set
5404
5469
to disabled, SMB encryption can not be negotiated.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb encrypt</code></em> = <code class="literal">auto</code>
5406
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561047"></a>
5471
</p></dd></dl></div></div><div class="section" title="smb passwd file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567683"></a>
5408
5473
smb passwd file (G)
5409
</h3></div></div></div><a class="indexterm" name="id2561048"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By
5474
</h3></div></div></div><a class="indexterm" name="id2567684"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By
5410
5475
default the path to the smbpasswd file is compiled into Samba.</p><p>
5411
5476
An example of use is:
5412
5477
</p><pre class="programlisting">
5415
5480
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb passwd file</code></em> = <code class="literal">${prefix}/private/smbpasswd</code>
5417
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561101"></a>
5482
</p></dd></dl></div></div><div class="section" title="smb ports (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567736"></a>
5420
</h3></div></div></div><a class="indexterm" name="id2561102"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>
5485
</h3></div></div></div><a class="indexterm" name="id2567737"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>
5422
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561142"></a>
5487
</p></dd></dl></div></div><div class="section" title="socket address (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567778"></a>
5424
5489
socket address (G)
5425
</h3></div></div></div><a class="indexterm" name="id2561144"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what
5490
</h3></div></div></div><a class="indexterm" name="id2567779"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what
5426
5491
address Samba will listen for connections on. This is used to
5427
5492
support multiple virtual interfaces on the one server, each
5428
5493
with a different configuration.</p><p>Setting this option should never be necessary on usual Samba
5450
5515
send the patch to <a class="ulink" href="mailto:samba-technical@samba.org" target="_top">
5451
5516
samba-technical@samba.org</a>.</p><p>Any of the supported socket options may be combined
5452
5517
in any way you like, as long as your OS allows it.</p><p>This is the list of socket options currently settable
5453
using this option:</p><div class="itemizedlist"><ul type="disc"><li><p>SO_KEEPALIVE</p></li><li><p>SO_REUSEADDR</p></li><li><p>SO_BROADCAST</p></li><li><p>TCP_NODELAY</p></li><li><p>IPTOS_LOWDELAY</p></li><li><p>IPTOS_THROUGHPUT</p></li><li><p>SO_SNDBUF *</p></li><li><p>SO_RCVBUF *</p></li><li><p>SO_SNDLOWAT *</p></li><li><p>SO_RCVLOWAT *</p></li></ul></div><p>Those marked with a <span class="emphasis"><em>'*'</em></span> take an integer
5518
using this option:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>SO_KEEPALIVE</p></li><li class="listitem"><p>SO_REUSEADDR</p></li><li class="listitem"><p>SO_BROADCAST</p></li><li class="listitem"><p>TCP_NODELAY</p></li><li class="listitem"><p>IPTOS_LOWDELAY</p></li><li class="listitem"><p>IPTOS_THROUGHPUT</p></li><li class="listitem"><p>SO_SNDBUF *</p></li><li class="listitem"><p>SO_RCVBUF *</p></li><li class="listitem"><p>SO_SNDLOWAT *</p></li><li class="listitem"><p>SO_RCVLOWAT *</p></li></ul></div><p>Those marked with a <span class="emphasis"><em>'*'</em></span> take an integer
5454
5519
argument. The others can optionally take a 1 or 0 argument to enable
5455
5520
or disable the option, by default they will be enabled if you
5456
5521
don't specify 1 or 0.</p><p>To specify an argument use the syntax SOME_OPTION = VALUE
5463
5528
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket options</code></em> = <code class="literal">IPTOS_LOWDELAY</code>
5465
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561423"></a>
5530
</p></dd></dl></div></div><div class="section" title="stat cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568059"></a>
5468
</h3></div></div></div><a class="indexterm" name="id2561424"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to
5533
</h3></div></div></div><a class="indexterm" name="id2568060"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to
5469
5534
speed up case insensitive name mappings. You should never need
5470
5535
to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>stat cache</code></em> = <code class="literal">yes</code>
5472
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561474"></a>
5537
</p></dd></dl></div></div><div class="section" title="state directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568110"></a>
5540
</h3></div></div></div><a class="indexterm" name="id2568111"></a><a name="STATEDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>Usually, most of the TDB files are stored in the
5541
<em class="parameter"><code>lock directory</code></em>. Since
5542
Samba 3.4.0, it is possible to differentiate between TDB files
5543
with persistent data and TDB files with non-persistent data using
5544
the <em class="parameter"><code>state directory</code></em> and the
5545
<em class="parameter"><code>cache directory</code></em> options.
5546
</p><p> This option specifies the directory where TDB files containing
5547
persistent data will be stored.
5548
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>state directory</code></em> = <code class="literal">${prefix}/var/locks</code>
5550
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>state directory</code></em> = <code class="literal">/var/run/samba/locks/state</code>
5552
</p></dd></dl></div></div><div class="section" title="store dos attributes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568196"></a>
5474
5554
store dos attributes (S)
5475
</h3></div></div></div><a class="indexterm" name="id2561476"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>
5555
</h3></div></div></div><a class="indexterm" name="id2568197"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>
5476
5556
If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or
5477
5557
READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such
5478
5558
as occurs with <a class="link" href="smb.conf.5.html#MAPHIDDEN" target="_top">map hidden</a> and <a class="link" href="smb.conf.5.html#MAPREADONLY" target="_top">map readonly</a>). When set, DOS
5484
5564
extended attributes to work, also extended attributes must be compiled into the Linux kernel.
5485
5565
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>store dos attributes</code></em> = <code class="literal">no</code>
5487
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561596"></a>
5567
</p></dd></dl></div></div><div class="section" title="strict allocate (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568318"></a>
5489
5569
strict allocate (S)
5490
</h3></div></div></div><a class="indexterm" name="id2561597"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of
5570
</h3></div></div></div><a class="indexterm" name="id2568319"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of
5491
5571
disk space allocation in the server. When this is set to <code class="constant">yes</code>
5492
5572
the server will change from UNIX behaviour of not committing real
5493
5573
disk storage blocks when a file is extended to the Windows behaviour
5499
5579
out of quota messages on systems that are restricting the disk quota
5500
5580
of users.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict allocate</code></em> = <code class="literal">no</code>
5502
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561667"></a>
5582
</p></dd></dl></div></div><div class="section" title="strict locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568388"></a>
5504
5584
strict locking (S)
5505
</h3></div></div></div><a class="indexterm" name="id2561668"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
5585
</h3></div></div></div><a class="indexterm" name="id2568389"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
5506
5586
This is an enumerated type that controls the handling of file locking in the server. When this is set to <code class="constant">yes</code>,
5507
5587
the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on
5518
5598
<code class="literal">strict locking = no</code> is acceptable.
5519
5599
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict locking</code></em> = <code class="literal">Auto</code>
5521
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561746"></a>
5601
</p></dd></dl></div></div><div class="section" title="strict sync (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568467"></a>
5523
5603
strict sync (S)
5524
</h3></div></div></div><a class="indexterm" name="id2561747"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer
5604
</h3></div></div></div><a class="indexterm" name="id2568468"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer
5525
5605
shell) seem to confuse flushing buffer contents to disk with doing
5526
5606
a sync to disk. Under UNIX, a sync call forces the process to be
5527
5607
suspended until the kernel has ensured that all outstanding data in
5535
5615
addition, this fixes many performance problems that people have
5536
5616
reported with the new Windows98 explorer shell file copies.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict sync</code></em> = <code class="literal">no</code>
5538
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561811"></a>
5618
</p></dd></dl></div></div><div class="section" title="svcctl list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568532"></a>
5540
5620
svcctl list (G)
5541
</h3></div></div></div><a class="indexterm" name="id2561812"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd
5621
</h3></div></div></div><a class="indexterm" name="id2568533"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd
5542
5622
will use for starting and stopping Unix services via the Win32
5543
5623
ServiceControl API. This allows Windows administrators to
5544
5624
utilize the MS Management Console plug-ins to manage a
5565
5645
<code class="constant">yes</code> in order for this parameter to have
5566
5646
any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>sync always</code></em> = <code class="literal">no</code>
5568
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561968"></a>
5648
</p></dd></dl></div></div><div class="section" title="syslog only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568689"></a>
5570
5650
syslog only (G)
5571
</h3></div></div></div><a class="indexterm" name="id2561969"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5651
</h3></div></div></div><a class="indexterm" name="id2568690"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
5572
5652
If this parameter is set then Samba debug messages are logged into the system
5573
5653
syslog only, and not to the debug log files. There still will be some
5574
5654
logging to log.[sn]mbd even if <span class="emphasis"><em>syslog only</em></span> is enabled.
5575
5655
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog only</code></em> = <code class="literal">no</code>
5577
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562015"></a>
5657
</p></dd></dl></div></div><div class="section" title="syslog (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568736"></a>
5580
</h3></div></div></div><a class="indexterm" name="id2562016"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>
5660
</h3></div></div></div><a class="indexterm" name="id2568738"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>
5581
5661
This parameter maps how Samba debug messages are logged onto the system syslog logging levels.
5582
5662
Samba debug level zero maps onto syslog <code class="constant">LOG_ERR</code>, debug level one maps onto
5583
5663
<code class="constant">LOG_WARNING</code>, debug level two maps onto <code class="constant">LOG_NOTICE</code>,
5588
5668
logging to log.[sn]mbd even if <span class="emphasis"><em>syslog only</em></span> is enabled.
5589
5669
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog</code></em> = <code class="literal">1</code>
5591
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562086"></a>
5671
</p></dd></dl></div></div><div class="section" title="template homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568807"></a>
5593
5673
template homedir (G)
5594
</h3></div></div></div><a class="indexterm" name="id2562087"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5674
</h3></div></div></div><a class="indexterm" name="id2568808"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5595
5675
user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this
5596
5676
parameter to fill in the home directory for that user. If the
5597
5677
string <em class="parameter"><code>%D</code></em> is present it
5599
5679
string <em class="parameter"><code>%U</code></em> is present it
5600
5680
is substituted with the user's Windows NT user name.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>template homedir</code></em> = <code class="literal">/home/%D/%U</code>
5602
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562151"></a>
5682
</p></dd></dl></div></div><div class="section" title="template shell (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568873"></a>
5604
5684
template shell (G)
5605
</h3></div></div></div><a class="indexterm" name="id2562152"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5685
</h3></div></div></div><a class="indexterm" name="id2568874"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
5606
5686
user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this
5607
parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562190"></a>
5687
parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="time offset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568912"></a>
5609
5689
time offset (G)
5610
</h3></div></div></div><a class="indexterm" name="id2562191"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add
5690
</h3></div></div></div><a class="indexterm" name="id2568913"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add
5611
5691
to the normal GMT to local time conversion. This is useful if
5612
5692
you are serving a lot of PCs that have incorrect daylight
5613
5693
saving time handling.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">0</code>
5615
5695
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">60</code>
5617
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562250"></a>
5697
</p></dd></dl></div></div><div class="section" title="time server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568972"></a>
5619
5699
time server (G)
5620
</h3></div></div></div><a class="indexterm" name="id2562251"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows
5700
</h3></div></div></div><a class="indexterm" name="id2568973"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows
5621
5701
clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time server</code></em> = <code class="literal">no</code>
5623
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562301"></a>
5703
</p></dd></dl></div></div><div class="section" title="unix charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569022"></a>
5625
5705
unix charset (G)
5626
</h3></div></div></div><a class="indexterm" name="id2562302"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine
5706
</h3></div></div></div><a class="indexterm" name="id2569023"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine
5627
5707
Samba runs on uses. Samba needs to know this in order to be able to
5628
5708
convert text to the charsets other SMB clients use.
5629
5709
</p><p>This is also the charset Samba will use when specifying arguments
5633
5713
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>unix charset</code></em> = <code class="literal">ASCII</code>
5635
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562367"></a>
5715
</p></dd></dl></div></div><div class="section" title="unix extensions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569088"></a>
5637
5717
unix extensions (G)
5638
</h3></div></div></div><a class="indexterm" name="id2562368"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5718
</h3></div></div></div><a class="indexterm" name="id2569089"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5639
5719
implements the CIFS UNIX extensions, as defined by HP.
5640
5720
These extensions enable Samba to better serve UNIX CIFS clients
5641
5721
by supporting features such as symbolic links, hard links, etc...
5642
5722
These extensions require a similarly enabled client, and are of
5643
5723
no current use to Windows clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix extensions</code></em> = <code class="literal">yes</code>
5645
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562414"></a>
5725
</p></dd></dl></div></div><div class="section" title="unix password sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569136"></a>
5647
5727
unix password sync (G)
5648
</h3></div></div></div><a class="indexterm" name="id2562415"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5728
</h3></div></div></div><a class="indexterm" name="id2569137"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
5649
5729
attempts to synchronize the UNIX password with the SMB password
5650
5730
when the encrypted SMB password in the smbpasswd file is changed.
5651
5731
If this is set to <code class="constant">yes</code> the program specified in the <em class="parameter"><code>passwd
5654
5734
old UNIX password (as the SMB password change code has no
5655
5735
access to the old password cleartext, only the new).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix password sync</code></em> = <code class="literal">no</code>
5657
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562475"></a>
5737
</p></dd></dl></div></div><div class="section" title="update encrypted (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569197"></a>
5659
5739
update encrypted (G)
5660
</h3></div></div></div><a class="indexterm" name="id2562476"></a><a name="UPDATEENCRYPTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
5740
</h3></div></div></div><a class="indexterm" name="id2569198"></a><a name="UPDATEENCRYPTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
5661
5741
This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed)
5662
5742
password in the smbpasswd file to be updated automatically as they log on. This option allows a site to
5663
5743
migrate from plaintext password authentication (users authenticate with plaintext password over the
5703
5783
on a print share which has valid print driver installed on the Samba
5704
5784
server.</em></span></p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use client driver</code></em> = <code class="literal">no</code>
5706
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562675"></a>
5786
</p></dd></dl></div></div><div class="section" title="use mmap (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569396"></a>
5709
</h3></div></div></div><a class="indexterm" name="id2562676"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can
5789
</h3></div></div></div><a class="indexterm" name="id2569397"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can
5710
5790
depend on mmap working correctly on the running system. Samba requires a coherent
5711
5791
mmap/read-write system memory cache. Currently only HPUX does not have such a
5712
5792
coherent cache, and so this parameter is set to <code class="constant">no</code> by
5715
5795
the tdb internal code.
5716
5796
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use mmap</code></em> = <code class="literal">yes</code>
5718
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562727"></a>
5798
</p></dd></dl></div></div><div class="section" title="username level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569448"></a>
5720
5800
username level (G)
5721
</h3></div></div></div><a class="indexterm" name="id2562728"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at
5801
</h3></div></div></div><a class="indexterm" name="id2569449"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at
5722
5802
the real UNIX username, as many DOS clients send an all-uppercase
5723
5803
username. By default Samba tries all lowercase, followed by the
5724
5804
username with the first letter capitalized, and fails if the
5834
5914
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>username map</code></em> = <code class="literal">
5835
5915
# no username map</code>
5837
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563165"></a>
5917
</p></dd></dl></div></div><div class="section" title="user"><div class="titlepage"><div><div><h3 class="title"><a name="id2569892"></a>
5839
5919
<a name="USER"></a>user
5840
</h3></div></div></div><a class="indexterm" name="id2563166"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563197"></a>
5920
</h3></div></div></div><a class="indexterm" name="id2569893"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="users"><div class="titlepage"><div><div><h3 class="title"><a name="id2569924"></a>
5842
5922
<a name="USERS"></a>users
5843
</h3></div></div></div><a class="indexterm" name="id2563198"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563229"></a>
5923
</h3></div></div></div><a class="indexterm" name="id2569925"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569956"></a>
5846
</h3></div></div></div><a class="indexterm" name="id2563230"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited
5926
</h3></div></div></div><a class="indexterm" name="id2569957"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited
5847
5927
list, in which case the supplied password will be tested against
5848
5928
each username in turn (left to right).</p><p>The <em class="parameter"><code>username</code></em> line is needed only when
5849
5929
the PC is unable to supply its own username. This is the case
5882
5962
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username</code></em> = <code class="literal">fred, mary, jack, jane, @users, @pcgroup</code>
5884
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563399"></a>
5964
</p></dd></dl></div></div><div class="section" title="usershare allow guests (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570126"></a>
5886
5966
usershare allow guests (G)
5887
</h3></div></div></div><a class="indexterm" name="id2563400"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed
5967
</h3></div></div></div><a class="indexterm" name="id2570127"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed
5888
5968
to be accessed by non-authenticated users or not. It is the equivalent
5889
5969
of allowing people who can create a share the option of setting
5890
5970
<em class="parameter"><code>guest ok = yes</code></em> in a share
5891
5971
definition. Due to its security sensitive nature, the default
5892
5972
is set to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare allow guests</code></em> = <code class="literal">no</code>
5894
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563452"></a>
5974
</p></dd></dl></div></div><div class="section" title="usershare max shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570179"></a>
5896
5976
usershare max shares (G)
5897
</h3></div></div></div><a class="indexterm" name="id2563453"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares
5977
</h3></div></div></div><a class="indexterm" name="id2570180"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares
5898
5978
that are allowed to be created by users belonging to the group owning the
5899
5979
usershare directory. If set to zero (the default) user defined shares are ignored.
5900
5980
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare max shares</code></em> = <code class="literal">0</code>
5902
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563497"></a>
5982
</p></dd></dl></div></div><div class="section" title="usershare owner only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570224"></a>
5904
5984
usershare owner only (G)
5905
</h3></div></div></div><a class="indexterm" name="id2563498"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by
5985
</h3></div></div></div><a class="indexterm" name="id2570225"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by
5906
5986
a user defined shares must be owned by the user creating the
5907
5987
user defined share or not. If set to True (the default) then
5908
5988
smbd checks that the directory path being shared is owned by
5912
5992
regardless of who owns it.
5913
5993
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare owner only</code></em> = <code class="literal">True</code>
5915
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563547"></a>
5995
</p></dd></dl></div></div><div class="section" title="usershare path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570274"></a>
5917
5997
usershare path (G)
5918
</h3></div></div></div><a class="indexterm" name="id2563548"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the
5998
</h3></div></div></div><a class="indexterm" name="id2570275"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the
5919
5999
filesystem used to store the user defined share definition files.
5920
6000
This directory must be owned by root, and have no access for
5921
6001
other, and be writable only by the group owner. In addition the
5936
6016
In this case, only members of the group "power_users" can create user defined shares.
5937
6017
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare path</code></em> = <code class="literal">NULL</code>
5939
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563618"></a>
6019
</p></dd></dl></div></div><div class="section" title="usershare prefix allow list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570345"></a>
5941
6021
usershare prefix allow list (G)
5942
</h3></div></div></div><a class="indexterm" name="id2563619"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
6022
</h3></div></div></div><a class="indexterm" name="id2570346"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
5943
6023
the root of which are allowed to be exported by user defined share definitions.
5944
6024
If the pathname to be exported doesn't start with one of the strings in this
5945
6025
list, the user defined share will not be allowed. This allows the Samba
5955
6035
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix allow list</code></em> = <code class="literal">/home /data /space</code>
5957
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563690"></a>
6037
</p></dd></dl></div></div><div class="section" title="usershare prefix deny list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570418"></a>
5959
6039
usershare prefix deny list (G)
5960
</h3></div></div></div><a class="indexterm" name="id2563692"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
6040
</h3></div></div></div><a class="indexterm" name="id2570419"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
5961
6041
the root of which are NOT allowed to be exported by user defined share definitions.
5962
6042
If the pathname exported starts with one of the strings in this
5963
6043
list the user defined share will not be allowed. Any pathname not
5974
6054
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix deny list</code></em> = <code class="literal">/etc /dev /private</code>
5976
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563765"></a>
6056
</p></dd></dl></div></div><div class="section" title="usershare template share (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570492"></a>
5978
6058
usershare template share (G)
5979
</h3></div></div></div><a class="indexterm" name="id2563766"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters
6059
</h3></div></div></div><a class="indexterm" name="id2570493"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters
5980
6060
such as path, guest ok, etc. This parameter allows usershares to
5981
6061
"cloned" from an existing share. If "usershare template share"
5982
6062
is set to the name of an existing share, then all usershares
5992
6072
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare template share</code></em> = <code class="literal">template_share</code>
5994
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563838"></a>
6074
</p></dd></dl></div></div><div class="section" title="use sendfile (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570565"></a>
5996
6076
use sendfile (S)
5997
</h3></div></div></div><a class="indexterm" name="id2563839"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>
6077
</h3></div></div></div><a class="indexterm" name="id2570566"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>
5998
6078
system call is supported by the underlying operating system, then some SMB read calls
5999
6079
(mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that
6000
6080
are exclusively oplocked. This may make more efficient use of the system CPU's
6014
6094
implementation, there is no reason this should ever be
6015
6095
disabled.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use spnego</code></em> = <code class="literal">yes</code>
6017
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563945"></a>
6097
</p></dd></dl></div></div><div class="section" title="utmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570672"></a>
6019
6099
utmp directory (G)
6020
</h3></div></div></div><a class="indexterm" name="id2563946"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has
6100
</h3></div></div></div><a class="indexterm" name="id2570673"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has
6021
6101
been configured and compiled with the option <code class="literal">
6022
6102
--with-utmp</code>. It specifies a directory pathname that is
6023
6103
used to store the utmp or utmpx files (depending on the UNIX system) that
6044
6124
to find this number. This may impede performance on large installations.
6045
6125
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>utmp</code></em> = <code class="literal">no</code>
6047
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564086"></a>
6127
</p></dd></dl></div></div><div class="section" title="valid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570813"></a>
6049
6129
valid users (S)
6050
</h3></div></div></div><a class="indexterm" name="id2564087"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>
6130
</h3></div></div></div><a class="indexterm" name="id2570814"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>
6051
6131
This is a list of users that should be allowed to login to this service. Names starting with
6052
6132
'@', '+' and '&' are interpreted using the same rules as described in the
6053
6133
<em class="parameter"><code>invalid users</code></em> parameter.
6075
6155
Samba uses this option internally to mark shares as deleted.
6076
6156
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>-valid</code></em> = <code class="literal">yes</code>
6078
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564227"></a>
6158
</p></dd></dl></div></div><div class="section" title="veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570954"></a>
6081
</h3></div></div></div><a class="indexterm" name="id2564228"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
6161
</h3></div></div></div><a class="indexterm" name="id2570955"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
6082
6162
This is a list of files and directories that are neither visible nor accessible. Each entry in
6083
6163
the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?'
6084
6164
can be used to specify multiple files or directories as in DOS wildcards.
6133
6213
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>veto oplock files</code></em> = <code class="literal">
6134
6214
# No files are vetoed for oplock grants</code>
6136
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564439"></a>
6216
</p></dd></dl></div></div><div class="section" title="vfs object"><div class="titlepage"><div><div><h3 class="title"><a name="id2571166"></a>
6138
6218
<a name="VFSOBJECT"></a>vfs object
6139
</h3></div></div></div><a class="indexterm" name="id2564440"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564471"></a>
6219
</h3></div></div></div><a class="indexterm" name="id2571167"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" title="vfs objects (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571198"></a>
6141
6221
vfs objects (S)
6142
</h3></div></div></div><a class="indexterm" name="id2564472"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which
6222
</h3></div></div></div><a class="indexterm" name="id2571199"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which
6143
6223
are used for Samba VFS I/O operations. By default, normal
6144
6224
disk I/O operations are used but these can be overloaded
6145
6225
with one or more VFS objects. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>vfs objects</code></em> = <code class="literal"></code>
6147
6227
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>vfs objects</code></em> = <code class="literal">extd_audit recycle</code>
6149
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564531"></a>
6229
</p></dd></dl></div></div><div class="section" title="volume (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571258"></a>
6152
</h3></div></div></div><a class="indexterm" name="id2564532"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label
6232
</h3></div></div></div><a class="indexterm" name="id2571259"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label
6153
6233
returned for a share. Useful for CDROMs with installation programs
6154
6234
that insist on a particular volume label.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>volume</code></em> = <code class="literal">
6155
6235
# the name of the share</code>
6157
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564574"></a>
6237
</p></dd></dl></div></div><div class="section" title="wide links (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571301"></a>
6160
</h3></div></div></div><a class="indexterm" name="id2564575"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links
6240
</h3></div></div></div><a class="indexterm" name="id2571302"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links
6161
6241
in the UNIX file system may be followed by the server. Links
6162
6242
that point to areas within the directory tree exported by the
6163
6243
server are always allowed; this parameter controls access only
6176
6256
evaluated in real time unless the <a class="link" href="smb.conf.5.html#WINBINDOFFLINELOGON" target="_top">winbind offline logon</a> option has been enabled.
6177
6257
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind cache time</code></em> = <code class="literal">300</code>
6179
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564698"></a>
6259
</p></dd></dl></div></div><div class="section" title="winbind enum groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571425"></a>
6181
6261
winbind enum groups (G)
6182
</h3></div></div></div><a class="indexterm" name="id2564699"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
6262
</h3></div></div></div><a class="indexterm" name="id2571426"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
6183
6263
the enumeration of groups through the <code class="literal">setgrent()</code>,
6184
6264
<code class="literal">getgrent()</code> and
6185
6265
<code class="literal">endgrent()</code> group of system calls. If
6186
6266
the <em class="parameter"><code>winbind enum groups</code></em> parameter is
6187
6267
<code class="constant">no</code>, calls to the <code class="literal">getgrent()</code> system
6188
call will not return any data. </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off group enumeration may cause some programs to behave oddly. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum groups</code></em> = <code class="literal">no</code>
6268
call will not return any data. </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off group enumeration may cause some programs to behave oddly. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum groups</code></em> = <code class="literal">no</code>
6190
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564789"></a>
6270
</p></dd></dl></div></div><div class="section" title="winbind enum users (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571516"></a>
6192
6272
winbind enum users (G)
6193
</h3></div></div></div><a class="indexterm" name="id2564790"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be
6273
</h3></div></div></div><a class="indexterm" name="id2571517"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be
6194
6274
necessary to suppress the enumeration of users through the <code class="literal">setpwent()</code>,
6195
6275
<code class="literal">getpwent()</code> and
6196
6276
<code class="literal">endpwent()</code> group of system calls. If
6197
6277
the <em class="parameter"><code>winbind enum users</code></em> parameter is
6198
6278
<code class="constant">no</code>, calls to the <code class="literal">getpwent</code> system call
6199
will not return any data. </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off user
6279
will not return any data. </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off user
6200
6280
enumeration may cause some programs to behave oddly. For
6201
6281
example, the finger program relies on having access to the
6202
6282
full user list when searching for matching
6203
6283
usernames. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum users</code></em> = <code class="literal">no</code>
6205
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564882"></a>
6285
</p></dd></dl></div></div><div class="section" title="winbind expand groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571609"></a>
6207
6287
winbind expand groups (G)
6208
</h3></div></div></div><a class="indexterm" name="id2564883"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd
6288
</h3></div></div></div><a class="indexterm" name="id2571610"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd
6209
6289
will traverse when flattening nested group memberships
6210
6290
of Windows domain groups. This is different from the
6211
6291
<a class="link" href="smb.conf.5.html#WINBINDNESTEDGROUPS" target="_top">winbind nested groups</a> option
6217
6297
must perform the group unrolling and will be unable to answer
6218
6298
incoming NSS or authentication requests during this time.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind expand groups</code></em> = <code class="literal">1</code>
6220
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564951"></a>
6300
</p></dd></dl></div></div><div class="section" title="winbind nested groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571678"></a>
6222
6302
winbind nested groups (G)
6223
</h3></div></div></div><a class="indexterm" name="id2564952"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested
6303
</h3></div></div></div><a class="indexterm" name="id2571679"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested
6224
6304
groups. Nested groups are also called local groups or
6225
6305
aliases. They work like their counterparts in Windows: Nested
6226
6306
groups are defined locally on any machine (they are shared
6228
6308
global groups from any trusted SAM. To be able to use nested
6229
6309
groups, you need to run nss_winbind.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind nested groups</code></em> = <code class="literal">yes</code>
6231
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565001"></a>
6311
</p></dd></dl></div></div><div class="section" title="winbind normalize names (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571736"></a>
6233
6313
winbind normalize names (G)
6234
</h3></div></div></div><a class="indexterm" name="id2565002"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace
6314
</h3></div></div></div><a class="indexterm" name="id2571738"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace
6235
6315
whitespace in user and group names with an underscore (_) character.
6236
6316
For example, whether the name "Space Kadet" should be
6237
6317
replaced with the string "space_kadet".
6252
6332
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind normalize names</code></em> = <code class="literal">yes</code>
6254
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565086"></a>
6334
</p></dd></dl></div></div><div class="section" title="winbind nss info (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571814"></a>
6256
6336
winbind nss info (G)
6257
</h3></div></div></div><a class="indexterm" name="id2565087"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name
6337
</h3></div></div></div><a class="indexterm" name="id2571815"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name
6258
6338
Service Information to construct a user's home directory and login shell.
6259
6339
Currently the following settings are available:
6261
</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>template</code></em>
6341
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>template</code></em>
6262
6342
- The default, using the parameters of <em class="parameter"><code>template
6263
6343
shell</code></em> and <em class="parameter"><code>template homedir</code></em>)
6264
</p></li><li><p><em class="parameter"><code><sfu | rfc2307 ></code></em>
6344
</p></li><li class="listitem"><p><em class="parameter"><code><sfu | rfc2307 ></code></em>
6265
6345
- When Samba is running in security = ads and your Active Directory
6266
6346
Domain Controller does support the Microsoft "Services for Unix" (SFU)
6267
6347
LDAP schema, winbind can retrieve the login shell and the home
6277
6357
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind nss info</code></em> = <code class="literal">template sfu</code>
6279
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565206"></a>
6359
</p></dd></dl></div></div><div class="section" title="winbind offline logon (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571934"></a>
6281
6361
winbind offline logon (G)
6282
</h3></div></div></div><a class="indexterm" name="id2565207"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should
6362
</h3></div></div></div><a class="indexterm" name="id2571935"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should
6283
6363
allow to login with the <em class="parameter"><code>pam_winbind</code></em>
6284
6364
module using Cached Credentials. If enabled, winbindd will store user credentials
6285
6365
from successful logins encrypted in a local cache.
6288
6368
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind offline logon</code></em> = <code class="literal">true</code>
6290
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565275"></a>
6370
</p></dd></dl></div></div><div class="section" title="winbind reconnect delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572003"></a>
6292
6372
winbind reconnect delay (G)
6293
</h3></div></div></div><a class="indexterm" name="id2565276"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6373
</h3></div></div></div><a class="indexterm" name="id2572004"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
6294
6374
seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will wait between
6295
6375
attempts to contact a Domain controller for a domain that is
6296
6376
determined to be down or not contactable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind reconnect delay</code></em> = <code class="literal">30</code>
6298
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565328"></a>
6378
</p></dd></dl></div></div><div class="section" title="winbind refresh tickets (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572056"></a>
6300
6380
winbind refresh tickets (G)
6301
</h3></div></div></div><a class="indexterm" name="id2565329"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets
6381
</h3></div></div></div><a class="indexterm" name="id2572057"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets
6302
6382
retrieved using the <em class="parameter"><code>pam_winbind</code></em> module.
6304
6384
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind refresh tickets</code></em> = <code class="literal">false</code>
6306
6386
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind refresh tickets</code></em> = <code class="literal">true</code>
6308
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565395"></a>
6388
</p></dd></dl></div></div><div class="section" title="winbind rpc only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572123"></a>
6310
6390
winbind rpc only (G)
6311
</h3></div></div></div><a class="indexterm" name="id2565396"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6391
</h3></div></div></div><a class="indexterm" name="id2572124"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6312
6392
Setting this parameter to <code class="literal">yes</code> forces
6313
6393
winbindd to use RPC instead of LDAP to retrieve information from Domain
6315
6395
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind rpc only</code></em> = <code class="literal">no</code>
6317
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565443"></a>
6397
</p></dd></dl></div></div><div class="section" title="winbind separator (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572172"></a>
6319
6399
winbind separator (G)
6320
</h3></div></div></div><a class="indexterm" name="id2565444"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character
6400
</h3></div></div></div><a class="indexterm" name="id2572173"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character
6321
6401
used when listing a username of the form of <em class="replaceable"><code>DOMAIN
6322
6402
</code></em>\<em class="replaceable"><code>user</code></em>. This parameter
6323
6403
is only applicable when using the <code class="filename">pam_winbind.so</code>
6329
6409
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind separator</code></em> = <code class="literal">+</code>
6331
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565531"></a>
6411
</p></dd></dl></div></div><div class="section" title="winbind trusted domains only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572259"></a>
6333
6413
winbind trusted domains only (G)
6334
</h3></div></div></div><a class="indexterm" name="id2565532"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6414
</h3></div></div></div><a class="indexterm" name="id2572260"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6335
6415
This parameter is designed to allow Samba servers that are members
6336
6416
of a Samba controlled domain to use UNIX accounts distributed via NIS,
6337
6417
rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
6342
6422
Refer to the <a class="citerefentry" href="idmap_nss.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_nss</span>(8)</span></a> man page for more information.
6343
6423
</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind trusted domains only</code></em> = <code class="literal">no</code>
6345
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565598"></a>
6425
</p></dd></dl></div></div><div class="section" title="winbind use default domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572326"></a>
6347
6427
winbind use default domain (G)
6348
</h3></div></div></div><a class="indexterm" name="id2565599"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the
6428
</h3></div></div></div><a class="indexterm" name="id2572328"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the
6349
6429
<a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon should operate on users
6350
6430
without domain component in their username. Users without a domain
6351
6431
component are treated as is part of the winbindd server's own
6356
6436
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind use default domain</code></em> = <code class="literal">yes</code>
6358
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565671"></a>
6438
</p></dd></dl></div></div><div class="section" title="wins hook (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572399"></a>
6361
</h3></div></div></div><a class="indexterm" name="id2565672"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this
6441
</h3></div></div></div><a class="indexterm" name="id2572400"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this
6362
6442
allows you to call an external program for all changes to the
6363
6443
WINS database. The primary use for this option is to allow the
6364
6444
dynamic update of external name resolution databases such as
6365
6445
dynamic DNS.</p><p>The wins hook parameter specifies the name of a script
6366
or executable that will be called as follows:</p><p><code class="literal">wins_hook operation name nametype ttl IP_list</code></p><div class="itemizedlist"><ul type="disc"><li><p>The first argument is the operation and is
6446
or executable that will be called as follows:</p><p><code class="literal">wins_hook operation name nametype ttl IP_list</code></p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>The first argument is the operation and is
6367
6447
one of "add", "delete", or
6368
6448
"refresh". In most cases the operation
6369
6449
can be ignored as the rest of the parameters
6370
6450
provide sufficient information. Note that
6371
6451
"refresh" may sometimes be called when
6372
6452
the name has not previously been added, in that
6373
case it should be treated as an add.</p></li><li><p>The second argument is the NetBIOS name. If the
6453
case it should be treated as an add.</p></li><li class="listitem"><p>The second argument is the NetBIOS name. If the
6374
6454
name is not a legal name then the wins hook is not called.
6375
6455
Legal names contain only letters, digits, hyphens, underscores
6376
and periods.</p></li><li><p>The third argument is the NetBIOS name
6377
type as a 2 digit hexadecimal number. </p></li><li><p>The fourth argument is the TTL (time to live)
6378
for the name in seconds.</p></li><li><p>The fifth and subsequent arguments are the IP
6456
and periods.</p></li><li class="listitem"><p>The third argument is the NetBIOS name
6457
type as a 2 digit hexadecimal number. </p></li><li class="listitem"><p>The fourth argument is the TTL (time to live)
6458
for the name in seconds.</p></li><li class="listitem"><p>The fifth and subsequent arguments are the IP
6379
6459
addresses currently registered for that name. If this list is
6380
6460
empty then the name should be deleted.</p></li></ul></div><p>An example script that calls the BIND dynamic DNS update
6381
6461
program <code class="literal">nsupdate</code> is provided in the examples
6382
directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565777"></a>
6462
directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="wins proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572506"></a>
6385
</h3></div></div></div><a class="indexterm" name="id2565778"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name
6465
</h3></div></div></div><a class="indexterm" name="id2572507"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name
6386
6466
queries on behalf of other hosts. You may need to set this
6387
6467
to <code class="constant">yes</code> for some older clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins proxy</code></em> = <code class="literal">no</code>
6389
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565832"></a>
6469
</p></dd></dl></div></div><div class="section" title="wins server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572560"></a>
6391
6471
wins server (G)
6392
</h3></div></div></div><a class="indexterm" name="id2565833"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP
6472
</h3></div></div></div><a class="indexterm" name="id2572562"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP
6393
6473
address for preference) of the WINS server that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> should register with. If you have a WINS server on
6394
6474
your network then you should set this to the WINS server's IP.</p><p>You should point this at your WINS server if you have a
6395
6475
multi-subnetted network.</p><p>If you want to work in multiple namespaces, you can
6396
6476
give every wins server a 'tag'. For each tag, only one
6397
6477
(working) server will be queried for a name. The tag should be
6398
6478
separated from the ip address by a colon.
6399
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>You need to set up Samba to point
6479
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>You need to set up Samba to point
6400
6480
to a WINS server if you have multiple subnets and wish cross-subnet
6401
6481
browsing to work correctly.</p></div><p>See the chapter in the Samba3-HOWTO on Network Browsing.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins server</code></em> = <code class="literal"></code>
6409
6489
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wins server</code></em> = <code class="literal">192.9.200.1 192.168.2.61</code>
6411
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565942"></a>
6491
</p></dd></dl></div></div><div class="section" title="wins support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572671"></a>
6413
6493
wins support (G)
6414
</h3></div></div></div><a class="indexterm" name="id2565943"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should
6494
</h3></div></div></div><a class="indexterm" name="id2572672"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should
6415
6495
not set this to <code class="constant">yes</code> unless you have a multi-subnetted network and
6416
6496
you wish a particular <code class="literal">nmbd</code> to be your WINS server.
6417
6497
Note that you should <span class="emphasis"><em>NEVER</em></span> set this to <code class="constant">yes</code>
6418
6498
on more than one machine in your network.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins support</code></em> = <code class="literal">no</code>
6420
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566012"></a>
6500
</p></dd></dl></div></div><div class="section" title="workgroup (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572740"></a>
6423
</h3></div></div></div><a class="indexterm" name="id2566013"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will
6503
</h3></div></div></div><a class="indexterm" name="id2572741"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will
6424
6504
appear to be in when queried by clients. Note that this parameter
6425
6505
also controls the Domain name used with
6426
6506
the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a>
6429
6509
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = <code class="literal">MYGROUP</code>
6431
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566084"></a>
6511
</p></dd></dl></div></div><div class="section" title="writable"><div class="titlepage"><div><div><h3 class="title"><a name="id2572812"></a>
6433
6513
<a name="WRITABLE"></a>writable
6434
</h3></div></div></div><a class="indexterm" name="id2566085"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566116"></a>
6514
</h3></div></div></div><a class="indexterm" name="id2572813"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" title="writeable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572843"></a>
6437
</h3></div></div></div><a class="indexterm" name="id2566117"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>
6517
</h3></div></div></div><a class="indexterm" name="id2572844"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>
6439
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566167"></a>
6519
</p></dd></dl></div></div><div class="section" title="write cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572895"></a>
6441
6521
write cache size (S)
6442
</h3></div></div></div><a class="indexterm" name="id2566168"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,
6522
</h3></div></div></div><a class="indexterm" name="id2572896"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,
6443
6523
Samba will create an in-memory cache for each oplocked file
6444
6524
(it does <span class="emphasis"><em>not</em></span> do this for
6445
6525
non-oplocked files). All writes that the client does not request
6457
6537
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>write cache size</code></em> = <code class="literal">262144
6458
6538
# for a 256k cache size per file</code>
6460
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566250"></a>
6540
</p></dd></dl></div></div><div class="section" title="write list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572979"></a>
6463
</h3></div></div></div><a class="indexterm" name="id2566251"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
6543
</h3></div></div></div><a class="indexterm" name="id2572980"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
6464
6544
This is a list of users that are given read-write access to a service. If the
6465
6545
connecting user is in this list then they will be given write access, no matter
6466
6546
what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set to. The list can
6476
6556
</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>write list</code></em> = <code class="literal">admin, root, @staff</code>
6478
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566343"></a>
6558
</p></dd></dl></div></div><div class="section" title="write raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2573072"></a>
6481
</h3></div></div></div><a class="indexterm" name="id2566344"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
6561
</h3></div></div></div><a class="indexterm" name="id2573073"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
6482
6562
will support raw write SMB's when transferring data from clients.
6483
6563
You should never need to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>write raw</code></em> = <code class="literal">yes</code>
6485
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566387"></a>
6565
</p></dd></dl></div></div><div class="section" title="wtmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2573116"></a>
6487
6567
wtmp directory (G)
6488
</h3></div></div></div><a class="indexterm" name="id2566388"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6568
</h3></div></div></div><a class="indexterm" name="id2573117"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
6489
6569
This parameter is only available if Samba has been configured and compiled with the option <code class="literal">
6490
6570
--with-utmp</code>. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on
6491
6571
the UNIX system) that record user connections to a Samba server. The difference with the utmp directory is the fact
6510
6590
for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme
6511
6591
care when designing these sections. In particular, ensure that the permissions on spool directories are
6513
</p></div><div class="refsect1" lang="en"><a name="id2566521"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2566532"></a><h2>SEE ALSO</h2><p>
6514
<a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id2566611"></a><h2>AUTHOR</h2><p>
6593
</p></div><div class="refsect1" title="VERSION"><a name="id2573250"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id2573260"></a><h2>SEE ALSO</h2><p>
6594
<a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" title="AUTHOR"><a name="id2573340"></a><h2>AUTHOR</h2><p>
6515
6595
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
6516
6596
by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.