diff options
Diffstat (limited to 'docs/docbook/manpages/smb.conf.5.sgml')
-rw-r--r-- | docs/docbook/manpages/smb.conf.5.sgml | 172 |
1 files changed, 96 insertions, 76 deletions
diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 8b5e0fe8e16..44ff2205c90 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -139,7 +139,7 @@ <para>parameters in this section apply to the server as a whole, or are defaults for sections which do not - specifically define certain items. See the notes + specifically define certain items. See the notes under PARAMETERS for more information.</para> </refsect2> @@ -183,7 +183,7 @@ <para>A similar process occurs if the requested section name is "homes", except that the share name is not - changed to that of the requesting user. This method of using + changed to that of the requesting user. This method of using the [homes] section works well if different users share a client PC.</para> @@ -227,7 +227,7 @@ <para>When a connection request is made, the existing sections are scanned. If a match is found, it is used. If no match is found, but a [homes] section exists, it is used as described - above. Otherwise, the requested section name is treated as a + above. Otherwise, the requested section name is treated as a printer name and the appropriate printcap file is scanned to see if the requested section name is a valid printer share name. If a match is found, a new printer share is created by cloning @@ -315,7 +315,7 @@ the default behavior for all services.</para> <para>parameters are arranged here in alphabetical order - this may - not create best bedfellows, but at least you can find them! Where + not create best bedfellows, but at least you can find them! Where there are synonyms, the preferred synonym is described, others refer to the preferred synonym.</para> </refsect1> @@ -436,8 +436,8 @@ <term>%a</term> <listitem><para>the architecture of the remote machine. Only some are recognized, and those may not be - 100% reliable. It currently recognizes Samba, WfWg, - WinNT and Win95. Anything else will be known as + 100% reliable. It currently recognizes Samba, WfWg, Win95, + WinNT and Win2k. Anything else will be known as "UNKNOWN". If it gets it wrong then sending a level 3 log to <ulink url="mailto:samba@samba.org">samba@samba.org </ulink> should allow it to be fixed.</para></listitem> @@ -747,6 +747,7 @@ <listitem><para><link linkend="TIMESERVER"><parameter>time server</parameter></link></para></listitem> <listitem><para><link linkend="TIMESTAMPLOGS"><parameter>timestamp logs</parameter></link></para></listitem> <listitem><para><link linkend="TOTALPRINTJOBS"><parameter>total print jobs</parameter></link></para></listitem> + <listitem><para><link linkend="UNIXEXTENSIONS"><parameter>unix extensions</parameter></link></para></listitem> <listitem><para><link linkend="UNIXPASSWORDSYNC"><parameter>unix password sync</parameter></link></para></listitem> <listitem><para><link linkend="UPDATEENCRYPTED"><parameter>update encrypted</parameter></link></para></listitem> <listitem><para><link linkend="USEMMAP"><parameter>use mmap</parameter></link></para></listitem> @@ -792,6 +793,7 @@ <listitem><para><link linkend="CREATEMASK"><parameter>create mask</parameter></link></para></listitem> <listitem><para><link linkend="CREATEMODE"><parameter>create mode</parameter></link></para></listitem> <listitem><para><link linkend="DEFAULTCASE"><parameter>default case</parameter></link></para></listitem> + <listitem><para><link linkend="DEFAULTDEVMODE"><parameter>default devmode</parameter></link></para></listitem> <listitem><para><link linkend="DELETEREADONLY"><parameter>delete readonly</parameter></link></para></listitem> <listitem><para><link linkend="DELETEVETOFILES"><parameter>delete veto files</parameter></link></para></listitem> <listitem><para><link linkend="DENYHOSTS"><parameter>deny hosts</parameter></link></para></listitem> @@ -1849,10 +1851,48 @@ <varlistentry> + <term><anchor id="DEFAULTDEVMODE">default devmode (S)</term> + <listitem><para>This parameter is only applicable to <link + linkend="PRINTOK">printable</link> services. When smbd is serving + Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba + server has a Device Mode which defines things such as paper size and + orientation and duplex settings. The device mode can only correctly be + generated by the printer driver itself (which can only be executed on a + Win32 platform). Because smbd is unable to execute the driver code + to generate the device mode, the default behavior is to set this field + to NULL. + </para> + + <para>Most problems with serving printer drivers to Windows NT/2k/XP clients + can be traced to a problem with the generated device mode. Certain drivers + will do things such as crashing the client's Explorer.exe with a NULL devmode. + However, other printer drivers can cause the client's spooler service + (spoolsv.exe) to die if the devmode was not created by the driver itself + (i.e. smbd generates a default devmode). + </para> + + <para>This parameter should be used with care and tested with the printer + driver in question. It is better to leave the device mode to NULL + and let the Windows client set the correct values. Because drivers do not + do this all the time, setting <command>default devmode = yes</command> + will instruct smbd to generate a default one. + </para> + + <para>For more information on Windows NT/2k printing and Device Modes, + see the <ulink url="http://msdn.microsoft.com/">MSDN documentation</ulink>. + </para> + + <para>Default: <command>default devmode = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> <term><anchor id="DEFAULTSERVICE">default service (G)</term> - <listitem><para>This parameter specifies the name of a service - which will be connected to if the service actually requested cannot - be found. Note that the square brackets are <emphasis>NOT</emphasis> + <listitem><para>This parameter specifies the name of a service + which will be connected to if the service actually requested cannot + be found. Note that the square brackets are <emphasis>NOT</emphasis> given in the parameter value (see example below).</para> <para>There is no default value for this parameter. If this @@ -2346,8 +2386,8 @@ <parameter>workgroup</parameter></link> it is in. Samba 2.2 also has limited capability to act as a domain controller for Windows NT 4 Domains. For more details on setting up this feature see - the file DOMAINS.txt in the Samba documentation directory <filename>docs/ - </filename> shipped with the source code.</para> + the Samba-PDC-HOWTO included in the <filename>htmldocs/</filename> + directory shipped with the source code.</para> <para>Default: <command>domain logons = no</command></para></listitem> </varlistentry> @@ -2651,12 +2691,6 @@ mode after the mask set in the <parameter>create mask</parameter> parameter is applied.</para> - <para>Note that by default this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - this mask on access control lists also, they need to set the <link - linkend="RESTRICTACLWITHMASK"><parameter>restrict acl with - mask</parameter></link> to <constant>true</constant>.</para> - <para>See also the parameter <link linkend="CREATEMASK"><parameter>create mask</parameter></link> for details on masking mode bits on files.</para> @@ -2685,12 +2719,6 @@ mask in the parameter <parameter>directory mask</parameter> is applied.</para> - <para>Note that by default this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - this mask on access control lists also, they need to set the <link - linkend="RESTRICTACLWITHMASK"><parameter>restrict acl with - mask</parameter></link> to <constant>true</constant>.</para> - <para>See also the parameter <link linkend="DIRECTORYMASK"><parameter> directory mask</parameter></link> for details on masking mode bits on created directories.</para> @@ -3463,10 +3491,13 @@ <para> This option is used to control the tcp port number used to contact the <link linkend="LDAPSERVER"><parameter>ldap server</parameter></link>. - The default is to use the stand LDAP port 389. + The default is to use the stand LDAPS port 636. + </para> + + <para>See Also: <link linkend="LDAPSSL">ldap ssl</link> </para> - <para>Default : <command>ldap port = 389</command></para> + <para>Default : <command>ldap port = 636</command></para> </listitem> </varlistentry> @@ -3514,15 +3545,15 @@ <para> The <parameter>ldap ssl</parameter> can be set to one of three values: - (a) <command>on</command> - Always use SSL when contacting the - <parameter>ldap server</parameter>, (b) <command>off</command> - - Never use SSL when querying the directory, or (c) <command>start - tls</command> - Use the LDAPv3 StartTLS extended operation + (a) <constant>on</constant> - Always use SSL when contacting the + <parameter>ldap server</parameter>, (b) <constant>off</constant> - + Never use SSL when querying the directory, or (c) <constant>start_tls</constant> + - Use the LDAPv3 StartTLS extended operation (RFC2830) for communicating with the directory server. </para> - <para>Default : <command>ldap ssl = off</command></para> + <para>Default : <command>ldap ssl = on</command></para> </listitem> </varlistentry> @@ -4774,7 +4805,7 @@ <term><anchor id="MSDFSROOT">msdfs root (S)</term> <listitem><para>This boolean parameter is only available if Samba is configured and compiled with the <command> - --with-msdfs</command> option. If set to <constant>yes></constant>, + --with-msdfs</command> option. If set to <constant>yes</constant>, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory. Dfs links are specified in the share directory by symbolic @@ -4813,7 +4844,7 @@ </filename>, NIS, or DNS lookups. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the <filename>/etc/nsswitch.conf</filename> - file). Note that this method is only used if the NetBIOS name + file. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored.</para></listitem> @@ -5241,7 +5272,7 @@ <para>If the <link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link> parameter is set to true, the chat pairs - may be matched in any order, and sucess is determined by the PAM result, + may be matched in any order, and success is determined by the PAM result, not any particular output. The \n macro is ignored for PAM conversions. </para> @@ -5363,7 +5394,7 @@ made - the password as is and the password in all-lower case.</para> <para>Default: <command>password level = 0</command></para> - <para>Example: <command>password level = 4</command</para> + <para>Example: <command>password level = 4</command></para> </listitem> </varlistentry> @@ -5672,8 +5703,9 @@ </parameter> and <parameter>%f</parameter> will be replaced by the appropriate spool file name, and all occurrences of <parameter>%p </parameter> will be replaced by the appropriate printer name. The - spool file name is generated automatically by the server, the printer - name is discussed below.</para> + spool file name is generated automatically by the server. The + <parameter>%J</parameter> macro can be used to access the job + name as transmitted by the client.</para> <para>The print command <emphasis>MUST</emphasis> contain at least one occurrence of <parameter>%s</parameter> or <parameter>%f @@ -5712,7 +5744,7 @@ or PLP :</command></para> <para><command>print command = lpr -r -P%p %s</command></para> - <para>For <command>printing = SYS or HPUX :</command></para> + <para>For <command>printing = SYSV or HPUX :</command></para> <para><command>print command = lp -c -d%p %s; rm %s</command></para> <para>For <command>printing = SOFTQ :</command></para> @@ -5964,7 +5996,7 @@ <parameter>lprm command</parameter> if specified in the [global] section.</para> - <para>Currently eight printing styles are supported. They are + <para>Currently nine printing styles are supported. They are <constant>BSD</constant>, <constant>AIX</constant>, <constant>LPRNG</constant>, <constant>PLP</constant>, <constant>SYSV</constant>, <constant>HPUX</constant>, @@ -6237,34 +6269,6 @@ - <varlistentry> - <term><anchor id="RESTRICTACLWITHMASK">restrict acl with mask (S)</term> - <listitem><para>This is a boolean parameter. If set to <constant>false</constant> (default), then - creation of files with access control lists (ACLS) and modification of ACLs - using the Windows NT/2000 ACL editor will be applied directly to the file - or directory.</para> - - <para>If set to <constant>true</constant>, then all requests to set an ACL on a file will have the - parameters <link linkend="CREATEMASK"><parameter>create mask</parameter></link>, - <link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link> - applied before setting the ACL, and all requests to set an ACL on a directory will - have the parameters <link linkend="DIRECTORYMASK"><parameter>directory - mask</parameter></link>, <link linkend="FORCEDIRECTORYMODE"><parameter>force - directory mode</parameter></link> applied before setting the ACL. - </para> - - <para>See also <link linkend="CREATEMASK"><parameter>create mask</parameter></link>, - <link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link>, - <link linkend="DIRECTORYMASK"><parameter>directory mask</parameter></link>, - <link linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter></link> - </para> - - <para>Default: <command>restrict acl with mask = no</command></para> - </listitem> - </varlistentry> - - - <varlistentry> <term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term> @@ -6414,7 +6418,7 @@ <command>security = server</command> or <command>security = domain </command>.</para> - <para>In versions of Samba prior to 2..0, the default was + <para>In versions of Samba prior to 2.0.0, the default was <command>security = share</command> mainly because that was the only option at one stage.</para> @@ -7541,6 +7545,22 @@ <varlistentry> + <term><anchor id="UNIXEXTENSIONS">unix extensions(G)</term> + <listitem><para>This boolean parameter controls whether Samba + implments the CIFS UNIX extensions, as defined by HP. These + extensions enable CIFS to server UNIX clients to UNIX servers + better, and allow such things as symbolic links, hard links etc. + These extensions require a similarly enabled client, and are of + no current use to Windows clients.</para> + + <para>Default: <command>unix extensions = no</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> <term><anchor id="UNIXPASSWORDSYNC">unix password sync (G)</term> <listitem><para>This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password @@ -8025,16 +8045,16 @@ <para>Default: <emphasis>No files or directories are vetoed. </emphasis></para> - <para>Examples:<programlisting> - ; Veto any files containing the word Security, - ; any ending in .tmp, and any directory containing the - ; word root. - veto files = /*Security*/*.tmp/*root*/ +<para>Examples:<programlisting> +; Veto any files containing the word Security, +; any ending in .tmp, and any directory containing the +; word root. +veto files = /*Security*/*.tmp/*root*/ - ; Veto the Apple specific files that a NetAtalk server - ; creates. - veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - </programlisting></para> +; Veto the Apple specific files that a NetAtalk server +; creates. +veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ +</programlisting></para> </listitem> </varlistentry> |