summaryrefslogtreecommitdiff
path: root/packaging/Caldera/OpenServer/man/cat.5/smb.conf.5
diff options
context:
space:
mode:
Diffstat (limited to 'packaging/Caldera/OpenServer/man/cat.5/smb.conf.5')
-rw-r--r--packaging/Caldera/OpenServer/man/cat.5/smb.conf.59108
1 files changed, 9108 insertions, 0 deletions
diff --git a/packaging/Caldera/OpenServer/man/cat.5/smb.conf.5 b/packaging/Caldera/OpenServer/man/cat.5/smb.conf.5
new file mode 100644
index 00000000000..b9dc8c1b2b7
--- /dev/null
+++ b/packaging/Caldera/OpenServer/man/cat.5/smb.conf.5
@@ -0,0 +1,9108 @@
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ NNNNAAAAMMMMEEEE
+ smb.conf - The configuration file for the Samba suite
+
+ SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
+ The _s_m_b._c_o_n_f file is a configuration file for the Samba
+ suite. _s_m_b._c_o_n_f contains runtime configuration information
+ for the Samba programs. The _s_m_b._c_o_n_f file is designed to be
+ configured and administered by the sssswwwwaaaatttt((((8888))))
+ program. The complete description of the file format and
+ possible parameters held within are here for reference
+ purposes.
+
+ FFFFIIIILLLLEEEE FFFFOOOORRRRMMMMAAAATTTT
+ The file consists of sections and parameters. A section
+ begins with the name of the section in square brackets and
+ continues until the next section begins. Sections contain
+ parameters of the form
+
+ _n_a_m_e = _v_a_l_u_e
+
+ The file is line-based - that is, each newline-terminated
+ line represents either a comment, a section name or a
+ parameter.
+
+ Section and parameter names are not case sensitive.
+
+ Only the first equals sign in a parameter is significant.
+ Whitespace before or after the first equals sign is
+ discarded. Leading, trailing and internal whitespace in
+ section and parameter names is irrelevant. Leading and
+ trailing whitespace in a parameter value is discarded.
+ Internal whitespace within a parameter value is retained
+ verbatim.
+
+ Any line beginning with a semicolon (';') or a hash ('#')
+ character is ignored, as are lines containing only
+ whitespace.
+
+ Any line ending in a '\' is continued on the next line in
+ the customary UNIX fashion.
+
+ The values following the equals sign in parameters are all
+ either a string (no quotes needed) or a boolean, which may
+ be given as yes/no, 0/1 or true/false. Case is not
+ significant in boolean values, but is preserved in string
+ values. Some items such as create modes are numeric.
+
+ SSSSEEEECCCCTTTTIIIIOOOONNNN DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNNSSSS
+ Each section in the configuration file (except for the
+ [global] section) describes a shared resource (known as a
+ "share"). The section name is the name of the shared
+ resource and the parameters within the section define the
+
+
+
+ Page 1 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ shares attributes.
+
+ There are three special sections, [global], [homes] and
+ [printers], which are described under ssssppppeeeecccciiiiaaaallll sssseeeeccccttttiiiioooonnnnssss. The
+ following notes apply to ordinary section descriptions.
+
+ A share consists of a directory to which access is being
+ given plus a description of the access rights which are
+ granted to the user of the service. Some housekeeping
+ options are also specifiable.
+
+ Sections are either file share services (used by the client
+ as an extension of their native file systems) or printable
+ services (used by the client to access print services on the
+ host running the server).
+
+ Sections may be designated gggguuuueeeesssstttt services, in which case no
+ password is required to access them. A specified UNIX gggguuuueeeesssstttt
+ aaaaccccccccoooouuuunnnntttt is used to define access privileges in this case.
+
+ Sections other than guest services will require a password
+ to access them. The client provides the username. As older
+ clients only provide passwords and not usernames, you may
+ specify a list of usernames to check against the password
+ using the "user =" option in the share definition. For
+ modern clients such as Windows 95/98/ME/NT/2000, this should
+ not be necessary.
+
+ Note that the access rights granted by the server are masked
+ by the access rights granted to the specified or guest UNIX
+ user by the host system. The server does not grant more
+ access than the host system grants.
+
+ The following sample section defines a file space share. The
+ user has write access to the path /_h_o_m_e/_b_a_r. The share is
+ accessed via the share name "foo":
+
+ [foo]
+ path = /home/bar
+ read only = no
+
+
+
+
+ The following sample section defines a printable share. The
+ share is readonly, but printable. That is, the only write
+ access permitted is via calls to open, write to and close a
+ spool file. The gggguuuueeeesssstttt ooookkkk parameter means access will be
+ permitted as the default guest user (specified elsewhere):
+
+ [aprinter]
+ path = /usr/spool/public
+
+
+
+ Page 2 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ read only = yes
+ printable = yes
+ guest ok = yes
+
+
+
+
+ SSSSPPPPEEEECCCCIIIIAAAALLLL SSSSEEEECCCCTTTTIIIIOOOONNNNSSSS
+ TTTTHHHHEEEE GGGGLLLLOOOOBBBBAAAALLLL SSSSEEEECCCCTTTTIIIIOOOONNNN
+ parameters in this section apply to the server as a whole,
+ or are defaults for sections which do not specifically
+ define certain items. See the notes under PARAMETERS for
+ more information.
+
+ TTTTHHHHEEEE HHHHOOOOMMMMEEEESSSS SSSSEEEECCCCTTTTIIIIOOOONNNN
+ If a section called homes is included in the configuration
+ file, services connecting clients to their home directories
+ can be created on the fly by the server.
+
+ When the connection request is made, the existing sections
+ are scanned. If a match is found, it is used. If no match is
+ found, the requested section name is treated as a user name
+ and looked up in the local password file. If the name exists
+ and the correct password has been given, a share is created
+ by cloning the [homes] section.
+
+ Some modifications are then made to the newly created share:
+
+ o+ The share name is changed from homes to the located
+ username.
+
+ o+ If no path was given, the path is set to the user's home
+ directory.
+
+ If you decide to use a ppppaaaatttthhhh ==== line in your [homes] section
+ then you may find it useful to use the %S macro. For example
+ :
+
+ ppppaaaatttthhhh ==== ////ddddaaaattttaaaa////ppppcccchhhhoooommmmeeee////%%%%SSSS
+
+ would be useful if you have different home directories for
+ your PCs than for UNIX access.
+
+ This is a fast and simple way to give a large number of
+ clients access to their home directories with a minimum of
+ fuss.
+
+ A similar process occurs if the requested section name is
+ "homes", except that the share name is not changed to that
+ of the requesting user. This method of using the [homes]
+ section works well if different users share a client PC.
+
+
+
+
+ Page 3 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ The [homes] section can specify all the parameters a normal
+ service section can specify, though some make more sense
+ than others. The following is a typical and suitable [homes]
+ section:
+
+ [homes]
+ read only = no
+
+
+
+
+ An important point is that if guest access is specified in
+ the [homes] section, all home directories will be visible to
+ all clients wwwwiiiitttthhhhoooouuuutttt aaaa ppppaaaasssssssswwwwoooorrrrdddd. In the very unlikely event
+ that this is actually desirable, it would be wise to also
+ specify rrrreeeeaaaadddd oooonnnnllllyyyy aaaacccccccceeeessssssss.
+
+ Note that the bbbbrrrroooowwwwsssseeeeaaaabbbblllleeee flag for auto home directories will
+ be inherited from the global browseable flag, not the
+ [homes] browseable flag. This is useful as it means setting
+ bbbbrrrroooowwwwsssseeeeaaaabbbblllleeee ==== nnnnoooo in the [homes] section will hide the [homes]
+ share but make any auto home directories visible.
+
+ TTTTHHHHEEEE PPPPRRRRIIIINNNNTTTTEEEERRRRSSSS SSSSEEEECCCCTTTTIIIIOOOONNNN
+ This section works like [homes], but for printers.
+
+ If a [printers] section occurs in the configuration file,
+ users are able to connect to any printer specified in the
+ local host's printcap file.
+
+ When a connection request is made, the existing sections are
+ scanned. If a match is found, it is used. If no match is
+ found, but a [homes] section exists, it is used as described
+ above. Otherwise, the requested section name is treated as a
+ printer name and the appropriate printcap file is scanned to
+ see if the requested section name is a valid printer share
+ name. If a match is found, a new printer share is created by
+ cloning the [printers] section.
+
+ A few modifications are then made to the newly created
+ share:
+
+ o+ The share name is set to the located printer name
+
+ o+ If no printer name was given, the printer name is set to
+ the located printer name
+
+ o+ If the share does not permit guest access and no username
+ was given, the username is set to the located printer
+ name.
+
+ Note that the [printers] service MUST be printable - if you
+
+
+
+ Page 4 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ specify otherwise, the server will refuse to load the
+ configuration file.
+
+ Typically the path specified would be that of a world-
+ writeable spool directory with the sticky bit set on it. A
+ typical [printers] entry would look like this:
+
+ [printers]
+ path = /usr/spool/public
+ guest ok = yes
+ printable = yes
+
+
+
+ All aliases given for a printer in the printcap file are
+ legitimate printer names as far as the server is concerned.
+ If your printing subsystem doesn't work like that, you will
+ have to set up a pseudo-printcap. This is a file consisting
+ of one or more lines like this:
+
+ alias|alias|alias|alias...
+
+
+
+
+ Each alias should be an acceptable printer name for your
+ printing subsystem. In the [global] section, specify the new
+ file as your printcap. The server will then only recognize
+ names found in your pseudo-printcap, which of course can
+ contain whatever aliases you like. The same technique could
+ be used simply to limit access to a subset of your local
+ printers.
+
+ An alias, by the way, is defined as any component of the
+ first entry of a printcap record. Records are separated by
+ newlines, components (if there are more than one) are
+ separated by vertical bar symbols ('|').
+
+ NOTE: On SYSV systems which use lpstat to determine what
+ printers are defined on the system you may be able to use
+ "printcap name = lpstat" to automatically obtain a list of
+ printers. See the "printcap name" option for more details.
+
+ PPPPAAAARRRRAAAAMMMMEEEETTTTEEEERRRRSSSS
+ parameters define the specific attributes of sections.
+
+ Some parameters are specific to the [global] section (e.g.,
+ sssseeeeccccuuuurrrriiiittttyyyy). Some parameters are usable in all sections (e.g.,
+ ccccrrrreeeeaaaatttteeee mmmmooooddddeeee). All others are permissible only in normal
+ sections. For the purposes of the following descriptions the
+ [homes] and [printers] sections will be considered normal.
+ The letter GGGG in parentheses indicates that a parameter is
+
+
+
+ Page 5 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ specific to the [global] section. The letter SSSS indicates
+ that a parameter can be specified in a service specific
+ section. Note that all SSSS parameters can also be specified in
+ the [global] section - in which case they will define the
+ default behavior for all services.
+
+ parameters are arranged here in alphabetical order - this
+ may not create best bedfellows, but at least you can find
+ them! Where there are synonyms, the preferred synonym is
+ described, others refer to the preferred synonym.
+
+ VVVVAAAARRRRIIIIAAAABBBBLLLLEEEE SSSSUUUUBBBBSSSSTTTTIIIITTTTUUUUTTTTIIIIOOOONNNNSSSS
+ Many of the strings that are settable in the config file can
+ take substitutions. For example the option "path = /tmp/%u"
+ would be interpreted as "path = /tmp/john" if the user
+ connected with the username john.
+
+ These substitutions are mostly noted in the descriptions
+ below, but there are some general substitutions which apply
+ whenever they might be relevant. These are:
+
+ %%%%SSSS the name of the current service, if any.
+
+ %%%%PPPP the root directory of the current service, if any.
+
+ %%%%uuuu user name of the current service, if any.
+
+ %%%%gggg primary group name of %u.
+
+ %%%%UUUU session user name (the user name that the client
+ wanted, not necessarily the same as the one they got).
+
+ %%%%GGGG primary group name of %U.
+
+ %%%%HHHH the home directory of the user given by %u.
+
+ %%%%vvvv the Samba version.
+
+ %%%%hhhh the Internet hostname that Samba is running on.
+
+ %%%%mmmm the NetBIOS name of the client machine (very useful).
+
+ %%%%LLLL the NetBIOS name of the server. This allows you to
+ change your config based on what the client calls you.
+ Your server can have a "dual personality".
+
+ Note that this paramater is not available when Samba
+ listens on port 445, as clients no longer send this
+ information
+
+ %%%%MMMM the Internet name of the client machine.
+
+
+
+
+ Page 6 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ %%%%NNNN the name of your NIS home directory server. This is
+ obtained from your NIS auto.map entry. If you have not
+ compiled Samba with the --------wwwwiiiitttthhhh----aaaauuuuttttoooommmmoooouuuunnnntttt option then
+ this value will be the same as %L.
+
+ %%%%pppp the path of the service's home directory, obtained from
+ your NIS auto.map entry. The NIS auto.map entry is
+ split up as "%N:%p".
+
+ %%%%RRRR the selected protocol level after protocol negotiation.
+ It can be one of CORE, COREPLUS, LANMAN1, LANMAN2 or
+ NT1.
+
+ %%%%dddd The process id of the current server process.
+
+ %%%%aaaa the architecture of the remote machine. Only some are
+ recognized, and those may not be 100% reliable. It
+ currently recognizes Samba, WfWg, Win95, WinNT and
+ Win2k. Anything else will be known as "UNKNOWN". If it
+ gets it wrong then sending a level 3 log to
+ samba@samba.org
+ <URL:mailto:samba@samba.org> should allow it to be
+ fixed.
+
+ %%%%IIII The IP address of the client machine.
+
+ %%%%TTTT the current date and time.
+
+ %%%%$$$$((((_e_n_v_v_a_r))))
+ The value of the environment variable _e_n_v_a_r.
+
+ There are some quite creative things that can be done with
+ these substitutions and other smb.conf options.
+
+ NNNNAAAAMMMMEEEE MMMMAAAANNNNGGGGLLLLIIIINNNNGGGG
+ Samba supports "name mangling" so that DOS and Windows
+ clients can use files that don't conform to the 8.3 format.
+ It can also be set to adjust the case of 8.3 format
+ filenames.
+
+ There are several options that control the way mangling is
+ performed, and they are grouped here rather than listed
+ separately. For the defaults look at the output of the
+ testparm program.
+
+ All of these options can be set separately for each service
+ (or globally, of course).
+
+ The options are:
+
+ mmmmaaaannnngggglllliiiinnnngggg mmmmeeeetttthhhhoooodddd
+ controls the algorithm used for the generating the
+
+
+
+ Page 7 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ mangled names. Can take two different values, "hash"
+ and "hash2". "hash" is the default and is the algorithm
+ that has been used in Samba for many years. "hash2" is
+ a newer and considered a better algorithm (generates
+ less collisions) in the names. However, many Win32
+ applications store the mangled names and so changing to
+ the new algorithm must not be done lightly as these
+ applications may break unless reinstalled. New
+ installations of Samba may set the default to hash2.
+ Default hhhhaaaasssshhhh.
+
+ mmmmaaaannnngggglllleeee ccccaaaasssseeee ==== yyyyeeeessss////nnnnoooo
+ controls if names that have characters that aren't of
+ the "default" case are mangled. For example, if this is
+ yes then a name like "Mail" would be mangled. Default
+ nnnnoooo.
+
+ ccccaaaasssseeee sssseeeennnnssssiiiittttiiiivvvveeee ==== yyyyeeeessss////nnnnoooo
+ controls whether filenames are case sensitive. If they
+ aren't then Samba must do a filename search and match
+ on passed names. Default nnnnoooo.
+
+ ddddeeeeffffaaaauuuulllltttt ccccaaaasssseeee ==== uuuuppppppppeeeerrrr////lllloooowwwweeeerrrr
+ controls what the default case is for new filenames.
+ Default lllloooowwwweeeerrrr.
+
+ pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ==== yyyyeeeessss////nnnnoooo
+ controls if new files are created with the case that
+ the client passes, or if they are forced to be the
+ "default" case. Default yyyyeeeessss.
+
+ sssshhhhoooorrrrtttt pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ==== yyyyeeeessss////nnnnoooo
+ controls if new files which conform to 8.3 syntax, that
+ is all in upper case and of suitable length, are
+ created upper case, or if they are forced to be the
+ "default" case. This option can be use with "preserve
+ case = yes" to permit long filenames to retain their
+ case, while short names are lowercased. Default yyyyeeeessss.
+
+ By default, Samba 2.2 has the same semantics as a Windows NT
+ server, in that it is case insensitive but case preserving.
+
+ NNNNOOOOTTTTEEEE AAAABBBBOOOOUUUUTTTT UUUUSSSSEEEERRRRNNNNAAAAMMMMEEEE////PPPPAAAASSSSSSSSWWWWOOOORRRRDDDD VVVVAAAALLLLIIIIDDDDAAAATTTTIIIIOOOONNNN
+ There are a number of ways in which a user can connect to a
+ service. The server uses the following steps in determining
+ if it will allow a connection to a specified service. If all
+ the steps fail, then the connection request is rejected.
+ However, if one of the steps succeeds, then the following
+ steps are not checked.
+
+ If the service is marked "guest only = yes" and the server
+ is running with share-level security ("security = share")
+
+
+
+ Page 8 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ then steps 1 to 5 are skipped.
+
+ 1. If the client has passed a username/password pair and
+ that username/password pair is validated by the UNIX
+ system's password programs then the connection is made
+ as that username. Note that this includes the
+ \\server\service%_u_s_e_r_n_a_m_e method of passing a username.
+
+ 2. If the client has previously registered a username with
+ the system and now supplies a correct password for that
+ username then the connection is allowed.
+
+ 3. The client's NetBIOS name and any previously used user
+ names are checked against the supplied password, if
+ they match then the connection is allowed as the
+ corresponding user.
+
+ 4. If the client has previously validated a
+ username/password pair with the server and the client
+ has passed the validation token then that username is
+ used.
+
+ 5. If a "user = " field is given in the _s_m_b._c_o_n_f file for
+ the service and the client has supplied a password, and
+ that password matches (according to the UNIX system's
+ password checking) with one of the usernames from the
+ "user =" field then the connection is made as the
+ username in the "user =" line. If one of the username
+ in the "user =" list begins with a '@' then that name
+ expands to a list of names in the group of the same
+ name.
+
+ 6. If the service is a guest service then a connection is
+ made as the username given in the "guest account =" for
+ the service, irrespective of the supplied password.
+
+ CCCCOOOOMMMMPPPPLLLLEEEETTTTEEEE LLLLIIIISSSSTTTT OOOOFFFF GGGGLLLLOOOOBBBBAAAALLLL PPPPAAAARRRRAAAAMMMMEEEETTTTEEEERRRRSSSS
+ Here is a list of all global parameters. See the section of
+ each parameter for details. Note that some are synonyms.
+
+ o+ _a_d_d _p_r_i_n_t_e_r _c_o_m_m_a_n_d
+
+ o+ _a_d_d _s_h_a_r_e _c_o_m_m_a_n_d
+
+ o+ _a_d_d _u_s_e_r _s_c_r_i_p_t
+
+ o+ _a_l_l_o_w _t_r_u_s_t_e_d _d_o_m_a_i_n_s
+
+ o+ _a_n_n_o_u_n_c_e _a_s
+
+ o+ _a_n_n_o_u_n_c_e _v_e_r_s_i_o_n
+
+
+
+
+ Page 9 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _a_u_t_o _s_e_r_v_i_c_e_s
+
+ o+ _b_i_n_d _i_n_t_e_r_f_a_c_e_s _o_n_l_y
+
+ o+ _b_r_o_w_s_e _l_i_s_t
+
+ o+ _c_h_a_n_g_e _n_o_t_i_f_y _t_i_m_e_o_u_t
+
+ o+ _c_h_a_n_g_e _s_h_a_r_e _c_o_m_m_a_n_d
+
+ o+ _c_h_a_r_a_c_t_e_r _s_e_t
+
+ o+ _c_l_i_e_n_t _c_o_d_e _p_a_g_e
+
+ o+ _c_o_d_e _p_a_g_e _d_i_r_e_c_t_o_r_y
+
+ o+ _c_o_d_i_n_g _s_y_s_t_e_m
+
+ o+ _c_o_n_f_i_g _f_i_l_e
+
+ o+ _d_e_a_d_t_i_m_e
+
+ o+ _d_e_b_u_g _h_i_r_e_s _t_i_m_e_s_t_a_m_p
+
+ o+ _d_e_b_u_g _p_i_d
+
+ o+ _d_e_b_u_g _t_i_m_e_s_t_a_m_p
+
+ o+ _d_e_b_u_g _u_i_d
+
+ o+ _d_e_b_u_g_l_e_v_e_l
+
+ o+ _d_e_f_a_u_l_t
+
+ o+ _d_e_f_a_u_l_t _s_e_r_v_i_c_e
+
+ o+ _d_e_l_e_t_e _p_r_i_n_t_e_r _c_o_m_m_a_n_d
+
+ o+ _d_e_l_e_t_e _s_h_a_r_e _c_o_m_m_a_n_d
+
+ o+ _d_e_l_e_t_e _u_s_e_r _s_c_r_i_p_t
+
+ o+ _d_f_r_e_e _c_o_m_m_a_n_d
+
+ o+ _d_i_s_a_b_l_e _s_p_o_o_l_s_s
+
+ o+ _d_n_s _p_r_o_x_y
+
+ o+ _d_o_m_a_i_n _a_d_m_i_n _g_r_o_u_p
+
+ o+ _d_o_m_a_i_n _g_u_e_s_t _g_r_o_u_p
+
+
+
+
+ Page 10 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _d_o_m_a_i_n _l_o_g_o_n_s
+
+ o+ _d_o_m_a_i_n _m_a_s_t_e_r
+
+ o+ _e_n_c_r_y_p_t _p_a_s_s_w_o_r_d_s
+
+ o+ _e_n_h_a_n_c_e_d _b_r_o_w_s_i_n_g
+
+ o+ _e_n_u_m_p_o_r_t_s _c_o_m_m_a_n_d
+
+ o+ _g_e_t_w_d _c_a_c_h_e
+
+ o+ _h_i_d_e _l_o_c_a_l _u_s_e_r_s
+
+ o+ _h_i_d_e _u_n_r_e_a_d_a_b_l_e
+
+ o+ _h_o_m_e_d_i_r _m_a_p
+
+ o+ _h_o_s_t _m_s_d_f_s
+
+ o+ _h_o_s_t_s _e_q_u_i_v
+
+ o+ _i_n_t_e_r_f_a_c_e_s
+
+ o+ _k_e_e_p_a_l_i_v_e
+
+ o+ _k_e_r_n_e_l _o_p_l_o_c_k_s
+
+ o+ _l_a_n_m_a_n _a_u_t_h
+
+ o+ _l_a_r_g_e _r_e_a_d_w_r_i_t_e
+
+ o+ _l_d_a_p _a_d_m_i_n _d_n
+
+ o+ _l_d_a_p _f_i_l_t_e_r
+
+ o+ _l_d_a_p _p_o_r_t
+
+ o+ _l_d_a_p _s_e_r_v_e_r
+
+ o+ _l_d_a_p _s_s_l
+
+ o+ _l_d_a_p _s_u_f_f_i_x
+
+ o+ _l_m _a_n_n_o_u_n_c_e
+
+ o+ _l_m _i_n_t_e_r_v_a_l
+
+ o+ _l_o_a_d _p_r_i_n_t_e_r_s
+
+ o+ _l_o_c_a_l _m_a_s_t_e_r
+
+
+
+
+ Page 11 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _l_o_c_k _d_i_r
+
+ o+ _l_o_c_k _d_i_r_e_c_t_o_r_y
+
+ o+ _l_o_c_k _s_p_i_n _c_o_u_n_t
+
+ o+ _l_o_c_k _s_p_i_n _t_i_m_e
+
+ o+ _p_i_d _d_i_r_e_c_t_o_r_y
+
+ o+ _l_o_g _f_i_l_e
+
+ o+ _l_o_g _l_e_v_e_l
+
+ o+ _l_o_g_o_n _d_r_i_v_e
+
+ o+ _l_o_g_o_n _h_o_m_e
+
+ o+ _l_o_g_o_n _p_a_t_h
+
+ o+ _l_o_g_o_n _s_c_r_i_p_t
+
+ o+ _l_p_q _c_a_c_h_e _t_i_m_e
+
+ o+ _m_a_c_h_i_n_e _p_a_s_s_w_o_r_d _t_i_m_e_o_u_t
+
+ o+ _m_a_n_g_l_e_d _s_t_a_c_k
+
+ o+ _m_a_n_g_l_i_n_g _m_e_t_h_o_d
+
+ o+ _m_a_p _t_o _g_u_e_s_t
+
+ o+ _m_a_x _d_i_s_k _s_i_z_e
+
+ o+ _m_a_x _l_o_g _s_i_z_e
+
+ o+ _m_a_x _m_u_x
+
+ o+ _m_a_x _o_p_e_n _f_i_l_e_s
+
+ o+ _m_a_x _p_r_o_t_o_c_o_l
+
+ o+ _m_a_x _s_m_b_d _p_r_o_c_e_s_s_e_s
+
+ o+ _m_a_x _t_t_l
+
+ o+ _m_a_x _w_i_n_s _t_t_l
+
+ o+ _m_a_x _x_m_i_t
+
+ o+ _m_e_s_s_a_g_e _c_o_m_m_a_n_d
+
+
+
+
+ Page 12 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _m_i_n _p_a_s_s_w_d _l_e_n_g_t_h
+
+ o+ _m_i_n _p_a_s_s_w_o_r_d _l_e_n_g_t_h
+
+ o+ _m_i_n _p_r_o_t_o_c_o_l
+
+ o+ _m_i_n _w_i_n_s _t_t_l
+
+ o+ _n_a_m_e _r_e_s_o_l_v_e _o_r_d_e_r
+
+ o+ _n_e_t_b_i_o_s _a_l_i_a_s_e_s
+
+ o+ _n_e_t_b_i_o_s _n_a_m_e
+
+ o+ _n_e_t_b_i_o_s _s_c_o_p_e
+
+ o+ _n_i_s _h_o_m_e_d_i_r
+
+ o+ _n_t _p_i_p_e _s_u_p_p_o_r_t
+
+ o+ _n_t _s_m_b _s_u_p_p_o_r_t
+
+ o+ _n_t _s_t_a_t_u_s _s_u_p_p_o_r_t
+
+ o+ _n_u_l_l _p_a_s_s_w_o_r_d_s
+
+ o+ _o_b_e_y _p_a_m _r_e_s_t_r_i_c_t_i_o_n_s
+
+ o+ _o_p_l_o_c_k _b_r_e_a_k _w_a_i_t _t_i_m_e
+
+ o+ _o_s _l_e_v_e_l
+
+ o+ _o_s_2 _d_r_i_v_e_r _m_a_p
+
+ o+ _p_a_m _p_a_s_s_w_o_r_d _c_h_a_n_g_e
+
+ o+ _p_a_n_i_c _a_c_t_i_o_n
+
+ o+ _p_a_s_s_w_d _c_h_a_t
+
+ o+ _p_a_s_s_w_d _c_h_a_t _d_e_b_u_g
+
+ o+ _p_a_s_s_w_d _p_r_o_g_r_a_m
+
+ o+ _p_a_s_s_w_o_r_d _l_e_v_e_l
+
+ o+ _p_a_s_s_w_o_r_d _s_e_r_v_e_r
+
+ o+ _p_r_e_f_e_r_e_d _m_a_s_t_e_r
+
+ o+ _p_r_e_f_e_r_r_e_d _m_a_s_t_e_r
+
+
+
+
+ Page 13 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _p_r_e_l_o_a_d
+
+ o+ _p_r_i_n_t_c_a_p
+
+ o+ _p_r_i_n_t_c_a_p _n_a_m_e
+
+ o+ _p_r_i_n_t_e_r _d_r_i_v_e_r _f_i_l_e
+
+ o+ _p_r_o_t_o_c_o_l
+
+ o+ _r_e_a_d _b_m_p_x
+
+ o+ _r_e_a_d _r_a_w
+
+ o+ _r_e_a_d _s_i_z_e
+
+ o+ _r_e_m_o_t_e _a_n_n_o_u_n_c_e
+
+ o+ _r_e_m_o_t_e _b_r_o_w_s_e _s_y_n_c
+
+ o+ _r_e_s_t_r_i_c_t _a_n_o_n_y_m_o_u_s
+
+ o+ _r_o_o_t
+
+ o+ _r_o_o_t _d_i_r
+
+ o+ _r_o_o_t _d_i_r_e_c_t_o_r_y
+
+ o+ _s_e_c_u_r_i_t_y
+
+ o+ _s_e_r_v_e_r _s_t_r_i_n_g
+
+ o+ _s_h_o_w _a_d_d _p_r_i_n_t_e_r _w_i_z_a_r_d
+
+ o+ _s_m_b _p_a_s_s_w_d _f_i_l_e
+
+ o+ _s_o_c_k_e_t _a_d_d_r_e_s_s
+
+ o+ _s_o_c_k_e_t _o_p_t_i_o_n_s
+
+ o+ _s_o_u_r_c_e _e_n_v_i_r_o_n_m_e_n_t
+
+ o+ _s_s_l
+
+ o+ _s_s_l _C_A _c_e_r_t_D_i_r
+
+ o+ _s_s_l _C_A _c_e_r_t_F_i_l_e
+
+ o+ _s_s_l _c_i_p_h_e_r_s
+
+ o+ _s_s_l _c_l_i_e_n_t _c_e_r_t
+
+
+
+
+ Page 14 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _s_s_l _c_l_i_e_n_t _k_e_y
+
+ o+ _s_s_l _c_o_m_p_a_t_i_b_i_l_i_t_y
+
+ o+ _s_s_l _e_g_d _s_o_c_k_e_t
+
+ o+ _s_s_l _e_n_t_r_o_p_y _b_y_t_e_s
+
+ o+ _s_s_l _e_n_t_r_o_p_y _f_i_l_e
+
+ o+ _s_s_l _h_o_s_t_s
+
+ o+ _s_s_l _h_o_s_t_s _r_e_s_i_g_n
+
+ o+ _s_s_l _r_e_q_u_i_r_e _c_l_i_e_n_t_c_e_r_t
+
+ o+ _s_s_l _r_e_q_u_i_r_e _s_e_r_v_e_r_c_e_r_t
+
+ o+ _s_s_l _s_e_r_v_e_r _c_e_r_t
+
+ o+ _s_s_l _s_e_r_v_e_r _k_e_y
+
+ o+ _s_s_l _v_e_r_s_i_o_n
+
+ o+ _s_t_a_t _c_a_c_h_e
+
+ o+ _s_t_a_t _c_a_c_h_e _s_i_z_e
+
+ o+ _s_t_r_i_p _d_o_t
+
+ o+ _s_y_s_l_o_g
+
+ o+ _s_y_s_l_o_g _o_n_l_y
+
+ o+ _t_e_m_p_l_a_t_e _h_o_m_e_d_i_r
+
+ o+ _t_e_m_p_l_a_t_e _s_h_e_l_l
+
+ o+ _t_i_m_e _o_f_f_s_e_t
+
+ o+ _t_i_m_e _s_e_r_v_e_r
+
+ o+ _t_i_m_e_s_t_a_m_p _l_o_g_s
+
+ o+ _t_o_t_a_l _p_r_i_n_t _j_o_b_s
+
+ o+ _u_n_i_x _e_x_t_e_n_s_i_o_n_s
+
+ o+ _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c
+
+ o+ _u_p_d_a_t_e _e_n_c_r_y_p_t_e_d
+
+
+
+
+ Page 15 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _u_s_e _m_m_a_p
+
+ o+ _u_s_e _r_h_o_s_t_s
+
+ o+ _u_s_e_r_n_a_m_e _l_e_v_e_l
+
+ o+ _u_s_e_r_n_a_m_e _m_a_p
+
+ o+ _u_t_m_p
+
+ o+ _u_t_m_p _d_i_r_e_c_t_o_r_y
+
+ o+ _v_a_l_i_d _c_h_a_r_s
+
+ o+ _w_i_n_b_i_n_d _c_a_c_h_e _t_i_m_e
+
+ o+ _w_i_n_b_i_n_d _e_n_u_m _u_s_e_r_s
+
+ o+ _w_i_n_b_i_n_d _e_n_u_m _g_r_o_u_p_s
+
+ o+ _w_i_n_b_i_n_d _g_i_d
+
+ o+ _w_i_n_b_i_n_d _s_e_p_a_r_a_t_o_r
+
+ o+ _w_i_n_b_i_n_d _u_i_d
+
+ o+ _w_i_n_b_i_n_d _u_s_e _d_e_f_a_u_l_t _d_o_m_a_i_n
+
+ o+ _w_i_n_s _h_o_o_k
+
+ o+ _w_i_n_s _p_r_o_x_y
+
+ o+ _w_i_n_s _s_e_r_v_e_r
+
+ o+ _w_i_n_s _s_u_p_p_o_r_t
+
+ o+ _w_o_r_k_g_r_o_u_p
+
+ o+ _w_r_i_t_e _r_a_w
+
+ CCCCOOOOMMMMPPPPLLLLEEEETTTTEEEE LLLLIIIISSSSTTTT OOOOFFFF SSSSEEEERRRRVVVVIIIICCCCEEEE PPPPAAAARRRRAAAAMMMMEEEETTTTEEEERRRRSSSS
+ Here is a list of all service parameters. See the section on
+ each parameter for details. Note that some are synonyms.
+
+ o+ _a_d_m_i_n _u_s_e_r_s
+
+ o+ _a_l_l_o_w _h_o_s_t_s
+
+ o+ _a_v_a_i_l_a_b_l_e
+
+ o+ _b_l_o_c_k_i_n_g _l_o_c_k_s
+
+
+
+
+ Page 16 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _b_l_o_c_k _s_i_z_e
+
+ o+ _b_r_o_w_s_a_b_l_e
+
+ o+ _b_r_o_w_s_e_a_b_l_e
+
+ o+ _c_a_s_e _s_e_n_s_i_t_i_v_e
+
+ o+ _c_a_s_e_s_i_g_n_a_m_e_s
+
+ o+ _c_o_m_m_e_n_t
+
+ o+ _c_o_p_y
+
+ o+ _c_r_e_a_t_e _m_a_s_k
+
+ o+ _c_r_e_a_t_e _m_o_d_e
+
+ o+ _c_s_c _p_o_l_i_c_y
+
+ o+ _d_e_f_a_u_l_t _c_a_s_e
+
+ o+ _d_e_f_a_u_l_t _d_e_v_m_o_d_e
+
+ o+ _d_e_l_e_t_e _r_e_a_d_o_n_l_y
+
+ o+ _d_e_l_e_t_e _v_e_t_o _f_i_l_e_s
+
+ o+ _d_e_n_y _h_o_s_t_s
+
+ o+ _d_i_r_e_c_t_o_r_y
+
+ o+ _d_i_r_e_c_t_o_r_y _m_a_s_k
+
+ o+ _d_i_r_e_c_t_o_r_y _m_o_d_e
+
+ o+ _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_a_s_k
+
+ o+ _d_o_n_t _d_e_s_c_e_n_d
+
+ o+ _d_o_s _f_i_l_e_m_o_d_e
+
+ o+ _d_o_s _f_i_l_e_t_i_m_e _r_e_s_o_l_u_t_i_o_n
+
+ o+ _d_o_s _f_i_l_e_t_i_m_e_s
+
+ o+ _e_x_e_c
+
+ o+ _f_a_k_e _d_i_r_e_c_t_o_r_y _c_r_e_a_t_e _t_i_m_e_s
+
+ o+ _f_a_k_e _o_p_l_o_c_k_s
+
+
+
+
+ Page 17 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _f_o_l_l_o_w _s_y_m_l_i_n_k_s
+
+ o+ _f_o_r_c_e _c_r_e_a_t_e _m_o_d_e
+
+ o+ _f_o_r_c_e _d_i_r_e_c_t_o_r_y _m_o_d_e
+
+ o+ _f_o_r_c_e _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_o_d_e
+
+ o+ _f_o_r_c_e _g_r_o_u_p
+
+ o+ _f_o_r_c_e _s_e_c_u_r_i_t_y _m_o_d_e
+
+ o+ _f_o_r_c_e _u_n_k_n_o_w_n _a_c_l _u_s_e_r
+
+ o+ _f_o_r_c_e _u_s_e_r
+
+ o+ _f_s_t_y_p_e
+
+ o+ _g_r_o_u_p
+
+ o+ _g_u_e_s_t _a_c_c_o_u_n_t
+
+ o+ _g_u_e_s_t _o_k
+
+ o+ _g_u_e_s_t _o_n_l_y
+
+ o+ _h_i_d_e _d_o_t _f_i_l_e_s
+
+ o+ _h_i_d_e _f_i_l_e_s
+
+ o+ _h_o_s_t_s _a_l_l_o_w
+
+ o+ _h_o_s_t_s _d_e_n_y
+
+ o+ _i_n_c_l_u_d_e
+
+ o+ _i_n_h_e_r_i_t _a_c_l_s
+
+ o+ _i_n_h_e_r_i_t _p_e_r_m_i_s_s_i_o_n_s
+
+ o+ _i_n_v_a_l_i_d _u_s_e_r_s
+
+ o+ _l_e_v_e_l_2 _o_p_l_o_c_k_s
+
+ o+ _l_o_c_k_i_n_g
+
+ o+ _l_p_p_a_u_s_e _c_o_m_m_a_n_d
+
+ o+ _l_p_q _c_o_m_m_a_n_d
+
+ o+ _l_p_r_e_s_u_m_e _c_o_m_m_a_n_d
+
+
+
+
+ Page 18 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _l_p_r_m _c_o_m_m_a_n_d
+
+ o+ _m_a_g_i_c _o_u_t_p_u_t
+
+ o+ _m_a_g_i_c _s_c_r_i_p_t
+
+ o+ _m_a_n_g_l_e _c_a_s_e
+
+ o+ _m_a_n_g_l_e_d _m_a_p
+
+ o+ _m_a_n_g_l_e_d _n_a_m_e_s
+
+ o+ _m_a_n_g_l_i_n_g _c_h_a_r
+
+ o+ _m_a_p _a_r_c_h_i_v_e
+
+ o+ _m_a_p _h_i_d_d_e_n
+
+ o+ _m_a_p _s_y_s_t_e_m
+
+ o+ _m_a_x _c_o_n_n_e_c_t_i_o_n_s
+
+ o+ _m_a_x _p_r_i_n_t _j_o_b_s
+
+ o+ _m_i_n _p_r_i_n_t _s_p_a_c_e
+
+ o+ _m_s_d_f_s _r_o_o_t
+
+ o+ _n_t _a_c_l _s_u_p_p_o_r_t
+
+ o+ _o_n_l_y _g_u_e_s_t
+
+ o+ _o_n_l_y _u_s_e_r
+
+ o+ _o_p_l_o_c_k _c_o_n_t_e_n_t_i_o_n _l_i_m_i_t
+
+ o+ _o_p_l_o_c_k_s
+
+ o+ _p_a_t_h
+
+ o+ _p_o_s_i_x _l_o_c_k_i_n_g
+
+ o+ _p_o_s_t_e_x_e_c
+
+ o+ _p_o_s_t_s_c_r_i_p_t
+
+ o+ _p_r_e_e_x_e_c
+
+ o+ _p_r_e_e_x_e_c _c_l_o_s_e
+
+ o+ _p_r_e_s_e_r_v_e _c_a_s_e
+
+
+
+
+ Page 19 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _p_r_i_n_t _c_o_m_m_a_n_d
+
+ o+ _p_r_i_n_t _o_k
+
+ o+ _p_r_i_n_t_a_b_l_e
+
+ o+ _p_r_i_n_t_e_r
+
+ o+ _p_r_i_n_t_e_r _a_d_m_i_n
+
+ o+ _p_r_i_n_t_e_r _d_r_i_v_e_r
+
+ o+ _p_r_i_n_t_e_r _d_r_i_v_e_r _l_o_c_a_t_i_o_n
+
+ o+ _p_r_i_n_t_e_r _n_a_m_e
+
+ o+ _p_r_i_n_t_i_n_g
+
+ o+ _p_r_o_f_i_l_e _a_c_l_s
+
+ o+ _p_u_b_l_i_c
+
+ o+ _q_u_e_u_e_p_a_u_s_e _c_o_m_m_a_n_d
+
+ o+ _q_u_e_u_e_r_e_s_u_m_e _c_o_m_m_a_n_d
+
+ o+ _r_e_a_d _l_i_s_t
+
+ o+ _r_e_a_d _o_n_l_y
+
+ o+ _r_o_o_t _p_o_s_t_e_x_e_c
+
+ o+ _r_o_o_t _p_r_e_e_x_e_c
+
+ o+ _r_o_o_t _p_r_e_e_x_e_c _c_l_o_s_e
+
+ o+ _s_e_c_u_r_i_t_y _m_a_s_k
+
+ o+ _s_e_t _d_i_r_e_c_t_o_r_y
+
+ o+ _s_h_a_r_e _m_o_d_e_s
+
+ o+ _s_h_o_r_t _p_r_e_s_e_r_v_e _c_a_s_e
+
+ o+ _s_t_a_t_u_s
+
+ o+ _s_t_r_i_c_t _a_l_l_o_c_a_t_e
+
+ o+ _s_t_r_i_c_t _l_o_c_k_i_n_g
+
+ o+ _s_t_r_i_c_t _s_y_n_c
+
+
+
+
+ Page 20 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _s_y_n_c _a_l_w_a_y_s
+
+ o+ _u_s_e _c_l_i_e_n_t _d_r_i_v_e_r
+
+ o+ _u_s_e _s_e_n_d_f_i_l_e
+
+ o+ _u_s_e_r
+
+ o+ _u_s_e_r_n_a_m_e
+
+ o+ _u_s_e_r_s
+
+ o+ _v_a_l_i_d _u_s_e_r_s
+
+ o+ _v_e_t_o _f_i_l_e_s
+
+ o+ _v_e_t_o _o_p_l_o_c_k _f_i_l_e_s
+
+ o+ _v_f_s _o_b_j_e_c_t
+
+ o+ _v_f_s _o_p_t_i_o_n_s
+
+ o+ _v_o_l_u_m_e
+
+ o+ _w_i_d_e _l_i_n_k_s
+
+ o+ _w_r_i_t_a_b_l_e
+
+ o+ _w_r_i_t_e _c_a_c_h_e _s_i_z_e
+
+ o+ _w_r_i_t_e _l_i_s_t
+
+ o+ _w_r_i_t_e _o_k
+
+ o+ _w_r_i_t_e_a_b_l_e
+
+ EEEEXXXXPPPPLLLLAAAANNNNAAAATTTTIIIIOOOONNNN OOOOFFFF EEEEAAAACCCCHHHH PPPPAAAARRRRAAAAMMMMEEEETTTTEEEERRRR
+ aaaadddddddd pppprrrriiiinnnntttteeeerrrr ccccoooommmmmmmmaaaannnndddd ((((GGGG))))
+ With the introduction of MS-RPC based printing support
+ for Windows NT/2000 clients in Samba 2.2, The MS Add
+ Printer Wizard (APW) icon is now also available in the
+ "Printers..." folder displayed a share listing. The APW
+ allows for printers to be add remotely to a Samba or
+ Windows NT/2000 print server.
+
+ For a Samba host this means that the printer must be
+ physically added to the underlying printing system. The
+ _a_d_d _p_r_i_n_t_e_r _c_o_m_m_a_n_d defines a script to be run which
+ will perform the necessary operations for adding the
+ printer to the print system and to add the appropriate
+ service definition to the _s_m_b._c_o_n_f file in order that
+ it can be shared by ssssmmmmbbbbdddd((((8888))))
+
+
+
+ Page 21 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ The _a_d_d _p_r_i_n_t_e_r _c_o_m_m_a_n_d is automatically invoked with
+ the following parameter (in order:
+
+ o+ _p_r_i_n_t_e_r _n_a_m_e
+
+ o+ _s_h_a_r_e _n_a_m_e
+
+ o+ _p_o_r_t _n_a_m_e
+
+ o+ _d_r_i_v_e_r _n_a_m_e
+
+ o+ _l_o_c_a_t_i_o_n
+
+ o+ _W_i_n_d_o_w_s _9_x _d_r_i_v_e_r _l_o_c_a_t_i_o_n
+
+ All parameters are filled in from the PRINTER_INFO_2
+ structure sent by the Windows NT/2000 client with one
+ exception. The "Windows 9x driver location" parameter is
+ included for backwards compatibility only. The remaining
+ fields in the structure are generated from answers to the
+ APW questions.
+
+ Once the _a_d_d _p_r_i_n_t_e_r _c_o_m_m_a_n_d has been executed, ssssmmmmbbbbdddd will
+ reparse the _s_m_b._c_o_n_f to determine if the share defined by
+ the APW exists. If the sharename is still invalid, then ssssmmmmbbbbdddd
+ will return an ACCESS_DENIED error to the client.
+
+ See also _d_e_l_e_t_e _p_r_i_n_t_e_r _c_o_m_m_a_n_d, _p_r_i_n_t_i_n_g, _s_h_o_w _a_d_d _p_r_i_n_t_e_r
+ _w_i_z_a_r_d
+
+ Default: nnnnoooonnnneeee
+
+ Example: aaaaddddddddpppprrrriiiinnnntttteeeerrrr ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////aaaaddddddddpppprrrriiiinnnntttteeeerrrr
+
+ aaaadddddddd sssshhhhaaaarrrreeee ccccoooommmmmmmmaaaannnndddd ((((GGGG))))
+ Samba 2.2.0 introduced the ability to dynamically add
+ and delete shares via the Windows NT 4.0 Server
+ Manager. The _a_d_d _s_h_a_r_e _c_o_m_m_a_n_d is used to define an
+ external program or script which will add a new service
+ definition to _s_m_b._c_o_n_f. In order to successfully
+ execute the _a_d_d _s_h_a_r_e _c_o_m_m_a_n_d, ssssmmmmbbbbdddd requires that the
+ administrator be connected using a root account (i.e.
+ uid == 0).
+
+ When executed, ssssmmmmbbbbdddd will automatically invoke the _a_d_d
+ _s_h_a_r_e _c_o_m_m_a_n_d with four parameters.
+
+ o+ _c_o_n_f_i_g_F_i_l_e - the location of the global _s_m_b._c_o_n_f
+ file.
+
+ o+ _s_h_a_r_e_N_a_m_e - the name of the new share.
+
+
+
+
+ Page 22 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ _p_a_t_h_N_a_m_e - path to an **existing** directory on disk.
+
+ o+ _c_o_m_m_e_n_t - comment string to associate with the new
+ share.
+
+ This parameter is only used for add file shares. To add
+ printer shares, see the _a_d_d _p_r_i_n_t_e_r _c_o_m_m_a_n_d.
+
+ See also _c_h_a_n_g_e _s_h_a_r_e _c_o_m_m_a_n_d, _d_e_l_e_t_e _s_h_a_r_e _c_o_m_m_a_n_d.
+
+ Default: nnnnoooonnnneeee
+
+ Example: aaaadddddddd sssshhhhaaaarrrreeee ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////llllooooccccaaaallll////bbbbiiiinnnn////aaaaddddddddsssshhhhaaaarrrreeee
+
+ aaaadddddddd uuuusssseeeerrrr ssssccccrrrriiiipppptttt ((((GGGG))))
+ This is the full pathname to a script that will be run
+ AAAASSSS RRRROOOOOOOOTTTT by smbd(8)
+ under special circumstances described below.
+
+ Normally, a Samba server requires that UNIX users are
+ created for all users accessing files on this server.
+ For sites that use Windows NT account databases as
+ their primary user database creating these users and
+ keeping the user list in sync with the Windows NT PDC
+ is an onerous task. This option allows smbd to create
+ the required UNIX users OOOONNNN DDDDEEEEMMMMAAAANNNNDDDD when a user accesses
+ the Samba server.
+
+ In order to use this option, smbd must NNNNOOOOTTTT be set to
+ _s_e_c_u_r_i_t_y = _s_h_a_r_e and _a_d_d _u_s_e_r _s_c_r_i_p_t must be set to a
+ full pathname for a script that will create a UNIX user
+ given one argument of %_u, which expands into the UNIX
+ user name to create.
+
+ When the Windows user attempts to access the Samba
+ server, at login (session setup in the SMB protocol)
+ time, smbd contacts the _p_a_s_s_w_o_r_d _s_e_r_v_e_r and attempts
+ to authenticate the given user with the given password.
+ If the authentication succeeds then ssssmmmmbbbbdddd attempts to
+ find a UNIX user in the UNIX password database to map
+ the Windows user into. If this lookup fails, and _a_d_d
+ _u_s_e_r _s_c_r_i_p_t is set then ssssmmmmbbbbdddd will call the specified
+ script AAAASSSS RRRROOOOOOOOTTTT, expanding any %_u argument to be the
+ user name to create.
+
+ If this script successfully creates the user then ssssmmmmbbbbdddd
+ will continue on as though the UNIX user already
+ existed. In this way, UNIX users are dynamically
+ created to match existing Windows NT accounts.
+
+ See also _s_e_c_u_r_i_t_y, _p_a_s_s_w_o_r_d _s_e_r_v_e_r, _d_e_l_e_t_e _u_s_e_r
+ _s_c_r_i_p_t.
+
+
+
+ Page 23 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Default: aaaadddddddd uuuusssseeeerrrr ssssccccrrrriiiipppptttt ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ Example: aaaadddddddd uuuusssseeeerrrr ssssccccrrrriiiipppptttt ====
+ ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////bbbbiiiinnnn////aaaadddddddd____uuuusssseeeerrrr %%%%uuuu
+
+ aaaaddddmmmmiiiinnnn uuuusssseeeerrrrssss ((((SSSS))))
+ This is a list of users who will be granted
+ administrative privileges on the share. This means that
+ they will do all file operations as the super-user
+ (root).
+
+ You should use this option very carefully, as any user
+ in this list will be able to do anything they like on
+ the share, irrespective of file permissions.
+
+ Default: nnnnoooo aaaaddddmmmmiiiinnnn uuuusssseeeerrrrssss
+
+ Example: aaaaddddmmmmiiiinnnn uuuusssseeeerrrrssss ==== jjjjaaaassssoooonnnn
+
+ aaaalllllllloooowwww hhhhoooossssttttssss ((((SSSS))))
+ Synonym for _h_o_s_t_s _a_l_l_o_w.
+
+ aaaalllllllloooowwww ttttrrrruuuusssstttteeeedddd ddddoooommmmaaaaiiiinnnnssss ((((GGGG))))
+ This option only takes effect when the _s_e_c_u_r_i_t_y option
+ is set to server or domain. If it is set to no, then
+ attempts to connect to a resource from a domain or
+ workgroup other than the one which smbd is running in
+ will fail, even if that domain is trusted by the remote
+ server doing the authentication.
+
+ This is useful if you only want your Samba server to
+ serve resources to users in the domain it is a member
+ of. As an example, suppose that there are two domains
+ DOMA and DOMB. DOMB is trusted by DOMA, which contains
+ the Samba server. Under normal circumstances, a user
+ with an account in DOMB can then access the resources
+ of a UNIX account with the same account name on the
+ Samba server even if they do not have an account in
+ DOMA. This can make implementing a security boundary
+ difficult.
+
+ Default: aaaalllllllloooowwww ttttrrrruuuusssstttteeeedddd ddddoooommmmaaaaiiiinnnnssss ==== yyyyeeeessss
+
+ aaaannnnnnnnoooouuuunnnncccceeee aaaassss ((((GGGG))))
+ This specifies what type of server nnnnmmmmbbbbdddd will announce
+ itself as, to a network neighborhood browse list. By
+ default this is set to Windows NT. The valid options
+ are : "NT Server" (which can also be written as "NT"),
+ "NT Workstation", "Win95" or "WfW" meaning Windows NT
+ Server, Windows NT Workstation, Windows 95 and Windows
+ for Workgroups respectively. Do not change this
+ parameter unless you have a specific need to stop Samba
+
+
+
+ Page 24 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ appearing as an NT server as this may prevent Samba
+ servers from participating as browser servers
+ correctly.
+
+ Default: aaaannnnnnnnoooouuuunnnncccceeee aaaassss ==== NNNNTTTT SSSSeeeerrrrvvvveeeerrrr
+
+ Example: aaaannnnnnnnoooouuuunnnncccceeee aaaassss ==== WWWWiiiinnnn99995555
+
+ aaaannnnnnnnoooouuuunnnncccceeee vvvveeeerrrrssssiiiioooonnnn ((((GGGG))))
+ This specifies the major and minor version numbers that
+ nmbd will use when announcing itself as a server. The
+ default is 4.5. Do not change this parameter unless you
+ have a specific need to set a Samba server to be a
+ downlevel server.
+
+ Default: aaaannnnnnnnoooouuuunnnncccceeee vvvveeeerrrrssssiiiioooonnnn ==== 4444....5555
+
+ Example: aaaannnnnnnnoooouuuunnnncccceeee vvvveeeerrrrssssiiiioooonnnn ==== 2222....0000
+
+ aaaauuuuttttoooo sssseeeerrrrvvvviiiicccceeeessss ((((GGGG))))
+ This is a synonym for the _p_r_e_l_o_a_d.
+
+ aaaavvvvaaaaiiiillllaaaabbbblllleeee ((((SSSS))))
+ This parameter lets you "turn off" a service. If
+ _a_v_a_i_l_a_b_l_e = _n_o, then AAAALLLLLLLL attempts to connect to the
+ service will fail. Such failures are logged.
+
+ Default: aaaavvvvaaaaiiiillllaaaabbbblllleeee ==== yyyyeeeessss
+
+ bbbbiiiinnnndddd iiiinnnntttteeeerrrrffffaaaacccceeeessss oooonnnnllllyyyy ((((GGGG))))
+ This global parameter allows the Samba admin to limit
+ what interfaces on a machine will serve SMB requests.
+ If affects file service smbd(8) and name service
+ nmbd(8) in slightly different ways.
+
+ For name service it causes nnnnmmmmbbbbdddd to bind to ports 137
+ and 138 on the interfaces listed in the interfaces
+ parameter. nnnnmmmmbbbbdddd also binds to the "all addresses"
+ interface (0.0.0.0) on ports 137 and 138 for the
+ purposes of reading broadcast messages. If this option
+ is not set then nnnnmmmmbbbbdddd will service name requests on all
+ of these sockets. If _b_i_n_d _i_n_t_e_r_f_a_c_e_s _o_n_l_y is set then
+ nnnnmmmmbbbbdddd will check the source address of any packets
+ coming in on the broadcast sockets and discard any that
+ don't match the broadcast addresses of the interfaces
+ in the _i_n_t_e_r_f_a_c_e_s parameter list. As unicast packets
+ are received on the other sockets it allows nnnnmmmmbbbbdddd to
+ refuse to serve names to machines that send packets
+ that arrive through any interfaces not listed in the
+ _i_n_t_e_r_f_a_c_e_s list. IP Source address spoofing does defeat
+ this simple check, however so it must not be used
+ seriously as a security feature for nnnnmmmmbbbbdddd.
+
+
+
+ Page 25 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ For file service it causes smbd(8) to bind only to the
+ interface list given in the interfaces parameter. This
+ restricts the networks that ssssmmmmbbbbdddd will serve to packets
+ coming in those interfaces. Note that you should not
+ use this parameter for machines that are serving PPP or
+ other intermittent or non-broadcast network interfaces
+ as it will not cope with non-permanent interfaces.
+
+ If _b_i_n_d _i_n_t_e_r_f_a_c_e_s _o_n_l_y is set then unless the network
+ address 111122227777....0000....0000....1111 is added to the _i_n_t_e_r_f_a_c_e_s parameter
+ list ssssmmmmbbbbppppaaaasssssssswwwwdddd((((8888)))) and sssswwwwaaaatttt((((8888)))) may not work as expected
+ due to the reasons covered below.
+
+ To change a users SMB password, the ssssmmmmbbbbppppaaaasssssssswwwwdddd by
+ default connects to the llllooooccccaaaallllhhhhoooosssstttt ---- 111122227777....0000....0000....1111 address
+ as an SMB client to issue the password change request.
+ If _b_i_n_d _i_n_t_e_r_f_a_c_e_s _o_n_l_y is set then unless the network
+ address 111122227777....0000....0000....1111 is added to the _i_n_t_e_r_f_a_c_e_s parameter
+ list then ssssmmmmbbbbppppaaaasssssssswwwwdddd will fail to connect in it's
+ default mode. ssssmmmmbbbbppppaaaasssssssswwwwdddd can be forced to use the
+ primary IP interface of the local host by using its -_r
+ _r_e_m_o_t_e _m_a_c_h_i_n_e
+ parameter, with _r_e_m_o_t_e _m_a_c_h_i_n_e set to the IP name of
+ the primary interface of the local host.
+
+ The sssswwwwaaaatttt status page tries to connect with ssssmmmmbbbbdddd and
+ nnnnmmmmbbbbdddd at the address 111122227777....0000....0000....1111 to determine if they are
+ running. Not adding 111122227777....0000....0000....1111 will cause ssssmmmmbbbbdddd and nnnnmmmmbbbbdddd
+ to always show "not running" even if they really are.
+ This can prevent sssswwwwaaaatttt from
+ starting/stopping/restarting ssssmmmmbbbbdddd and nnnnmmmmbbbbdddd.
+
+ Default: bbbbiiiinnnndddd iiiinnnntttteeeerrrrffffaaaacccceeeessss oooonnnnllllyyyy ==== nnnnoooo
+
+ bbbblllloooocccckkkk ssssiiiizzzzeeee ((((SSSS))))
+ This parameter controls the behavior of smbd(8) when
+ reporting disk free sizes. By default, this reports a
+ disk block size of 1024 bytes.
+
+ Changing this parameter may have some effect on the
+ efficiency of client writes, this is not yet confirmed.
+ This parameter was added to allow advanced
+ administrators to change it (usually to a higher value)
+ and test the effect it has on client write performance
+ without re-compiling the code. As this is an
+ experimental option it may be removed in a future
+ release.
+
+ Changing this option does not change the disk free
+ reporting size, just the block size unit reported to
+ the client.
+
+
+
+
+ Page 26 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Default: bbbblllloooocccckkkk ssssiiiizzzzeeee ==== 1111000022224444
+
+ Example: bbbblllloooocccckkkk ssssiiiizzzzeeee ==== 66665555555533336666
+
+ bbbblllloooocccckkkkiiiinnnngggg lllloooocccckkkkssss ((((SSSS))))
+ This parameter controls the behavior of smbd(8) when
+ given a request by a client to obtain a byte range lock
+ on a region of an open file, and the request has a time
+ limit associated with it.
+
+ If this parameter is set and the lock range requested
+ cannot be immediately satisfied, Samba 2.2 will
+ internally queue the lock request, and periodically
+ attempt to obtain the lock until the timeout period
+ expires.
+
+ If this parameter is set to no, then Samba 2.2 will
+ behave as previous versions of Samba would and will
+ fail the lock request immediately if the lock range
+ cannot be obtained.
+
+ Default: bbbblllloooocccckkkkiiiinnnngggg lllloooocccckkkkssss ==== yyyyeeeessss
+
+ bbbbrrrroooowwwwssssaaaabbbblllleeee ((((SSSS))))
+ See the _b_r_o_w_s_e_a_b_l_e.
+
+ bbbbrrrroooowwwwsssseeee lllliiiisssstttt ((((GGGG))))
+ This controls whether ssssmmmmbbbbdddd((((8888)))) will serve a browse list
+ to a client doing a NNNNeeeettttSSSSeeeerrrrvvvveeeerrrrEEEEnnnnuuuummmm call. Normally set to
+ yes. You should never need to change this.
+
+ Default: bbbbrrrroooowwwwsssseeee lllliiiisssstttt ==== yyyyeeeessss
+
+ bbbbrrrroooowwwwsssseeeeaaaabbbblllleeee ((((SSSS))))
+ This controls whether this share is seen in the list of
+ available shares in a net view and in the browse list.
+
+ Default: bbbbrrrroooowwwwsssseeeeaaaabbbblllleeee ==== yyyyeeeessss
+
+ ccccaaaasssseeee sssseeeennnnssssiiiittttiiiivvvveeee ((((SSSS))))
+ See the discussion in the section NAME MANGLING.
+
+ Default: ccccaaaasssseeee sssseeeennnnssssiiiittttiiiivvvveeee ==== nnnnoooo
+
+ ccccaaaasssseeeessssiiiiggggnnnnaaaammmmeeeessss ((((SSSS))))
+ Synonym for case sensitive.
+
+ cccchhhhaaaannnnggggeeee nnnnoooottttiiiiffffyyyy ttttiiiimmmmeeeeoooouuuutttt ((((GGGG))))
+ This SMB allows a client to tell a server to "watch" a
+ particular directory for any changes and only reply to
+ the SMB request when a change has occurred. Such
+ constant scanning of a directory is expensive under
+
+
+
+ Page 27 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ UNIX, hence an ssssmmmmbbbbdddd((((8888)))) daemon only performs such a
+ scan on each requested directory once every _c_h_a_n_g_e
+ _n_o_t_i_f_y _t_i_m_e_o_u_t seconds.
+
+ Default: cccchhhhaaaannnnggggeeee nnnnoooottttiiiiffffyyyy ttttiiiimmmmeeeeoooouuuutttt ==== 66660000
+
+ Example: cccchhhhaaaannnnggggeeee nnnnoooottttiiiiffffyyyy ttttiiiimmmmeeeeoooouuuutttt ==== 333300000000
+
+ Would change the scan time to every 5 minutes.
+
+ cccchhhhaaaannnnggggeeee sssshhhhaaaarrrreeee ccccoooommmmmmmmaaaannnndddd ((((GGGG))))
+ Samba 2.2.0 introduced the ability to dynamically add
+ and delete shares via the Windows NT 4.0 Server
+ Manager. The _c_h_a_n_g_e _s_h_a_r_e _c_o_m_m_a_n_d is used to define an
+ external program or script which will modify an
+ existing service definition in _s_m_b._c_o_n_f. In order to
+ successfully execute the _c_h_a_n_g_e _s_h_a_r_e _c_o_m_m_a_n_d, ssssmmmmbbbbdddd
+ requires that the administrator be connected using a
+ root account (i.e. uid == 0).
+
+ When executed, ssssmmmmbbbbdddd will automatically invoke the
+ _c_h_a_n_g_e _s_h_a_r_e _c_o_m_m_a_n_d with four parameters.
+
+ o+ _c_o_n_f_i_g_F_i_l_e - the location of the global _s_m_b._c_o_n_f
+ file.
+
+ o+ _s_h_a_r_e_N_a_m_e - the name of the new share.
+
+ o+ _p_a_t_h_N_a_m_e - path to an **existing** directory on disk.
+
+ o+ _c_o_m_m_e_n_t - comment string to associate with the new
+ share.
+
+ This parameter is only used modify existing file shares
+ definitions. To modify printer shares, use the "Printers..."
+ folder as seen when browsing the Samba host.
+
+ See also _a_d_d _s_h_a_r_e _c_o_m_m_a_n_d, _d_e_l_e_t_e _s_h_a_r_e _c_o_m_m_a_n_d.
+
+ Default: nnnnoooonnnneeee
+
+ Example: cccchhhhaaaannnnggggeeee sssshhhhaaaarrrreeee ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////llllooooccccaaaallll////bbbbiiiinnnn////aaaaddddddddsssshhhhaaaarrrreeee
+
+ cccchhhhaaaarrrraaaacccctttteeeerrrr sssseeeetttt ((((GGGG))))
+ This allows smbd to map incoming filenames from a DOS
+ Code page (see the client code page parameter) to
+ several built in UNIX character sets. The built in code
+ page translations are:
+
+ o+ ISO8859-1 : Western European UNIX character set. The
+ parameter _c_l_i_e_n_t _c_o_d_e _p_a_g_e MMMMUUUUSSSSTTTT be set to code page
+ 850 if the _c_h_a_r_a_c_t_e_r _s_e_t parameter is set to
+
+
+
+ Page 28 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ ISO8859-1 in order for the conversion to the UNIX
+ character set to be done correctly.
+
+ o+ ISO8859-2 : Eastern European UNIX character set. The
+ parameter _c_l_i_e_n_t _c_o_d_e _p_a_g_e MMMMUUUUSSSSTTTT be set to code page
+ 852 if the _c_h_a_r_a_c_t_e_r _s_e_t parameter is set to
+ ISO8859-2 in order for the conversion to the UNIX
+ character set to be done correctly.
+
+ o+ ISO8859-5 : Russian Cyrillic UNIX character set. The
+ parameter _c_l_i_e_n_t _c_o_d_e _p_a_g_e MMMMUUUUSSSSTTTT be set to code page
+ 866 if the _c_h_a_r_a_c_t_e_r _s_e_t parameter is set to
+ ISO8859-5 in order for the conversion to the UNIX
+ character set to be done correctly.
+
+ o+ ISO8859-7 : Greek UNIX character set. The parameter
+ _c_l_i_e_n_t _c_o_d_e _p_a_g_e MMMMUUUUSSSSTTTT be set to code page 737 if the
+ _c_h_a_r_a_c_t_e_r _s_e_t parameter is set to ISO8859-7 in order
+ for the conversion to the UNIX character set to be
+ done correctly.
+
+ o+ KOI8-R : Alternate mapping for Russian Cyrillic UNIX
+ character set. The parameter _c_l_i_e_n_t _c_o_d_e _p_a_g_e MMMMUUUUSSSSTTTT be
+ set to code page 866 if the _c_h_a_r_a_c_t_e_r _s_e_t parameter
+ is set to KOI8-R in order for the conversion to the
+ UNIX character set to be done correctly.
+
+ BBBBUUUUGGGG. These MSDOS code page to UNIX character set mappings
+ should be dynamic, like the loading of MS DOS code pages,
+ not static.
+
+ Normally this parameter is not set, meaning no filename
+ translation is done.
+
+ Default: cccchhhhaaaarrrraaaacccctttteeeerrrr sssseeeetttt ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ Example: cccchhhhaaaarrrraaaacccctttteeeerrrr sssseeeetttt ==== IIIISSSSOOOO8888888855559999----1111
+
+ cccclllliiiieeeennnntttt ccccooooddddeeee ppppaaaaggggeeee ((((GGGG))))
+ This parameter specifies the DOS code page that the
+ clients accessing Samba are using. To determine what
+ code page a Windows or DOS client is using, open a DOS
+ command prompt and type the command cccchhhhccccpppp. This will
+ output the code page. The default for USA MS-DOS,
+ Windows 95, and Windows NT releases is code page 437.
+ The default for western European releases of the above
+ operating systems is code page 850.
+
+ This parameter tells smbd(8) which of the _c_o_d_e_p_a_g_e._X_X_X
+ files to dynamically load on startup. These files,
+ described more fully in the manual page
+ mmmmaaaakkkkeeee____ssssmmmmbbbbccccooooddddeeeeppppaaaaggggeeee((((1111)))) tell ssssmmmmbbbbdddd how to map lower to
+
+
+
+ Page 29 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ upper case characters to provide the case insensitivity
+ of filenames that Windows clients expect.
+
+ Samba currently ships with the following code page
+ files :
+
+ o+ Code Page 437 - MS-DOS Latin US
+
+ o+ Code Page 737 - Windows '95 Greek
+
+ o+ Code Page 850 - MS-DOS Latin 1
+
+ o+ Code Page 852 - MS-DOS Latin 2
+
+ o+ Code Page 861 - MS-DOS Icelandic
+
+ o+ Code Page 866 - MS-DOS Cyrillic
+
+ o+ Code Page 932 - MS-DOS Japanese SJIS
+
+ o+ Code Page 936 - MS-DOS Simplified Chinese
+
+ o+ Code Page 949 - MS-DOS Korean Hangul
+
+ o+ Code Page 950 - MS-DOS Traditional Chinese
+
+ Thus this parameter may have any of the values 437, 737,
+ 850, 852, 861, 932, 936, 949, or 950. If you don't find the
+ codepage you need, read the comments in one of the other
+ codepage files and the mmmmaaaakkkkeeee____ssssmmmmbbbbccccooooddddeeeeppppaaaaggggeeee((((1111)))) man page and
+ write one. Please remember to donate it back to the Samba
+ user community.
+
+ This parameter co-operates with the _v_a_l_i_d _c_h_a_r_s parameter in
+ determining what characters are valid in filenames and how
+ capitalization is done. If you set both this parameter and
+ the _v_a_l_i_d _c_h_a_r_s parameter the _c_l_i_e_n_t _c_o_d_e _p_a_g_e parameter
+ MMMMUUUUSSSSTTTT be set before the _v_a_l_i_d _c_h_a_r_s parameter in the _s_m_b._c_o_n_f
+ file. The _v_a_l_i_d _c_h_a_r_s string will then augment the character
+ settings in the _c_l_i_e_n_t _c_o_d_e _p_a_g_e parameter.
+
+ If not set, _c_l_i_e_n_t _c_o_d_e _p_a_g_e defaults to 850.
+
+ See also : _v_a_l_i_d _c_h_a_r_s, _c_o_d_e _p_a_g_e _d_i_r_e_c_t_o_r_y
+
+ Default: cccclllliiiieeeennnntttt ccccooooddddeeee ppppaaaaggggeeee ==== 888855550000
+
+ Example: cccclllliiiieeeennnntttt ccccooooddddeeee ppppaaaaggggeeee ==== 999933336666
+
+ ccccooooddddeeee ppppaaaaggggeeee ddddiiiirrrreeeeccccttttoooorrrryyyy ((((GGGG))))
+ Define the location of the various client code page
+ files.
+
+
+
+ Page 30 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ See also _c_l_i_e_n_t _c_o_d_e _p_a_g_e
+
+ Default: ccccooooddddeeee ppppaaaaggggeeee ddddiiiirrrreeeeccccttttoooorrrryyyy ==== $$$${{{{pppprrrreeeeffffiiiixxxx}}}}////lllliiiibbbb////ccccooooddddeeeeppppaaaaggggeeeessss
+
+ Example: ccccooooddddeeee ppppaaaaggggeeee ddddiiiirrrreeeeccccttttoooorrrryyyy ====
+ ////uuuussssrrrr////sssshhhhaaaarrrreeee////ssssaaaammmmbbbbaaaa////ccccooooddddeeeeppppaaaaggggeeeessss
+
+ ccccooooddddiiiinnnngggg ssssyyyysssstttteeeemmmm ((((GGGG))))
+ This parameter is used to determine how incoming
+ Shift-JIS Japanese characters are mapped from the
+ incoming _c_l_i_e_n_t _c_o_d_e _p_a_g_e used by the client, into file
+ names in the UNIX filesystem. Only useful if _c_l_i_e_n_t
+ _c_o_d_e _p_a_g_e is set to 932 (Japanese Shift-JIS). The
+ options are :
+
+ o+ SJIS - Shift-JIS. Does no conversion of the incoming
+ filename.
+
+ o+ JIS8, J8BB, J8BH, J8@B, J8@J, J8@H - Convert from
+ incoming Shift-JIS to eight bit JIS code with
+ different shift-in, shift out codes.
+
+ o+ JIS7, J7BB, J7BH, J7@B, J7@J, J7@H - Convert from
+ incoming Shift-JIS to seven bit JIS code with
+ different shift-in, shift out codes.
+
+ o+ JUNET, JUBB, JUBH, JU@B, JU@J, JU@H - Convert from
+ incoming Shift-JIS to JUNET code with different
+ shift-in, shift out codes.
+
+ o+ EUC - Convert an incoming Shift-JIS character to EUC
+ code.
+
+ o+ HEX - Convert an incoming Shift-JIS character to a 3
+ byte hex representation, i.e. :AB.
+
+ o+ CAP - Convert an incoming Shift-JIS character to the
+ 3 byte hex representation used by the Columbia
+ AppleTalk Program (CAP), i.e. :AB. This is used for
+ compatibility between Samba and CAP.
+
+ Default: ccccooooddddiiiinnnngggg ssssyyyysssstttteeeemmmm ==== <<<<eeeemmmmppppttttyyyy vvvvaaaalllluuuueeee>>>>
+
+ ccccoooommmmmmmmeeeennnntttt ((((SSSS))))
+ This is a text field that is seen next to a share when
+ a client does a queries the server, either via the
+ network neighborhood or via nnnneeeetttt vvvviiiieeeewwww to list what
+ shares are available.
+
+ If you want to set the string that is displayed next to
+ the machine name then see the _s_e_r_v_e_r _s_t_r_i_n_g parameter.
+
+
+
+
+ Page 31 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Default: NNNNoooo ccccoooommmmmmmmeeeennnntttt ssssttttrrrriiiinnnngggg
+
+ Example: ccccoooommmmmmmmeeeennnntttt ==== FFFFrrrreeeedddd''''ssss FFFFiiiilllleeeessss
+
+ ccccoooonnnnffffiiiigggg ffffiiiilllleeee ((((GGGG))))
+ This allows you to override the config file to use,
+ instead of the default (usually _s_m_b._c_o_n_f). There is a
+ chicken and egg problem here as this option is set in
+ the config file!
+
+ For this reason, if the name of the config file has
+ changed when the parameters are loaded then it will
+ reload them from the new config file.
+
+ This option takes the usual substitutions, which can be
+ very useful.
+
+ If the config file doesn't exist then it won't be
+ loaded (allowing you to special case the config files
+ of just a few clients).
+
+ Example: ccccoooonnnnffffiiiigggg ffffiiiilllleeee ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////lllliiiibbbb////ssssmmmmbbbb....ccccoooonnnnffff....%%%%mmmm
+
+ ccccooooppppyyyy ((((SSSS))))
+ This parameter allows you to "clone" service entries.
+ The specified service is simply duplicated under the
+ current service's name. Any parameters specified in the
+ current section will override those in the section
+ being copied.
+
+ This feature lets you set up a 'template' service and
+ create similar services easily. Note that the service
+ being copied must occur earlier in the configuration
+ file than the service doing the copying.
+
+ Default: nnnnoooo vvvvaaaalllluuuueeee
+
+ Example: ccccooooppppyyyy ==== ooootttthhhheeeerrrrsssseeeerrrrvvvviiiicccceeee
+
+ ccccrrrreeeeaaaatttteeee mmmmaaaasssskkkk ((((SSSS))))
+ A synonym for this parameter is _c_r_e_a_t_e _m_o_d_e .
+
+ When a file is created, the necessary permissions are
+ calculated according to the mapping from DOS modes to
+ UNIX permissions, and the resulting UNIX mode is then
+ bit-wise 'AND'ed with this parameter. This parameter
+ may be thought of as a bit-wise MASK for the UNIX modes
+ of a file. Any bit nnnnooootttt set here will be removed from
+ the modes set on a file when it is created.
+
+ The default value of this parameter removes the 'group'
+ and 'other' write and execute bits from the UNIX modes.
+
+
+
+ Page 32 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Following this Samba will bit-wise 'OR' the UNIX mode
+ created from this parameter with the value of the _f_o_r_c_e
+ _c_r_e_a_t_e _m_o_d_e parameter which is set to 000 by default.
+
+ This parameter does not affect directory modes. See the
+ parameter _d_i_r_e_c_t_o_r_y _m_o_d_e for details.
+
+ See also the _f_o_r_c_e _c_r_e_a_t_e _m_o_d_e parameter for forcing
+ particular mode bits to be set on created files. See
+ also the _d_i_r_e_c_t_o_r_y _m_o_d_e parameter for masking mode
+ bits on created directories. See also the _i_n_h_e_r_i_t
+ _p_e_r_m_i_s_s_i_o_n_s parameter.
+
+ Note that this parameter does not apply to permissions
+ set by Windows NT/2000 ACL editors. If the
+ administrator wishes to enforce a mask on access
+ control lists also, they need to set the _s_e_c_u_r_i_t_y _m_a_s_k.
+
+ Default: ccccrrrreeeeaaaatttteeee mmmmaaaasssskkkk ==== 0000777744444444
+
+ Example: ccccrrrreeeeaaaatttteeee mmmmaaaasssskkkk ==== 0000777777775555
+
+ ccccrrrreeeeaaaatttteeee mmmmooooddddeeee ((((SSSS))))
+ This is a synonym for _c_r_e_a_t_e _m_a_s_k.
+
+ ccccsssscccc ppppoooolllliiiiccccyyyy ((((SSSS))))
+ This stands for cccclllliiiieeeennnntttt----ssssiiiiddddeeee ccccaaaacccchhhhiiiinnnngggg ppppoooolllliiiiccccyyyy, and
+ specifies how clients capable of offline caching will
+ cache the files in the share. The valid values are:
+ manual, documents, programs, disable.
+
+ These values correspond to those used on Windows
+ servers.
+
+ For example, shares containing roaming profiles can
+ have offline caching disabled using ccccsssscccc ppppoooolllliiiiccccyyyy ====
+ ddddiiiissssaaaabbbblllleeee .
+
+ Default: ccccsssscccc ppppoooolllliiiiccccyyyy ==== mmmmaaaannnnuuuuaaaallll
+
+ Example: ccccsssscccc ppppoooolllliiiiccccyyyy ==== pppprrrrooooggggrrrraaaammmmssss
+
+ ddddeeeeaaaaddddttttiiiimmmmeeee ((((GGGG))))
+ The value of the parameter (a decimal integer)
+ represents the number of minutes of inactivity before a
+ connection is considered dead, and it is disconnected.
+ The deadtime only takes effect if the number of open
+ files is zero.
+
+ This is useful to stop a server's resources being
+ exhausted by a large number of inactive connections.
+
+
+
+
+ Page 33 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Most clients have an auto-reconnect feature when a
+ connection is broken so in most cases this parameter
+ should be transparent to users.
+
+ Using this parameter with a timeout of a few minutes is
+ recommended for most systems.
+
+ A deadtime of zero indicates that no auto-disconnection
+ should be performed.
+
+ Default: ddddeeeeaaaaddddttttiiiimmmmeeee ==== 0000
+
+ Example: ddddeeeeaaaaddddttttiiiimmmmeeee ==== 11115555
+
+ ddddeeeebbbbuuuugggg hhhhiiiirrrreeeessss ttttiiiimmmmeeeessssttttaaaammmmpppp ((((GGGG))))
+ Sometimes the timestamps in the log messages are needed
+ with a resolution of higher that seconds, this boolean
+ parameter adds microsecond resolution to the timestamp
+ message header when turned on.
+
+ Note that the parameter _d_e_b_u_g _t_i_m_e_s_t_a_m_p must be on for
+ this to have an effect.
+
+ Default: ddddeeeebbbbuuuugggg hhhhiiiirrrreeeessss ttttiiiimmmmeeeessssttttaaaammmmpppp ==== nnnnoooo
+
+ ddddeeeebbbbuuuugggg ppppiiiidddd ((((GGGG))))
+ When using only one log file for more then one forked
+ smbdprocess there may be hard to follow which process
+ outputs which message. This boolean parameter is adds
+ the process-id to the timestamp message headers in the
+ logfile when turned on.
+
+ Note that the parameter _d_e_b_u_g _t_i_m_e_s_t_a_m_p must be on for
+ this to have an effect.
+
+ Default: ddddeeeebbbbuuuugggg ppppiiiidddd ==== nnnnoooo
+
+ ddddeeeebbbbuuuugggg ttttiiiimmmmeeeessssttttaaaammmmpppp ((((GGGG))))
+ Samba 2.2 debug log messages are timestamped by
+ default. If you are running at a high _d_e_b_u_g _l_e_v_e_l
+ these timestamps can be distracting. This boolean
+ parameter allows timestamping to be turned off.
+
+ Default: ddddeeeebbbbuuuugggg ttttiiiimmmmeeeessssttttaaaammmmpppp ==== yyyyeeeessss
+
+ ddddeeeebbbbuuuugggg uuuuiiiidddd ((((GGGG))))
+ Samba is sometimes run as root and sometime run as the
+ connected user, this boolean parameter inserts the
+ current euid, egid, uid and gid to the timestamp
+ message headers in the log file if turned on.
+
+ Note that the parameter _d_e_b_u_g _t_i_m_e_s_t_a_m_p must be on for
+
+
+
+ Page 34 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ this to have an effect.
+
+ Default: ddddeeeebbbbuuuugggg uuuuiiiidddd ==== nnnnoooo
+
+ ddddeeeebbbbuuuugggglllleeeevvvveeeellll ((((GGGG))))
+ Synonym for _l_o_g _l_e_v_e_l.
+
+ ddddeeeeffffaaaauuuulllltttt ((((GGGG))))
+ A synonym for _d_e_f_a_u_l_t _s_e_r_v_i_c_e.
+
+ ddddeeeeffffaaaauuuulllltttt ccccaaaasssseeee ((((SSSS))))
+ See the section on NAME MANGLING. Also note the _s_h_o_r_t
+ _p_r_e_s_e_r_v_e _c_a_s_e parameter.
+
+ Default: ddddeeeeffffaaaauuuulllltttt ccccaaaasssseeee ==== lllloooowwwweeeerrrr
+
+ ddddeeeeffffaaaauuuulllltttt ddddeeeevvvvmmmmooooddddeeee ((((SSSS))))
+ This parameter is only applicable to printable
+ services. When smbd is serving Printer Drivers to
+ Windows NT/2k/XP clients, each printer on the Samba
+ server has a Device Mode which defines things such as
+ paper size and orientation and duplex settings. The
+ device mode can only correctly be generated by the
+ printer driver itself (which can only be executed on a
+ Win32 platform). Because smbd is unable to execute the
+ driver code to generate the device mode, the default
+ behavior is to set this field to NULL.
+
+ Most problems with serving printer drivers to Windows
+ NT/2k/XP clients can be traced to a problem with the
+ generated device mode. Certain drivers will do things
+ such as crashing the client's Explorer.exe with a NULL
+ devmode. However, other printer drivers can cause the
+ client's spooler service (spoolsv.exe) to die if the
+ devmode was not created by the driver itself (i.e. smbd
+ generates a default devmode).
+
+ This parameter should be used with care and tested with
+ the printer driver in question. It is better to leave
+ the device mode to NULL and let the Windows client set
+ the correct values. Because drivers do not do this all
+ the time, setting ddddeeeeffffaaaauuuulllltttt ddddeeeevvvvmmmmooooddddeeee ==== yyyyeeeessss will instruct
+ smbd to generate a default one.
+
+ For more information on Windows NT/2k printing and
+ Device Modes, see the MSDN documentation
+ <URL:http://msdn.microsoft.com/>.
+
+ Default: ddddeeeeffffaaaauuuulllltttt ddddeeeevvvvmmmmooooddddeeee ==== nnnnoooo
+
+ ddddeeeeffffaaaauuuulllltttt sssseeeerrrrvvvviiiicccceeee ((((GGGG))))
+ This parameter specifies the name of a service which
+
+
+
+ Page 35 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ will be connected to if the service actually requested
+ cannot be found. Note that the square brackets are NNNNOOOOTTTT
+ given in the parameter value (see example below).
+
+ There is no default value for this parameter. If this
+ parameter is not given, attempting to connect to a
+ nonexistent service results in an error.
+
+ Typically the default service would be a _g_u_e_s_t _o_k,
+ _r_e_a_d-_o_n_l_y service.
+
+ Also note that the apparent service name will be
+ changed to equal that of the requested service, this is
+ very useful as it allows you to use macros like %_S to
+ make a wildcard service.
+
+ Note also that any "_" characters in the name of the
+ service used in the default service will get mapped to
+ a "/". This allows for interesting things.
+
+ Example:
+
+
+ [global]
+ default service = pub
+
+ [pub]
+ path = /%S
+
+
+
+ ddddeeeelllleeeetttteeee pppprrrriiiinnnntttteeeerrrr ccccoooommmmmmmmaaaannnndddd ((((GGGG))))
+ With the introduction of MS-RPC based printer support
+ for Windows NT/2000 clients in Samba 2.2, it is now
+ possible to delete printer at run time by issuing the
+ DeletePrinter() RPC call.
+
+ For a Samba host this means that the printer must be
+ physically deleted from underlying printing system. The
+ _d_e_l_e_t_e_p_r_i_n_t_e_r _c_o_m_m_a_n_d defines a script to be run which
+ will perform the necessary operations for removing the
+ printer from the print system and from _s_m_b._c_o_n_f.
+
+ The _d_e_l_e_t_e _p_r_i_n_t_e_r _c_o_m_m_a_n_d is automatically called with
+ only one parameter: "_p_r_i_n_t_e_r _n_a_m_e".
+
+ Once the _d_e_l_e_t_e _p_r_i_n_t_e_r _c_o_m_m_a_n_d has been executed, ssssmmmmbbbbdddd
+ will reparse the _s_m_b._c_o_n_f to associated printer no
+ longer exists. If the sharename is still valid, then
+ ssssmmmmbbbbdddd will return an ACCESS_DENIED error to the client.
+
+ See also _a_d_d _p_r_i_n_t_e_r _c_o_m_m_a_n_d, _p_r_i_n_t_i_n_g, _s_h_o_w _a_d_d
+
+
+
+ Page 36 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ _p_r_i_n_t_e_r _w_i_z_a_r_d
+
+ Default: nnnnoooonnnneeee
+
+ Example: ddddeeeelllleeeetttteeeepppprrrriiiinnnntttteeeerrrr ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////rrrreeeemmmmoooovvvveeeepppprrrriiiinnnntttteeeerrrr
+
+ ddddeeeelllleeeetttteeee rrrreeeeaaaaddddoooonnnnllllyyyy ((((SSSS))))
+ This parameter allows readonly files to be deleted.
+ This is not normal DOS semantics, but is allowed by
+ UNIX.
+
+ This option may be useful for running applications such
+ as rcs, where UNIX file ownership prevents changing
+ file permissions, and DOS semantics prevent deletion of
+ a read only file.
+
+ Default: ddddeeeelllleeeetttteeee rrrreeeeaaaaddddoooonnnnllllyyyy ==== nnnnoooo
+
+ ddddeeeelllleeeetttteeee sssshhhhaaaarrrreeee ccccoooommmmmmmmaaaannnndddd ((((GGGG))))
+ Samba 2.2.0 introduced the ability to dynamically add
+ and delete shares via the Windows NT 4.0 Server
+ Manager. The _d_e_l_e_t_e _s_h_a_r_e _c_o_m_m_a_n_d is used to define an
+ external program or script which will remove an
+ existing service definition from _s_m_b._c_o_n_f. In order to
+ successfully execute the _d_e_l_e_t_e _s_h_a_r_e _c_o_m_m_a_n_d, ssssmmmmbbbbdddd
+ requires that the administrator be connected using a
+ root account (i.e. uid == 0).
+
+ When executed, ssssmmmmbbbbdddd will automatically invoke the
+ _d_e_l_e_t_e _s_h_a_r_e _c_o_m_m_a_n_d with two parameters.
+
+ o+ _c_o_n_f_i_g_F_i_l_e - the location of the global _s_m_b._c_o_n_f
+ file.
+
+ o+ _s_h_a_r_e_N_a_m_e - the name of the existing service.
+
+ This parameter is only used to remove file shares. To delete
+ printer shares, see the _d_e_l_e_t_e _p_r_i_n_t_e_r _c_o_m_m_a_n_d.
+
+ See also _a_d_d _s_h_a_r_e _c_o_m_m_a_n_d, _c_h_a_n_g_e _s_h_a_r_e _c_o_m_m_a_n_d.
+
+ Default: nnnnoooonnnneeee
+
+ Example: ddddeeeelllleeeetttteeee sssshhhhaaaarrrreeee ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////llllooooccccaaaallll////bbbbiiiinnnn////ddddeeeellllsssshhhhaaaarrrreeee
+
+ ddddeeeelllleeeetttteeee uuuusssseeeerrrr ssssccccrrrriiiipppptttt ((((GGGG))))
+ This is the full pathname to a script that will be run
+ AAAASSSS RRRROOOOOOOOTTTT by ssssmmmmbbbbdddd((((8888)))) under special circumstances
+ described below.
+
+ Normally, a Samba server requires that UNIX users are
+ created for all users accessing files on this server.
+
+
+
+ Page 37 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ For sites that use Windows NT account databases as
+ their primary user database creating these users and
+ keeping the user list in sync with the Windows NT PDC
+ is an onerous task. This option allows ssssmmmmbbbbdddd to delete
+ the required UNIX users OOOONNNN DDDDEEEEMMMMAAAANNNNDDDD when a user accesses
+ the Samba server and the Windows NT user no longer
+ exists.
+
+ In order to use this option, ssssmmmmbbbbdddd must be set to
+ _s_e_c_u_r_i_t_y = _d_o_m_a_i_n or _s_e_c_u_r_i_t_y = _u_s_e_r and _d_e_l_e_t_e _u_s_e_r
+ _s_c_r_i_p_t must be set to a full pathname for a script that
+ will delete a UNIX user given one argument of %_u, which
+ expands into the UNIX user name to delete.
+
+ When the Windows user attempts to access the Samba
+ server, at llllooooggggiiiinnnn (session setup in the SMB protocol)
+ time, ssssmmmmbbbbdddd contacts the _p_a_s_s_w_o_r_d _s_e_r_v_e_r and attempts
+ to authenticate the given user with the given password.
+ If the authentication fails with the specific Domain
+ error code meaning that the user no longer exists then
+ ssssmmmmbbbbdddd attempts to find a UNIX user in the UNIX password
+ database that matches the Windows user account. If this
+ lookup succeeds, and _d_e_l_e_t_e _u_s_e_r _s_c_r_i_p_t is set then
+ ssssmmmmbbbbdddd will all the specified script AAAASSSS RRRROOOOOOOOTTTT, expanding
+ any %_u argument to be the user name to delete.
+
+ This script should delete the given UNIX username. In
+ this way, UNIX users are dynamically deleted to match
+ existing Windows NT accounts.
+
+ See also security = domain, _p_a_s_s_w_o_r_d _s_e_r_v_e_r , _a_d_d _u_s_e_r
+ _s_c_r_i_p_t .
+
+ Default: ddddeeeelllleeeetttteeee uuuusssseeeerrrr ssssccccrrrriiiipppptttt ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ Example: ddddeeeelllleeeetttteeee uuuusssseeeerrrr ssssccccrrrriiiipppptttt ====
+ ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////bbbbiiiinnnn////ddddeeeellll____uuuusssseeeerrrr %%%%uuuu
+
+ ddddeeeelllleeeetttteeee vvvveeeettttoooo ffffiiiilllleeeessss ((((SSSS))))
+ This option is used when Samba is attempting to delete
+ a directory that contains one or more vetoed
+ directories (see the _v_e_t_o _f_i_l_e_s option). If this option
+ is set to no (the default) then if a vetoed directory
+ contains any non-vetoed files or directories then the
+ directory delete will fail. This is usually what you
+ want.
+
+ If this option is set to yes, then Samba will attempt
+ to recursively delete any files and directories within
+ the vetoed directory. This can be useful for
+ integration with file serving systems such as NetAtalk
+ which create meta-files within directories you might
+
+
+
+ Page 38 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ normally veto DOS/Windows users from seeing (e.g.
+ ._A_p_p_l_e_D_o_u_b_l_e)
+
+ Setting ddddeeeelllleeeetttteeee vvvveeeettttoooo ffffiiiilllleeeessss ==== yyyyeeeessss allows these
+ directories to be transparently deleted when the parent
+ directory is deleted (so long as the user has
+ permissions to do so).
+
+ See also the _v_e_t_o _f_i_l_e_s parameter.
+
+ Default: ddddeeeelllleeeetttteeee vvvveeeettttoooo ffffiiiilllleeeessss ==== nnnnoooo
+
+ ddddeeeennnnyyyy hhhhoooossssttttssss ((((SSSS))))
+ Synonym for _h_o_s_t_s _d_e_n_y.
+
+ ddddffffrrrreeeeeeee ccccoooommmmmmmmaaaannnndddd ((((GGGG))))
+ The _d_f_r_e_e _c_o_m_m_a_n_d setting should only be used on
+ systems where a problem occurs with the internal disk
+ space calculations. This has been known to happen with
+ Ultrix, but may occur with other operating systems. The
+ symptom that was seen was an error of "Abort Retry
+ Ignore" at the end of each directory listing.
+
+ This setting allows the replacement of the internal
+ routines to calculate the total disk space and amount
+ available with an external routine. The example below
+ gives a possible script that might fulfill this
+ function.
+
+ The external program will be passed a single parameter
+ indicating a directory in the filesystem being queried.
+ This will typically consist of the string ./. The
+ script should return two integers in ASCII. The first
+ should be the total disk space in blocks, and the
+ second should be the number of available blocks. An
+ optional third return value can give the block size in
+ bytes. The default blocksize is 1024 bytes.
+
+ Note: Your script should NNNNOOOOTTTT be setuid or setgid and
+ should be owned by (and writeable only by) root!
+
+ Default: BBBByyyy ddddeeeeffffaaaauuuulllltttt iiiinnnntttteeeerrrrnnnnaaaallll rrrroooouuuuttttiiiinnnneeeessss ffffoooorrrr ddddeeeetttteeeerrrrmmmmiiiinnnniiiinnnngggg
+ tttthhhheeee ddddiiiisssskkkk ccccaaaappppaaaacccciiiittttyyyy aaaannnndddd rrrreeeemmmmaaaaiiiinnnniiiinnnngggg ssssppppaaaacccceeee wwwwiiiillllllll bbbbeeee uuuusssseeeedddd....
+
+ Example: ddddffffrrrreeeeeeee ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////bbbbiiiinnnn////ddddffffrrrreeeeeeee
+
+ Where the script dfree (which must be made executable)
+ could be:
+
+
+
+ #!/bin/sh
+
+
+
+ Page 39 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ df $1 | tail -1 | awk '{print $2" "$4}'
+
+
+
+ or perhaps (on Sys V based systems):
+
+
+
+ #!/bin/sh
+ /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
+
+
+
+ Note that you may have to replace the command names
+ with full path names on some systems.
+
+ ddddiiiirrrreeeeccccttttoooorrrryyyy ((((SSSS))))
+ Synonym for _p_a_t_h .
+
+ ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmaaaasssskkkk ((((SSSS))))
+ This parameter is the octal modes which are used when
+ converting DOS modes to UNIX modes when creating UNIX
+ directories.
+
+ When a directory is created, the necessary permissions
+ are calculated according to the mapping from DOS modes
+ to UNIX permissions, and the resulting UNIX mode is
+ then bit-wise 'AND'ed with this parameter. This
+ parameter may be thought of as a bit-wise MASK for the
+ UNIX modes of a directory. Any bit nnnnooootttt set here will be
+ removed from the modes set on a directory when it is
+ created.
+
+ The default value of this parameter removes the 'group'
+ and 'other' write bits from the UNIX mode, allowing
+ only the user who owns the directory to modify it.
+
+ Following this Samba will bit-wise 'OR' the UNIX mode
+ created from this parameter with the value of the _f_o_r_c_e
+ _d_i_r_e_c_t_o_r_y _m_o_d_e parameter. This parameter is set to 000
+ by default (i.e. no extra mode bits are added).
+
+ Note that this parameter does not apply to permissions
+ set by Windows NT/2000 ACL editors. If the
+ administrator wishes to enforce a mask on access
+ control lists also, they need to set the _d_i_r_e_c_t_o_r_y
+ _s_e_c_u_r_i_t_y _m_a_s_k.
+
+ See the _f_o_r_c_e _d_i_r_e_c_t_o_r_y _m_o_d_e parameter to cause
+ particular mode bits to always be set on created
+ directories.
+
+
+
+
+ Page 40 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ See also the _c_r_e_a_t_e _m_o_d_e parameter for masking mode
+ bits on created files, and the _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_a_s_k
+ parameter.
+
+ Also refer to the _i_n_h_e_r_i_t _p_e_r_m_i_s_s_i_o_n_s parameter.
+
+ Default: ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmaaaasssskkkk ==== 0000777755555555
+
+ Example: ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmaaaasssskkkk ==== 0000777777775555
+
+ ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmooooddddeeee ((((SSSS))))
+ Synonym for _d_i_r_e_c_t_o_r_y _m_a_s_k
+
+ ddddiiiirrrreeeeccccttttoooorrrryyyy sssseeeeccccuuuurrrriiiittttyyyy mmmmaaaasssskkkk ((((SSSS))))
+ This parameter controls what UNIX permission bits can
+ be modified when a Windows NT client is manipulating
+ the UNIX permission on a directory using the native NT
+ security dialog box.
+
+ This parameter is applied as a mask (AND'ed with) to
+ the changed permission bits, thus preventing any bits
+ not in this mask from being modified. Essentially, zero
+ bits in this mask may be treated as a set of bits the
+ user is not allowed to change.
+
+ If not set explicitly this parameter is set to 0777
+ meaning a user is allowed to modify all the
+ user/group/world permissions on a directory.
+
+ NNNNooootttteeee that users who can access the Samba server through
+ other means can easily bypass this restriction, so it
+ is primarily useful for standalone "appliance" systems.
+ Administrators of most normal systems will probably
+ want to leave it as the default of 0777.
+
+ See also the _f_o_r_c_e _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_o_d_e, _s_e_c_u_r_i_t_y
+ _m_a_s_k, _f_o_r_c_e _s_e_c_u_r_i_t_y _m_o_d_e parameters.
+
+ Default: ddddiiiirrrreeeeccccttttoooorrrryyyy sssseeeeccccuuuurrrriiiittttyyyy mmmmaaaasssskkkk ==== 0000777777777777
+
+ Example: ddddiiiirrrreeeeccccttttoooorrrryyyy sssseeeeccccuuuurrrriiiittttyyyy mmmmaaaasssskkkk ==== 0000777700000000
+
+ ddddiiiissssaaaabbbblllleeee ssssppppoooooooollllssssssss ((((GGGG))))
+ Enabling this parameter will disables Samba's support
+ for the SPOOLSS set of MS-RPC's and will yield
+ identical behavior as Samba 2.0.x. Windows NT/2000
+ clients will downgrade to using Lanman style printing
+ commands. Windows 9x/ME will be uneffected by the
+ parameter. However, this will also disable the ability
+ to upload printer drivers to a Samba server via the
+ Windows NT Add Printer Wizard or by using the NT
+ printer properties dialog window. It will also disable
+
+
+
+ Page 41 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ the capability of Windows NT/2000 clients to download
+ print drivers from the Samba host upon demand. BBBBeeee vvvveeeerrrryyyy
+ ccccaaaarrrreeeeffffuuuullll aaaabbbboooouuuutttt eeeennnnaaaabbbblllliiiinnnngggg tttthhhhiiiissss ppppaaaarrrraaaammmmeeeetttteeeerrrr....
+
+ See also use client driver
+
+ Default : ddddiiiissssaaaabbbblllleeee ssssppppoooooooollllssssssss ==== nnnnoooo
+
+ ddddnnnnssss pppprrrrooooxxxxyyyy ((((GGGG))))
+ Specifies that nmbd(8) when acting as a WINS server and
+ finding that a NetBIOS name has not been registered,
+ should treat the NetBIOS name word-for-word as a DNS
+ name and do a lookup with the DNS server for that name
+ on behalf of the name-querying client.
+
+ Note that the maximum length for a NetBIOS name is 15
+ characters, so the DNS name (or DNS alias) can likewise
+ only be 15 characters, maximum.
+
+ nnnnmmmmbbbbdddd spawns a second copy of itself to do the DNS name
+ lookup requests, as doing a name lookup is a blocking
+ action.
+
+ See also the parameter _w_i_n_s _s_u_p_p_o_r_t.
+
+ Default: ddddnnnnssss pppprrrrooooxxxxyyyy ==== yyyyeeeessss
+
+ ddddoooommmmaaaaiiiinnnn aaaaddddmmmmiiiinnnn ggggrrrroooouuuupppp ((((GGGG))))
+ This parameter is intended as a temporary solution to
+ enable users to be a member of the "Domain Admins"
+ group when a Samba host is acting as a PDC. A complete
+ solution will be provided by a system for mapping
+ Windows NT/2000 groups onto UNIX groups. Please note
+ that this parameter has a somewhat confusing name. It
+ accepts a list of usernames and of group names in
+ standard _s_m_b._c_o_n_f notation.
+
+ See also _d_o_m_a_i_n _g_u_e_s_t _g_r_o_u_p, _d_o_m_a_i_n _l_o_g_o_n_s
+
+ Default: nnnnoooo ddddoooommmmaaaaiiiinnnn aaaaddddmmmmiiiinnnniiiissssttttrrrraaaattttoooorrrrssss
+
+ Example: ddddoooommmmaaaaiiiinnnn aaaaddddmmmmiiiinnnn ggggrrrroooouuuupppp ==== rrrrooooooootttt @@@@wwwwhhhheeeeeeeellll
+
+ ddddoooommmmaaaaiiiinnnn gggguuuueeeesssstttt ggggrrrroooouuuupppp ((((GGGG))))
+ This parameter is intended as a temporary solution to
+ enable users to be a member of the "Domain Guests"
+ group when a Samba host is acting as a PDC. A complete
+ solution will be provided by a system for mapping
+ Windows NT/2000 groups onto UNIX groups. Please note
+ that this parameter has a somewhat confusing name. It
+ accepts a list of usernames and of group names in
+ standard _s_m_b._c_o_n_f notation.
+
+
+
+ Page 42 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ See also _d_o_m_a_i_n _a_d_m_i_n _g_r_o_u_p, _d_o_m_a_i_n _l_o_g_o_n_s
+
+ Default: nnnnoooo ddddoooommmmaaaaiiiinnnn gggguuuueeeessssttttssss
+
+ Example: ddddoooommmmaaaaiiiinnnn gggguuuueeeesssstttt ggggrrrroooouuuupppp ==== nnnnoooobbbbooooddddyyyy @@@@gggguuuueeeesssstttt
+
+ ddddoooommmmaaaaiiiinnnn llllooooggggoooonnnnssss ((((GGGG))))
+ If set to yes, the Samba server will serve Windows
+ 95/98 Domain logons for the _w_o_r_k_g_r_o_u_p it is in. Samba
+ 2.2 also has limited capability to act as a domain
+ controller for Windows NT 4 Domains. For more details
+ on setting up this feature see the Samba-PDC-HOWTO
+ included in the _h_t_m_l_d_o_c_s/ directory shipped with the
+ source code.
+
+ Default: ddddoooommmmaaaaiiiinnnn llllooooggggoooonnnnssss ==== nnnnoooo
+
+ ddddoooommmmaaaaiiiinnnn mmmmaaaasssstttteeeerrrr ((((GGGG))))
+ Tell nnnnmmmmbbbbdddd((((8888)))) to enable WAN-wide browse list collation.
+ Setting this option causes nnnnmmmmbbbbdddd to claim a special
+ domain specific NetBIOS name that identifies it as a
+ domain master browser for its given _w_o_r_k_g_r_o_u_p. Local
+ master browsers in the same _w_o_r_k_g_r_o_u_p on broadcast-
+ isolated subnets will give this nnnnmmmmbbbbdddd their local browse
+ lists, and then ask ssssmmmmbbbbdddd((((8888)))) for a complete copy of the
+ browse list for the whole wide area network. Browser
+ clients will then contact their local master browser,
+ and will receive the domain-wide browse list, instead
+ of just the list for their broadcast-isolated subnet.
+
+ Note that Windows NT Primary Domain Controllers expect
+ to be able to claim this _w_o_r_k_g_r_o_u_p specific special
+ NetBIOS name that identifies them as domain master
+ browsers for that _w_o_r_k_g_r_o_u_p by default (i.e. there is
+ no way to prevent a Windows NT PDC from attempting to
+ do this). This means that if this parameter is set and
+ nnnnmmmmbbbbdddd claims the special name for a _w_o_r_k_g_r_o_u_p before a
+ Windows NT PDC is able to do so then cross subnet
+ browsing will behave strangely and may fail.
+
+ If ddddoooommmmaaaaiiiinnnn llllooooggggoooonnnnssss ==== yyyyeeeessss , then the default behavior is
+ to enable the _d_o_m_a_i_n _m_a_s_t_e_r parameter. If _d_o_m_a_i_n _l_o_g_o_n_s
+ is not enabled (the default setting), then neither will
+ _d_o_m_a_i_n _m_a_s_t_e_r be enabled by default.
+
+ Default: ddddoooommmmaaaaiiiinnnn mmmmaaaasssstttteeeerrrr ==== aaaauuuuttttoooo
+
+ ddddoooonnnntttt ddddeeeesssscccceeeennnndddd ((((SSSS))))
+ There are certain directories on some systems (e.g.,
+ the /_p_r_o_c tree under Linux) that are either not of
+ interest to clients or are infinitely deep (recursive).
+ This parameter allows you to specify a comma-delimited
+
+
+
+ Page 43 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ list of directories that the server should always show
+ as empty.
+
+ Note that Samba can be very fussy about the exact
+ format of the "dont descend" entries. For example you
+ may need ./_p_r_o_c instead of just /_p_r_o_c. Experimentation
+ is the best policy :-)
+
+ Default: nnnnoooonnnneeee ((((iiii....eeee....,,,, aaaallllllll ddddiiiirrrreeeeccccttttoooorrrriiiieeeessss aaaarrrreeee OOOOKKKK ttttoooo ddddeeeesssscccceeeennnndddd))))
+
+ Example: ddddoooonnnntttt ddddeeeesssscccceeeennnndddd ==== ////pppprrrroooocccc,,,,////ddddeeeevvvv
+
+ ddddoooossss ffffiiiilllleeeemmmmooooddddeeee ((((SSSS))))
+ The default behavior in Samba is to provide UNIX-like
+ behavior where only the owner of a file/directory is
+ able to change the permissions on it. However, this
+ behavior is often confusing to DOS/Windows users.
+ Enabling this parameter allows a user who has write
+ access to the file (by whatever means) to modify the
+ permissions on it. Note that a user belonging to the
+ group owning the file will not be allowed to change
+ permissions if the group is only granted read access.
+ Ownership of the file/directory is not changed, only
+ the permissions are modified.
+
+ Default: ddddoooossss ffffiiiilllleeeemmmmooooddddeeee ==== nnnnoooo
+
+ ddddoooossss ffffiiiilllleeeettttiiiimmmmeeee rrrreeeessssoooolllluuuuttttiiiioooonnnn ((((SSSS))))
+ Under the DOS and Windows FAT filesystem, the finest
+ granularity on time resolution is two seconds. Setting
+ this parameter for a share causes Samba to round the
+ reported time down to the nearest two second boundary
+ when a query call that requires one second resolution
+ is made to ssssmmmmbbbbdddd((((8888))))
+
+
+ This option is mainly used as a compatibility option
+ for Visual C++ when used against Samba shares. If
+ oplocks are enabled on a share, Visual C++ uses two
+ different time reading calls to check if a file has
+ changed since it was last read. One of these calls uses
+ a one-second granularity, the other uses a two second
+ granularity. As the two second call rounds any odd
+ second down, then if the file has a timestamp of an odd
+ number of seconds then the two timestamps will not
+ match and Visual C++ will keep reporting the file has
+ changed. Setting this option causes the two timestamps
+ to match, and Visual C++ is happy.
+
+ Default: ddddoooossss ffffiiiilllleeeettttiiiimmmmeeee rrrreeeessssoooolllluuuuttttiiiioooonnnn ==== nnnnoooo
+
+ ddddoooossss ffffiiiilllleeeettttiiiimmmmeeeessss ((((SSSS))))
+
+
+
+ Page 44 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Under DOS and Windows, if a user can write to a file
+ they can change the timestamp on it. Under POSIX
+ semantics, only the owner of the file or root may
+ change the timestamp. By default, Samba runs with POSIX
+ semantics and refuses to change the timestamp on a file
+ if the user ssssmmmmbbbbdddd is acting on behalf of is not the file
+ owner. Setting this option to yes allows DOS semantics
+ and smbd will change the file timestamp as DOS
+ requires.
+
+ Default: ddddoooossss ffffiiiilllleeeettttiiiimmmmeeeessss ==== nnnnoooo
+
+ eeeennnnccccrrrryyyypppptttt ppppaaaasssssssswwwwoooorrrrddddssss ((((GGGG))))
+ This boolean controls whether encrypted passwords will
+ be negotiated with the client. Note that Windows NT 4.0
+ SP3 and above and also Windows 98 will by default
+ expect encrypted passwords unless a registry entry is
+ changed. To use encrypted passwords in Samba see the
+ file ENCRYPTION.txt in the Samba documentation
+ directory _d_o_c_s/ shipped with the source code.
+
+ In order for encrypted passwords to work correctly
+ ssssmmmmbbbbdddd((((8888)))) must either have access to a local _s_m_b_p_a_s_s_w_d(_5)
+ program for information on how to set up and maintain
+ this file), or set the security = [server|domain]
+ parameter which causes ssssmmmmbbbbdddd to authenticate against
+ another server.
+
+ Default: eeeennnnccccrrrryyyypppptttt ppppaaaasssssssswwwwoooorrrrddddssss ==== nnnnoooo
+
+ eeeennnnhhhhaaaannnncccceeeedddd bbbbrrrroooowwwwssssiiiinnnngggg ((((GGGG))))
+ This option enables a couple of enhancements to cross-
+ subnet browse propagation that have been added in Samba
+ but which are not standard in Microsoft
+ implementations.
+
+ The first enhancement to browse propagation consists of
+ a regular wildcard query to a Samba WINS server for all
+ Domain Master Browsers, followed by a browse
+ synchronization with each of the returned DMBs. The
+ second enhancement consists of a regular randomised
+ browse synchronization with all currently known DMBs.
+
+ You may wish to disable this option if you have a
+ problem with empty workgroups not disappearing from
+ browse lists. Due to the restrictions of the browse
+ protocols these enhancements can cause a empty
+ workgroup to stay around forever which can be annoying.
+
+ In general you should leave this option enabled as it
+ makes cross-subnet browse propagation much more
+ reliable.
+
+
+
+ Page 45 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Default: eeeennnnhhhhaaaannnncccceeeedddd bbbbrrrroooowwwwssssiiiinnnngggg ==== yyyyeeeessss
+
+ eeeennnnuuuummmmppppoooorrrrttttssss ccccoooommmmmmmmaaaannnndddd ((((GGGG))))
+ The concept of a "port" is fairly foreign to UNIX
+ hosts. Under Windows NT/2000 print servers, a port is
+ associated with a port monitor and generally takes the
+ form of a local port (i.e. LPT1:, COM1:, FILE:) or a
+ remote port (i.e. LPD Port Monitor, etc...). By
+ default, Samba has only one port defined--"Samba
+ Printer Port". Under Windows NT/2000, all printers must
+ have a valid port name. If you wish to have a list of
+ ports displayed (ssssmmmmbbbbdddd does not use a port name for
+ anything) other than the default "Samba Printer Port",
+ you can define _e_n_u_m_p_o_r_t_s _c_o_m_m_a_n_d to point to a program
+ which should generate a list of ports, one per line, to
+ standard output. This listing will then be used in
+ response to the level 1 and 2 EnumPorts() RPC.
+
+ Default: nnnnoooo eeeennnnuuuummmmppppoooorrrrttttssss ccccoooommmmmmmmaaaannnndddd
+
+ Example: eeeennnnuuuummmmppppoooorrrrttttssss ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////lllliiiissssttttppppoooorrrrttttssss
+
+ eeeexxxxeeeecccc ((((SSSS))))
+ This is a synonym for _p_r_e_e_x_e_c.
+
+ ffffaaaakkkkeeee ddddiiiirrrreeeeccccttttoooorrrryyyy ccccrrrreeeeaaaatttteeee ttttiiiimmmmeeeessss ((((SSSS))))
+ NTFS and Windows VFAT file systems keep a create time
+ for all files and directories. This is not the same as
+ the ctime - status change time - that Unix keeps, so
+ Samba by default reports the earliest of the various
+ times Unix does keep. Setting this parameter for a
+ share causes Samba to always report midnight 1-1-1980
+ as the create time for directories.
+
+ This option is mainly used as a compatibility option
+ for Visual C++ when used against Samba shares. Visual
+ C++ generated makefiles have the object directory as a
+ dependency for each object file, and a make rule to
+ create the directory. Also, when NMAKE compares
+ timestamps it uses the creation time when examining a
+ directory. Thus the object directory will be created if
+ it does not exist, but once it does exist it will
+ always have an earlier timestamp than the object files
+ it contains.
+
+ However, Unix time semantics mean that the create time
+ reported by Samba will be updated whenever a file is
+ created or or deleted in the directory. NMAKE finds all
+ object files in the object directory. The timestamp of
+ the last one built is then compared to the timestamp of
+ the object directory. If the directory's timestamp if
+ newer, then all object files will be rebuilt. Enabling
+
+
+
+ Page 46 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ this option ensures directories always predate their
+ contents and an NMAKE build will proceed as expected.
+
+ Default: ffffaaaakkkkeeee ddddiiiirrrreeeeccccttttoooorrrryyyy ccccrrrreeeeaaaatttteeee ttttiiiimmmmeeeessss ==== nnnnoooo
+
+ ffffaaaakkkkeeee oooopppplllloooocccckkkkssss ((((SSSS))))
+ Oplocks are the way that SMB clients get permission
+ from a server to locally cache file operations. If a
+ server grants an oplock (opportunistic lock) then the
+ client is free to assume that it is the only one
+ accessing the file and it will aggressively cache file
+ data. With some oplock types the client may even cache
+ file open/close operations. This can give enormous
+ performance benefits.
+
+ When you set ffffaaaakkkkeeee oooopppplllloooocccckkkkssss ==== yyyyeeeessss, ssssmmmmbbbbdddd((((8888)))) will always
+ grant oplock requests no matter how many clients are
+ using the file.
+
+ It is generally much better to use the real _o_p_l_o_c_k_s
+ support rather than this parameter.
+
+ If you enable this option on all read-only shares or
+ shares that you know will only be accessed from one
+ client at a time such as physically read-only media
+ like CDROMs, you will see a big performance improvement
+ on many operations. If you enable this option on shares
+ where multiple clients may be accessing the files
+ read-write at the same time you can get data
+ corruption. Use this option carefully!
+
+ Default: ffffaaaakkkkeeee oooopppplllloooocccckkkkssss ==== nnnnoooo
+
+ ffffoooolllllllloooowwww ssssyyyymmmmlllliiiinnnnkkkkssss ((((SSSS))))
+ This parameter allows the Samba administrator to stop
+ ssssmmmmbbbbdddd((((8888)))) from following symbolic links in a particular
+ share. Setting this parameter to no prevents any file
+ or directory that is a symbolic link from being
+ followed (the user will get an error). This option is
+ very useful to stop users from adding a symbolic link
+ to /_e_t_c/_p_a_s_s_w_d in their home directory for instance.
+ However it will slow filename lookups down slightly.
+
+ This option is enabled (i.e. ssssmmmmbbbbdddd will follow symbolic
+ links) by default.
+
+ Default: ffffoooolllllllloooowwww ssssyyyymmmmlllliiiinnnnkkkkssss ==== yyyyeeeessss
+
+ ffffoooorrrrcccceeee ccccrrrreeeeaaaatttteeee mmmmooooddddeeee ((((SSSS))))
+ This parameter specifies a set of UNIX mode bit
+ permissions that will aaaallllwwwwaaaayyyyssss be set on a file created
+ by Samba. This is done by bitwise 'OR'ing these bits
+
+
+
+ Page 47 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ onto the mode bits of a file that is being created or
+ having its permissions changed. The default for this
+ parameter is (in octal) 000. The modes in this
+ parameter are bitwise 'OR'ed onto the file mode after
+ the mask set in the _c_r_e_a_t_e _m_a_s_k parameter is applied.
+
+ See also the parameter _c_r_e_a_t_e _m_a_s_k for details on
+ masking mode bits on files.
+
+ See also the _i_n_h_e_r_i_t _p_e_r_m_i_s_s_i_o_n_s parameter.
+
+ Default: ffffoooorrrrcccceeee ccccrrrreeeeaaaatttteeee mmmmooooddddeeee ==== 000000000000
+
+ Example: ffffoooorrrrcccceeee ccccrrrreeeeaaaatttteeee mmmmooooddddeeee ==== 0000777755555555
+
+ would force all created files to have read and execute
+ permissions set for 'group' and 'other' as well as the
+ read/write/execute bits set for the 'user'.
+
+ ffffoooorrrrcccceeee ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmooooddddeeee ((((SSSS))))
+ This parameter specifies a set of UNIX mode bit
+ permissions that will aaaallllwwwwaaaayyyyssss be set on a directory
+ created by Samba. This is done by bitwise 'OR'ing these
+ bits onto the mode bits of a directory that is being
+ created. The default for this parameter is (in octal)
+ 0000 which will not add any extra permission bits to a
+ created directory. This operation is done after the
+ mode mask in the parameter _d_i_r_e_c_t_o_r_y _m_a_s_k is applied.
+
+ See also the parameter _d_i_r_e_c_t_o_r_y _m_a_s_k for details on
+ masking mode bits on created directories.
+
+ See also the _i_n_h_e_r_i_t _p_e_r_m_i_s_s_i_o_n_s parameter.
+
+ Default: ffffoooorrrrcccceeee ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmooooddddeeee ==== 000000000000
+
+ Example: ffffoooorrrrcccceeee ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmooooddddeeee ==== 0000777755555555
+
+ would force all created directories to have read and
+ execute permissions set for 'group' and 'other' as well
+ as the read/write/execute bits set for the 'user'.
+
+ ffffoooorrrrcccceeee ddddiiiirrrreeeeccccttttoooorrrryyyy
+ This parameter controls what UNIX permission bits can
+ be modified when a Windows NT client is manipulating
+ the UNIX permission on a directory using the native NT
+ security dialog box.
+
+ This parameter is applied as a mask (OR'ed with) to the
+ changed permission bits, thus forcing any bits in this
+ mask that the user may have modified to be on.
+ Essentially, one bits in this mask may be treated as a
+
+
+
+ Page 48 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ set of bits that, when modifying security on a
+ directory, the user has always set to be 'on'.
+
+ If not set explicitly this parameter is 000, which
+ allows a user to modify all the user/group/world
+ permissions on a directory without restrictions.
+
+ NNNNooootttteeee that users who can access the Samba server through
+ other means can easily bypass this restriction, so it
+ is primarily useful for standalone "appliance" systems.
+ Administrators of most normal systems will probably
+ want to leave it set as 0000.
+
+ See also the _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_a_s_k, _s_e_c_u_r_i_t_y _m_a_s_k,
+ _f_o_r_c_e _s_e_c_u_r_i_t_y _m_o_d_e parameters.
+
+ Default: ffffoooorrrrcccceeee ddddiiiirrrreeeeccccttttoooorrrryyyy sssseeeeccccuuuurrrriiiittttyyyy mmmmooooddddeeee ==== 0000
+
+ Example: ffffoooorrrrcccceeee ddddiiiirrrreeeeccccttttoooorrrryyyy sssseeeeccccuuuurrrriiiittttyyyy mmmmooooddddeeee ==== 777700000000
+
+ ffffoooorrrrcccceeee ggggrrrroooouuuupppp ((((SSSS))))
+ This specifies a UNIX group name that will be assigned
+ as the default primary group for all users connecting
+ to this service. This is useful for sharing files by
+ ensuring that all access to files on service will use
+ the named group for their permissions checking. Thus,
+ by assigning permissions for this group to the files
+ and directories within this service the Samba
+ administrator can restrict or allow sharing of these
+ files.
+
+ In Samba 2.0.5 and above this parameter has extended
+ functionality in the following way. If the group name
+ listed here has a '+' character prepended to it then
+ the current user accessing the share only has the
+ primary group default assigned to this group if they
+ are already assigned as a member of that group. This
+ allows an administrator to decide that only users who
+ are already in a particular group will create files
+ with group ownership set to that group. This gives a
+ finer granularity of ownership assignment. For example,
+ the setting _f_o_r_c_e _g_r_o_u_p = +_s_y_s means that only users
+ who are already in group sys will have their default
+ primary group assigned to sys when accessing this Samba
+ share. All other users will retain their ordinary
+ primary group.
+
+ If the _f_o_r_c_e _u_s_e_r parameter is also set the group
+ specified in _f_o_r_c_e _g_r_o_u_p will override the primary
+ group set in _f_o_r_c_e _u_s_e_r.
+
+ See also _f_o_r_c_e _u_s_e_r.
+
+
+
+ Page 49 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Default: nnnnoooo ffffoooorrrrcccceeeedddd ggggrrrroooouuuupppp
+
+ Example: ffffoooorrrrcccceeee ggggrrrroooouuuupppp ==== aaaaggggrrrroooouuuupppp
+
+ ffffoooorrrrcccceeee sssseeeeccccuuuurrrriiiittttyyyy mmmmooooddddeeee ((((SSSS))))
+ This parameter controls what UNIX permission bits can
+ be modified when a Windows NT client is manipulating
+ the UNIX permission on a file using the native NT
+ security dialog box.
+
+ This parameter is applied as a mask (OR'ed with) to the
+ changed permission bits, thus forcing any bits in this
+ mask that the user may have modified to be on.
+ Essentially, one bits in this mask may be treated as a
+ set of bits that, when modifying security on a file,
+ the user has always set to be 'on'.
+
+ If not set explicitly this parameter is set to 0, and
+ allows a user to modify all the user/group/world
+ permissions on a file, with no restrictions.
+
+ NNNNooootttteeee that users who can access the Samba server through
+ other means can easily bypass this restriction, so it
+ is primarily useful for standalone "appliance" systems.
+ Administrators of most normal systems will probably
+ want to leave this set to 0000.
+
+ See also the _f_o_r_c_e _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_o_d_e, _d_i_r_e_c_t_o_r_y
+ _s_e_c_u_r_i_t_y _m_a_s_k, _s_e_c_u_r_i_t_y _m_a_s_k parameters.
+
+ Default: ffffoooorrrrcccceeee sssseeeeccccuuuurrrriiiittttyyyy mmmmooooddddeeee ==== 0000
+
+ Example: ffffoooorrrrcccceeee sssseeeeccccuuuurrrriiiittttyyyy mmmmooooddddeeee ==== 777700000000
+
+ ffffoooorrrrcccceeee uuuunnnnkkkknnnnoooowwwwnnnn aaaaccccllll uuuusssseeeerrrr ((((SSSS))))
+ If this parameter is set, a Windows NT ACL that
+ contains an unknown SID (security descriptor, or
+ representation of a user or group id) as the owner or
+ group owner of the file will be silently mapped into
+ the current UNIX uid or gid of the currently connected
+ user.
+
+ This is designed to allow Windows NT clients to copy
+ files and folders containing ACLs that were created
+ locally on the client machine and contain users local
+ to that machine only (no domain users) to be copied to
+ a Samba server (usually with XCOPY /O) and have the
+ unknown userid and groupid of the file owner map to the
+ current connected user. This can only be fixed
+ correctly when winbindd allows arbitrary mapping from
+ any Windows NT SID to a UNIX uid or gid.
+
+
+
+
+ Page 50 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Try using this parameter when XCOPY /O gives an
+ ACCESS_DENIED error.
+
+ See also _f_o_r_c_e _g_r_o_u_p
+
+ Default: FFFFaaaallllsssseeee
+
+ Example: ffffoooorrrrcccceeee uuuunnnnkkkknnnnoooowwwwnnnn aaaaccccllll uuuusssseeeerrrr ==== yyyyeeeessss
+
+ ffffoooorrrrcccceeee uuuusssseeeerrrr ((((SSSS))))
+ This specifies a UNIX user name that will be assigned
+ as the default user for all users connecting to this
+ service. This is useful for sharing files. You should
+ also use it carefully as using it incorrectly can cause
+ security problems.
+
+ This user name only gets used once a connection is
+ established. Thus clients still need to connect as a
+ valid user and supply a valid password. Once connected,
+ all file operations will be performed as the "forced
+ user", no matter what username the client connected as.
+ This can be very useful.
+
+ In Samba 2.0.5 and above this parameter also causes the
+ primary group of the forced user to be used as the
+ primary group for all file activity. Prior to 2.0.5 the
+ primary group was left as the primary group of the
+ connecting user (this was a bug).
+
+ See also _f_o_r_c_e _g_r_o_u_p
+
+ Default: nnnnoooo ffffoooorrrrcccceeeedddd uuuusssseeeerrrr
+
+ Example: ffffoooorrrrcccceeee uuuusssseeeerrrr ==== aaaauuuusssseeeerrrr
+
+ ffffssssttttyyyyppppeeee ((((SSSS))))
+ This parameter allows the administrator to configure
+ the string that specifies the type of filesystem a
+ share is using that is reported by ssssmmmmbbbbdddd((((8888))))
+ when a client queries the filesystem type for a share.
+ The default type is NTFS for compatibility with Windows
+ NT but this can be changed to other strings such as
+ Samba or FAT if required.
+
+ Default: ffffssssttttyyyyppppeeee ==== NNNNTTTTFFFFSSSS
+
+ Example: ffffssssttttyyyyppppeeee ==== SSSSaaaammmmbbbbaaaa
+
+ ggggeeeettttwwwwdddd ccccaaaacccchhhheeee ((((GGGG))))
+ This is a tuning option. When this is enabled a caching
+ algorithm will be used to reduce the time taken for
+ getwd() calls. This can have a significant impact on
+
+
+
+ Page 51 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ performance, especially when the _w_i_d_e _l_i_n_k_s parameter
+ is set to no.
+
+ Default: ggggeeeettttwwwwdddd ccccaaaacccchhhheeee ==== yyyyeeeessss
+
+ ggggrrrroooouuuupppp ((((SSSS))))
+ Synonym for _f_o_r_c_e _g_r_o_u_p.
+
+ gggguuuueeeesssstttt aaaaccccccccoooouuuunnnntttt ((((SSSS))))
+ This is a username which will be used for access to
+ services which are specified as _g_u_e_s_t _o_k (see below).
+ Whatever privileges this user has will be available to
+ any client connecting to the guest service. Typically
+ this user will exist in the password file, but will not
+ have a valid login. The user account "ftp" is often a
+ good choice for this parameter. If a username is
+ specified in a given service, the specified username
+ overrides this one.
+
+ One some systems the default guest account "nobody" may
+ not be able to print. Use another account in this case.
+ You should test this by trying to log in as your guest
+ user (perhaps by using the ssssuuuu ---- command) and trying to
+ print using the system print command such as llllpppprrrr((((1111)))) or
+ llllpppp((((1111)))).
+
+ Default: ssssppppeeeecccciiiiffffiiiieeeedddd aaaatttt ccccoooommmmppppiiiilllleeee ttttiiiimmmmeeee,,,, uuuussssuuuuaaaallllllllyyyy """"nnnnoooobbbbooooddddyyyy""""
+
+ Example: gggguuuueeeesssstttt aaaaccccccccoooouuuunnnntttt ==== ffffttttpppp
+
+ gggguuuueeeesssstttt ooookkkk ((((SSSS))))
+ If this parameter is yes for a service, then no
+ password is required to connect to the service.
+ Privileges will be those of the _g_u_e_s_t _a_c_c_o_u_n_t.
+
+ See the section below on _s_e_c_u_r_i_t_y for more information
+ about this option.
+
+ Default: gggguuuueeeesssstttt ooookkkk ==== nnnnoooo
+
+ gggguuuueeeesssstttt oooonnnnllllyyyy ((((SSSS))))
+ If this parameter is yes for a service, then only guest
+ connections to the service are permitted. This
+ parameter will have no effect if _g_u_e_s_t _o_k is not set
+ for the service.
+
+ See the section below on _s_e_c_u_r_i_t_y for more information
+ about this option.
+
+ Default: gggguuuueeeesssstttt oooonnnnllllyyyy ==== nnnnoooo
+
+ hhhhiiiiddddeeee ddddooootttt ffffiiiilllleeeessss ((((SSSS))))
+
+
+
+ Page 52 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ This is a boolean parameter that controls whether files
+ starting with a dot appear as hidden files.
+
+ Default: hhhhiiiiddddeeee ddddooootttt ffffiiiilllleeeessss ==== yyyyeeeessss
+
+ hhhhiiiiddddeeee ffffiiiilllleeeessss((((SSSS))))
+ This is a list of files or directories that are not
+ visible but are accessible. The DOS 'hidden' attribute
+ is applied to any files or directories that match.
+
+ Each entry in the list must be separated by a '/',
+ which allows spaces to be included in the entry. '*'
+ and '?' can be used to specify multiple files or
+ directories as in DOS wildcards.
+
+ Each entry must be a Unix path, not a DOS path and must
+ not include the Unix directory separator '/'.
+
+ Note that the case sensitivity option is applicable in
+ hiding files.
+
+ Setting this parameter will affect the performance of
+ Samba, as it will be forced to check all files and
+ directories for a match as they are scanned.
+
+ See also _h_i_d_e _d_o_t _f_i_l_e_s, _v_e_t_o _f_i_l_e_s and _c_a_s_e
+ _s_e_n_s_i_t_i_v_e.
+
+ Default: nnnnoooo ffffiiiilllleeee aaaarrrreeee hhhhiiiiddddddddeeeennnn
+
+ Example: hhhhiiiiddddeeee ffffiiiilllleeeessss ====
+ ////....****////DDDDeeeesssskkkkttttooooppppFFFFoooollllddddeeeerrrrDDDDBBBB////TTTTrrrraaaasssshhhhFFFFoooorrrr%%%%mmmm////rrrreeeessssoooouuuurrrrcccceeee....ffffrrrrkkkk////
+
+ The above example is based on files that the Macintosh
+ SMB client (DAVE) available from Thursby
+ <URL:http://www.thursby.com> creates for internal use,
+ and also still hides all files beginning with a dot.
+
+ hhhhiiiiddddeeee llllooooccccaaaallll uuuusssseeeerrrrssss((((GGGG))))
+ This parameter toggles the hiding of local UNIX users
+ (root, wheel, floppy, etc) from remote clients.
+
+ Default: hhhhiiiiddddeeee llllooooccccaaaallll uuuusssseeeerrrrssss ==== nnnnoooo
+
+ hhhhiiiiddddeeee uuuunnnnrrrreeeeaaaaddddaaaabbbblllleeee ((((SSSS))))
+ This parameter prevents clients from seeing the
+ existance of files that cannot be read. Defaults to
+ off.
+
+ Default: hhhhiiiiddddeeee uuuunnnnrrrreeeeaaaaddddaaaabbbblllleeee ==== nnnnoooo
+
+ hhhhoooommmmeeeeddddiiiirrrr mmmmaaaapppp ((((GGGG))))
+
+
+
+ Page 53 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ If_n_i_s _h_o_m_e_d_i_r is yes, and ssssmmmmbbbbdddd((((8888)))) is also acting as a
+ Win95/98 _l_o_g_o_n _s_e_r_v_e_r then this parameter specifies the
+ NIS (or YP) map from which the server for the user's
+ home directory should be extracted. At present, only
+ the Sun auto.home map format is understood. The form of
+ the map is:
+
+ uuuusssseeeerrrrnnnnaaaammmmeeee sssseeeerrrrvvvveeeerrrr::::////ssssoooommmmeeee////ffffiiiilllleeee////ssssyyyysssstttteeeemmmm
+
+ and the program will extract the servername from before
+ the first ':'. There should probably be a better
+ parsing system that copes with different map formats
+ and also Amd (another automounter) maps.
+
+ NNNNOOOOTTTTEEEE ::::A working NIS client is required on the system
+ for this option to work.
+
+ See also _n_i_s _h_o_m_e_d_i_r , _d_o_m_a_i_n _l_o_g_o_n_s .
+
+ Default: hhhhoooommmmeeeeddddiiiirrrr mmmmaaaapppp ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ Example: hhhhoooommmmeeeeddddiiiirrrr mmmmaaaapppp ==== aaaammmmdddd....hhhhoooommmmeeeeddddiiiirrrr
+
+ hhhhoooosssstttt mmmmssssddddffffssss ((((GGGG))))
+ This boolean parameter is only available if Samba has
+ been configured and compiled with the --------wwwwiiiitttthhhh----mmmmssssddddffffssss
+ option. If set to yes, Samba will act as a Dfs server,
+ and allow Dfs-aware clients to browse Dfs trees hosted
+ on the server.
+
+ See also the _m_s_d_f_s _r_o_o_t share level parameter. For
+ more information on setting up a Dfs tree on Samba,
+ refer to msdfs_setup.html
+
+ Default: hhhhoooosssstttt mmmmssssddddffffssss ==== nnnnoooo
+
+ hhhhoooossssttttssss aaaalllllllloooowwww ((((SSSS))))
+ A synonym for this parameter is _a_l_l_o_w _h_o_s_t_s.
+
+ This parameter is a comma, space, or tab delimited set
+ of hosts which are permitted to access a service.
+
+ If specified in the [global] section then it will apply
+ to all services, regardless of whether the individual
+ service has a different setting.
+
+ You can specify the hosts by name or IP number. For
+ example, you could restrict access to only the hosts on
+ a Class C subnet with something like aaaalllllllloooowwww hhhhoooossssttttssss ====
+ 111155550000....222200003333....5555.... . The full syntax of the list is described
+ in the man page _h_o_s_t_s__a_c_c_e_s_s(_5). Note that this man
+ page may not be present on your system, so a brief
+
+
+
+ Page 54 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ description will be given here also.
+
+ Note that the localhost address 127.0.0.1 will always
+ be allowed access unless specifically denied by a _h_o_s_t_s
+ _d_e_n_y option.
+
+ You can also specify hosts by network/netmask pairs and
+ by netgroup names if your system supports netgroups.
+ The EEEEXXXXCCCCEEEEPPPPTTTT keyword can also be used to limit a wildcard
+ list. The following examples may provide some help:
+
+ Example 1: allow all IPs in 150.203.*.*; except one
+
+ hhhhoooossssttttssss aaaalllllllloooowwww ==== 111155550000....222200003333.... EEEEXXXXCCCCEEEEPPPPTTTT 111155550000....222200003333....6666....66666666
+
+ Example 2: allow hosts that match the given
+ network/netmask
+
+ hhhhoooossssttttssss aaaalllllllloooowwww ==== 111155550000....222200003333....11115555....0000////222255555555....222255555555....222255555555....0000
+
+ Example 3: allow a couple of hosts
+
+ hhhhoooossssttttssss aaaalllllllloooowwww ==== llllaaaappppllllaaaannnndddd,,,, aaaarrrrvvvviiiiddddssssjjjjaaaauuuurrrr
+
+ Example 4: allow only hosts in NIS netgroup "foonet",
+ but deny access from one particular host
+
+ hhhhoooossssttttssss aaaalllllllloooowwww ==== @@@@ffffoooooooonnnneeeetttt
+
+ hhhhoooossssttttssss ddddeeeennnnyyyy ==== ppppiiiirrrraaaatttteeee
+
+ Note that access still requires suitable user-level
+ passwords.
+
+ See tttteeeessssttttppppaaaarrrrmmmm((((1111))))
+ for a way of testing your host access to see if it
+ does what you expect.
+
+ Default: nnnnoooonnnneeee ((((iiii....eeee....,,,, aaaallllllll hhhhoooossssttttssss ppppeeeerrrrmmmmiiiitttttttteeeedddd aaaacccccccceeeessssssss))))
+
+ Example: aaaalllllllloooowwww hhhhoooossssttttssss ==== 111155550000....222200003333....5555.... mmmmyyyyhhhhoooosssstttt....mmmmyyyynnnneeeetttt....eeeedddduuuu....aaaauuuu
+
+ hhhhoooossssttttssss ddddeeeennnnyyyy ((((SSSS))))
+ The opposite of _h_o_s_t_s _a_l_l_o_w - hosts listed here are NNNNOOOOTTTT
+ permitted access to services unless the specific
+ services have their own lists to override this one.
+ Where the lists conflict, the _a_l_l_o_w list takes
+ precedence.
+
+ Default: nnnnoooonnnneeee ((((iiii....eeee....,,,, nnnnoooo hhhhoooossssttttssss ssssppppeeeecccciiiiffffiiiiccccaaaallllllllyyyy eeeexxxxcccclllluuuuddddeeeedddd))))
+
+ Example: hhhhoooossssttttssss ddddeeeennnnyyyy ==== 111155550000....222200003333....4444.... bbbbaaaaddddhhhhoooosssstttt....mmmmyyyynnnneeeetttt....eeeedddduuuu....aaaauuuu
+
+
+
+ Page 55 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ hhhhoooossssttttssss eeeeqqqquuuuiiiivvvv ((((GGGG))))
+ If this global parameter is a non-null string, it
+ specifies the name of a file to read for the names of
+ hosts and users who will be allowed access without
+ specifying a password.
+
+ This is not be confused with _h_o_s_t_s _a_l_l_o_w which is
+ about hosts access to services and is more useful for
+ guest services. _h_o_s_t_s _e_q_u_i_v may be useful for NT
+ clients which will not supply passwords to Samba.
+
+ NNNNOOOOTTTTEEEE :::: The use of _h_o_s_t_s _e_q_u_i_v can be a major security
+ hole. This is because you are trusting the PC to supply
+ the correct username. It is very easy to get a PC to
+ supply a false username. I recommend that the _h_o_s_t_s
+ _e_q_u_i_v option be only used if you really know what you
+ are doing, or perhaps on a home network where you trust
+ your spouse and kids. And only if you rrrreeeeaaaallllllllyyyy trust them
+ :-).
+
+ Default: nnnnoooo hhhhoooosssstttt eeeeqqqquuuuiiiivvvvaaaalllleeeennnncccceeeessss
+
+ Example: hhhhoooossssttttssss eeeeqqqquuuuiiiivvvv ==== ////eeeettttcccc////hhhhoooossssttttssss....eeeeqqqquuuuiiiivvvv
+
+ iiiinnnncccclllluuuuddddeeee ((((GGGG))))
+ This allows you to include one config file inside
+ another. The file is included literally, as though
+ typed in place.
+
+ It takes the standard substitutions, except %_u , %_P and
+ %_S.
+
+ Default: nnnnoooo ffffiiiilllleeee iiiinnnncccclllluuuuddddeeeedddd
+
+ Example: iiiinnnncccclllluuuuddddeeee ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////lllliiiibbbb////aaaaddddmmmmiiiinnnn____ssssmmmmbbbb....ccccoooonnnnffff
+
+ iiiinnnnhhhheeeerrrriiiitttt aaaaccccllllssss ((((SSSS))))
+ This parameter can be used to ensure that if default
+ acls exist on parent directories, they are always
+ honored when creating a subdirectory. The default
+ behavior is to use the mode specified when creating the
+ directory. Enabling this option sets the mode to 0777,
+ thus guaranteeing that default directory acls are
+ propagated.
+
+ Default: iiiinnnnhhhheeeerrrriiiitttt aaaaccccllllssss ==== nnnnoooo
+
+ iiiinnnnhhhheeeerrrriiiitttt ppppeeeerrrrmmmmiiiissssssssiiiioooonnnnssss ((((SSSS))))
+ The permissions on new files and directories are
+ normally governed by _c_r_e_a_t_e _m_a_s_k, _d_i_r_e_c_t_o_r_y _m_a_s_k,
+ _f_o_r_c_e _c_r_e_a_t_e _m_o_d_e and _f_o_r_c_e _d_i_r_e_c_t_o_r_y _m_o_d_e but the
+ boolean inherit permissions parameter overrides this.
+
+
+
+ Page 56 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ New directories inherit the mode of the parent
+ directory, including bits such as setgid.
+
+ New files inherit their read/write bits from the parent
+ directory. Their execute bits continue to be determined
+ by _m_a_p _a_r_c_h_i_v_e , _m_a_p _h_i_d_d_e_n and _m_a_p _s_y_s_t_e_m as usual.
+
+ Note that the setuid bit is nnnneeeevvvveeeerrrr set via inheritance
+ (the code explicitly prohibits this).
+
+ This can be particularly useful on large systems with
+ many users, perhaps several thousand, to allow a single
+ [homes] share to be used flexibly by each user.
+
+ See also _c_r_e_a_t_e _m_a_s_k , _d_i_r_e_c_t_o_r_y _m_a_s_k, _f_o_r_c_e _c_r_e_a_t_e
+ _m_o_d_e and _f_o_r_c_e _d_i_r_e_c_t_o_r_y _m_o_d_e .
+
+ Default: iiiinnnnhhhheeeerrrriiiitttt ppppeeeerrrrmmmmiiiissssssssiiiioooonnnnssss ==== nnnnoooo
+
+ iiiinnnntttteeeerrrrffffaaaacccceeeessss ((((GGGG))))
+ This option allows you to override the default network
+ interfaces list that Samba will use for browsing, name
+ registration and other NBT traffic. By default Samba
+ will query the kernel for the list of all active
+ interfaces and use any interfaces except 127.0.0.1 that
+ are broadcast capable.
+
+ The option takes a list of interface strings. Each
+ string can be in any of the following forms:
+
+ o+ a network interface name (such as eth0). This may
+ include shell-like wildcards so eth* will match any
+ interface starting with the substring "eth"
+
+ o+ an IP address. In this case the netmask is determined
+ from the list of interfaces obtained from the kernel
+
+ o+ an IP/mask pair.
+
+ o+ a broadcast/mask pair.
+
+ The "mask" parameters can either be a bit length (such as 24
+ for a C class network) or a full netmask in dotted decimal
+ form.
+
+ The "IP" parameters above can either be a full dotted
+ decimal IP address or a hostname which will be looked up via
+ the OS's normal hostname resolution mechanisms.
+
+ For example, the following line:
+
+ iiiinnnntttteeeerrrrffffaaaacccceeeessss ==== eeeetttthhhh0000 111199992222....111166668888....2222....11110000////22224444 111199992222....111166668888....3333....11110000////222255555555....222255555555....222255555555....0000
+
+
+
+ Page 57 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ would configure three network interfaces corresponding to
+ the eth0 device and IP addresses 192.168.2.10 and
+ 192.168.3.10. The netmasks of the latter two interfaces
+ would be set to 255.255.255.0.
+
+ See also _b_i_n_d _i_n_t_e_r_f_a_c_e_s _o_n_l_y.
+
+ Default: aaaallllllll aaaaccccttttiiiivvvveeee iiiinnnntttteeeerrrrffffaaaacccceeeessss eeeexxxxcccceeeepppptttt 111122227777....0000....0000....1111 tttthhhhaaaatttt aaaarrrreeee
+ bbbbrrrrooooaaaaddddccccaaaasssstttt ccccaaaappppaaaabbbblllleeee
+
+ iiiinnnnvvvvaaaalllliiiidddd uuuusssseeeerrrrssss ((((SSSS))))
+ This is a list of users that should not be allowed to
+ login to this service. This is really a ppppaaaarrrraaaannnnooooiiiidddd check
+ to absolutely ensure an improper setting does not
+ breach your security.
+
+ A name starting with a '@' is interpreted as an NIS
+ netgroup first (if your system supports NIS), and then
+ as a UNIX group if the name was not found in the NIS
+ netgroup database.
+
+ A name starting with '+' is interpreted only by looking
+ in the UNIX group database. A name starting with '&' is
+ interpreted only by looking in the NIS netgroup
+ database (this requires NIS to be working on your
+ system). The characters '+' and '&' may be used at the
+ start of the name in either order so the value +&_g_r_o_u_p
+ means check the UNIX group database, followed by the
+ NIS netgroup database, and the value &+_g_r_o_u_p means
+ check the NIS netgroup database, followed by the UNIX
+ group database (the same as the '@' prefix).
+
+ The current servicename is substituted for %_S. This is
+ useful in the [homes] section.
+
+ See also _v_a_l_i_d _u_s_e_r_s .
+
+ Default: nnnnoooo iiiinnnnvvvvaaaalllliiiidddd uuuusssseeeerrrrssss
+
+ Example: iiiinnnnvvvvaaaalllliiiidddd uuuusssseeeerrrrssss ==== rrrrooooooootttt ffffrrrreeeedddd aaaaddddmmmmiiiinnnn @@@@wwwwhhhheeeeeeeellll
+
+ kkkkeeeeeeeeppppaaaalllliiiivvvveeee ((((GGGG))))
+ The value of the parameter (an integer) represents the
+ number of seconds between _k_e_e_p_a_l_i_v_e packets. If this
+ parameter is zero, no keepalive packets will be sent.
+ Keepalive packets, if sent, allow the server to tell
+ whether a client is still present and responding.
+
+ Keepalives should, in general, not be needed if the
+ socket being used has the SO_KEEPALIVE attribute set on
+ it (see _s_o_c_k_e_t _o_p_t_i_o_n_s). Basically you should only use
+ this option if you strike difficulties.
+
+
+
+ Page 58 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Default: kkkkeeeeeeeeppppaaaalllliiiivvvveeee ==== 333300000000
+
+ Example: kkkkeeeeeeeeppppaaaalllliiiivvvveeee ==== 666600000000
+
+ kkkkeeeerrrrnnnneeeellll oooopppplllloooocccckkkkssss ((((GGGG))))
+ For UNIXes that support kernel based _o_p_l_o_c_k_s (currently
+ only IRIX and the Linux 2.4 kernel), this parameter
+ allows the use of them to be turned on or off.
+
+ Kernel oplocks support allows Samba _o_p_l_o_c_k_s to be
+ broken whenever a local UNIX process or NFS operation
+ accesses a file that ssssmmmmbbbbdddd((((8888))))
+ has oplocked. This allows complete data consistency
+ between SMB/CIFS, NFS and local file access (and is a
+ vvvveeeerrrryyyy cool feature :-).
+
+ This parameter defaults to on, but is translated to a
+ no-op on systems that no not have the necessary kernel
+ support. You should never need to touch this
+ parameter.
+
+ See also the _o_p_l_o_c_k_s and _l_e_v_e_l_2 _o_p_l_o_c_k_s parameters.
+
+ Default: kkkkeeeerrrrnnnneeeellll oooopppplllloooocccckkkkssss ==== yyyyeeeessss
+
+ llllaaaannnnmmmmaaaannnn aaaauuuutttthhhh ((((GGGG))))
+ This parameter determines whether or not smbd will
+ attempt to authenticate users using the LANMAN password
+ hash. If disabled, only clients which support NT
+ password hashes (e.g. Windows NT/2000 clients,
+ smbclient, etc... but not Windows 95/98 or the MS DOS
+ network client) will be able to connect to the Samba
+ host.
+
+ Default : llllaaaannnnmmmmaaaannnn aaaauuuutttthhhh ==== yyyyeeeessss
+
+ llllaaaarrrrggggeeee rrrreeeeaaaaddddwwwwrrrriiiitttteeee ((((GGGG))))
+ This parameter determines whether or not smbd supports
+ the new 64k streaming read and write varient SMB
+ requests introduced with Windows 2000. Note that due to
+ Windows 2000 client redirector bugs this requires Samba
+ to be running on a 64-bit capable operating system such
+ as IRIX, Solaris or a Linux 2.4 kernel. Can improve
+ performance by 10% with Windows 2000 clients. Defaults
+ to on. Windows NT 4.0 only supports read version of
+ this call, and ignores the write version.
+
+ Default : llllaaaarrrrggggeeee rrrreeeeaaaaddddwwwwrrrriiiitttteeee ==== yyyyeeeessss
+
+ llllddddaaaapppp aaaaddddmmmmiiiinnnn ddddnnnn ((((GGGG))))
+ This parameter is only available if Samba has been
+ configure to include the --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm option at
+
+
+
+ Page 59 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ compile time. This option should be considered
+ experimental and under active development.
+
+ The _l_d_a_p _a_d_m_i_n _d_n defines the Distinguished Name (DN)
+ name used by Samba to contact the ldap server when
+ retreiving user account information. The _l_d_a_p _a_d_m_i_n _d_n
+ is used in conjunction with the admin dn password
+ stored in the _p_r_i_v_a_t_e/_s_e_c_r_e_t_s._t_d_b file. See the
+ ssssmmmmbbbbppppaaaasssssssswwwwdddd((((8888)))) man page for more information on how to
+ accmplish this.
+
+ Default : nnnnoooonnnneeee
+
+ llllddddaaaapppp ffffiiiilllltttteeeerrrr ((((GGGG))))
+ This parameter is only available if Samba has been
+ configure to include the --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm option at
+ compile time. This option should be considered
+ experimental and under active development.
+
+ This parameter specifies the RFC 2254 compliant LDAP
+ search filter. The default is to match the login name
+ with the uid attribute for all entries matching the
+ sambaAccount objectclass. Note that this filter should
+ only return one entry.
+
+ Default : llllddddaaaapppp ffffiiiilllltttteeeerrrr ====
+ ((((&&&&((((uuuuiiiidddd====%%%%uuuu))))((((oooobbbbjjjjeeeeccccttttccccllllaaaassssssss====ssssaaaammmmbbbbaaaaAAAAccccccccoooouuuunnnntttt))))))))
+
+ llllddddaaaapppp ppppoooorrrrtttt ((((GGGG))))
+ This parameter is only available if Samba has been
+ configure to include the --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm option at
+ compile time. This option should be considered
+ experimental and under active development.
+
+ This option is used to control the tcp port number used
+ to contact the _l_d_a_p _s_e_r_v_e_r. The default is to use the
+ stand LDAPS port 636.
+
+ See Also: ldap ssl
+
+ Default : llllddddaaaapppp ppppoooorrrrtttt ==== 666633336666 ;;;; iiiiffff llllddddaaaapppp ssssssssllll ==== oooonnnn
+
+ Default : llllddddaaaapppp ppppoooorrrrtttt ==== 333388889999 ;;;; iiiiffff llllddddaaaapppp ssssssssllll ==== ooooffffffff
+
+ llllddddaaaapppp sssseeeerrrrvvvveeeerrrr ((((GGGG))))
+ This parameter is only available if Samba has been
+ configure to include the --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm option at
+ compile time. This option should be considered
+ experimental and under active development.
+
+ This parameter should contains the FQDN of the ldap
+ directory server which should be queried to locate user
+
+
+
+ Page 60 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ account information.
+
+ Default : llllddddaaaapppp sssseeeerrrrvvvveeeerrrr ==== llllooooccccaaaallllhhhhoooosssstttt
+
+ llllddddaaaapppp ssssssssllll ((((GGGG))))
+ This parameter is only available if Samba has been
+ configure to include the --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm option at
+ compile time. This option should be considered
+ experimental and under active development.
+
+ This option is used to define whether or not Samba
+ should use SSL when connecting to the _l_d_a_p _s_e_r_v_e_r. This
+ is NNNNOOOOTTTT related to Samba SSL support which is enabled by
+ specifying the --------wwwwiiiitttthhhh----ssssssssllll option to the _c_o_n_f_i_g_u_r_e
+ script (see _s_s_l).
+
+ The _l_d_a_p _s_s_l can be set to one of three values: (a) on
+ - Always use SSL when contacting the _l_d_a_p _s_e_r_v_e_r, (b)
+ off - Never use SSL when querying the directory, or (c)
+ start_tls - Use the LDAPv3 StartTLS extended operation
+ (RFC2830) for communicating with the directory server.
+
+ Default : llllddddaaaapppp ssssssssllll ==== oooonnnn
+
+ llllddddaaaapppp ssssuuuuffffffffiiiixxxx ((((GGGG))))
+ This parameter is only available if Samba has been
+ configure to include the --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm option at
+ compile time. This option should be considered
+ experimental and under active development.
+
+ Default : nnnnoooonnnneeee
+
+ lllleeeevvvveeeellll2222 oooopppplllloooocccckkkkssss ((((SSSS))))
+ This parameter controls whether Samba supports level2
+ (read-only) oplocks on a share.
+
+ Level2, or read-only oplocks allow Windows NT clients
+ that have an oplock on a file to downgrade from a
+ read-write oplock to a read-only oplock once a second
+ client opens the file (instead of releasing all oplocks
+ on a second open, as in traditional, exclusive
+ oplocks). This allows all openers of the file that
+ support level2 oplocks to cache the file for read-ahead
+ only (ie. they may not cache writes or lock requests)
+ and increases performance for many accesses of files
+ that are not commonly written (such as application .EXE
+ files).
+
+ Once one of the clients which have a read-only oplock
+ writes to the file all clients are notified (no reply
+ is needed or waited for) and told to break their
+ oplocks to "none" and delete any read-ahead caches.
+
+
+
+ Page 61 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ It is recommended that this parameter be turned on to
+ speed access to shared executables.
+
+ For more discussions on level2 oplocks see the CIFS
+ spec.
+
+ Currently, if _k_e_r_n_e_l _o_p_l_o_c_k_s are supported then level2
+ oplocks are not granted (even if this parameter is set
+ to yes). Note also, the _o_p_l_o_c_k_s parameter must be set
+ to yes on this share in order for this parameter to
+ have any effect.
+
+ See also the _o_p_l_o_c_k_s and _k_e_r_n_e_l _o_p_l_o_c_k_s parameters.
+
+ Default: lllleeeevvvveeeellll2222 oooopppplllloooocccckkkkssss ==== yyyyeeeessss
+
+ llllmmmm aaaannnnnnnnoooouuuunnnncccceeee ((((GGGG))))
+ This parameter determines if nnnnmmmmbbbbdddd((((8888)))) will produce
+ Lanman announce broadcasts that are needed by OS/2
+ clients in order for them to see the Samba server in
+ their browse list. This parameter can have three
+ values, yes, no, or auto. The default is auto. If set
+ to no Samba will never produce these broadcasts. If set
+ to yes Samba will produce Lanman announce broadcasts at
+ a frequency set by the parameter _l_m _i_n_t_e_r_v_a_l. If set to
+ auto Samba will not send Lanman announce broadcasts by
+ default but will listen for them. If it hears such a
+ broadcast on the wire it will then start sending them
+ at a frequency set by the parameter _l_m _i_n_t_e_r_v_a_l.
+
+ See also _l_m _i_n_t_e_r_v_a_l .
+
+ Default: llllmmmm aaaannnnnnnnoooouuuunnnncccceeee ==== aaaauuuuttttoooo
+
+ Example: llllmmmm aaaannnnnnnnoooouuuunnnncccceeee ==== yyyyeeeessss
+
+ llllmmmm iiiinnnntttteeeerrrrvvvvaaaallll ((((GGGG))))
+ If Samba is set to produce Lanman announce broadcasts
+ needed by OS/2 clients (see the _l_m _a_n_n_o_u_n_c_e parameter)
+ then this parameter defines the frequency in seconds
+ with which they will be made. If this is set to zero
+ then no Lanman announcements will be made despite the
+ setting of the _l_m _a_n_n_o_u_n_c_e parameter.
+
+ See also _l_m _a_n_n_o_u_n_c_e.
+
+ Default: llllmmmm iiiinnnntttteeeerrrrvvvvaaaallll ==== 66660000
+
+ Example: llllmmmm iiiinnnntttteeeerrrrvvvvaaaallll ==== 111122220000
+
+ llllooooaaaadddd pppprrrriiiinnnntttteeeerrrrssss ((((GGGG))))
+ A boolean variable that controls whether all printers
+
+
+
+ Page 62 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ in the printcap will be loaded for browsing by default.
+ See the printers section for more details.
+
+ Default: llllooooaaaadddd pppprrrriiiinnnntttteeeerrrrssss ==== yyyyeeeessss
+
+ llllooooccccaaaallll mmmmaaaasssstttteeeerrrr ((((GGGG))))
+ This option allows nnnnmmmmbbbbdddd((((8888)))) to try and become a local
+ master browser on a subnet. If set to no then nnnnmmmmbbbbdddd
+ will not attempt to become a local master browser on a
+ subnet and will also lose in all browsing elections. By
+ default this value is set to yes. Setting this value to
+ yes doesn't mean that Samba will bbbbeeeeccccoooommmmeeee the local
+ master browser on a subnet, just that nnnnmmmmbbbbdddd will
+ ppppaaaarrrrttttiiiicccciiiippppaaaatttteeee in elections for local master browser.
+
+ Setting this value to no will cause nnnnmmmmbbbbdddd nnnneeeevvvveeeerrrr to
+ become a local master browser.
+
+ Default: llllooooccccaaaallll mmmmaaaasssstttteeeerrrr ==== yyyyeeeessss
+
+ lllloooocccckkkk ddddiiiirrrr ((((GGGG))))
+ Synonym for _l_o_c_k _d_i_r_e_c_t_o_r_y.
+
+ lllloooocccckkkk ddddiiiirrrreeeeccccttttoooorrrryyyy ((((GGGG))))
+ This option specifies the directory where lock files
+ will be placed. The lock files are used to implement
+ the _m_a_x _c_o_n_n_e_c_t_i_o_n_s option.
+
+ Default: lllloooocccckkkk ddddiiiirrrreeeeccccttttoooorrrryyyy ==== $$$${{{{pppprrrreeeeffffiiiixxxx}}}}////vvvvaaaarrrr////lllloooocccckkkkssss
+
+ Example: lllloooocccckkkk ddddiiiirrrreeeeccccttttoooorrrryyyy ==== ////vvvvaaaarrrr////rrrruuuunnnn////ssssaaaammmmbbbbaaaa////lllloooocccckkkkssss
+
+ lllloooocccckkkk ssssppppiiiinnnn ccccoooouuuunnnntttt ((((GGGG))))
+ This parameter controls the number of times that smbd
+ should attempt to gain a byte range lock on the behalf
+ of a client request. Experiments have shown that
+ Windows 2k servers do not reply with a failure if the
+ lock could not be immediately granted, but try a few
+ more times in case the lock could later be aquired.
+ This behavior is used to support PC database formats
+ such as MS Access and FoxPro.
+
+ Default: lllloooocccckkkk ssssppppiiiinnnn ccccoooouuuunnnntttt ==== 2222
+
+ lllloooocccckkkk ssssppppiiiinnnn ttttiiiimmmmeeee ((((GGGG))))
+ The time in microseconds that smbd should pause before
+ attempting to gain a failed lock. See _l_o_c_k _s_p_i_n _c_o_u_n_t
+ for more details.
+
+ Default: lllloooocccckkkk ssssppppiiiinnnn ttttiiiimmmmeeee ==== 11110000
+
+ lllloooocccckkkkiiiinnnngggg ((((SSSS))))
+
+
+
+ Page 63 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ This controls whether or not locking will be performed
+ by the server in response to lock requests from the
+ client.
+
+ If lllloooocccckkkkiiiinnnngggg ==== nnnnoooo, all lock and unlock requests will
+ appear to succeed and all lock queries will report that
+ the file in question is available for locking.
+
+ If lllloooocccckkkkiiiinnnngggg ==== yyyyeeeessss, real locking will be performed by the
+ server.
+
+ This option mmmmaaaayyyy be useful for read-only filesystems
+ which mmmmaaaayyyy not need locking (such as CDROM drives),
+ although setting this parameter of no is not really
+ recommended even in this case.
+
+ Be careful about disabling locking either globally or
+ in a specific service, as lack of locking may result in
+ data corruption. You should never need to set this
+ parameter.
+
+ Default: lllloooocccckkkkiiiinnnngggg ==== yyyyeeeessss
+
+ lllloooogggg ffffiiiilllleeee ((((GGGG))))
+ This option allows you to override the name of the
+ Samba log file (also known as the debug file).
+
+ This option takes the standard substitutions, allowing
+ you to have separate log files for each user or
+ machine.
+
+ Example: lllloooogggg ffffiiiilllleeee ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////vvvvaaaarrrr////lllloooogggg....%%%%mmmm
+
+ lllloooogggg lllleeeevvvveeeellll ((((GGGG))))
+ The value of the parameter (an integer) allows the
+ debug level (logging level) to be specified in the
+ _s_m_b._c_o_n_f file. This is to give greater flexibility in
+ the configuration of the system.
+
+ The default will be the log level specified on the
+ command line or level zero if none was specified.
+
+ Example: lllloooogggg lllleeeevvvveeeellll ==== 3333
+
+ llllooooggggoooonnnn ddddrrrriiiivvvveeee ((((GGGG))))
+ This parameter specifies the local path to which the
+ home directory will be connected (see _l_o_g_o_n _h_o_m_e) and
+ is only used by NT Workstations.
+
+ Note that this option is only useful if Samba is set up
+ as a logon server.
+
+
+
+
+ Page 64 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Default: llllooooggggoooonnnn ddddrrrriiiivvvveeee ==== zzzz::::
+
+ Example: llllooooggggoooonnnn ddddrrrriiiivvvveeee ==== hhhh::::
+
+ llllooooggggoooonnnn hhhhoooommmmeeee ((((GGGG))))
+ This parameter specifies the home directory location
+ when a Win95/98 or NT Workstation logs into a Samba
+ PDC. It allows you to do
+
+ C:\> NNNNEEEETTTT UUUUSSSSEEEE HHHH:::: ////HHHHOOOOMMMMEEEE
+
+ from a command prompt, for example.
+
+ This option takes the standard substitutions, allowing
+ you to have separate logon scripts for each user or
+ machine.
+
+ This parameter can be used with Win9X workstations to
+ ensure that roaming profiles are stored in a
+ subdirectory of the user's home directory. This is done
+ in the following way:
+
+ llllooooggggoooonnnn hhhhoooommmmeeee ==== \\\\\\\\%%%%NNNN\\\\%%%%UUUU\\\\pppprrrrooooffffiiiilllleeee
+
+ This tells Samba to return the above string, with
+ substitutions made when a client requests the info,
+ generally in a NetUserGetInfo request. Win9X clients
+ truncate the info to \\server\share when a user does
+ nnnneeeetttt uuuusssseeee ////hhhhoooommmmeeee but use the whole string when dealing
+ with profiles.
+
+ Note that in prior versions of Samba, the _l_o_g_o_n _p_a_t_h
+ was returned rather than _l_o_g_o_n _h_o_m_e. This broke nnnneeeetttt uuuusssseeee
+ ////hhhhoooommmmeeee but allowed profiles outside the home directory.
+ The current implementation is correct, and can be used
+ for profiles if you use the above trick.
+
+ This option is only useful if Samba is set up as a
+ logon server.
+
+ Default: llllooooggggoooonnnn hhhhoooommmmeeee ==== """"\\\\\\\\%%%%NNNN\\\\%%%%UUUU""""
+
+ Example: llllooooggggoooonnnn hhhhoooommmmeeee ==== """"\\\\\\\\rrrreeeemmmmooootttteeee____ssssmmmmbbbb____sssseeeerrrrvvvveeeerrrr\\\\%%%%UUUU""""
+
+ llllooooggggoooonnnn ppppaaaatttthhhh ((((GGGG))))
+ This parameter specifies the home directory where
+ roaming profiles (NTuser.dat etc files for Windows NT)
+ are stored. Contrary to previous versions of these
+ manual pages, it has nothing to do with Win 9X roaming
+ profiles. To find out how to handle roaming profiles
+ for Win 9X system, see the _l_o_g_o_n _h_o_m_e parameter.
+
+
+
+
+ Page 65 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ This option takes the standard substitutions, allowing
+ you to have separate logon scripts for each user or
+ machine. It also specifies the directory from which the
+ "Application Data", (_d_e_s_k_t_o_p, _s_t_a_r_t _m_e_n_u, _n_e_t_w_o_r_k
+ _n_e_i_g_h_b_o_r_h_o_o_d, _p_r_o_g_r_a_m_s and other folders, and their
+ contents, are loaded and displayed on your Windows NT
+ client.
+
+ The share and the path must be readable by the user for
+ the preferences and directories to be loaded onto the
+ Windows NT client. The share must be writeable when the
+ user logs in for the first time, in order that the
+ Windows NT client can create the NTuser.dat and other
+ directories.
+
+ Thereafter, the directories and any of the contents
+ can, if required, be made read-only. It is not
+ advisable that the NTuser.dat file be made read-only -
+ rename it to NTuser.man to achieve the desired effect
+ (a MMMMAAAANNNNdatory profile).
+
+ Windows clients can sometimes maintain a connection to
+ the [homes] share, even though there is no user logged
+ in. Therefore, it is vital that the logon path does not
+ include a reference to the homes share (i.e. setting
+ this parameter to \%N\%U\profile_path will cause
+ problems).
+
+ This option takes the standard substitutions, allowing
+ you to have separate logon scripts for each user or
+ machine.
+
+ Note that this option is only useful if Samba is set up
+ as a logon server.
+
+ Default: llllooooggggoooonnnn ppppaaaatttthhhh ==== \\\\\\\\%%%%NNNN\\\\%%%%UUUU\\\\pppprrrrooooffffiiiilllleeee
+
+ Example: llllooooggggoooonnnn ppppaaaatttthhhh ==== \\\\\\\\PPPPRRRROOOOFFFFIIIILLLLEEEESSSSEEEERRRRVVVVEEEERRRR\\\\PPPPRRRROOOOFFFFIIIILLLLEEEE\\\\%%%%UUUU
+
+ llllooooggggoooonnnn ssssccccrrrriiiipppptttt ((((GGGG))))
+ This parameter specifies the batch file (.bat) or NT
+ command file (.cmd) to be downloaded and run on a
+ machine when a user successfully logs in. The file must
+ contain the DOS style CR/LF line endings. Using a DOS-
+ style editor to create the file is recommended.
+
+ The script must be a relative path to the [netlogon]
+ service. If the [netlogon] service specifies a _p_a_t_h of
+ /_u_s_r/_l_o_c_a_l/_s_a_m_b_a/_n_e_t_l_o_g_o_n , and llllooooggggoooonnnn ssssccccrrrriiiipppptttt ====
+ SSSSTTTTAAAARRRRTTTTUUUUPPPP....BBBBAAAATTTT, then the file that will be downloaded is:
+
+ /_u_s_r/_l_o_c_a_l/_s_a_m_b_a/_n_e_t_l_o_g_o_n/_S_T_A_R_T_U_P._B_A_T
+
+
+
+ Page 66 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ The contents of the batch file are entirely your
+ choice. A suggested command would be to add NNNNEEEETTTT TTTTIIIIMMMMEEEE
+ \\\\\\\\SSSSEEEERRRRVVVVEEEERRRR ////SSSSEEEETTTT ////YYYYEEEESSSS, to force every machine to
+ synchronize clocks with the same time server. Another
+ use would be to add NNNNEEEETTTT UUUUSSSSEEEE UUUU:::: \\\\\\\\SSSSEEEERRRRVVVVEEEERRRR\\\\UUUUTTTTIIIILLLLSSSS for
+ commonly used utilities, or NNNNEEEETTTT UUUUSSSSEEEE QQQQ::::
+ \\\\\\\\SSSSEEEERRRRVVVVEEEERRRR\\\\IIIISSSSOOOO9999000000001111____QQQQAAAA for example.
+
+ Note that it is particularly important not to allow
+ write access to the [netlogon] share, or to grant users
+ write permission on the batch files in a secure
+ environment, as this would allow the batch files to be
+ arbitrarily modified and security to be breached.
+
+ This option takes the standard substitutions, allowing
+ you to have separate logon scripts for each user or
+ machine.
+
+ This option is only useful if Samba is set up as a
+ logon server.
+
+ Default: nnnnoooo llllooooggggoooonnnn ssssccccrrrriiiipppptttt ddddeeeeffffiiiinnnneeeedddd
+
+ Example: llllooooggggoooonnnn ssssccccrrrriiiipppptttt ==== ssssccccrrrriiiippppttttssss\\\\%%%%UUUU....bbbbaaaatttt
+
+ llllppppppppaaaauuuusssseeee ccccoooommmmmmmmaaaannnndddd ((((SSSS))))
+ This parameter specifies the command to be executed on
+ the server host in order to stop printing or spooling a
+ specific print job.
+
+ This command should be a program or script which takes
+ a printer name and job number to pause the print job.
+ One way of implementing this is by using job
+ priorities, where jobs having a too low priority won't
+ be sent to the printer.
+
+ If a %_p is given then the printer name is put in its
+ place. A %_j is replaced with the job number (an
+ integer). On HPUX (see _p_r_i_n_t_i_n_g=_h_p_u_x ), if the -_p%_p
+ option is added to the lpq command, the job will show
+ up with the correct status, i.e. if the job priority is
+ lower than the set fence priority it will have the
+ PAUSED status, whereas if the priority is equal or
+ higher it will have the SPOOLED or PRINTING status.
+
+ Note that it is good practice to include the absolute
+ path in the lppause command as the PATH may not be
+ available to the server.
+
+ See also the _p_r_i_n_t_i_n_g parameter.
+
+ Default: Currently no default value is given to this
+
+
+
+ Page 67 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ string, unless the value of the _p_r_i_n_t_i_n_g parameter is
+ SYSV, in which case the default is :
+
+ llllpppp ----iiii %%%%pppp----%%%%jjjj ----HHHH hhhhoooolllldddd
+
+ or if the value of the _p_r_i_n_t_i_n_g parameter is SOFTQ,
+ then the default is:
+
+ qqqqssssttttaaaatttt ----ssss ----jjjj%%%%jjjj ----hhhh
+
+ Example for HPUX: llllppppppppaaaauuuusssseeee ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////llllppppaaaalllltttt %%%%pppp----
+ %%%%jjjj ----pppp0000
+
+ llllppppqqqq ccccaaaacccchhhheeee ttttiiiimmmmeeee ((((GGGG))))
+ This controls how long lpq info will be cached for to
+ prevent the llllppppqqqq command being called too often. A
+ separate cache is kept for each variation of the llllppppqqqq
+ command used by the system, so if you use different llllppppqqqq
+ commands for different users then they won't share
+ cache information.
+
+ The cache files are stored in /_t_m_p/_l_p_q._x_x_x_x where xxxx
+ is a hash of the llllppppqqqq command in use.
+
+ The default is 10 seconds, meaning that the cached
+ results of a previous identical llllppppqqqq command will be
+ used if the cached data is less than 10 seconds old. A
+ large value may be advisable if your llllppppqqqq command is
+ very slow.
+
+ A value of 0 will disable caching completely.
+
+ See also the _p_r_i_n_t_i_n_g parameter.
+
+ Default: llllppppqqqq ccccaaaacccchhhheeee ttttiiiimmmmeeee ==== 11110000
+
+ Example: llllppppqqqq ccccaaaacccchhhheeee ttttiiiimmmmeeee ==== 33330000
+
+ llllppppqqqq ccccoooommmmmmmmaaaannnndddd ((((SSSS))))
+ This parameter specifies the command to be executed on
+ the server host in order to obtain llllppppqqqq -style printer
+ status information.
+
+ This command should be a program or script which takes
+ a printer name as its only parameter and outputs
+ printer status information.
+
+ Currently nine styles of printer status information are
+ supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS,
+ and SOFTQ. This covers most UNIX systems. You control
+ which type is expected using the _p_r_i_n_t_i_n_g = option.
+
+
+
+
+ Page 68 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Some clients (notably Windows for Workgroups) may not
+ correctly send the connection number for the printer
+ they are requesting status information about. To get
+ around this, the server reports on the first printer
+ service connected to by the client. This only happens
+ if the connection number sent is invalid.
+
+ If a %_p is given then the printer name is put in its
+ place. Otherwise it is placed at the end of the
+ command.
+
+ Note that it is good practice to include the absolute
+ path in the _l_p_q _c_o_m_m_a_n_d as the $$$$PPPPAAAATTTTHHHH may not be
+ available to the server. When compiled with the CUPS
+ libraries, no _l_p_q _c_o_m_m_a_n_d is needed because smbd will
+ make a library call to obtain the print queue listing.
+
+ See also the _p_r_i_n_t_i_n_g parameter.
+
+ Default: ddddeeeeppppeeeennnnddddssss oooonnnn tttthhhheeee sssseeeettttttttiiiinnnngggg ooooffff _p_r_i_n_t_i_n_g
+
+ Example: llllppppqqqq ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////llllppppqqqq ----PPPP%%%%pppp
+
+ llllpppprrrreeeessssuuuummmmeeee ccccoooommmmmmmmaaaannnndddd ((((SSSS))))
+ This parameter specifies the command to be executed on
+ the server host in order to restart or continue
+ printing or spooling a specific print job.
+
+ This command should be a program or script which takes
+ a printer name and job number to resume the print job.
+ See also the _l_p_p_a_u_s_e _c_o_m_m_a_n_d parameter.
+
+ If a %_p is given then the printer name is put in its
+ place. A %_j is replaced with the job number (an
+ integer).
+
+ Note that it is good practice to include the absolute
+ path in the _l_p_r_e_s_u_m_e _c_o_m_m_a_n_d as the PATH may not be
+ available to the server.
+
+ See also the _p_r_i_n_t_i_n_g parameter.
+
+ Default: Currently no default value is given to this
+ string, unless the value of the _p_r_i_n_t_i_n_g parameter is
+ SYSV, in which case the default is :
+
+ llllpppp ----iiii %%%%pppp----%%%%jjjj ----HHHH rrrreeeessssuuuummmmeeee
+
+ or if the value of the _p_r_i_n_t_i_n_g parameter is SOFTQ,
+ then the default is:
+
+ qqqqssssttttaaaatttt ----ssss ----jjjj%%%%jjjj ----rrrr
+
+
+
+ Page 69 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Example for HPUX: llllpppprrrreeeessssuuuummmmeeee ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////llllppppaaaalllltttt
+ %%%%pppp----%%%%jjjj ----pppp2222
+
+ llllpppprrrrmmmm ccccoooommmmmmmmaaaannnndddd ((((SSSS))))
+ This parameter specifies the command to be executed on
+ the server host in order to delete a print job.
+
+ This command should be a program or script which takes
+ a printer name and job number, and deletes the print
+ job.
+
+ If a %_p is given then the printer name is put in its
+ place. A %_j is replaced with the job number (an
+ integer).
+
+ Note that it is good practice to include the absolute
+ path in the _l_p_r_m _c_o_m_m_a_n_d as the PATH may not be
+ available to the server.
+
+ See also the _p_r_i_n_t_i_n_g parameter.
+
+ Default: ddddeeeeppppeeeennnnddddssss oooonnnn tttthhhheeee sssseeeettttttttiiiinnnngggg ooooffff _p_r_i_n_t_i_n_g
+
+ Example 1: llllpppprrrrmmmm ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////llllpppprrrrmmmm ----PPPP%%%%pppp %%%%jjjj
+
+ Example 2: llllpppprrrrmmmm ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////ccccaaaannnncccceeeellll %%%%pppp----%%%%jjjj
+
+ mmmmaaaacccchhhhiiiinnnneeee ppppaaaasssssssswwwwoooorrrrdddd ttttiiiimmmmeeeeoooouuuutttt ((((GGGG))))
+ If a Samba server is a member of a Windows NT Domain
+ (see the security = domain) parameter) then
+ periodically a running smbd(8) process will try and
+ change the MACHINE ACCOUNT PASSWORD stored in the TDB
+ called _p_r_i_v_a_t_e/_s_e_c_r_e_t_s._t_d_b . This parameter specifies
+ how often this password will be changed, in seconds.
+ The default is one week (expressed in seconds), the
+ same as a Windows NT Domain member server.
+
+ See also ssssmmmmbbbbppppaaaasssssssswwwwdddd((((8888))))
+ and the security = domain) parameter.
+
+ Default: mmmmaaaacccchhhhiiiinnnneeee ppppaaaasssssssswwwwoooorrrrdddd ttttiiiimmmmeeeeoooouuuutttt ==== 666600004444888800000000
+
+ mmmmaaaaggggiiiicccc oooouuuuttttppppuuuutttt ((((SSSS))))
+ This parameter specifies the name of a file which will
+ contain output created by a magic script (see the _m_a_g_i_c
+ _s_c_r_i_p_t parameter below).
+
+ Warning: If two clients use the same _m_a_g_i_c _s_c_r_i_p_t in
+ the same directory the output file content is
+ undefined.
+
+ Default: mmmmaaaaggggiiiicccc oooouuuuttttppppuuuutttt ==== <<<<mmmmaaaaggggiiiicccc ssssccccrrrriiiipppptttt nnnnaaaammmmeeee>>>>....oooouuuutttt
+
+
+
+ Page 70 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Example: mmmmaaaaggggiiiicccc oooouuuuttttppppuuuutttt ==== mmmmyyyyffffiiiilllleeee....ttttxxxxtttt
+
+ mmmmaaaaggggiiiicccc ssssccccrrrriiiipppptttt ((((SSSS))))
+ This parameter specifies the name of a file which, if
+ opened, will be executed by the server when the file is
+ closed. This allows a UNIX script to be sent to the
+ Samba host and executed on behalf of the connected
+ user.
+
+ Scripts executed in this way will be deleted upon
+ completion assuming that the user has the appropriate
+ level of privilege and the file permissions allow the
+ deletion.
+
+ If the script generates output, output will be sent to
+ the file specified by the _m_a_g_i_c _o_u_t_p_u_t parameter (see
+ above).
+
+ Note that some shells are unable to interpret scripts
+ containing CR/LF instead of CR as the end-of-line
+ marker. Magic scripts must be executable aaaassss iiiissss on the
+ host, which for some hosts and some shells will require
+ filtering at the DOS end.
+
+ Magic scripts are EEEEXXXXPPPPEEEERRRRIIIIMMMMEEEENNNNTTTTAAAALLLL and should NNNNOOOOTTTT be relied
+ upon.
+
+ Default: NNNNoooonnnneeee.... MMMMaaaaggggiiiicccc ssssccccrrrriiiippppttttssss ddddiiiissssaaaabbbblllleeeedddd....
+
+ Example: mmmmaaaaggggiiiicccc ssssccccrrrriiiipppptttt ==== uuuusssseeeerrrr....ccccsssshhhh
+
+ mmmmaaaannnngggglllleeee ccccaaaasssseeee ((((SSSS))))
+ See the section on NAME MANGLING
+
+ Default: mmmmaaaannnngggglllleeee ccccaaaasssseeee ==== nnnnoooo
+
+ mmmmaaaannnngggglllleeeedddd mmmmaaaapppp ((((SSSS))))
+ This is for those who want to directly map UNIX file
+ names which cannot be represented on Windows/DOS. The
+ mangling of names is not always what is needed. In
+ particular you may have documents with file extensions
+ that differ between DOS and UNIX. For example, under
+ UNIX it is common to use ._h_t_m_l for HTML files, whereas
+ under Windows/DOS ._h_t_m is more commonly used.
+
+ So to map _h_t_m_l to _h_t_m you would use:
+
+ mmmmaaaannnngggglllleeeedddd mmmmaaaapppp ==== ((((****....hhhhttttmmmmllll ****....hhhhttttmmmm))))
+
+ One very useful case is to remove the annoying ;_1 off
+ the ends of filenames on some CDROMs (only visible
+ under some UNIXes). To do this use a map of (*;1 *;).
+
+
+
+ Page 71 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Default: nnnnoooo mmmmaaaannnngggglllleeeedddd mmmmaaaapppp
+
+ Example: mmmmaaaannnngggglllleeeedddd mmmmaaaapppp ==== ((((****;;;;1111 ****;;;;))))
+
+ mmmmaaaannnngggglllleeeedddd nnnnaaaammmmeeeessss ((((SSSS))))
+ This controls whether non-DOS names under UNIX should
+ be mapped to DOS-compatible names ("mangled") and made
+ visible, or whether non-DOS names should simply be
+ ignored.
+
+ See the section on NAME MANGLING for details on how to
+ control the mangling process.
+
+ If mangling algorithm "hash" is used then the mangling
+ algorithm is as follows:
+
+ o+ The first (up to) five alphanumeric characters before
+ the rightmost dot of the filename are preserved,
+ forced to upper case, and appear as the first (up to)
+ five characters of the mangled name.
+
+ o+ A tilde "~" is appended to the first part of the
+ mangled name, followed by a two-character unique
+ sequence, based on the original root name (i.e., the
+ original filename minus its final extension). The
+ final extension is included in the hash calculation
+ only if it contains any upper case characters or is
+ longer than three characters.
+
+ Note that the character to use may be specified using
+ the _m_a_n_g_l_i_n_g _c_h_a_r option, if you don't like '~'.
+
+ o+ The first three alphanumeric characters of the final
+ extension are preserved, forced to upper case and
+ appear as the extension of the mangled name. The
+ final extension is defined as that part of the
+ original filename after the rightmost dot. If there
+ are no dots in the filename, the mangled name will
+ have no extension (except in the case of "hidden
+ files" - see below).
+
+ o+ Files whose UNIX name begins with a dot will be
+ presented as DOS hidden files. The mangled name will
+ be created as for other filenames, but with the
+ leading dot removed and "___" as its extension
+ regardless of actual original extension (that's three
+ underscores).
+
+ The two-digit hash value consists of upper case alphanumeric
+ characters.
+
+ This algorithm can cause name collisions only if files in a
+
+
+
+ Page 72 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ directory share the same first five alphanumeric characters.
+ The probability of such a clash is 1/1300.
+
+ If mangling algorithm "hash2" is used then the mangling
+ algorithm is as follows:
+
+ o+ The first alphanumeric character before the rightmost
+ dot of the filename is preserved, forced to upper
+ case, and appears as the first character of the
+ mangled name.
+
+ o+ A base63 hash of 5 characters is generated and the
+ first 4 characters of that hash are appended to the
+ first character.
+
+ o+ A tilde "~" is appended to the first part of the
+ mangled name, followed by the final character of the
+ base36 hash of the name.
+
+ Note that the character to use may be specified using
+ the _m_a_n_g_l_i_n_g _c_h_a_r option, if you don't like '~'.
+
+ o+ The first three alphanumeric characters of the final
+ extension are preserved, forced to upper case and
+ appear as the extension of the mangled name. The
+ final extension is defined as that part of the
+ original filename after the rightmost dot. If there
+ are no dots in the filename, the mangled name will
+ have no extension (except in the case of "hidden
+ files" - see below).
+
+ o+ Files whose UNIX name begins with a dot will be
+ presented as DOS hidden files. The mangled name will
+ be created as for other filenames, but with the
+ leading dot removed and "___" as its extension
+ regardless of actual original extension (that's three
+ underscores).
+
+ The name mangling (if enabled) allows a file to be copied
+ between UNIX directories from Windows/DOS while retaining
+ the long UNIX filename. UNIX files can be renamed to a new
+ extension from Windows/DOS and will retain the same
+ basename. Mangled names do not change between sessions.
+
+ Default: mmmmaaaannnngggglllleeeedddd nnnnaaaammmmeeeessss ==== yyyyeeeessss
+
+ mmmmaaaannnngggglllleeeedddd ssssttttaaaacccckkkk ((((GGGG))))
+ This parameter controls the number of mangled names
+ that should be cached in the Samba server smbd(8)
+
+ This stack is a list of recently mangled base names
+ (extensions are only maintained if they are longer than
+
+
+
+ Page 73 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ 3 characters or contains upper case characters).
+
+ The larger this value, the more likely it is that
+ mangled names can be successfully converted to correct
+ long UNIX names. However, large stack sizes will slow
+ most directory accesses. Smaller stacks save memory in
+ the server (each stack element costs 256 bytes).
+
+ It is not possible to absolutely guarantee correct long
+ filenames, so be prepared for some surprises!
+
+ Default: mmmmaaaannnngggglllleeeedddd ssssttttaaaacccckkkk ==== 55550000
+
+ Example: mmmmaaaannnngggglllleeeedddd ssssttttaaaacccckkkk ==== 111100000000
+
+ mmmmaaaannnngggglllliiiinnnngggg cccchhhhaaaarrrr ((((SSSS))))
+ This controls what character is used as the mmmmaaaaggggiiiicccc
+ character in name mangling. The default is a '~' but
+ this may interfere with some software. Use this option
+ to set it to whatever you prefer.
+
+ Default: mmmmaaaannnngggglllliiiinnnngggg cccchhhhaaaarrrr ==== ~~~~
+
+ Example: mmmmaaaannnngggglllliiiinnnngggg cccchhhhaaaarrrr ==== ^^^^
+
+ mmmmaaaannnngggglllliiiinnnngggg mmmmaaaatttthhhhoooodddd((((GGGG))))
+ controls the algorithm used for the generating the
+ mangled names. Can take two different values, "hash"
+ and "hash2". "hash" is the default and is the algorithm
+ that has been used in Samba for many years. "hash2" is
+ a newer and considered a better algorithm (generates
+ less collisions) in the names. However, many Win32
+ applications store the mangled names and so changing to
+ the new algorithm must not be done lightly as these
+ applications may break unless reinstalled. New
+ installations of Samba may set the default to hash2.
+
+ Default: mmmmaaaannnngggglllliiiinnnngggg mmmmeeeetttthhhhoooodddd ==== hhhhaaaasssshhhh
+
+ Example: mmmmaaaannnngggglllliiiinnnngggg mmmmeeeetttthhhhoooodddd ==== hhhhaaaasssshhhh2222
+
+ mmmmaaaapppp aaaarrrrcccchhhhiiiivvvveeee ((((SSSS))))
+ This controls whether the DOS archive attribute should
+ be mapped to the UNIX owner execute bit. The DOS
+ archive bit is set when a file has been modified since
+ its last backup. One motivation for this option it to
+ keep Samba/your PC from making any file it touches from
+ becoming executable under UNIX. This can be quite
+ annoying for shared source code, documents, etc...
+
+ Note that this requires the _c_r_e_a_t_e _m_a_s_k parameter to be
+ set such that owner execute bit is not masked out (i.e.
+
+
+
+ Page 74 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ it must include 100). See the parameter _c_r_e_a_t_e _m_a_s_k
+ for details.
+
+ Default: mmmmaaaapppp aaaarrrrcccchhhhiiiivvvveeee ==== yyyyeeeessss
+
+ mmmmaaaapppp hhhhiiiiddddddddeeeennnn ((((SSSS))))
+ This controls whether DOS style hidden files should be
+ mapped to the UNIX world execute bit.
+
+ Note that this requires the _c_r_e_a_t_e _m_a_s_k to be set such
+ that the world execute bit is not masked out (i.e. it
+ must include 001). See the parameter _c_r_e_a_t_e _m_a_s_k for
+ details.
+
+ Default: mmmmaaaapppp hhhhiiiiddddddddeeeennnn ==== nnnnoooo
+
+ mmmmaaaapppp ssssyyyysssstttteeeemmmm ((((SSSS))))
+ This controls whether DOS style system files should be
+ mapped to the UNIX group execute bit.
+
+ Note that this requires the _c_r_e_a_t_e _m_a_s_k to be set such
+ that the group execute bit is not masked out (i.e. it
+ must include 010). See the parameter _c_r_e_a_t_e _m_a_s_k for
+ details.
+
+ Default: mmmmaaaapppp ssssyyyysssstttteeeemmmm ==== nnnnoooo
+
+ mmmmaaaapppp ttttoooo gggguuuueeeesssstttt ((((GGGG))))
+ This parameter is only useful in security modes other
+ than _s_e_c_u_r_i_t_y = _s_h_a_r_e - i.e. user, server, and domain.
+
+ This parameter can take three different values, which
+ tell smbd(8) what to do with user login requests that
+ don't match a valid UNIX user in some way.
+
+ The three settings are :
+
+ o+ Never - Means user login requests with an invalid
+ password are rejected. This is the default.
+
+ o+ Bad User - Means user logins with an invalid password
+ are rejected, unless the username does not exist, in
+ which case it is treated as a guest login and mapped
+ into the _g_u_e_s_t _a_c_c_o_u_n_t.
+
+ o+ Bad Password - Means user logins with an invalid
+ password are treated as a guest login and mapped into
+ the guest account. Note that this can cause problems
+ as it means that any user incorrectly typing their
+ password will be silently logged on as "guest" - and
+ will not know the reason they cannot access files
+ they think they should - there will have been no
+
+
+
+ Page 75 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ message given to them that they got their password
+ wrong. Helpdesk services will hhhhaaaatttteeee you if you set the
+ _m_a_p _t_o _g_u_e_s_t parameter this way :-).
+
+ Note that this parameter is needed to set up "Guest" share
+ services when using _s_e_c_u_r_i_t_y modes other than share. This is
+ because in these modes the name of the resource being
+ requested is nnnnooootttt sent to the server until after the server
+ has successfully authenticated the client so the server
+ cannot make authentication decisions at the correct time
+ (connection to the share) for "Guest" shares.
+
+ For people familiar with the older Samba releases, this
+ parameter maps to the old compile-time setting of the
+ GUEST_SESSSETUP value in local.h.
+
+ Default: mmmmaaaapppp ttttoooo gggguuuueeeesssstttt ==== NNNNeeeevvvveeeerrrr
+
+ Example: mmmmaaaapppp ttttoooo gggguuuueeeesssstttt ==== BBBBaaaadddd UUUUsssseeeerrrr
+
+ mmmmaaaaxxxx ccccoooonnnnnnnneeeeccccttttiiiioooonnnnssss ((((SSSS))))
+ This option allows the number of simultaneous
+ connections to a service to be limited. If _m_a_x
+ _c_o_n_n_e_c_t_i_o_n_s is greater than 0 then connections will be
+ refused if this number of connections to the service
+ are already open. A value of zero mean an unlimited
+ number of connections may be made.
+
+ Record lock files are used to implement this feature.
+ The lock files will be stored in the directory
+ specified by the _l_o_c_k _d_i_r_e_c_t_o_r_y option.
+
+ Default: mmmmaaaaxxxx ccccoooonnnnnnnneeeeccccttttiiiioooonnnnssss ==== 0000
+
+ Example: mmmmaaaaxxxx ccccoooonnnnnnnneeeeccccttttiiiioooonnnnssss ==== 11110000
+
+ mmmmaaaaxxxx ddddiiiisssskkkk ssssiiiizzzzeeee ((((GGGG))))
+ This option allows you to put an upper limit on the
+ apparent size of disks. If you set this option to 100
+ then all shares will appear to be not larger than 100
+ MB in size.
+
+ Note that this option does not limit the amount of data
+ you can put on the disk. In the above case you could
+ still store much more than 100 MB on the disk, but if a
+ client ever asks for the amount of free disk space or
+ the total disk size then the result will be bounded by
+ the amount specified in _m_a_x _d_i_s_k _s_i_z_e.
+
+ This option is primarily useful to work around bugs in
+ some pieces of software that can't handle very large
+ disks, particularly disks over 1GB in size.
+
+
+
+ Page 76 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ A _m_a_x _d_i_s_k _s_i_z_e of 0 means no limit.
+
+ Default: mmmmaaaaxxxx ddddiiiisssskkkk ssssiiiizzzzeeee ==== 0000
+
+ Example: mmmmaaaaxxxx ddddiiiisssskkkk ssssiiiizzzzeeee ==== 1111000000000000
+
+ mmmmaaaaxxxx lllloooogggg ssssiiiizzzzeeee ((((GGGG))))
+ This option (an integer in kilobytes) specifies the max
+ size the log file should grow to. Samba periodically
+ checks the size and if it is exceeded it will rename
+ the file, adding a ._o_l_d extension.
+
+ A size of 0 means no limit.
+
+ Default: mmmmaaaaxxxx lllloooogggg ssssiiiizzzzeeee ==== 5555000000000000
+
+ Example: mmmmaaaaxxxx lllloooogggg ssssiiiizzzzeeee ==== 1111000000000000
+
+ mmmmaaaaxxxx mmmmuuuuxxxx ((((GGGG))))
+ This option controls the maximum number of outstanding
+ simultaneous SMB operations that Samba tells the client
+ it will allow. You should never need to set this
+ parameter.
+
+ Default: mmmmaaaaxxxx mmmmuuuuxxxx ==== 55550000
+
+ mmmmaaaaxxxx ooooppppeeeennnn ffffiiiilllleeeessss ((((GGGG))))
+ This parameter limits the maximum number of open files
+ that one smbd(8) file serving process may have open for
+ a client at any one time. The default for this
+ parameter is set very high (10,000) as Samba uses only
+ one bit per unopened file.
+
+ The limit of the number of open files is usually set by
+ the UNIX per-process file descriptor limit rather than
+ this parameter so you should never need to touch this
+ parameter.
+
+ Default: mmmmaaaaxxxx ooooppppeeeennnn ffffiiiilllleeeessss ==== 11110000000000000000
+
+ mmmmaaaaxxxx pppprrrriiiinnnntttt jjjjoooobbbbssss ((((SSSS))))
+ This parameter limits the maximum number of jobs
+ allowable in a Samba printer queue at any given moment.
+ If this number is exceeded, ssssmmmmbbbbdddd((((8888)))) will remote "Out
+ of Space" to the client. See all _t_o_t_a_l _p_r_i_n_t _j_o_b_s.
+
+ Default: mmmmaaaaxxxx pppprrrriiiinnnntttt jjjjoooobbbbssss ==== 1111000000000000
+
+ Example: mmmmaaaaxxxx pppprrrriiiinnnntttt jjjjoooobbbbssss ==== 5555000000000000
+
+ mmmmaaaaxxxx pppprrrroooottttooooccccoooollll ((((GGGG))))
+ The value of the parameter (a string) is the highest
+
+
+
+ Page 77 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ protocol level that will be supported by the server.
+
+ Possible values are :
+
+ o+ CORE: Earliest version. No concept of user names.
+
+ o+ COREPLUS: Slight improvements on CORE for efficiency.
+
+ o+ LANMAN1: First mmmmooooddddeeeerrrrnnnn version of the protocol. Long
+ filename support.
+
+ o+ LANMAN2: Updates to Lanman1 protocol.
+
+ o+ NT1: Current up to date version of the protocol. Used
+ by Windows NT. Known as CIFS.
+
+ Normally this option should not be set as the automatic
+ negotiation phase in the SMB protocol takes care of choosing
+ the appropriate protocol.
+
+ See also _m_i_n _p_r_o_t_o_c_o_l
+
+ Default: mmmmaaaaxxxx pppprrrroooottttooooccccoooollll ==== NNNNTTTT1111
+
+ Example: mmmmaaaaxxxx pppprrrroooottttooooccccoooollll ==== LLLLAAAANNNNMMMMAAAANNNN1111
+
+ mmmmaaaaxxxx ssssmmmmbbbbdddd pppprrrroooocccceeeesssssssseeeessss ((((GGGG))))
+ This parameter limits the maximum number of ssssmmmmbbbbdddd((((8888))))
+ processes concurrently running on a system and is
+ intended as a stopgap to prevent degrading service to
+ clients in the event that the server has insufficient
+ resources to handle more than this number of
+ connections. Remember that under normal operating
+ conditions, each user will have an smbd associated with
+ him or her to handle connections to all shares from a
+ given host.
+
+ Default: mmmmaaaaxxxx ssssmmmmbbbbdddd pppprrrroooocccceeeesssssssseeeessss ==== 0000 ## no limit
+
+ Example: mmmmaaaaxxxx ssssmmmmbbbbdddd pppprrrroooocccceeeesssssssseeeessss ==== 1111000000000000
+
+ mmmmaaaaxxxx ttttttttllll ((((GGGG))))
+ This option tells nmbd(8) what the default 'time to
+ live' of NetBIOS names should be (in seconds) when nnnnmmmmbbbbdddd
+ is requesting a name using either a broadcast packet or
+ from a WINS server. You should never need to change
+ this parameter. The default is 3 days.
+
+ Default: mmmmaaaaxxxx ttttttttllll ==== 222255559999222200000000
+
+ mmmmaaaaxxxx wwwwiiiinnnnssss ttttttttllll ((((GGGG))))
+ This option tells nmbd(8)
+
+
+
+ Page 78 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ when acting as a WINS server ( _w_i_n_s _s_u_p_p_o_r_t = _y_e_s)
+ what the maximum 'time to live' of NetBIOS names that
+ nnnnmmmmbbbbdddd will grant will be (in seconds). You should never
+ need to change this parameter. The default is 6 days
+ (518400 seconds).
+
+ See also the _m_i_n _w_i_n_s _t_t_l parameter.
+
+ Default: mmmmaaaaxxxx wwwwiiiinnnnssss ttttttttllll ==== 555511118888444400000000
+
+ mmmmaaaaxxxx xxxxmmmmiiiitttt ((((GGGG))))
+ This option controls the maximum packet size that will
+ be negotiated by Samba. The default in Samba 2.2.6 is
+ now 16644 (changed from 65535 in earlier releases)
+ which matches Windows 2000. This allows better
+ performance with Windows NT clients. The maximum is
+ 65535. In some cases you may find you get better
+ performance with a smaller value. A value below 2048 is
+ likely to cause problems.
+
+ Default: mmmmaaaaxxxx xxxxmmmmiiiitttt ==== 11116666666644444444
+
+ Example: mmmmaaaaxxxx xxxxmmmmiiiitttt ==== 8888111199992222
+
+ mmmmeeeessssssssaaaaggggeeee ccccoooommmmmmmmaaaannnndddd ((((GGGG))))
+ This specifies what command to run when the server
+ receives a WinPopup style message.
+
+ This would normally be a command that would deliver the
+ message somehow. How this is to be done is up to your
+ imagination.
+
+ An example is:
+
+ mmmmeeeessssssssaaaaggggeeee ccccoooommmmmmmmaaaannnndddd ==== ccccsssshhhh ----cccc ''''xxxxeeeeddddiiiitttt %%%%ssss;;;;rrrrmmmm %%%%ssss'''' &&&&
+
+ This delivers the message using xxxxeeeeddddiiiitttt, then removes it
+ afterwards. NNNNOOOOTTTTEEEE TTTTHHHHAAAATTTT IIIITTTT IIIISSSS VVVVEEEERRRRYYYY IIIIMMMMPPPPOOOORRRRTTTTAAAANNNNTTTT TTTTHHHHAAAATTTT TTTTHHHHIIIISSSS
+ CCCCOOOOMMMMMMMMAAAANNNNDDDD RRRREEEETTTTUUUURRRRNNNN IIIIMMMMMMMMEEEEDDDDIIIIAAAATTTTEEEELLLLYYYY. That's why I have the '&'
+ on the end. If it doesn't return immediately then your
+ PCs may freeze when sending messages (they should
+ recover after 30 seconds, hopefully).
+
+ All messages are delivered as the global guest user.
+ The command takes the standard substitutions, although
+ %_u won't work (%_U may be better in this case).
+
+ Apart from the standard substitutions, some additional
+ ones apply. In particular:
+
+ o+ %_s = the filename containing the message.
+
+
+
+
+ Page 79 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ %_t = the destination that the message was sent to
+ (probably the server name).
+
+ o+ %_f = who the message is from.
+
+ You could make this command send mail, or whatever else
+ takes your fancy. Please let us know of any really
+ interesting ideas you have.
+
+ Here's a way of sending the messages as mail to root:
+
+ mmmmeeeessssssssaaaaggggeeee ccccoooommmmmmmmaaaannnndddd ==== ////bbbbiiiinnnn////mmmmaaaaiiiillll ----ssss ''''mmmmeeeessssssssaaaaggggeeee ffffrrrroooommmm %%%%ffff oooonnnn %%%%mmmm'''' rrrrooooooootttt
+ <<<< %%%%ssss;;;; rrrrmmmm %%%%ssss
+
+ If you don't have a message command then the message won't
+ be delivered and Samba will tell the sender there was an
+ error. Unfortunately WfWg totally ignores the error code and
+ carries on regardless, saying that the message was
+ delivered.
+
+ If you want to silently delete it then try:
+
+ mmmmeeeessssssssaaaaggggeeee ccccoooommmmmmmmaaaannnndddd ==== rrrrmmmm %%%%ssss
+
+ Default: nnnnoooo mmmmeeeessssssssaaaaggggeeee ccccoooommmmmmmmaaaannnndddd
+
+ Example: mmmmeeeessssssssaaaaggggeeee ccccoooommmmmmmmaaaannnndddd ==== ccccsssshhhh ----cccc ''''xxxxeeeeddddiiiitttt %%%%ssss;;;; rrrrmmmm %%%%ssss'''' &&&&
+
+ mmmmiiiinnnn ppppaaaasssssssswwwwdddd lllleeeennnnggggtttthhhh ((((GGGG))))
+ Synonym for _m_i_n _p_a_s_s_w_o_r_d _l_e_n_g_t_h.
+
+ mmmmiiiinnnn ppppaaaasssssssswwwwoooorrrrdddd lllleeeennnnggggtttthhhh ((((GGGG))))
+ This option sets the minimum length in characters of a
+ plaintext password that ssssmmmmbbbbdddd will accept when
+ performing UNIX password changing.
+
+ See also _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c, _p_a_s_s_w_d _p_r_o_g_r_a_m and _p_a_s_s_w_d
+ _c_h_a_t _d_e_b_u_g .
+
+ Default: mmmmiiiinnnn ppppaaaasssssssswwwwoooorrrrdddd lllleeeennnnggggtttthhhh ==== 5555
+
+ mmmmiiiinnnn pppprrrriiiinnnntttt ssssppppaaaacccceeee ((((SSSS))))
+ This sets the minimum amount of free disk space that
+ must be available before a user will be able to spool a
+ print job. It is specified in kilobytes. The default is
+ 0, which means a user can always spool a print job.
+
+ See also the _p_r_i_n_t_i_n_g parameter.
+
+ Default: mmmmiiiinnnn pppprrrriiiinnnntttt ssssppppaaaacccceeee ==== 0000
+
+ Example: mmmmiiiinnnn pppprrrriiiinnnntttt ssssppppaaaacccceeee ==== 2222000000000000
+
+
+
+ Page 80 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ mmmmiiiinnnn pppprrrroooottttooooccccoooollll ((((GGGG))))
+ The value of the parameter (a string) is the lowest SMB
+ protocol dialect than Samba will support. Please refer
+ to the _m_a_x _p_r_o_t_o_c_o_l parameter for a list of valid
+ protocol names and a brief description of each. You may
+ also wish to refer to the C source code in
+ _s_o_u_r_c_e/_s_m_b_d/_n_e_g_p_r_o_t._c for a listing of known protocol
+ dialects supported by clients.
+
+ If you are viewing this parameter as a security
+ measure, you should also refer to the _l_a_n_m_a_n _a_u_t_h
+ parameter. Otherwise, you should never need to change
+ this parameter.
+
+ Default : mmmmiiiinnnn pppprrrroooottttooooccccoooollll ==== CCCCOOOORRRREEEE
+
+ Example : mmmmiiiinnnn pppprrrroooottttooooccccoooollll ==== NNNNTTTT1111 # disable DOS clients
+
+ mmmmiiiinnnn wwwwiiiinnnnssss ttttttttllll ((((GGGG))))
+ This option tells nmbd(8) when acting as a WINS server
+ ( _w_i_n_s _s_u_p_p_o_r_t = _y_e_s) what the minimum 'time to live'
+ of NetBIOS names that nnnnmmmmbbbbdddd will grant will be (in
+ seconds). You should never need to change this
+ parameter. The default is 6 hours (21600 seconds).
+
+ Default: mmmmiiiinnnn wwwwiiiinnnnssss ttttttttllll ==== 22221111666600000000
+
+ mmmmssssddddffffssss rrrrooooooootttt ((((SSSS))))
+ This boolean parameter is only available if Samba is
+ configured and compiled with the --------wwwwiiiitttthhhh----mmmmssssddddffffssss option.
+ If set to yes, Samba treats the share as a Dfs root and
+ allows clients to browse the distributed file system
+ tree rooted at the share directory. Dfs links are
+ specified in the share directory by symbolic links of
+ the form _m_s_d_f_s:_s_e_r_v_e_r_A\_s_h_a_r_e_A,_s_e_r_v_e_r_B\_s_h_a_r_e_B and so on.
+ For more information on setting up a Dfs tree on Samba,
+ refer to msdfs_setup.html
+
+
+ See also _h_o_s_t _m_s_d_f_s
+
+ Default: mmmmssssddddffffssss rrrrooooooootttt ==== nnnnoooo
+
+ nnnnaaaammmmeeee rrrreeeessssoooollllvvvveeee oooorrrrddddeeeerrrr ((((GGGG))))
+ This option is used by the programs in the Samba suite
+ to determine what naming services to use and in what
+ order to resolve host names to IP addresses. The option
+ takes a space separated string of name resolution
+ options.
+
+ The options are :"lmhosts", "host", "wins" and "bcast".
+ They cause names to be resolved as follows :
+
+
+
+ Page 81 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ lmhosts : Lookup an IP address in the Samba lmhosts
+ file. If the line in lmhosts has no name type
+ attached to the NetBIOS name (see the lmhosts(5) for
+ details) then any name type matches for lookup.
+
+ o+ host : Do a standard host name to IP address
+ resolution, using the system /_e_t_c/_h_o_s_t_s , NIS, or DNS
+ lookups. This method of name resolution is operating
+ system depended for instance on IRIX or Solaris this
+ may be controlled by the /_e_t_c/_n_s_s_w_i_t_c_h._c_o_n_f file.
+ Note that this method is only used if the NetBIOS
+ name type being queried is the 0x20 (server) name
+ type, otherwise it is ignored.
+
+ o+ wins : Query a name with the IP address listed in the
+ _w_i_n_s _s_e_r_v_e_r parameter. If no WINS server has been
+ specified this method will be ignored.
+
+ o+ bcast : Do a broadcast on each of the known local
+ interfaces listed in the _i_n_t_e_r_f_a_c_e_s parameter. This
+ is the least reliable of the name resolution methods
+ as it depends on the target host being on a locally
+ connected subnet.
+
+ Default: nnnnaaaammmmeeee rrrreeeessssoooollllvvvveeee oooorrrrddddeeeerrrr ==== llllmmmmhhhhoooossssttttssss hhhhoooosssstttt wwwwiiiinnnnssss bbbbccccaaaasssstttt
+
+ Example: nnnnaaaammmmeeee rrrreeeessssoooollllvvvveeee oooorrrrddddeeeerrrr ==== llllmmmmhhhhoooossssttttssss bbbbccccaaaasssstttt hhhhoooosssstttt
+
+ This will cause the local lmhosts file to be examined first,
+ followed by a broadcast attempt, followed by a normal system
+ hostname lookup.
+
+ nnnneeeettttbbbbiiiioooossss aaaalllliiiiaaaasssseeeessss ((((GGGG))))
+ This is a list of NetBIOS names that nmbd(8) will
+ advertise as additional names by which the Samba server
+ is known. This allows one machine to appear in browse
+ lists under multiple names. If a machine is acting as a
+ browse server or logon server none of these names will
+ be advertised as either browse server or logon servers,
+ only the primary name of the machine will be advertised
+ with these capabilities.
+
+ See also _n_e_t_b_i_o_s _n_a_m_e.
+
+ Default: eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg ((((nnnnoooo aaaaddddddddiiiittttiiiioooonnnnaaaallll nnnnaaaammmmeeeessss))))
+
+ Example: nnnneeeettttbbbbiiiioooossss aaaalllliiiiaaaasssseeeessss ==== TTTTEEEESSSSTTTT TTTTEEEESSSSTTTT1111 TTTTEEEESSSSTTTT2222
+
+ nnnneeeettttbbbbiiiioooossss nnnnaaaammmmeeee ((((GGGG))))
+ This sets the NetBIOS name by which a Samba server is
+ known. By default it is the same as the first component
+ of the host's DNS name. If a machine is a browse server
+
+
+
+ Page 82 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ or logon server this name (or the first component of
+ the hosts DNS name) will be the name that these
+ services are advertised under.
+
+ See also _n_e_t_b_i_o_s _a_l_i_a_s_e_s.
+
+ Default: mmmmaaaacccchhhhiiiinnnneeee DDDDNNNNSSSS nnnnaaaammmmeeee
+
+ Example: nnnneeeettttbbbbiiiioooossss nnnnaaaammmmeeee ==== MMMMYYYYNNNNAAAAMMMMEEEE
+
+ nnnneeeettttbbbbiiiioooossss ssssccccooooppppeeee ((((GGGG))))
+ This sets the NetBIOS scope that Samba will operate
+ under. This should not be set unless every machine on
+ your LAN also sets this value.
+
+ nnnniiiissss hhhhoooommmmeeeeddddiiiirrrr ((((GGGG))))
+ Get the home share server from a NIS map. For UNIX
+ systems that use an automounter, the user's home
+ directory will often be mounted on a workstation on
+ demand from a remote server.
+
+ When the Samba logon server is not the actual home
+ directory server, but is mounting the home directories
+ via NFS then two network hops would be required to
+ access the users home directory if the logon server
+ told the client to use itself as the SMB server for
+ home directories (one over SMB and one over NFS). This
+ can be very slow.
+
+ This option allows Samba to return the home share as
+ being on a different server to the logon server and as
+ long as a Samba daemon is running on the home directory
+ server, it will be mounted on the Samba client directly
+ from the directory server. When Samba is returning the
+ home share to the client, it will consult the NIS map
+ specified in _h_o_m_e_d_i_r _m_a_p and return the server listed
+ there.
+
+ Note that for this option to work there must be a
+ working NIS system and the Samba server with this
+ option must also be a logon server.
+
+ Default: nnnniiiissss hhhhoooommmmeeeeddddiiiirrrr ==== nnnnoooo
+
+ nnnntttt aaaaccccllll ssssuuuuppppppppoooorrrrtttt ((((SSSS))))
+ This boolean parameter controls whether smbd(8) will
+ attempt to map UNIX permissions into Windows NT access
+ control lists. This parameter was formally a global
+ parameter in releases prior to 2.2.2.
+
+ Default: nnnntttt aaaaccccllll ssssuuuuppppppppoooorrrrtttt ==== yyyyeeeessss
+
+
+
+
+ Page 83 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ nnnntttt ppppiiiippppeeee ssssuuuuppppppppoooorrrrtttt ((((GGGG))))
+ This boolean parameter controls whether smbd(8) will
+ allow Windows NT clients to connect to the NT SMB
+ specific IPC$ pipes. This is a developer debugging
+ option and can be left alone.
+
+ Default: nnnntttt ppppiiiippppeeee ssssuuuuppppppppoooorrrrtttt ==== yyyyeeeessss
+
+ nnnntttt ssssmmmmbbbb ssssuuuuppppppppoooorrrrtttt ((((GGGG))))
+ This boolean parameter controls whether smbd(8) will
+ negotiate NT specific SMB support with Windows NT/2k/XP
+ clients. Although this is a developer debugging option
+ and should be left alone, benchmarking has discovered
+ that Windows NT clients give faster performance with
+ this option set to no. This is still being
+ investigated. If this option is set to no then Samba
+ offers exactly the same SMB calls that versions prior
+ to Samba 2.0 offered. This information may be of use
+ if any users are having problems with NT SMB support.
+
+ You should not need to ever disable this parameter.
+
+ Default: nnnntttt ssssmmmmbbbb ssssuuuuppppppppoooorrrrtttt ==== yyyyeeeessss
+
+ nnnntttt ssssttttaaaattttuuuussss ssssuuuuppppppppoooorrrrtttt ((((GGGG))))
+ This boolean parameter controls whether smbd(8) will
+ negotiate NT specific status support with Windows
+ NT/2k/XP clients. This is a developer debugging option
+ and should be left alone. If this option is set to no
+ then Samba offers exactly the same DOS error codes that
+ versions prior to Samba 2.2.3 reported.
+
+ You should not need to ever disable this parameter.
+
+ Default: nnnntttt ssssttttaaaattttuuuussss ssssuuuuppppppppoooorrrrtttt ==== yyyyeeeessss
+
+ nnnnuuuullllllll ppppaaaasssssssswwwwoooorrrrddddssss ((((GGGG))))
+ Allow or disallow client access to accounts that have
+ null passwords.
+
+ See also smbpasswd (5)
+
+ Default: nnnnuuuullllllll ppppaaaasssssssswwwwoooorrrrddddssss ==== nnnnoooo
+
+ oooobbbbeeeeyyyy ppppaaaammmm rrrreeeessssttttrrrriiiiccccttttiiiioooonnnnssss ((((GGGG))))
+ When Samba 2.2 is configured to enable PAM support
+ (i.e. --with-pam), this parameter will control whether
+ or not Samba should obey PAM's account and session
+ management directives. The default behavior is to use
+ PAM for clear text authentication only and to ignore
+ any account or session management. Note that Samba
+ always ignores PAM for authentication in the case of
+
+
+
+ Page 84 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ _e_n_c_r_y_p_t _p_a_s_s_w_o_r_d_s _= _y_e_s . The reason is that PAM
+ modules cannot support the challenge/response
+ authentication mechanism needed in the presence of SMB
+ password encryption.
+
+ Default: oooobbbbeeeeyyyy ppppaaaammmm rrrreeeessssttttrrrriiiiccccttttiiiioooonnnnssss ==== nnnnoooo
+
+ oooonnnnllllyyyy uuuusssseeeerrrr ((((SSSS))))
+ This is a boolean option that controls whether
+ connections with usernames not in the _u_s_e_r list will be
+ allowed. By default this option is disabled so that a
+ client can supply a username to be used by the server.
+ Enabling this parameter will force the server to only
+ user the login names from the _u_s_e_r list and is only
+ really useful in shave level security.
+
+ Note that this also means Samba won't try to deduce
+ usernames from the service name. This can be annoying
+ for the [homes] section. To get around this you could
+ use uuuusssseeeerrrr ==== %%%%SSSS which means your _u_s_e_r list will be just
+ the service name, which for home directories is the
+ name of the user.
+
+ See also the _u_s_e_r parameter.
+
+ Default: oooonnnnllllyyyy uuuusssseeeerrrr ==== nnnnoooo
+
+ oooonnnnllllyyyy gggguuuueeeesssstttt ((((SSSS))))
+ A synonym for _g_u_e_s_t _o_n_l_y.
+
+ oooopppplllloooocccckkkk bbbbrrrreeeeaaaakkkk wwwwaaaaiiiitttt ttttiiiimmmmeeee ((((GGGG))))
+ This is a tuning parameter added due to bugs in both
+ Windows 9x and WinNT. If Samba responds to a client too
+ quickly when that client issues an SMB that can cause
+ an oplock break request, then the network client can
+ fail and not respond to the break request. This tuning
+ parameter (which is set in milliseconds) is the amount
+ of time Samba will wait before sending an oplock break
+ request to such (broken) clients.
+
+ DDDDOOOO NNNNOOOOTTTT CCCCHHHHAAAANNNNGGGGEEEE TTTTHHHHIIIISSSS PPPPAAAARRRRAAAAMMMMEEEETTTTEEEERRRR UUUUNNNNLLLLEEEESSSSSSSS YYYYOOOOUUUU HHHHAAAAVVVVEEEE RRRREEEEAAAADDDD AAAANNNNDDDD
+ UUUUNNNNDDDDEEEERRRRSSSSTTTTOOOOOOOODDDD TTTTHHHHEEEE SSSSAAAAMMMMBBBBAAAA OOOOPPPPLLLLOOOOCCCCKKKK CCCCOOOODDDDEEEE.
+
+ Default: oooopppplllloooocccckkkk bbbbrrrreeeeaaaakkkk wwwwaaaaiiiitttt ttttiiiimmmmeeee ==== 0000
+
+ oooopppplllloooocccckkkk ccccoooonnnntttteeeennnnttttiiiioooonnnn lllliiiimmmmiiiitttt ((((SSSS))))
+ This is a vvvveeeerrrryyyy advanced smbd(8) tuning option to
+ improve the efficiency of the granting of oplocks under
+ multiple client contention for the same file.
+
+ In brief it specifies a number, which causes smbd not
+ to grant an oplock even when requested if the
+
+
+
+ Page 85 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ approximate number of clients contending for an oplock
+ on the same file goes over this limit. This causes ssssmmmmbbbbdddd
+ to behave in a similar way to Windows NT.
+
+ DDDDOOOO NNNNOOOOTTTT CCCCHHHHAAAANNNNGGGGEEEE TTTTHHHHIIIISSSS PPPPAAAARRRRAAAAMMMMEEEETTTTEEEERRRR UUUUNNNNLLLLEEEESSSSSSSS YYYYOOOOUUUU HHHHAAAAVVVVEEEE RRRREEEEAAAADDDD AAAANNNNDDDD
+ UUUUNNNNDDDDEEEERRRRSSSSTTTTOOOOOOOODDDD TTTTHHHHEEEE SSSSAAAAMMMMBBBBAAAA OOOOPPPPLLLLOOOOCCCCKKKK CCCCOOOODDDDEEEE.
+
+ Default: oooopppplllloooocccckkkk ccccoooonnnntttteeeennnnttttiiiioooonnnn lllliiiimmmmiiiitttt ==== 2222
+
+ oooopppplllloooocccckkkkssss ((((SSSS))))
+ This boolean option tells ssssmmmmbbbbdddd whether to issue oplocks
+ (opportunistic locks) to file open requests on this
+ share. The oplock code can dramatically (approx. 30% or
+ more) improve the speed of access to files on Samba
+ servers. It allows the clients to aggressively cache
+ files locally and you may want to disable this option
+ for unreliable network environments (it is turned on by
+ default in Windows NT Servers). For more information
+ see the file _S_p_e_e_d._t_x_t in the Samba _d_o_c_s/ directory.
+
+ Oplocks may be selectively turned off on certain files
+ with a share. See the _v_e_t_o _o_p_l_o_c_k _f_i_l_e_s parameter. On
+ some systems oplocks are recognized by the underlying
+ operating system. This allows data synchronization
+ between all access to oplocked files, whether it be via
+ Samba or NFS or a local UNIX process. See the _k_e_r_n_e_l
+ _o_p_l_o_c_k_s parameter for details.
+
+ See also the _k_e_r_n_e_l _o_p_l_o_c_k_s and _l_e_v_e_l_2 _o_p_l_o_c_k_s
+ parameters.
+
+ Default: oooopppplllloooocccckkkkssss ==== yyyyeeeessss
+
+ oooossss lllleeeevvvveeeellll ((((GGGG))))
+ This integer value controls what level Samba advertises
+ itself as for browse elections. The value of this
+ parameter determines whether nmbd(8) has a chance of
+ becoming a local master browser for the _W_O_R_K_G_R_O_U_P in
+ the local broadcast area.
+
+ NNNNooootttteeee ::::By default, Samba will win a local master
+ browsing election over all Microsoft operating systems
+ except a Windows NT 4.0/2000 Domain Controller. This
+ means that a misconfigured Samba host can effectively
+ isolate a subnet for browsing purposes. See
+ _B_R_O_W_S_I_N_G._t_x_t in the Samba _d_o_c_s/ directory for details.
+
+ Default: oooossss lllleeeevvvveeeellll ==== 22220000
+
+ Example: oooossss lllleeeevvvveeeellll ==== 66665555
+
+ oooossss2222 ddddrrrriiiivvvveeeerrrr mmmmaaaapppp ((((GGGG))))
+
+
+
+ Page 86 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ The parameter is used to define the absolute path to a
+ file containing a mapping of Windows NT printer driver
+ names to OS/2 printer driver names. The format is:
+
+ <nt driver name> = <os2 driver name>.<device name>
+
+ For example, a valid entry using the HP LaserJet 5
+ printer driver would appear as HHHHPPPP LLLLaaaasssseeeerrrrJJJJeeeetttt 5555LLLL ====
+ LLLLAAAASSSSEEEERRRRJJJJEEEETTTT....HHHHPPPP LLLLaaaasssseeeerrrrJJJJeeeetttt 5555LLLL.
+
+ The need for the file is due to the printer driver
+ namespace problem described in the Samba Printing HOWTO
+ For more details on OS/2 clients, please refer to the
+ OS2-Client-HOWTO
+ containing in the Samba documentation.
+
+ Default: oooossss2222 ddddrrrriiiivvvveeeerrrr mmmmaaaapppp ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ ppppaaaammmm ppppaaaasssssssswwwwoooorrrrdddd cccchhhhaaaannnnggggeeee ((((GGGG))))
+ With the addition of better PAM support in Samba 2.2,
+ this parameter, it is possible to use PAM's password
+ change control flag for Samba. If enabled, then PAM
+ will be used for password changes when requested by an
+ SMB client instead of the program listed in _p_a_s_s_w_d
+ _p_r_o_g_r_a_m. It should be possible to enable this without
+ changing your _p_a_s_s_w_d _c_h_a_t parameter for most setups.
+
+ Default: ppppaaaammmm ppppaaaasssssssswwwwoooorrrrdddd cccchhhhaaaannnnggggeeee ==== nnnnoooo
+
+ ppppaaaannnniiiicccc aaaaccccttttiiiioooonnnn ((((GGGG))))
+ This is a Samba developer option that allows a system
+ command to be called when either smbd(8) crashes. This
+ is usually used to draw attention to the fact that a
+ problem occurred.
+
+ Default: ppppaaaannnniiiicccc aaaaccccttttiiiioooonnnn ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ Example: ppppaaaannnniiiicccc aaaaccccttttiiiioooonnnn ==== """"////bbbbiiiinnnn////sssslllleeeeeeeepppp 99990000000000000000""""
+
+ ppppaaaasssssssswwwwdddd cccchhhhaaaatttt ((((GGGG))))
+ This string controls the """"cccchhhhaaaatttt"""" conversation that takes
+ places between smbd and the local password changing
+ program to change the user's password. The string
+ describes a sequence of response-receive pairs that
+ smbd(8) uses to determine what to send to the _p_a_s_s_w_d
+ _p_r_o_g_r_a_m and what to expect back. If the expected output
+ is not received then the password is not changed.
+
+ This chat sequence is often quite site specific,
+ depending on what local methods are used for password
+ control (such as NIS etc).
+
+
+
+
+ Page 87 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Note that this parameter only is only used if the _u_n_i_x
+ _p_a_s_s_w_o_r_d _s_y_n_c parameter is set to yes. This sequence is
+ then called AAAASSSS RRRROOOOOOOOTTTT when the SMB password in the
+ smbpasswd file is being changed, without access to the
+ old password cleartext. This means that root must be
+ able to reset the user's password without knowing the
+ text of the previous password. In the presence of
+ NIS/YP, this means that the passwd program must be
+ executed on the NIS master.
+
+ The string can contain the macro %_n which is
+ substituted for the new password. The chat sequence can
+ also contain the standard macros \n, \r, \t and \s to
+ give line-feed, carriage-return, tab and space. The
+ chat sequence string can also contain a '*' which
+ matches any sequence of characters. Double quotes can
+ be used to collect strings with spaces in them into a
+ single string.
+
+ If the send string in any part of the chat sequence is
+ a full stop ".", then no string is sent. Similarly, if
+ the expect string is a full stop then no string is
+ expected.
+
+ If the _p_a_m _p_a_s_s_w_o_r_d _c_h_a_n_g_e parameter is set to yes, the
+ chat pairs may be matched in any order, and success is
+ determined by the PAM result, not any particular
+ output. The \n macro is ignored for PAM conversions.
+
+ See also _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c, _p_a_s_s_w_d _p_r_o_g_r_a_m , _p_a_s_s_w_d
+ _c_h_a_t _d_e_b_u_g and _p_a_m _p_a_s_s_w_o_r_d _c_h_a_n_g_e.
+
+ Default: ppppaaaasssssssswwwwdddd cccchhhhaaaatttt ==== ****nnnneeeewwww****ppppaaaasssssssswwwwoooorrrrdddd**** %%%%nnnn\\\\nnnn
+ ****nnnneeeewwww****ppppaaaasssssssswwwwoooorrrrdddd**** %%%%nnnn\\\\nnnn ****cccchhhhaaaannnnggggeeeedddd****
+
+ Example: ppppaaaasssssssswwwwdddd cccchhhhaaaatttt ==== """"****EEEEnnnntttteeeerrrr OOOOLLLLDDDD ppppaaaasssssssswwwwoooorrrrdddd****"""" %%%%oooo\\\\nnnn
+ """"****EEEEnnnntttteeeerrrr NNNNEEEEWWWW ppppaaaasssssssswwwwoooorrrrdddd****"""" %%%%nnnn\\\\nnnn """"****RRRReeeeeeeennnntttteeeerrrr NNNNEEEEWWWW ppppaaaasssssssswwwwoooorrrrdddd****""""
+ %%%%nnnn\\\\nnnn """"****PPPPaaaasssssssswwwwoooorrrrdddd cccchhhhaaaannnnggggeeeedddd****""""
+
+ ppppaaaasssssssswwwwdddd cccchhhhaaaatttt ddddeeeebbbbuuuugggg ((((GGGG))))
+ This boolean specifies if the passwd chat script
+ parameter is run in ddddeeeebbbbuuuugggg mode. In this mode the
+ strings passed to and received from the passwd chat are
+ printed in the smbd(8) log with a _d_e_b_u_g _l_e_v_e_l of 100.
+ This is a dangerous option as it will allow plaintext
+ passwords to be seen in the ssssmmmmbbbbdddd log. It is available
+ to help Samba admins debug their _p_a_s_s_w_d _c_h_a_t scripts
+ when calling the _p_a_s_s_w_d _p_r_o_g_r_a_m and should be turned
+ off after this has been done. This option has no effect
+ if the _p_a_m _p_a_s_s_w_o_r_d _c_h_a_n_g_e paramter is set. This
+ parameter is off by default.
+
+
+
+
+ Page 88 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ See also _p_a_s_s_w_d _c_h_a_t , _p_a_m _p_a_s_s_w_o_r_d _c_h_a_n_g_e , _p_a_s_s_w_d
+ _p_r_o_g_r_a_m .
+
+ Default: ppppaaaasssssssswwwwdddd cccchhhhaaaatttt ddddeeeebbbbuuuugggg ==== nnnnoooo
+
+ ppppaaaasssssssswwwwdddd pppprrrrooooggggrrrraaaammmm ((((GGGG))))
+ The name of a program that can be used to set UNIX user
+ passwords. Any occurrences of %_u will be replaced with
+ the user name. The user name is checked for existence
+ before calling the password changing program.
+
+ Also note that many passwd programs insist in
+ rrrreeeeaaaassssoooonnnnaaaabbbblllleeee passwords, such as a minimum length, or the
+ inclusion of mixed case chars and digits. This can pose
+ a problem as some clients (such as Windows for
+ Workgroups) uppercase the password before sending it.
+
+ NNNNooootttteeee that if the _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c parameter is set to
+ yes then this program is called AAAASSSS RRRROOOOOOOOTTTT before the SMB
+ password in the smbpasswd(5)
+ file is changed. If this UNIX password change fails,
+ then ssssmmmmbbbbdddd will fail to change the SMB password also
+ (this is by design).
+
+ If the _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c parameter is set this
+ parameter MMMMUUUUSSSSTTTT UUUUSSSSEEEE AAAABBBBSSSSOOOOLLLLUUUUTTTTEEEE PPPPAAAATTTTHHHHSSSS for AAAALLLLLLLL programs
+ called, and must be examined for security implications.
+ Note that by default _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c is set to no.
+
+ See also _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c.
+
+ Default: ppppaaaasssssssswwwwdddd pppprrrrooooggggrrrraaaammmm ==== ////bbbbiiiinnnn////ppppaaaasssssssswwwwdddd
+
+ Example: ppppaaaasssssssswwwwdddd pppprrrrooooggggrrrraaaammmm ==== ////ssssbbbbiiiinnnn////nnnnppppaaaasssssssswwwwdddd %%%%uuuu
+
+ ppppaaaasssssssswwwwoooorrrrdddd lllleeeevvvveeeellll ((((GGGG))))
+ Some client/server combinations have difficulty with
+ mixed-case passwords. One offending client is Windows
+ for Workgroups, which for some reason forces passwords
+ to upper case when using the LANMAN1 protocol, but
+ leaves them alone when using COREPLUS! Another problem
+ child is the Windows 95/98 family of operating systems.
+ These clients upper case clear text passwords even when
+ NT LM 0.12 selected by the protocol negotiation
+ request/response.
+
+ This parameter defines the maximum number of characters
+ that may be upper case in passwords.
+
+ For example, say the password given was "FRED". If
+ _p_a_s_s_w_o_r_d _l_e_v_e_l is set to 1, the following combinations
+ would be tried if "FRED" failed:
+
+
+
+ Page 89 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ "Fred", "fred", "fRed", "frEd","freD"
+
+ If _p_a_s_s_w_o_r_d _l_e_v_e_l was set to 2, the following
+ combinations would also be tried:
+
+ "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..
+
+ And so on.
+
+ The higher value this parameter is set to the more
+ likely it is that a mixed case password will be matched
+ against a single case password. However, you should be
+ aware that use of this parameter reduces security and
+ increases the time taken to process a new connection.
+
+ A value of zero will cause only two attempts to be made
+ - the password as is and the password in all-lower
+ case.
+
+ Default: ppppaaaasssssssswwwwoooorrrrdddd lllleeeevvvveeeellll ==== 0000
+
+ Example: ppppaaaasssssssswwwwoooorrrrdddd lllleeeevvvveeeellll ==== 4444
+
+ ppppaaaasssssssswwwwoooorrrrdddd sssseeeerrrrvvvveeeerrrr ((((GGGG))))
+ By specifying the name of another SMB server (such as a
+ WinNT box) with this option, and using sssseeeeccccuuuurrrriiiittttyyyy ====
+ ddddoooommmmaaaaiiiinnnn or sssseeeeccccuuuurrrriiiittttyyyy ==== sssseeeerrrrvvvveeeerrrr you can get Samba to do all
+ its username/password validation via a remote server.
+
+ This option sets the name of the password server to
+ use. It must be a NetBIOS name, so if the machine's
+ NetBIOS name is different from its Internet name then
+ you may have to add its NetBIOS name to the lmhosts
+ file which is stored in the same directory as the
+ _s_m_b._c_o_n_f file.
+
+ The name of the password server is looked up using the
+ parameter _n_a_m_e _r_e_s_o_l_v_e _o_r_d_e_r and so may resolved by any
+ method and order described in that parameter.
+
+ The password server much be a machine capable of using
+ the "LM1.2X002" or the "NT LM 0.12" protocol, and it
+ must be in user level security mode.
+
+ NNNNOOOOTTTTEEEE:::: Using a password server means your UNIX box
+ (running Samba) is only as secure as your password
+ server. DDDDOOOO NNNNOOOOTTTT CCCCHHHHOOOOOOOOSSSSEEEE AAAA PPPPAAAASSSSSSSSWWWWOOOORRRRDDDD SSSSEEEERRRRVVVVEEEERRRR TTTTHHHHAAAATTTT YYYYOOOOUUUU DDDDOOOONNNN''''TTTT
+ CCCCOOOOMMMMPPPPLLLLEEEETTTTEEEELLLLYYYY TTTTRRRRUUUUSSSSTTTT.
+
+ Never point a Samba server at itself for password
+ serving. This will cause a loop and could lock up your
+ Samba server!
+
+
+
+ Page 90 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ The name of the password server takes the standard
+ substitutions, but probably the only useful one is %_m ,
+ which means the Samba server will use the incoming
+ client as the password server. If you use this then you
+ better trust your clients, and you had better restrict
+ them with hosts allow!
+
+ If the _s_e_c_u_r_i_t_y parameter is set to domain, then the
+ list of machines in this option must be a list of
+ Primary or Backup Domain controllers for the Domain or
+ the character '*', as the Samba server is effectively
+ in that domain, and will use cryptographically
+ authenticated RPC calls to authenticate the user
+ logging on. The advantage of using sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn
+ is that if you list several hosts in the _p_a_s_s_w_o_r_d
+ _s_e_r_v_e_r option then ssssmmmmbbbbdddd will try each in turn till it
+ finds one that responds. This is useful in case your
+ primary server goes down.
+
+ If the _p_a_s_s_w_o_r_d _s_e_r_v_e_r option is set to the character
+ '*', then Samba will attempt to auto-locate the Primary
+ or Backup Domain controllers to authenticate against by
+ doing a query for the name WORKGROUP<1C> and then
+ contacting each server returned in the list of IP
+ addresses from the name resolution source.
+
+ If the _s_e_c_u_r_i_t_y parameter is set to server, then there
+ are different restrictions that sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn
+ doesn't suffer from:
+
+ o+ You may list several password servers in the _p_a_s_s_w_o_r_d
+ _s_e_r_v_e_r parameter, however if an ssssmmmmbbbbdddd makes a
+ connection to a password server, and then the
+ password server fails, no more users will be able to
+ be authenticated from this ssssmmmmbbbbdddd. This is a
+ restriction of the SMB/CIFS protocol when in sssseeeeccccuuuurrrriiiittttyyyy
+ ==== sssseeeerrrrvvvveeeerrrr mode and cannot be fixed in Samba.
+
+ o+ If you are using a Windows NT server as your password
+ server then you will have to ensure that your users
+ are able to login from the Samba server, as when in
+ sssseeeeccccuuuurrrriiiittttyyyy ==== sssseeeerrrrvvvveeeerrrr mode the network logon will appear
+ to come from there rather than from the users
+ workstation.
+
+ See also the _s_e_c_u_r_i_t_y parameter.
+
+ Default: ppppaaaasssssssswwwwoooorrrrdddd sssseeeerrrrvvvveeeerrrr ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ Example: ppppaaaasssssssswwwwoooorrrrdddd sssseeeerrrrvvvveeeerrrr ==== NNNNTTTT----PPPPDDDDCCCC,,,, NNNNTTTT----BBBBDDDDCCCC1111,,,, NNNNTTTT----BBBBDDDDCCCC2222
+
+ Example: ppppaaaasssssssswwwwoooorrrrdddd sssseeeerrrrvvvveeeerrrr ==== ****
+
+
+
+ Page 91 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ ppppaaaatttthhhh ((((SSSS))))
+ This parameter specifies a directory to which the user
+ of the service is to be given access. In the case of
+ printable services, this is where print data will spool
+ prior to being submitted to the host for printing.
+
+ For a printable service offering guest access, the
+ service should be readonly and the path should be
+ world-writeable and have the sticky bit set. This is
+ not mandatory of course, but you probably won't get the
+ results you expect if you do otherwise.
+
+ Any occurrences of %_u in the path will be replaced with
+ the UNIX username that the client is using on this
+ connection. Any occurrences of %_m will be replaced by
+ the NetBIOS name of the machine they are connecting
+ from. These replacements are very useful for setting up
+ pseudo home directories for users.
+
+ Note that this path will be based on _r_o_o_t _d_i_r if one
+ was specified.
+
+ Default: nnnnoooonnnneeee
+
+ Example: ppppaaaatttthhhh ==== ////hhhhoooommmmeeee////ffffrrrreeeedddd
+
+ ppppiiiidddd ddddiiiirrrreeeeccccttttoooorrrryyyy ((((GGGG))))
+ This option specifies the directory where pid files
+ will be placed.
+
+ Default: ppppiiiidddd ddddiiiirrrreeeeccccttttoooorrrryyyy ==== $$$${{{{pppprrrreeeeffffiiiixxxx}}}}////vvvvaaaarrrr////lllloooocccckkkkssss
+
+ Example: ppppiiiidddd ddddiiiirrrreeeeccccttttoooorrrryyyy ==== ////vvvvaaaarrrr////rrrruuuunnnn////
+
+ ppppoooossssiiiixxxx lllloooocccckkkkiiiinnnngggg ((((SSSS))))
+ The ssssmmmmbbbbdddd((((8888)))) daemon maintains an database of file locks
+ obtained by SMB clients. The default behavior is to
+ map this internal database to POSIX locks. This means
+ that file locks obtained by SMB clients are consistent
+ with those seen by POSIX compliant applications
+ accessing the files via a non-SMB method (e.g. NFS or
+ local file access). You should never need to disable
+ this parameter.
+
+ Default: ppppoooossssiiiixxxx lllloooocccckkkkiiiinnnngggg ==== yyyyeeeessss
+
+ ppppoooosssstttteeeexxxxeeeecccc ((((SSSS))))
+ This option specifies a command to be run whenever the
+ service is disconnected. It takes the usual
+ substitutions. The command may be run as the root on
+ some systems.
+
+
+
+
+ Page 92 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ An interesting example may be to unmount server
+ resources:
+
+ ppppoooosssstttteeeexxxxeeeecccc ==== ////eeeettttcccc////uuuummmmoooouuuunnnntttt ////ccccddddrrrroooommmm
+
+ See also _p_r_e_e_x_e_c .
+
+ Default: nnnnoooonnnneeee ((((nnnnoooo ccccoooommmmmmmmaaaannnndddd eeeexxxxeeeeccccuuuutttteeeedddd))))
+
+ Example: ppppoooosssstttteeeexxxxeeeecccc ==== eeeecccchhhhoooo \\\\""""%%%%uuuu ddddiiiissssccccoooonnnnnnnneeeecccctttteeeedddd ffffrrrroooommmm %%%%SSSS ffffrrrroooommmm
+ %%%%mmmm ((((%%%%IIII))))\\\\"""" >>>>>>>> ////ttttmmmmpppp////lllloooogggg
+
+ ppppoooossssttttssssccccrrrriiiipppptttt ((((SSSS))))
+ This parameter forces a printer to interpret the print
+ files as PostScript. This is done by adding a %! to
+ the start of print output.
+
+ This is most useful when you have lots of PCs that
+ persist in putting a control-D at the start of print
+ jobs, which then confuses your printer.
+
+ Default: ppppoooossssttttssssccccrrrriiiipppptttt ==== nnnnoooo
+
+ pppprrrreeeeeeeexxxxeeeecccc ((((SSSS))))
+ This option specifies a command to be run whenever the
+ service is connected to. It takes the usual
+ substitutions.
+
+ An interesting example is to send the users a welcome
+ message every time they log in. Maybe a message of the
+ day? Here is an example:
+
+ pppprrrreeeeeeeexxxxeeeecccc ==== ccccsssshhhh ----cccc ''''eeeecccchhhhoooo \\\\""""WWWWeeeellllccccoooommmmeeee ttttoooo %%%%SSSS!!!!\\\\"""" ||||
+ ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////bbbbiiiinnnn////ssssmmmmbbbbcccclllliiiieeeennnntttt ----MMMM %%%%mmmm ----IIII %%%%IIII'''' &&&&
+
+ Of course, this could get annoying after a while :-)
+
+ See also _p_r_e_e_x_e_c _c_l_o_s_e and _p_o_s_t_e_x_e_c .
+
+ Default: nnnnoooonnnneeee ((((nnnnoooo ccccoooommmmmmmmaaaannnndddd eeeexxxxeeeeccccuuuutttteeeedddd))))
+
+ Example: pppprrrreeeeeeeexxxxeeeecccc ==== eeeecccchhhhoooo \\\\""""%%%%uuuu ccccoooonnnnnnnneeeecccctttteeeedddd ttttoooo %%%%SSSS ffffrrrroooommmm %%%%mmmm
+ ((((%%%%IIII))))\\\\"""" >>>>>>>> ////ttttmmmmpppp////lllloooogggg
+
+ pppprrrreeeeeeeexxxxeeeecccc cccclllloooosssseeee ((((SSSS))))
+ This boolean option controls whether a non-zero return
+ code from _p_r_e_e_x_e_c should close the service being
+ connected to.
+
+ Default: pppprrrreeeeeeeexxxxeeeecccc cccclllloooosssseeee ==== nnnnoooo
+
+ pppprrrreeeeffffeeeerrrrrrrreeeedddd mmmmaaaasssstttteeeerrrr ((((GGGG))))
+
+
+
+ Page 93 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ This boolean parameter controls if nmbd(8) is a
+ preferred master browser for its workgroup.
+
+ If this is set to yes, on startup, nnnnmmmmbbbbdddd will force an
+ election, and it will have a slight advantage in
+ winning the election. It is recommended that this
+ parameter is used in conjunction with _d_o_m_a_i_n _m_a_s_t_e_r ====
+ yyyyeeeessss, so that nnnnmmmmbbbbdddd can guarantee becoming a domain
+ master.
+
+ Use this option with caution, because if there are
+ several hosts (whether Samba servers, Windows 95 or NT)
+ that are preferred master browsers on the same subnet,
+ they will each periodically and continuously attempt to
+ become the local master browser. This will result in
+ unnecessary broadcast traffic and reduced browsing
+ capabilities.
+
+ See also _o_s _l_e_v_e_l .
+
+ Default: pppprrrreeeeffffeeeerrrrrrrreeeedddd mmmmaaaasssstttteeeerrrr ==== aaaauuuuttttoooo
+
+ pppprrrreeeeffffeeeerrrreeeedddd mmmmaaaasssstttteeeerrrr ((((GGGG))))
+ Synonym for _p_r_e_f_e_r_r_e_d _m_a_s_t_e_r for people who cannot
+ spell :-).
+
+ pppprrrreeeellllooooaaaadddd
+ This is a list of services that you want to be
+ automatically added to the browse lists. This is most
+ useful for homes and printers services that would
+ otherwise not be visible.
+
+ Note that if you just want all printers in your
+ printcap file loaded then the _l_o_a_d _p_r_i_n_t_e_r_s option is
+ easier.
+
+ Default: nnnnoooo pppprrrreeeellllooooaaaaddddeeeedddd sssseeeerrrrvvvviiiicccceeeessss
+
+ Example: pppprrrreeeellllooooaaaadddd ==== ffffrrrreeeedddd llllpppp ccccoooolllloooorrrrllllpppp
+
+ pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ((((SSSS))))
+ This controls if new filenames are created with the
+ case that the client passes, or if they are forced to
+ be the _d_e_f_a_u_l_t _c_a_s_e .
+
+ Default: pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ==== yyyyeeeessss
+
+ See the section on NAME MANGLING for a fuller
+ discussion.
+
+ pppprrrriiiinnnntttt ccccoooommmmmmmmaaaannnndddd ((((SSSS))))
+ After a print job has finished spooling to a service,
+
+
+
+ Page 94 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ this command will be used via a ssssyyyysssstttteeeemmmm(((()))) call to
+ process the spool file. Typically the command specified
+ will submit the spool file to the host's printing
+ subsystem, but there is no requirement that this be the
+ case. The server will not remove the spool file, so
+ whatever command you specify should remove the spool
+ file when it has been processed, otherwise you will
+ need to manually remove old spool files.
+
+ The print command is simply a text string. It will be
+ used verbatim after macro substitutions have been made:
+
+ s, %p - the path to the spool file name
+
+ %p - the appropriate printer name
+
+ %J - the job name as transmitted by the client.
+
+ %c - The number of printed pages of the spooled job (if
+ known).
+
+ %z - the size of the spooled print job (in bytes)
+
+ The print command MMMMUUUUSSSSTTTT contain at least one occurrence
+ of %_s or %_f - the %_p is optional. At the time a job is
+ submitted, if no printer name is supplied the %_p will
+ be silently removed from the printer command.
+
+ If specified in the [global] section, the print command
+ given will be used for any printable service that does
+ not have its own print command specified.
+
+ If there is neither a specified print command for a
+ printable service nor a global print command, spool
+ files will be created but not processed and (most
+ importantly) not removed.
+
+ Note that printing may fail on some UNIXes from the
+ nobody account. If this happens then create an
+ alternative guest account that can print and set the
+ _g_u_e_s_t _a_c_c_o_u_n_t in the [global] section.
+
+ You can form quite complex print commands by realizing
+ that they are just passed to a shell. For example the
+ following will log a print job, print the file, then
+ remove it. Note that ';' is the usual separator for
+ command in shell scripts.
+
+ pppprrrriiiinnnntttt ccccoooommmmmmmmaaaannnndddd ==== eeeecccchhhhoooo PPPPrrrriiiinnnnttttiiiinnnngggg %%%%ssss >>>>>>>> ////ttttmmmmpppp////pppprrrriiiinnnntttt....lllloooogggg;;;; llllpppprrrr
+ ----PPPP %%%%pppp %%%%ssss;;;; rrrrmmmm %%%%ssss
+
+ You may have to vary this command considerably
+
+
+
+ Page 95 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ depending on how you normally print files on your
+ system. The default for the parameter varies depending
+ on the setting of the _p_r_i_n_t_i_n_g parameter.
+
+ Default: For pppprrrriiiinnnnttttiiiinnnngggg ==== BBBBSSSSDDDD,,,, AAAAIIIIXXXX,,,, QQQQNNNNXXXX,,,, LLLLPPPPRRRRNNNNGGGG oooorrrr PPPPLLLLPPPP ::::
+
+ pppprrrriiiinnnntttt ccccoooommmmmmmmaaaannnndddd ==== llllpppprrrr ----rrrr ----PPPP%%%%pppp %%%%ssss
+
+ For pppprrrriiiinnnnttttiiiinnnngggg ==== SSSSYYYYSSSSVVVV oooorrrr HHHHPPPPUUUUXXXX ::::
+
+ pppprrrriiiinnnntttt ccccoooommmmmmmmaaaannnndddd ==== llllpppp ----cccc ----dddd%%%%pppp %%%%ssss;;;; rrrrmmmm %%%%ssss
+
+ For pppprrrriiiinnnnttttiiiinnnngggg ==== SSSSOOOOFFFFTTTTQQQQ ::::
+
+ pppprrrriiiinnnntttt ccccoooommmmmmmmaaaannnndddd ==== llllpppp ----dddd%%%%pppp ----ssss %%%%ssss;;;; rrrrmmmm %%%%ssss
+
+ For printing = CUPS : If SAMBA is compiled against
+ libcups, then printcap = cups uses the CUPS API to
+ submit jobs, etc. Otherwise it maps to the System V
+ commands with the -oraw option for printing, i.e. it
+ uses llllpppp ----cccc ----dddd%%%%pppp ----oooorrrraaaawwww;;;; rrrrmmmm %%%%ssss. With pppprrrriiiinnnnttttiiiinnnngggg ==== ccccuuuuppppssss, and
+ if SAMBA is compiled against libcups, any manually set
+ print command will be ignored.
+
+ Example: pppprrrriiiinnnntttt ccccoooommmmmmmmaaaannnndddd ====
+ ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////bbbbiiiinnnn////mmmmyyyypppprrrriiiinnnnttttssssccccrrrriiiipppptttt %%%%pppp %%%%ssss
+
+ pppprrrriiiinnnntttt ooookkkk ((((SSSS))))
+ Synonym for _p_r_i_n_t_a_b_l_e.
+
+ pppprrrriiiinnnnttttaaaabbbblllleeee ((((SSSS))))
+ If this parameter is yes, then clients may open, write
+ to and submit spool files on the directory specified
+ for the service.
+
+ Note that a printable service will ALWAYS allow writing
+ to the service path (user privileges permitting) via
+ the spooling of print data. The _r_e_a_d _o_n_l_y parameter
+ controls only non-printing access to the resource.
+
+ Default: pppprrrriiiinnnnttttaaaabbbblllleeee ==== nnnnoooo
+
+ pppprrrriiiinnnnttttccccaaaapppp ((((GGGG))))
+ Synonym for _p_r_i_n_t_c_a_p _n_a_m_e.
+
+ pppprrrriiiinnnnttttccccaaaapppp nnnnaaaammmmeeee ((((GGGG))))
+ This parameter may be used to override the compiled-in
+ default printcap name used by the server (usually
+ /_e_t_c/_p_r_i_n_t_c_a_p). See the discussion of the [printers]
+ section above for reasons why you might want to do
+ this.
+
+
+
+
+ Page 96 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ To use the CUPS printing interface set pppprrrriiiinnnnttttccccaaaapppp nnnnaaaammmmeeee ====
+ ccccuuuuppppssss . This should be supplemented by an addtional
+ setting printing = cups in the [global] section.
+ pppprrrriiiinnnnttttccccaaaapppp nnnnaaaammmmeeee ==== ccccuuuuppppssss will use the "dummy" printcap
+ created by CUPS, as specified in your CUPS
+ configuration file.
+
+ On System V systems that use llllppppssssttttaaaatttt to list available
+ printers you can use pppprrrriiiinnnnttttccccaaaapppp nnnnaaaammmmeeee ==== llllppppssssttttaaaatttt to
+ automatically obtain lists of available printers. This
+ is the default for systems that define SYSV at
+ configure time in Samba (this includes most System V
+ based systems). If _p_r_i_n_t_c_a_p _n_a_m_e is set to llllppppssssttttaaaatttt on
+ these systems then Samba will launch llllppppssssttttaaaatttt ----vvvv and
+ attempt to parse the output to obtain a printer list.
+
+ A minimal printcap file would look something like this:
+
+
+ print1|My Printer 1
+ print2|My Printer 2
+ print3|My Printer 3
+ print4|My Printer 4
+ print5|My Printer 5
+
+
+
+ where the '|' separates aliases of a printer. The fact
+ that the second alias has a space in it gives a hint to
+ Samba that it's a comment.
+
+ NNNNOOOOTTTTEEEE: Under AIX the default printcap name is
+ /_e_t_c/_q_c_o_n_f_i_g. Samba will assume the file is in AIX
+ _q_c_o_n_f_i_g format if the string _q_c_o_n_f_i_g appears in the
+ printcap filename.
+
+ Default: pppprrrriiiinnnnttttccccaaaapppp nnnnaaaammmmeeee ==== ////eeeettttcccc////pppprrrriiiinnnnttttccccaaaapppp
+
+ Example: pppprrrriiiinnnnttttccccaaaapppp nnnnaaaammmmeeee ==== ////eeeettttcccc////mmmmyyyypppprrrriiiinnnnttttccccaaaapppp
+
+ pppprrrriiiinnnntttteeeerrrr aaaaddddmmmmiiiinnnn ((((SSSS))))
+ This is a list of users that can do anything to
+ printers via the remote administration interfaces
+ offered by MS-RPC (usually using a NT workstation).
+ Note that the root user always has admin rights.
+
+ Default: pppprrrriiiinnnntttteeeerrrr aaaaddddmmmmiiiinnnn ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ Example: pppprrrriiiinnnntttteeeerrrr aaaaddddmmmmiiiinnnn ==== aaaaddddmmmmiiiinnnn,,,, @@@@ssssttttaaaaffffffff
+
+ pppprrrriiiinnnntttteeeerrrr ddddrrrriiiivvvveeeerrrr ((((SSSS))))
+ NNNNooootttteeee ::::This is a deprecated parameter and will be
+
+
+
+ Page 97 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ removed in the next major release following version
+ 2.2. Please see the instructions in the Samba 2.2.
+ Printing HOWTO for more information on the new method
+ of loading printer drivers onto a Samba server.
+
+ This option allows you to control the string that
+ clients receive when they ask the server for the
+ printer driver associated with a printer. If you are
+ using Windows95 or Windows NT then you can use this to
+ automate the setup of printers on your system.
+
+ You need to set this parameter to the exact string
+ (case sensitive) that describes the appropriate printer
+ driver for your system. If you don't know the exact
+ string to use then you should first try with no
+ _p_r_i_n_t_e_r _d_r_i_v_e_r option set and the client will give you
+ a list of printer drivers. The appropriate strings are
+ shown in a scroll box after you have chosen the printer
+ manufacturer.
+
+ See also _p_r_i_n_t_e_r _d_r_i_v_e_r _f_i_l_e.
+
+ Example: pppprrrriiiinnnntttteeeerrrr ddddrrrriiiivvvveeeerrrr ==== HHHHPPPP LLLLaaaasssseeeerrrrJJJJeeeetttt 4444LLLL
+
+ pppprrrriiiinnnntttteeeerrrr ddddrrrriiiivvvveeeerrrr ffffiiiilllleeee ((((GGGG))))
+ NNNNooootttteeee ::::This is a deprecated parameter and will be
+ removed in the next major release following version
+ 2.2. Please see the instructions in the Samba 2.2.
+ Printing HOWTO for more information on the new method
+ of loading printer drivers onto a Samba server.
+
+ This parameter tells Samba where the printer driver
+ definition file, used when serving drivers to Windows
+ 95 clients, is to be found. If this is not set, the
+ default is :
+
+ _S_A_M_B_A__I_N_S_T_A_L_L__D_I_R_E_C_T_O_R_Y /_l_i_b/_p_r_i_n_t_e_r_s._d_e_f
+
+ This file is created from Windows 95 _m_s_p_r_i_n_t._i_n_f files
+ found on the Windows 95 client system. For more details
+ on setting up serving of printer drivers to Windows 95
+ clients, see the outdated documentation file in the
+ _d_o_c_s/ directory, _P_R_I_N_T_E_R__D_R_I_V_E_R._t_x_t.
+
+ See also _p_r_i_n_t_e_r _d_r_i_v_e_r _l_o_c_a_t_i_o_n.
+
+ Default: NNNNoooonnnneeee ((((sssseeeetttt iiiinnnn ccccoooommmmppppiiiilllleeee))))....
+
+ Example: pppprrrriiiinnnntttteeeerrrr ddddrrrriiiivvvveeeerrrr ffffiiiilllleeee ====
+ ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////pppprrrriiiinnnntttteeeerrrrssss////ddddrrrriiiivvvveeeerrrrssss....ddddeeeeffff
+
+ pppprrrriiiinnnntttteeeerrrr ddddrrrriiiivvvveeeerrrr llllooooccccaaaattttiiiioooonnnn ((((SSSS))))
+
+
+
+ Page 98 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ NNNNooootttteeee ::::This is a deprecated parameter and will be
+ removed in the next major release following version
+ 2.2. Please see the instructions in the Samba 2.2.
+ Printing HOWTO for more information on the new method
+ of loading printer drivers onto a Samba server.
+
+ This parameter tells clients of a particular printer
+ share where to find the printer driver files for the
+ automatic installation of drivers for Windows 95
+ machines. If Samba is set up to serve printer drivers
+ to Windows 95 machines, this should be set to
+
+ \\\\\\\\MMMMAAAACCCCHHHHIIIINNNNEEEE\\\\PPPPRRRRIIIINNNNTTTTEEEERRRR$$$$
+
+ Where MACHINE is the NetBIOS name of your Samba server,
+ and PRINTER$ is a share you set up for serving printer
+ driver files. For more details on setting this up see
+ the outdated documentation file in the _d_o_c_s/ directory,
+ _P_R_I_N_T_E_R__D_R_I_V_E_R._t_x_t.
+
+ See also _p_r_i_n_t_e_r _d_r_i_v_e_r _f_i_l_e.
+
+ Default: nnnnoooonnnneeee
+
+ Example: pppprrrriiiinnnntttteeeerrrr ddddrrrriiiivvvveeeerrrr llllooooccccaaaattttiiiioooonnnn ==== \\\\\\\\MMMMAAAACCCCHHHHIIIINNNNEEEE\\\\PPPPRRRRIIIINNNNTTTTEEEERRRR$$$$
+
+ pppprrrriiiinnnntttteeeerrrr nnnnaaaammmmeeee ((((SSSS))))
+ This parameter specifies the name of the printer to
+ which print jobs spooled through a printable service
+ will be sent.
+
+ If specified in the [global] section, the printer name
+ given will be used for any printable service that does
+ not have its own printer name specified.
+
+ Default: nnnnoooonnnneeee ((((bbbbuuuutttt mmmmaaaayyyy bbbbeeee llllpppp oooonnnn mmmmaaaannnnyyyy ssssyyyysssstttteeeemmmmssss))))
+
+ Example: pppprrrriiiinnnntttteeeerrrr nnnnaaaammmmeeee ==== llllaaaasssseeeerrrrwwwwrrrriiiitttteeeerrrr
+
+ pppprrrriiiinnnntttteeeerrrr ((((SSSS))))
+ Synonym for _p_r_i_n_t_e_r _n_a_m_e.
+
+ pppprrrriiiinnnnttttiiiinnnngggg ((((SSSS))))
+ This parameters controls how printer status information
+ is interpreted on your system. It also affects the
+ default values for the _p_r_i_n_t _c_o_m_m_a_n_d, _l_p_q _c_o_m_m_a_n_d,
+ _l_p_p_a_u_s_e _c_o_m_m_a_n_d , _l_p_r_e_s_u_m_e _c_o_m_m_a_n_d, and _l_p_r_m _c_o_m_m_a_n_d if
+ specified in the [global] section.
+
+ Currently nine printing styles are supported. They are
+ BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, SOFTQ, and CUPS.
+
+
+
+
+ Page 99 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ To see what the defaults are for the other print
+ commands when using the various options use the
+ testparm(1) program.
+
+ This option can be set on a per printer basis
+
+ See also the discussion in the [printers] section.
+
+ pppprrrrooooffffiiiilllleeee aaaaccccllllssss ((((SSSS))))
+ This boolean parameter was added to fix the problems
+ that people have been having with storing user profiles
+ on Samba shares from Windows 2000 or Windows XP
+ clients. New versions of Windows 2000 or Windows XP
+ service packs do security ACL checking on the owner and
+ ability to write of the profile directory stored on a
+ local workstation when copied from a Samba share. When
+ not in domain mode with winbindd then the security info
+ copied onto the local workstation has no meaning to the
+ logged in user (SID) on that workstation so the profile
+ storing fails. Adding this parameter onto a share used
+ for profile storage changes two things about the
+ returned Windows ACL. Firstly it changes the owner and
+ group owner of all reported files and directories to be
+ BUILTIN\Administrators, BUILTIN\Users respectively
+ (SIDs S-1-5-32-544, S-1-5-32-545). Secondly it adds an
+ ACE entry of "Full Control" to the SID BUILTIN\Users to
+ every returned ACL. This will allow any Windows 2000 or
+ XP workstation user to access the profile. Note that if
+ you have multiple users logging on to a workstation
+ then in order to prevent them from being able to access
+ each others profiles you must remove the "Bypass
+ traverse checking" advanced user right. This will
+ prevent access to other users profile directories as
+ the top level profile directory (named after the user)
+ is created by the workstation profile code and has an
+ ACL restricting entry to the directory tree to the
+ owning user.
+
+ If you didn't understand the above text, you probably
+ should not set this parameter :-).
+
+ Default pppprrrrooooffffiiiilllleeee aaaaccccllllssss ==== nnnnoooo
+
+ pppprrrroooottttooooccccoooollll ((((GGGG))))
+ Synonym for _m_a_x _p_r_o_t_o_c_o_l.
+
+ ppppuuuubbbblllliiiicccc ((((SSSS))))
+ Synonym for _g_u_e_s_t _o_k.
+
+ qqqquuuueeeeuuuueeeeppppaaaauuuusssseeee ccccoooommmmmmmmaaaannnndddd ((((SSSS))))
+ This parameter specifies the command to be executed on
+ the server host in order to pause the printer queue.
+
+
+
+ Page 100 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ This command should be a program or script which takes
+ a printer name as its only parameter and stops the
+ printer queue, such that no longer jobs are submitted
+ to the printer.
+
+ This command is not supported by Windows for
+ Workgroups, but can be issued from the Printers window
+ under Windows 95 and NT.
+
+ If a %_p is given then the printer name is put in its
+ place. Otherwise it is placed at the end of the
+ command.
+
+ Note that it is good practice to include the absolute
+ path in the command as the PATH may not be available to
+ the server.
+
+ Default: ddddeeeeppppeeeennnnddddssss oooonnnn tttthhhheeee sssseeeettttttttiiiinnnngggg ooooffff _p_r_i_n_t_i_n_g
+
+ Example: qqqquuuueeeeuuuueeeeppppaaaauuuusssseeee ccccoooommmmmmmmaaaannnndddd ==== ddddiiiissssaaaabbbblllleeee %%%%pppp
+
+ qqqquuuueeeeuuuueeeerrrreeeessssuuuummmmeeee ccccoooommmmmmmmaaaannnndddd ((((SSSS))))
+ This parameter specifies the command to be executed on
+ the server host in order to resume the printer queue.
+ It is the command to undo the behavior that is caused
+ by the previous parameter ( _q_u_e_u_e_p_a_u_s_e _c_o_m_m_a_n_d).
+
+ This command should be a program or script which takes
+ a printer name as its only parameter and resumes the
+ printer queue, such that queued jobs are resubmitted to
+ the printer.
+
+ This command is not supported by Windows for
+ Workgroups, but can be issued from the Printers window
+ under Windows 95 and NT.
+
+ If a %_p is given then the printer name is put in its
+ place. Otherwise it is placed at the end of the
+ command.
+
+ Note that it is good practice to include the absolute
+ path in the command as the PATH may not be available to
+ the server.
+
+ Default: ddddeeeeppppeeeennnnddddssss oooonnnn tttthhhheeee sssseeeettttttttiiiinnnngggg ooooffff _p_r_i_n_t_i_n_g
+
+ Example: qqqquuuueeeeuuuueeeeppppaaaauuuusssseeee ccccoooommmmmmmmaaaannnndddd ==== eeeennnnaaaabbbblllleeee %%%%pppp
+
+ rrrreeeeaaaadddd bbbbmmmmppppxxxx ((((GGGG))))
+ This boolean parameter controls whether smbd(8) will
+ support the "Read Block Multiplex" SMB. This is now
+ rarely used and defaults to no. You should never need
+
+
+
+ Page 101 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ to set this parameter.
+
+ Default: rrrreeeeaaaadddd bbbbmmmmppppxxxx ==== nnnnoooo
+
+ rrrreeeeaaaadddd lllliiiisssstttt ((((SSSS))))
+ This is a list of users that are given read-only access
+ to a service. If the connecting user is in this list
+ then they will not be given write access, no matter
+ what the _r_e_a_d _o_n_l_y option is set to. The list can
+ include group names using the syntax described in the
+ _i_n_v_a_l_i_d _u_s_e_r_s parameter.
+
+ See also the _w_r_i_t_e _l_i_s_t parameter and the _i_n_v_a_l_i_d
+ _u_s_e_r_s parameter.
+
+ Default: rrrreeeeaaaadddd lllliiiisssstttt ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ Example: rrrreeeeaaaadddd lllliiiisssstttt ==== mmmmaaaarrrryyyy,,,, @@@@ssssttttuuuuddddeeeennnnttttssss
+
+ rrrreeeeaaaadddd oooonnnnllllyyyy ((((SSSS))))
+ An inverted synonym is _w_r_i_t_e_a_b_l_e.
+
+ If this parameter is yes, then users of a service may
+ not create or modify files in the service's directory.
+
+ Note that a printable service (pppprrrriiiinnnnttttaaaabbbblllleeee ==== yyyyeeeessss) will
+ AAAALLLLWWWWAAAAYYYYSSSS allow writing to the directory (user privileges
+ permitting), but only via spooling operations.
+
+ Default: rrrreeeeaaaadddd oooonnnnllllyyyy ==== yyyyeeeessss
+
+ rrrreeeeaaaadddd rrrraaaawwww ((((GGGG))))
+ This parameter controls whether or not the server will
+ support the raw read SMB requests when transferring
+ data to clients.
+
+ If enabled, raw reads allow reads of 65535 bytes in one
+ packet. This typically provides a major performance
+ benefit.
+
+ However, some clients either negotiate the allowable
+ block size incorrectly or are incapable of supporting
+ larger block sizes, and for these clients you may need
+ to disable raw reads.
+
+ In general this parameter should be viewed as a system
+ tuning tool and left severely alone. See also _w_r_i_t_e
+ _r_a_w.
+
+ Default: rrrreeeeaaaadddd rrrraaaawwww ==== yyyyeeeessss
+
+ rrrreeeeaaaadddd ssssiiiizzzzeeee ((((GGGG))))
+
+
+
+ Page 102 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ The option _r_e_a_d _s_i_z_e affects the overlap of disk
+ reads/writes with network reads/writes. If the amount
+ of data being transferred in several of the SMB
+ commands (currently SMBwrite, SMBwriteX and
+ SMBreadbraw) is larger than this value then the server
+ begins writing the data before it has received the
+ whole packet from the network, or in the case of
+ SMBreadbraw, it begins writing to the network before
+ all the data has been read from disk.
+
+ This overlapping works best when the speeds of disk and
+ network access are similar, having very little effect
+ when the speed of one is much greater than the other.
+
+ The default value is 16384, but very little
+ experimentation has been done yet to determine the
+ optimal value, and it is likely that the best value
+ will vary greatly between systems anyway. A value over
+ 65536 is pointless and will cause you to allocate
+ memory unnecessarily.
+
+ Default: rrrreeeeaaaadddd ssssiiiizzzzeeee ==== 11116666333388884444
+
+ Example: rrrreeeeaaaadddd ssssiiiizzzzeeee ==== 8888111199992222
+
+ rrrreeeemmmmooootttteeee aaaannnnnnnnoooouuuunnnncccceeee ((((GGGG))))
+ This option allows you to setup nmbd(8) to periodically
+ announce itself to arbitrary IP addresses with an
+ arbitrary workgroup name.
+
+ This is useful if you want your Samba server to appear
+ in a remote workgroup for which the normal browse
+ propagation rules don't work. The remote workgroup can
+ be anywhere that you can send IP packets to.
+
+ For example:
+
+ rrrreeeemmmmooootttteeee aaaannnnnnnnoooouuuunnnncccceeee ==== 111199992222....111166668888....2222....222255555555////SSSSEEEERRRRVVVVEEEERRRRSSSS
+ 111199992222....111166668888....4444....222255555555////SSSSTTTTAAAAFFFFFFFF
+
+ the above line would cause nnnnmmmmbbbbdddd to announce itself to
+ the two given IP addresses using the given workgroup
+ names. If you leave out the workgroup name then the one
+ given in the _w_o_r_k_g_r_o_u_p parameter is used instead.
+
+ The IP addresses you choose would normally be the
+ broadcast addresses of the remote networks, but can
+ also be the IP addresses of known browse masters if
+ your network config is that stable.
+
+ See the documentation file _B_R_O_W_S_I_N_G._t_x_t in the _d_o_c_s/
+ directory.
+
+
+
+ Page 103 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Default: rrrreeeemmmmooootttteeee aaaannnnnnnnoooouuuunnnncccceeee ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ rrrreeeemmmmooootttteeee bbbbrrrroooowwwwsssseeee ssssyyyynnnncccc ((((GGGG))))
+ This option allows you to setup nmbd(8) to periodically
+ request synchronization of browse lists with the master
+ browser of a Samba server that is on a remote segment.
+ This option will allow you to gain browse lists for
+ multiple workgroups across routed networks. This is
+ done in a manner that does not work with any non-Samba
+ servers.
+
+ This is useful if you want your Samba server and all
+ local clients to appear in a remote workgroup for which
+ the normal browse propagation rules don't work. The
+ remote workgroup can be anywhere that you can send IP
+ packets to.
+
+ For example:
+
+ rrrreeeemmmmooootttteeee bbbbrrrroooowwwwsssseeee ssssyyyynnnncccc ==== 111199992222....111166668888....2222....222255555555 111199992222....111166668888....4444....222255555555
+
+ the above line would cause nnnnmmmmbbbbdddd to request the master
+ browser on the specified subnets or addresses to
+ synchronize their browse lists with the local server.
+
+ The IP addresses you choose would normally be the
+ broadcast addresses of the remote networks, but can
+ also be the IP addresses of known browse masters if
+ your network config is that stable. If a machine IP
+ address is given Samba makes NO attempt to validate
+ that the remote machine is available, is listening, nor
+ that it is in fact the browse master on its segment.
+
+ Default: rrrreeeemmmmooootttteeee bbbbrrrroooowwwwsssseeee ssssyyyynnnncccc ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ rrrreeeessssttttrrrriiiicccctttt aaaannnnoooonnnnyyyymmmmoooouuuussss ((((GGGG))))
+ This is a boolean parameter. If it is yes, then
+ anonymous access to the server will be restricted,
+ namely in the case where the server is expecting the
+ client to send a username, but it doesn't. Setting it
+ to yes will force these anonymous connections to be
+ denied, and the client will be required to always
+ supply a username and password when connecting. Use of
+ this parameter is only recommended for homogeneous NT
+ client environments.
+
+ This parameter makes the use of macro expansions that
+ rely on the username (%U, %G, etc) consistent. NT 4.0
+ likes to use anonymous connections when refreshing the
+ share list, and this is a way to work around that.
+
+ When restrict anonymous is yes, all anonymous
+
+
+
+ Page 104 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ connections are denied no matter what they are for.
+ This can effect the ability of a machine to access the
+ Samba Primary Domain Controller to revalidate its
+ machine account after someone else has logged on the
+ client interactively. The NT client will display a
+ message saying that the machine's account in the domain
+ doesn't exist or the password is bad. The best way to
+ deal with this is to reboot NT client machines between
+ interactive logons, using "Shutdown and Restart",
+ rather than "Close all programs and logon as a
+ different user".
+
+ Default: rrrreeeessssttttrrrriiiicccctttt aaaannnnoooonnnnyyyymmmmoooouuuussss ==== nnnnoooo
+
+ rrrrooooooootttt ((((GGGG))))
+ Synonym for _r_o_o_t _d_i_r_e_c_t_o_r_y".
+
+ rrrrooooooootttt ddddiiiirrrr ((((GGGG))))
+ Synonym for _r_o_o_t _d_i_r_e_c_t_o_r_y".
+
+ rrrrooooooootttt ddddiiiirrrreeeeccccttttoooorrrryyyy ((((GGGG))))
+ The server will cccchhhhrrrrooooooootttt(((()))) (i.e. Change its root
+ directory) to this directory on startup. This is not
+ strictly necessary for secure operation. Even without
+ it the server will deny access to files not in one of
+ the service entries. It may also check for, and deny
+ access to, soft links to other parts of the filesystem,
+ or attempts to use ".." in file names to access other
+ directories (depending on the setting of the _w_i_d_e _l_i_n_k_s
+ parameter).
+
+ Adding a _r_o_o_t _d_i_r_e_c_t_o_r_y entry other than "/" adds an
+ extra level of security, but at a price. It absolutely
+ ensures that no access is given to files not in the
+ sub-tree specified in the _r_o_o_t _d_i_r_e_c_t_o_r_y option,
+ iiiinnnncccclllluuuuddddiiiinnnngggg some files needed for complete operation of
+ the server. To maintain full operability of the server
+ you will need to mirror some system files into the _r_o_o_t
+ _d_i_r_e_c_t_o_r_y tree. In particular you will need to mirror
+ /_e_t_c/_p_a_s_s_w_d (or a subset of it), and any binaries or
+ configuration files needed for printing (if required).
+ The set of files that must be mirrored is operating
+ system dependent.
+
+ Default: rrrrooooooootttt ddddiiiirrrreeeeccccttttoooorrrryyyy ==== ////
+
+ Example: rrrrooooooootttt ddddiiiirrrreeeeccccttttoooorrrryyyy ==== ////hhhhoooommmmeeeessss////ssssmmmmbbbb
+
+ rrrrooooooootttt ppppoooosssstttteeeexxxxeeeecccc ((((SSSS))))
+ This is the same as the _p_o_s_t_e_x_e_c parameter except that
+ the command is run as root. This is useful for
+ unmounting filesystems (such as CDROMs) after a
+
+
+
+ Page 105 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ connection is closed.
+
+ See also _p_o_s_t_e_x_e_c.
+
+ Default: rrrrooooooootttt ppppoooosssstttteeeexxxxeeeecccc ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ rrrrooooooootttt pppprrrreeeeeeeexxxxeeeecccc ((((SSSS))))
+ This is the same as the _p_r_e_e_x_e_c parameter except that
+ the command is run as root. This is useful for mounting
+ filesystems (such as CDROMs) when a connection is
+ opened.
+
+ See also _p_r_e_e_x_e_c and _p_r_e_e_x_e_c _c_l_o_s_e.
+
+ Default: rrrrooooooootttt pppprrrreeeeeeeexxxxeeeecccc ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ rrrrooooooootttt pppprrrreeeeeeeexxxxeeeecccc cccclllloooosssseeee ((((SSSS))))
+ This is the same as the _p_r_e_e_x_e_c _c_l_o_s_e parameter except
+ that the command is run as root.
+
+ See also _p_r_e_e_x_e_c and _p_r_e_e_x_e_c _c_l_o_s_e.
+
+ Default: rrrrooooooootttt pppprrrreeeeeeeexxxxeeeecccc cccclllloooosssseeee ==== nnnnoooo
+
+ sssseeeeccccuuuurrrriiiittttyyyy ((((GGGG))))
+ This option affects how clients respond to Samba and is
+ one of the most important settings in the _s_m_b._c_o_n_f
+ file.
+
+ The option sets the "security mode bit" in replies to
+ protocol negotiations with smbd(8)
+ to turn share level security on or off. Clients decide
+ based on this bit whether (and how) to transfer user
+ and password information to the server.
+
+ The default is sssseeeeccccuuuurrrriiiittttyyyy ==== uuuusssseeeerrrr, as this is the most
+ common setting needed when talking to Windows 98 and
+ Windows NT.
+
+ The alternatives are sssseeeeccccuuuurrrriiiittttyyyy ==== sssshhhhaaaarrrreeee, sssseeeeccccuuuurrrriiiittttyyyy ====
+ sssseeeerrrrvvvveeeerrrr or sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn .
+
+ In versions of Samba prior to 2.0.0, the default was
+ sssseeeeccccuuuurrrriiiittttyyyy ==== sssshhhhaaaarrrreeee mainly because that was the only
+ option at one stage.
+
+ There is a bug in WfWg that has relevance to this
+ setting. When in user or server level security a WfWg
+ client will totally ignore the password you type in the
+ "connect drive" dialog box. This makes it very
+ difficult (if not impossible) to connect to a Samba
+ service as anyone except the user that you are logged
+
+
+
+ Page 106 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ into WfWg as.
+
+ If your PCs use usernames that are the same as their
+ usernames on the UNIX machine then you will want to use
+ sssseeeeccccuuuurrrriiiittttyyyy ==== uuuusssseeeerrrr. If you mostly use usernames that don't
+ exist on the UNIX box then use sssseeeeccccuuuurrrriiiittttyyyy ==== sssshhhhaaaarrrreeee.
+
+ You should also use sssseeeeccccuuuurrrriiiittttyyyy ==== sssshhhhaaaarrrreeee if you want to
+ mainly setup shares without a password (guest shares).
+ This is commonly used for a shared printer server. It
+ is more difficult to setup guest shares with sssseeeeccccuuuurrrriiiittttyyyy ====
+ uuuusssseeeerrrr, see the _m_a_p _t_o _g_u_e_s_t parameter for details.
+
+ It is possible to use ssssmmmmbbbbdddd in a hhhhyyyybbbbrrrriiiidddd mmmmooooddddeeee where it
+ is offers both user and share level security under
+ different _N_e_t_B_I_O_S _a_l_i_a_s_e_s.
+
+ The different settings will now be explained.
+
+ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY ==== SSSSHHHHAAAARRRREEEE
+
+ When clients connect to a share level security server
+ they need not log onto the server with a valid username
+ and password before attempting to connect to a shared
+ resource (although modern clients such as Windows 95/98
+ and Windows NT will send a logon request with a
+ username but no password when talking to a sssseeeeccccuuuurrrriiiittttyyyy ====
+ sssshhhhaaaarrrreeee server). Instead, the clients send authentication
+ information (passwords) on a per-share basis, at the
+ time they attempt to connect to that share.
+
+ Note that ssssmmmmbbbbdddd AAAALLLLWWWWAAAAYYYYSSSS uses a valid UNIX user to act on
+ behalf of the client, even in sssseeeeccccuuuurrrriiiittttyyyy ==== sssshhhhaaaarrrreeee level
+ security.
+
+ As clients are not required to send a username to the
+ server in share level security, ssssmmmmbbbbdddd uses several
+ techniques to determine the correct UNIX user to use on
+ behalf of the client.
+
+ A list of possible UNIX usernames to match with the
+ given client password is constructed using the
+ following methods :
+
+ o+ If the _g_u_e_s_t _o_n_l_y parameter is set, then all the
+ other stages are missed and only the _g_u_e_s_t _a_c_c_o_u_n_t
+ username is checked.
+
+ o+ Is a username is sent with the share connection
+ request, then this username (after mapping - see
+ _u_s_e_r_n_a_m_e _m_a_p), is added as a potential username.
+
+
+
+
+ Page 107 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ If the client did a previous llllooooggggoooonnnn request (the
+ SessionSetup SMB call) then the username sent in this
+ SMB will be added as a potential username.
+
+ o+ The name of the service the client requested is added
+ as a potential username.
+
+ o+ The NetBIOS name of the client is added to the list
+ as a potential username.
+
+ o+ Any users on the _u_s_e_r list are added as potential
+ usernames.
+
+ If the _g_u_e_s_t _o_n_l_y parameter is not set, then this list is
+ then tried with the supplied password. The first user for
+ whom the password matches will be used as the UNIX user.
+
+ If the _g_u_e_s_t _o_n_l_y parameter is set, or no username can be
+ determined then if the share is marked as available to the
+ _g_u_e_s_t _a_c_c_o_u_n_t, then this guest user will be used, otherwise
+ access is denied.
+
+ Note that it can be vvvveeeerrrryyyy confusing in share-level security
+ as to which UNIX username will eventually be used in
+ granting access.
+
+ See also the section NOTE ABOUT USERNAME/PASSWORD
+ VALIDATION.
+
+ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY ==== UUUUSSSSEEEERRRR
+
+ This is the default security setting in Samba 2.2. With
+ user-level security a client must first "log-on" with a
+ valid username and password (which can be mapped using the
+ _u_s_e_r_n_a_m_e _m_a_p parameter). Encrypted passwords (see the
+ _e_n_c_r_y_p_t_e_d _p_a_s_s_w_o_r_d_s parameter) can also be used in this
+ security mode. Parameters such as _u_s_e_r and _g_u_e_s_t _o_n_l_y if
+ set are then applied and may change the UNIX user to use on
+ this connection, but only after the user has been
+ successfully authenticated.
+
+ NNNNooootttteeee that the name of the resource being requested is nnnnooootttt
+ sent to the server until after the server has successfully
+ authenticated the client. This is why guest shares don't
+ work in user level security without allowing the server to
+ automatically map unknown users into the _g_u_e_s_t _a_c_c_o_u_n_t. See
+ the _m_a_p _t_o _g_u_e_s_t parameter for details on doing this.
+
+ See also the section NOTE ABOUT USERNAME/PASSWORD
+ VALIDATION.
+
+ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY ==== SSSSEEEERRRRVVVVEEEERRRR
+
+
+
+ Page 108 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ In this mode Samba will try to validate the
+ username/password by passing it to another SMB server, such
+ as an NT box. If this fails it will revert to sssseeeeccccuuuurrrriiiittttyyyy ====
+ uuuusssseeeerrrr, but note that if encrypted passwords have been
+ negotiated then Samba cannot revert back to checking the
+ UNIX password file, it must have a valid _s_m_b_p_a_s_s_w_d file to
+ check users against. See the documentation file in the _d_o_c_s/
+ directory _E_N_C_R_Y_P_T_I_O_N._t_x_t for details on how to set this up.
+
+ NNNNooootttteeee that from the client's point of view sssseeeeccccuuuurrrriiiittttyyyy ==== sssseeeerrrrvvvveeeerrrr
+ is the same as sssseeeeccccuuuurrrriiiittttyyyy ==== uuuusssseeeerrrr. It only affects how the
+ server deals with the authentication, it does not in any way
+ affect what the client sees.
+
+ NNNNooootttteeee that the name of the resource being requested is nnnnooootttt
+ sent to the server until after the server has successfully
+ authenticated the client. This is why guest shares don't
+ work in user level security without allowing the server to
+ automatically map unknown users into the _g_u_e_s_t _a_c_c_o_u_n_t. See
+ the _m_a_p _t_o _g_u_e_s_t parameter for details on doing this.
+
+ See also the section NOTE ABOUT USERNAME/PASSWORD
+ VALIDATION.
+
+ See also the _p_a_s_s_w_o_r_d _s_e_r_v_e_r parameter and the _e_n_c_r_y_p_t_e_d
+ _p_a_s_s_w_o_r_d_s parameter.
+
+ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY ==== DDDDOOOOMMMMAAAAIIIINNNN
+
+ This mode will only work correctly if smbpasswd(8) has been
+ used to add this machine into a Windows NT Domain. It
+ expects the _e_n_c_r_y_p_t_e_d _p_a_s_s_w_o_r_d_s parameter to be set to yes.
+ In this mode Samba will try to validate the
+ username/password by passing it to a Windows NT Primary or
+ Backup Domain Controller, in exactly the same way that a
+ Windows NT Server would do.
+
+ NNNNooootttteeee that a valid UNIX user must still exist as well as the
+ account on the Domain Controller to allow Samba to have a
+ valid UNIX account to map file access to.
+
+ NNNNooootttteeee that from the client's point of view sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn
+ is the same as sssseeeeccccuuuurrrriiiittttyyyy ==== uuuusssseeeerrrr . It only affects how the
+ server deals with the authentication, it does not in any way
+ affect what the client sees.
+
+ NNNNooootttteeee that the name of the resource being requested is nnnnooootttt
+ sent to the server until after the server has successfully
+ authenticated the client. This is why guest shares don't
+ work in user level security without allowing the server to
+ automatically map unknown users into the _g_u_e_s_t _a_c_c_o_u_n_t. See
+ the _m_a_p _t_o _g_u_e_s_t parameter for details on doing this.
+
+
+
+ Page 109 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ BBBBUUUUGGGG:::: There is currently a bug in the implementation of
+ sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn with respect to multi-byte character set
+ usernames. The communication with a Domain Controller must
+ be done in UNICODE and Samba currently does not widen
+ multi-byte user names to UNICODE correctly, thus a multi-
+ byte username will not be recognized correctly at the Domain
+ Controller. This issue will be addressed in a future
+ release.
+
+ See also the section NOTE ABOUT USERNAME/PASSWORD
+ VALIDATION.
+
+ See also the _p_a_s_s_w_o_r_d _s_e_r_v_e_r parameter and the _e_n_c_r_y_p_t_e_d
+ _p_a_s_s_w_o_r_d_s parameter.
+
+ Default: sssseeeeccccuuuurrrriiiittttyyyy ==== UUUUSSSSEEEERRRR
+
+ Example: sssseeeeccccuuuurrrriiiittttyyyy ==== DDDDOOOOMMMMAAAAIIIINNNN
+
+ sssseeeeccccuuuurrrriiiittttyyyy mmmmaaaasssskkkk ((((SSSS))))
+ This parameter controls what UNIX permission bits can
+ be modified when a Windows NT client is manipulating
+ the UNIX permission on a file using the native NT
+ security dialog box.
+
+ This parameter is applied as a mask (AND'ed with) to
+ the changed permission bits, thus preventing any bits
+ not in this mask from being modified. Essentially, zero
+ bits in this mask may be treated as a set of bits the
+ user is not allowed to change.
+
+ If not set explicitly this parameter is 0777, allowing
+ a user to modify all the user/group/world permissions
+ on a file.
+
+ NNNNooootttteeee that users who can access the Samba server through
+ other means can easily bypass this restriction, so it
+ is primarily useful for standalone "appliance" systems.
+ Administrators of most normal systems will probably
+ want to leave it set to 0777.
+
+ See also the _f_o_r_c_e _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_o_d_e, _d_i_r_e_c_t_o_r_y
+ _s_e_c_u_r_i_t_y _m_a_s_k, _f_o_r_c_e _s_e_c_u_r_i_t_y _m_o_d_e parameters.
+
+ Default: sssseeeeccccuuuurrrriiiittttyyyy mmmmaaaasssskkkk ==== 0000777777777777
+
+ Example: sssseeeeccccuuuurrrriiiittttyyyy mmmmaaaasssskkkk ==== 0000777777770000
+
+ sssseeeerrrrvvvveeeerrrr ssssttttrrrriiiinnnngggg ((((GGGG))))
+ This controls what string will show up in the printer
+ comment box in print manager and next to the IPC
+ connection in nnnneeeetttt vvvviiiieeeewwww. It can be any string that you
+
+
+
+ Page 110 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ wish to show to your users.
+
+ It also sets what will appear in browse lists next to
+ the machine name.
+
+ A %_v will be replaced with the Samba version number.
+
+ A %_h will be replaced with the hostname.
+
+ Default: sssseeeerrrrvvvveeeerrrr ssssttttrrrriiiinnnngggg ==== SSSSaaaammmmbbbbaaaa %%%%vvvv
+
+ Example: sssseeeerrrrvvvveeeerrrr ssssttttrrrriiiinnnngggg ==== UUUUnnnniiiivvvveeeerrrrssssiiiittttyyyy ooooffff GGGGNNNNUUUUssss SSSSaaaammmmbbbbaaaa
+ SSSSeeeerrrrvvvveeeerrrr
+
+ sssseeeetttt ddddiiiirrrreeeeccccttttoooorrrryyyy ((((SSSS))))
+ If sssseeeetttt ddddiiiirrrreeeeccccttttoooorrrryyyy ==== nnnnoooo, then users of the service may
+ not use the setdir command to change directory.
+
+ The sssseeeettttddddiiiirrrr command is only implemented in the Digital
+ Pathworks client. See the Pathworks documentation for
+ details.
+
+ Default: sssseeeetttt ddddiiiirrrreeeeccccttttoooorrrryyyy ==== nnnnoooo
+
+ sssshhhhaaaarrrreeee mmmmooooddddeeeessss ((((SSSS))))
+ This enables or disables the honoring of the _s_h_a_r_e
+ _m_o_d_e_s during a file open. These modes are used by
+ clients to gain exclusive read or write access to a
+ file.
+
+ These open modes are not directly supported by UNIX, so
+ they are simulated using shared memory, or lock files
+ if your UNIX doesn't support shared memory (almost all
+ do).
+
+ The share modes that are enabled by this option are
+ DENY_DOS, DENY_ALL, DENY_READ, DENY_WRITE, DENY_NONE
+ and DENY_FCB.
+
+ This option gives full share compatibility and enabled
+ by default.
+
+ You should NNNNEEEEVVVVEEEERRRR turn this parameter off as many
+ Windows applications will break if you do so.
+
+ Default: sssshhhhaaaarrrreeee mmmmooooddddeeeessss ==== yyyyeeeessss
+
+ sssshhhhoooorrrrtttt pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ((((SSSS))))
+ This boolean parameter controls if new files which
+ conform to 8.3 syntax, that is all in upper case and of
+ suitable length, are created upper case, or if they are
+ forced to be the _d_e_f_a_u_l_t _c_a_s_e . This option can be use
+
+
+
+ Page 111 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ with pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ==== yyyyeeeessss to permit long filenames to
+ retain their case, while short names are lowered.
+
+ See the section on NAME MANGLING.
+
+ Default: sssshhhhoooorrrrtttt pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ==== yyyyeeeessss
+
+ sssshhhhoooowwww aaaadddddddd pppprrrriiiinnnntttteeeerrrr wwwwiiiizzzzaaaarrrrdddd ((((GGGG))))
+ With the introduction of MS-RPC based printing support
+ for Windows NT/2000 client in Samba 2.2, a
+ "Printers..." folder will appear on Samba hosts in the
+ share listing. Normally this folder will contain an
+ icon for the MS Add Printer Wizard (APW). However, it
+ is possible to disable this feature regardless of the
+ level of privilege of the connected user.
+
+ Under normal circumstances, the Windows NT/2000 client
+ will open a handle on the printer server with
+ OpenPrinterEx() asking for Administrator privileges. If
+ the user does not have administrative access on the
+ print server (i.e is not root or a member of the
+ _p_r_i_n_t_e_r _a_d_m_i_n group), the OpenPrinterEx() call fails
+ and the client makes another open call with a request
+ for a lower privilege level. This should succeed,
+ however the APW icon will not be displayed.
+
+ Disabling the _s_h_o_w _a_d_d _p_r_i_n_t_e_r _w_i_z_a_r_d parameter will
+ always cause the OpenPrinterEx() on the server to fail.
+ Thus the APW icon will never be displayed. NNNNooootttteeee ::::This
+ does not prevent the same user from having
+ administrative privilege on an individual printer.
+
+ See also _a_d_d_p_r_i_n_t_e_r _c_o_m_m_a_n_d, _d_e_l_e_t_e_p_r_i_n_t_e_r _c_o_m_m_a_n_d,
+ _p_r_i_n_t_e_r _a_d_m_i_n
+
+ Default :sssshhhhoooowwww aaaadddddddd pppprrrriiiinnnntttteeeerrrr wwwwiiiizzzzaaaarrrrdddd ==== yyyyeeeessss
+
+ ssssmmmmbbbb ppppaaaasssssssswwwwdddd ffffiiiilllleeee ((((GGGG))))
+ This option sets the path to the encrypted smbpasswd
+ file. By default the path to the smbpasswd file is
+ compiled into Samba.
+
+ Default: ssssmmmmbbbb ppppaaaasssssssswwwwdddd ffffiiiilllleeee ==== $$$${{{{pppprrrreeeeffffiiiixxxx}}}}////pppprrrriiiivvvvaaaatttteeee////ssssmmmmbbbbppppaaaasssssssswwwwdddd
+
+ Example: ssssmmmmbbbb ppppaaaasssssssswwwwdddd ffffiiiilllleeee ==== ////eeeettttcccc////ssssaaaammmmbbbbaaaa////ssssmmmmbbbbppppaaaasssssssswwwwdddd
+
+ ssssoooocccckkkkeeeetttt aaaaddddddddrrrreeeessssssss ((((GGGG))))
+ This option allows you to control what address Samba
+ will listen for connections on. This is used to support
+ multiple virtual interfaces on the one server, each
+ with a different configuration.
+
+
+
+
+ Page 112 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ By default Samba will accept connections on any
+ address.
+
+ Example: ssssoooocccckkkkeeeetttt aaaaddddddddrrrreeeessssssss ==== 111199992222....111166668888....2222....22220000
+
+ ssssoooocccckkkkeeeetttt ooooppppttttiiiioooonnnnssss ((((GGGG))))
+ This option allows you to set socket options to be used
+ when talking with the client.
+
+ Socket options are controls on the networking layer of
+ the operating systems which allow the connection to be
+ tuned.
+
+ This option will typically be used to tune your Samba
+ server for optimal performance for your local network.
+ There is no way that Samba can know what the optimal
+ parameters are for your net, so you must experiment and
+ choose them yourself. We strongly suggest you read the
+ appropriate documentation for your operating system
+ first (perhaps mmmmaaaannnn sssseeeettttssssoooocccckkkkoooopppptttt will help).
+
+ You may find that on some systems Samba will say
+ "Unknown socket option" when you supply an option. This
+ means you either incorrectly typed it or you need to
+ add an include file to includes.h for your OS. If the
+ latter is the case please send the patch to
+ samba@samba.org <URL:mailto:samba@samba.org>.
+
+ Any of the supported socket options may be combined in
+ any way you like, as long as your OS allows it.
+
+ This is the list of socket options currently settable
+ using this option:
+
+ o+ SO_KEEPALIVE
+
+ o+ SO_REUSEADDR
+
+ o+ SO_BROADCAST
+
+ o+ TCP_NODELAY
+
+ o+ IPTOS_LOWDELAY
+
+ o+ IPTOS_THROUGHPUT
+
+ o+ SO_SNDBUF *
+
+ o+ SO_RCVBUF *
+
+ o+ SO_SNDLOWAT *
+
+
+
+
+ Page 113 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ SO_RCVLOWAT *
+
+ Those marked with a ''''****'''' take an integer argument. The others
+ can optionally take a 1 or 0 argument to enable or disable
+ the option, by default they will be enabled if you don't
+ specify 1 or 0.
+
+ To specify an argument use the syntax SOME_OPTION = VALUE
+ for example SSSSOOOO____SSSSNNNNDDDDBBBBUUUUFFFF ==== 8888111199992222. Note that you must not have
+ any spaces before or after the = sign.
+
+ If you are on a local network then a sensible option might
+ be
+
+ ssssoooocccckkkkeeeetttt ooooppppttttiiiioooonnnnssss ==== IIIIPPPPTTTTOOOOSSSS____LLLLOOOOWWWWDDDDEEEELLLLAAAAYYYY
+
+ If you have a local network then you could try:
+
+ ssssoooocccckkkkeeeetttt ooooppppttttiiiioooonnnnssss ==== IIIIPPPPTTTTOOOOSSSS____LLLLOOOOWWWWDDDDEEEELLLLAAAAYYYY TTTTCCCCPPPP____NNNNOOOODDDDEEEELLLLAAAAYYYY
+
+ If you are on a wide area network then perhaps try setting
+ IPTOS_THROUGHPUT.
+
+ Note that several of the options may cause your Samba server
+ to fail completely. Use these options with caution!
+
+ Default: ssssoooocccckkkkeeeetttt ooooppppttttiiiioooonnnnssss ==== TTTTCCCCPPPP____NNNNOOOODDDDEEEELLLLAAAAYYYY
+
+ Example: ssssoooocccckkkkeeeetttt ooooppppttttiiiioooonnnnssss ==== IIIIPPPPTTTTOOOOSSSS____LLLLOOOOWWWWDDDDEEEELLLLAAAAYYYY
+
+ ssssoooouuuurrrrcccceeee eeeennnnvvvviiiirrrroooonnnnmmmmeeeennnntttt ((((GGGG))))
+ This parameter causes Samba to set environment
+ variables as per the content of the file named.
+
+ If the value of this parameter starts with a "|"
+ character then Samba will treat that value as a pipe
+ command to open and will set the environment variables
+ from the output of the pipe.
+
+ The contents of the file or the output of the pipe
+ should be formatted as the output of the standard Unix
+ eeeennnnvvvv((((1111)))) command. This is of the form :
+
+ Example environment entry:
+
+ SSSSAAAAMMMMBBBBAAAA____NNNNEEEETTTTBBBBIIIIOOOOSSSS____NNNNAAAAMMMMEEEE ==== mmmmyyyyhhhhoooossssttttnnnnaaaammmmeeee
+
+ Default: NNNNoooo ddddeeeeffffaaaauuuulllltttt vvvvaaaalllluuuueeee
+
+ Examples: ssssoooouuuurrrrcccceeee eeeennnnvvvviiiirrrroooonnnnmmmmeeeennnntttt ==== ||||////eeeettttcccc////ssssmmmmbbbb....ccccoooonnnnffff....sssshhhh
+
+ Example: ssssoooouuuurrrrcccceeee eeeennnnvvvviiiirrrroooonnnnmmmmeeeennnntttt ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssmmmmbbbb____eeeennnnvvvv____vvvvaaaarrrrssss
+
+
+
+ Page 114 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ ssssssssllll ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ This variable enables or disables the entire SSL mode.
+ If it is set to no, the SSL-enabled Samba behaves
+ exactly like the non-SSL Samba. If set to yes, it
+ depends on the variables _s_s_l _h_o_s_t_s and _s_s_l _h_o_s_t_s
+ _r_e_s_i_g_n whether an SSL connection will be required.
+
+ Default: ssssssssllll ==== nnnnoooo
+
+ ssssssssllll CCCCAAAA cccceeeerrrrttttDDDDiiiirrrr ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ This variable defines where to look up the
+ Certification Authorities. The given directory should
+ contain one file for each CA that Samba will trust. The
+ file name must be the hash value over the
+ "Distinguished Name" of the CA. How this directory is
+ set up is explained later in this document. All files
+ within the directory that don't fit into this naming
+ scheme are ignored. You don't need this variable if you
+ don't verify client certificates.
+
+ Default: ssssssssllll CCCCAAAA cccceeeerrrrttttDDDDiiiirrrr ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssssssllll////cccceeeerrrrttttssss
+
+ ssssssssllll CCCCAAAA cccceeeerrrrttttFFFFiiiilllleeee ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ This variable is a second way to define the trusted
+ CAs. The certificates of the trusted CAs are collected
+ in one big file and this variable points to the file.
+ You will probably only use one of the two ways to
+ define your CAs. The first choice is preferable if you
+ have many CAs or want to be flexible, the second is
+ preferable if you only have one CA and want to keep
+ things simple (you won't need to create the hashed file
+ names). You don't need this variable if you don't
+ verify client certificates.
+
+ Default: ssssssssllll CCCCAAAA cccceeeerrrrttttFFFFiiiilllleeee ====
+ ////uuuussssrrrr////llllooooccccaaaallll////ssssssssllll////cccceeeerrrrttttssss////ttttrrrruuuusssstttteeeeddddCCCCAAAAssss....ppppeeeemmmm
+
+
+
+
+ Page 115 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ ssssssssllll cccciiiipppphhhheeeerrrrssss ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ This variable defines the ciphers that should be
+ offered during SSL negotiation. You should not set this
+ variable unless you know what you are doing.
+
+ ssssssssllll cccclllliiiieeeennnntttt cccceeeerrrrtttt ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ The certificate in this file is used by ssssmmmmbbbbcccclllliiiieeeennnntttt((((1111))))
+ if it exists. It's needed if the server requires a
+ client certificate.
+
+ Default: ssssssssllll cccclllliiiieeeennnntttt cccceeeerrrrtttt ====
+ ////uuuussssrrrr////llllooooccccaaaallll////ssssssssllll////cccceeeerrrrttttssss////ssssmmmmbbbbcccclllliiiieeeennnntttt....ppppeeeemmmm
+
+ ssssssssllll cccclllliiiieeeennnntttt kkkkeeeeyyyy ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ This is the private key for ssssmmmmbbbbcccclllliiiieeeennnntttt((((1111)))) It's only
+ needed if the client should have a certificate.
+
+ Default: ssssssssllll cccclllliiiieeeennnntttt kkkkeeeeyyyy ====
+ ////uuuussssrrrr////llllooooccccaaaallll////ssssssssllll////pppprrrriiiivvvvaaaatttteeee////ssssmmmmbbbbcccclllliiiieeeennnntttt....ppppeeeemmmm
+
+ ssssssssllll ccccoooommmmppppaaaattttiiiibbbbiiiilllliiiittttyyyy ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ This variable defines whether OpenSSL should be
+ configured for bug compatibility with other SSL
+ implementations. This is probably not desirable because
+ currently no clients with SSL implementations other
+ than OpenSSL exist.
+
+ Default: ssssssssllll ccccoooommmmppppaaaattttiiiibbbbiiiilllliiiittttyyyy ==== nnnnoooo
+
+ ssssssssllll eeeeggggdddd ssssoooocccckkkkeeeetttt ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+
+
+
+ Page 116 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ This option is used to define the location of the
+ communiation socket of an EGD or PRNGD daemon, from
+ which entropy can be retrieved. This option can be used
+ instead of or together with the _s_s_l _e_n_t_r_o_p_y _f_i_l_e
+ directive. 255 bytes of entropy will be retrieved from
+ the daemon.
+
+ Default: nnnnoooonnnneeee
+
+ ssssssssllll eeeennnnttttrrrrooooppppyyyy bbbbyyyytttteeeessss ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ This parameter is used to define the number of bytes
+ which should be read from the _s_s_l _e_n_t_r_o_p_y _f_i_l_e If a -1
+ is specified, the entire file will be read.
+
+ Default: ssssssssllll eeeennnnttttrrrrooooppppyyyy bbbbyyyytttteeeessss ==== 222255555555
+
+ ssssssssllll eeeennnnttttrrrrooooppppyyyy ffffiiiilllleeee ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ This parameter is used to specify a file from which
+ processes will read "random bytes" on startup. In order
+ to seed the internal pseudo random number generator,
+ entropy must be provided. On system with a /_d_e_v/_u_r_a_n_d_o_m
+ device file, the processes will retrieve its entropy
+ from the kernel. On systems without kernel entropy
+ support, a file can be supplied that will be read on
+ startup and that will be used to seed the PRNG.
+
+ Default: nnnnoooonnnneeee
+
+ ssssssssllll hhhhoooossssttttssss ((((GGGG))))
+ See _s_s_l _h_o_s_t_s _r_e_s_i_g_n.
+
+ ssssssssllll hhhhoooossssttttssss rrrreeeessssiiiiggggnnnn ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ These two variables define whether Samba will go into
+ SSL mode or not. If none of them is defined, Samba will
+
+
+
+ Page 117 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ allow only SSL connections. If the _s_s_l _h_o_s_t_s variable
+ lists hosts (by IP-address, IP-address range, net group
+ or name), only these hosts will be forced into SSL
+ mode. If the _s_s_l _h_o_s_t_s _r_e_s_i_g_n variable lists hosts,
+ only these hosts will NNNNOOOOTTTT be forced into SSL mode. The
+ syntax for these two variables is the same as for the
+ _h_o_s_t_s _a_l_l_o_w and _h_o_s_t_s _d_e_n_y pair of variables, only
+ that the subject of the decision is different: It's not
+ the access right but whether SSL is used or not.
+
+ The example below requires SSL connections from all
+ hosts outside the local net (which is 192.168.*.*).
+
+ Default: ssssssssllll hhhhoooossssttttssss ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ ssssssssllll hhhhoooossssttttssss rrrreeeessssiiiiggggnnnn ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ Example: ssssssssllll hhhhoooossssttttssss rrrreeeessssiiiiggggnnnn ==== 111199992222....111166668888....
+
+ ssssssssllll rrrreeeeqqqquuuuiiiirrrreeee cccclllliiiieeeennnnttttcccceeeerrrrtttt ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ If this variable is set to yes, the server will not
+ tolerate connections from clients that don't have a
+ valid certificate. The directory/file given in _s_s_l _C_A
+ _c_e_r_t_D_i_r and _s_s_l _C_A _c_e_r_t_F_i_l_e will be used to look up the
+ CAs that issued the client's certificate. If the
+ certificate can't be verified positively, the
+ connection will be terminated. If this variable is set
+ to no, clients don't need certificates. Contrary to web
+ applications you really sssshhhhoooouuuulllldddd require client
+ certificates. In the web environment the client's data
+ is sensitive (credit card numbers) and the server must
+ prove to be trustworthy. In a file server environment
+ the server's data will be sensitive and the clients
+ must prove to be trustworthy.
+
+ Default: ssssssssllll rrrreeeeqqqquuuuiiiirrrreeee cccclllliiiieeeennnnttttcccceeeerrrrtttt ==== nnnnoooo
+
+ ssssssssllll rrrreeeeqqqquuuuiiiirrrreeee sssseeeerrrrvvvveeeerrrrcccceeeerrrrtttt ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ If this variable is set to yes, the ssssmmmmbbbbcccclllliiiieeeennnntttt((((1111))))
+ will request a certificate from the server. Same as
+ _s_s_l _r_e_q_u_i_r_e _c_l_i_e_n_t_c_e_r_t for the server.
+
+
+
+
+ Page 118 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Default: ssssssssllll rrrreeeeqqqquuuuiiiirrrreeee sssseeeerrrrvvvveeeerrrrcccceeeerrrrtttt ==== nnnnoooo
+
+ ssssssssllll sssseeeerrrrvvvveeeerrrr cccceeeerrrrtttt ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ This is the file containing the server's certificate.
+ The server mmmmuuuusssstttt have a certificate. The file may also
+ contain the server's private key. See later for how
+ certificates and private keys are created.
+
+ Default: ssssssssllll sssseeeerrrrvvvveeeerrrr cccceeeerrrrtttt ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ ssssssssllll sssseeeerrrrvvvveeeerrrr kkkkeeeeyyyy ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ This file contains the private key of the server. If
+ this variable is not defined, the key is looked up in
+ the certificate file (it may be appended to the
+ certificate). The server mmmmuuuusssstttt have a private key and
+ the certificate mmmmuuuusssstttt match this private key.
+
+ Default: ssssssssllll sssseeeerrrrvvvveeeerrrr kkkkeeeeyyyy ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ ssssssssllll vvvveeeerrrrssssiiiioooonnnn ((((GGGG))))
+ This variable is part of SSL-enabled Samba. This is
+ only available if the SSL libraries have been compiled
+ on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was
+ given at configure time.
+
+ This enumeration variable defines the versions of the
+ SSL protocol that will be used. ssl2or3 allows dynamic
+ negotiation of SSL v2 or v3, ssl2 results in SSL v2,
+ ssl3 results in SSL v3 and tls1 results in TLS v1. TLS
+ (Transport Layer Security) is the new standard for SSL.
+
+ Default: ssssssssllll vvvveeeerrrrssssiiiioooonnnn ==== """"ssssssssllll2222oooorrrr3333""""
+
+ ssssttttaaaatttt ccccaaaacccchhhheeee ((((GGGG))))
+ This parameter determines if smbd(8) will use a cache
+ in order to speed up case insensitive name mappings.
+ You should never need to change this parameter.
+
+ Default: ssssttttaaaatttt ccccaaaacccchhhheeee ==== yyyyeeeessss
+
+ ssssttttaaaatttt ccccaaaacccchhhheeee ssssiiiizzzzeeee ((((GGGG))))
+ This parameter determines the number of entries in the
+
+
+
+ Page 119 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ _s_t_a_t _c_a_c_h_e. You should never need to change this
+ parameter.
+
+ Default: ssssttttaaaatttt ccccaaaacccchhhheeee ssssiiiizzzzeeee ==== 55550000
+
+ ssssttttaaaattttuuuussss ((((GGGG))))
+ This enables or disables logging of connections to a
+ status file that smbstatus(1) can read.
+
+ With this disabled ssssmmmmbbbbssssttttaaaattttuuuussss won't be able to tell you
+ what connections are active. You should never need to
+ change this parameter.
+
+ Default: ssssttttaaaattttuuuussss ==== yyyyeeeessss
+
+ ssssttttrrrriiiicccctttt aaaallllllllooooccccaaaatttteeee ((((SSSS))))
+ This is a boolean that controls the handling of disk
+ space allocation in the server. When this is set to yes
+ the server will change from UNIX behaviour of not
+ committing real disk storage blocks when a file is
+ extended to the Windows behaviour of actually forcing
+ the disk system to allocate real storage blocks when a
+ file is created or extended to be a given size. In UNIX
+ terminology this means that Samba will stop creating
+ sparse files. This can be slow on some systems.
+
+ When strict allocate is no the server does sparse disk
+ block allocation when a file is extended.
+
+ Setting this to yes can help Samba return out of quota
+ messages on systems that are restricting the disk quota
+ of users.
+
+ Default: ssssttttrrrriiiicccctttt aaaallllllllooooccccaaaatttteeee ==== nnnnoooo
+
+ ssssttttrrrriiiicccctttt lllloooocccckkkkiiiinnnngggg ((((SSSS))))
+ This is a boolean that controls the handling of file
+ locking in the server. When this is set to yes the
+ server will check every read and write access for file
+ locks, and deny access if locks exist. This can be slow
+ on some systems.
+
+ When strict locking is no the server does file lock
+ checks only when the client explicitly asks for them.
+
+ Well-behaved clients always ask for lock checks when it
+ is important, so in the vast majority of cases ssssttttrrrriiiicccctttt
+ lllloooocccckkkkiiiinnnngggg ==== nnnnoooo is preferable.
+
+ Default: ssssttttrrrriiiicccctttt lllloooocccckkkkiiiinnnngggg ==== nnnnoooo
+
+ ssssttttrrrriiiicccctttt ssssyyyynnnncccc ((((SSSS))))
+
+
+
+ Page 120 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Many Windows applications (including the Windows 98
+ explorer shell) seem to confuse flushing buffer
+ contents to disk with doing a sync to disk. Under UNIX,
+ a sync call forces the process to be suspended until
+ the kernel has ensured that all outstanding data in
+ kernel disk buffers has been safely stored onto stable
+ storage. This is very slow and should only be done
+ rarely. Setting this parameter to no (the default)
+ means that smbd ignores the Windows applications
+ requests for a sync call. There is only a possibility
+ of losing data if the operating system itself that
+ Samba is running on crashes, so there is little danger
+ in this default setting. In addition, this fixes many
+ performance problems that people have reported with the
+ new Windows98 explorer shell file copies.
+
+ See also the _s_y_n_c _a_l_w_a_y_s> parameter.
+
+ Default: ssssttttrrrriiiicccctttt ssssyyyynnnncccc ==== nnnnoooo
+
+ ssssttttrrrriiiipppp ddddooootttt ((((GGGG))))
+ This parameter is now unused in Samba (2.2.5 and
+ above). It used strip trailing dots off UNIX filenames
+ but was not correctly implmented. In Samba 2.2.5 and
+ above UNIX filenames ending in a dot are invalid
+ Windows long filenames (as they are in Windows NT and
+ above) and are mangled to 8.3 before being returned to
+ a client.
+
+ Default: ssssttttrrrriiiipppp ddddooootttt ==== nnnnoooo
+
+ ssssyyyynnnncccc aaaallllwwwwaaaayyyyssss ((((SSSS))))
+ This is a boolean parameter that controls whether
+ writes will always be written to stable storage before
+ the write call returns. If this is no then the server
+ will be guided by the client's request in each write
+ call (clients can set a bit indicating that a
+ particular write should be synchronous). If this is yes
+ then every write will be followed by a ffffssssyyyynnnncccc(((()))) call to
+ ensure the data is written to disk. Note that the
+ _s_t_r_i_c_t _s_y_n_c parameter must be set to yes in order for
+ this parameter to have any affect.
+
+ See also the _s_t_r_i_c_t _s_y_n_c parameter.
+
+ Default: ssssyyyynnnncccc aaaallllwwwwaaaayyyyssss ==== nnnnoooo
+
+ ssssyyyysssslllloooogggg ((((GGGG))))
+ This parameter maps how Samba debug messages are logged
+ onto the system syslog logging levels. Samba debug
+ level zero maps onto syslog LOG_ERR, debug level one
+ maps onto LOG_WARNING, debug level two maps onto
+
+
+
+ Page 121 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ LOG_NOTICE, debug level three maps onto LOG_INFO. All
+ higher levels are mapped to LOG_DEBUG.
+
+ This parameter sets the threshold for sending messages
+ to syslog. Only messages with debug level less than
+ this value will be sent to syslog.
+
+ Default: ssssyyyysssslllloooogggg ==== 1111
+
+ ssssyyyysssslllloooogggg oooonnnnllllyyyy ((((GGGG))))
+ If this parameter is set then Samba debug messages are
+ logged into the system syslog only, and not to the
+ debug log files.
+
+ Default: ssssyyyysssslllloooogggg oooonnnnllllyyyy ==== nnnnoooo
+
+ tttteeeemmmmppppllllaaaatttteeee hhhhoooommmmeeeeddddiiiirrrr ((((GGGG))))
+ When filling out the user information for a Windows NT
+ user, the winbindd(8) daemon uses this parameter to
+ fill in the home directory for that user. If the string
+ %_D is present it is substituted with the user's Windows
+ NT domain name. If the string %_U is present it is
+ substituted with the user's Windows NT user name.
+
+ Default: tttteeeemmmmppppllllaaaatttteeee hhhhoooommmmeeeeddddiiiirrrr ==== ////hhhhoooommmmeeee////%%%%DDDD////%%%%UUUU
+
+ tttteeeemmmmppppllllaaaatttteeee sssshhhheeeellllllll ((((GGGG))))
+ When filling out the user information for a Windows NT
+ user, the winbindd(8) daemon uses this parameter to
+ fill in the login shell for that user.
+
+ Default: tttteeeemmmmppppllllaaaatttteeee sssshhhheeeellllllll ==== ////bbbbiiiinnnn////ffffaaaallllsssseeee
+
+ ttttiiiimmmmeeee ooooffffffffsssseeeetttt ((((GGGG))))
+ This parameter is a setting in minutes to add to the
+ normal GMT to local time conversion. This is useful if
+ you are serving a lot of PCs that have incorrect
+ daylight saving time handling.
+
+ Default: ttttiiiimmmmeeee ooooffffffffsssseeeetttt ==== 0000
+
+ Example: ttttiiiimmmmeeee ooooffffffffsssseeeetttt ==== 66660000
+
+ ttttiiiimmmmeeee sssseeeerrrrvvvveeeerrrr ((((GGGG))))
+ This parameter determines if nmbd(8) advertises itself
+ as a time server to Windows clients.
+
+ Default: ttttiiiimmmmeeee sssseeeerrrrvvvveeeerrrr ==== nnnnoooo
+
+ ttttiiiimmmmeeeessssttttaaaammmmpppp llllooooggggssss ((((GGGG))))
+ Synonym for _d_e_b_u_g _t_i_m_e_s_t_a_m_p.
+
+
+
+
+ Page 122 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ ttttoooottttaaaallll pppprrrriiiinnnntttt jjjjoooobbbbssss ((((GGGG))))
+ This parameter accepts an integer value which defines a
+ limit on the maximum number of print jobs that will be
+ accepted system wide at any given time. If a print job
+ is submitted by a client which will exceed this number,
+ then smbd will return an error indicating that no space
+ is available on the server. The default value of 0
+ means that no such limit exists. This parameter can be
+ used to prevent a server from exceeding its capacity
+ and is designed as a printing throttle. See also _m_a_x
+ _p_r_i_n_t _j_o_b_s.
+
+ Default: ttttoooottttaaaallll pppprrrriiiinnnntttt jjjjoooobbbbssss ==== 0000
+
+ Example: ttttoooottttaaaallll pppprrrriiiinnnntttt jjjjoooobbbbssss ==== 5555000000000000
+
+ uuuunnnniiiixxxx eeeexxxxtttteeeennnnssssiiiioooonnnnssss((((GGGG))))
+ This boolean parameter controls whether Samba implments
+ the CIFS UNIX extensions, as defined by HP. These
+ extensions enable Samba to better serve UNIX CIFS
+ clients by supporting features such as symbolic links,
+ hard links, etc... These extensions require a
+ similarly enabled client, and are of no current use to
+ Windows clients.
+
+ Default: uuuunnnniiiixxxx eeeexxxxtttteeeennnnssssiiiioooonnnnssss ==== nnnnoooo
+
+ uuuunnnniiiixxxx ppppaaaasssssssswwwwoooorrrrdddd ssssyyyynnnncccc ((((GGGG))))
+ This boolean parameter controls whether Samba attempts
+ to synchronize the UNIX password with the SMB password
+ when the encrypted SMB password in the smbpasswd file
+ is changed. If this is set to yes the program specified
+ in the _p_a_s_s_w_d _p_r_o_g_r_a_mparameter is called AAAASSSS RRRROOOOOOOOTTTT - to
+ allow the new UNIX password to be set without access to
+ the old UNIX password (as the SMB password change code
+ has no access to the old password cleartext, only the
+ new).
+
+ See also _p_a_s_s_w_d _p_r_o_g_r_a_m, _p_a_s_s_w_d _c_h_a_t.
+
+ Default: uuuunnnniiiixxxx ppppaaaasssssssswwwwoooorrrrdddd ssssyyyynnnncccc ==== nnnnoooo
+
+ uuuuppppddddaaaatttteeee eeeennnnccccrrrryyyypppptttteeeedddd ((((GGGG))))
+ This boolean parameter allows a user logging on with a
+ plaintext password to have their encrypted (hashed)
+ password in the smbpasswd file to be updated
+ automatically as they log on. This option allows a site
+ to migrate from plaintext password authentication
+ (users authenticate with plaintext password over the
+ wire, and are checked against a UNIX account database)
+ to encrypted password authentication (the SMB
+ challenge/response authentication mechanism) without
+
+
+
+ Page 123 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ forcing all users to re-enter their passwords via
+ smbpasswd at the time the change is made. This is a
+ convenience option to allow the change over to
+ encrypted passwords to be made over a longer period.
+ Once all users have encrypted representations of their
+ passwords in the smbpasswd file this parameter should
+ be set to no.
+
+ In order for this parameter to work correctly the
+ _e_n_c_r_y_p_t _p_a_s_s_w_o_r_d_s parameter must be set to no when this
+ parameter is set to yes.
+
+ Note that even when this parameter is set a user
+ authenticating to ssssmmmmbbbbdddd must still enter a valid
+ password in order to connect correctly, and to update
+ their hashed (smbpasswd) passwords.
+
+ Default: uuuuppppddddaaaatttteeee eeeennnnccccrrrryyyypppptttteeeedddd ==== nnnnoooo
+
+ uuuusssseeee cccclllliiiieeeennnntttt ddddrrrriiiivvvveeeerrrr ((((SSSS))))
+ This parameter applies only to Windows NT/2000 clients.
+ It has no affect on Windows 95/98/ME clients. When
+ serving a printer to Windows NT/2000 clients without
+ first installing a valid printer driver on the Samba
+ host, the client will be required to install a local
+ printer driver. From this point on, the client will
+ treat the print as a local printer and not a network
+ printer connection. This is much the same behavior that
+ will occur when ddddiiiissssaaaabbbblllleeee ssssppppoooooooollllssssssss ==== yyyyeeeessss.
+
+ The differentiating factor is that under normal
+ circumstances, the NT/2000 client will attempt to open
+ the network printer using MS-RPC. The problem is that
+ because the client considers the printer to be local,
+ it will attempt to issue the OpenPrinterEx() call
+ requesting access rights associated with the logged on
+ user. If the user possesses local administator rights
+ but not root privilegde on the Samba host (often the
+ case), the OpenPrinterEx() call will fail. The result
+ is that the client will now display an "Access Denied;
+ Unable to connect" message in the printer queue window
+ (even though jobs may successfully be printed).
+
+ If this parameter is enabled for a printer, then any
+ attempt to open the printer with the
+ PRINTER_ACCESS_ADMINISTER right is mapped to
+ PRINTER_ACCESS_USE instead. Thus allowing the
+ OpenPrinterEx() call to succeed. TTTThhhhiiiissss ppppaaaarrrraaaammmmeeeetttteeeerrrr MMMMUUUUSSSSTTTT
+ nnnnooootttt bbbbeeee aaaabbbblllleeee eeeennnnaaaabbbblllleeeedddd oooonnnn aaaa pppprrrriiiinnnntttt sssshhhhaaaarrrreeee wwwwhhhhiiiicccchhhh hhhhaaaassss vvvvaaaalllliiiidddd
+ pppprrrriiiinnnntttt ddddrrrriiiivvvveeeerrrr iiiinnnnssssttttaaaalllllllleeeedddd oooonnnn tttthhhheeee SSSSaaaammmmbbbbaaaa sssseeeerrrrvvvveeeerrrr....
+
+ See also disable spoolss
+
+
+
+ Page 124 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Default: uuuusssseeee cccclllliiiieeeennnntttt ddddrrrriiiivvvveeeerrrr ==== nnnnoooo
+
+ uuuusssseeee mmmmmmmmaaaapppp ((((GGGG))))
+ This global parameter determines if the tdb internals
+ of Samba can depend on mmap working correctly on the
+ running system. Samba requires a coherent mmap/read-
+ write system memory cache. Currently only HPUX does not
+ have such a coherent cache, and so this parameter is
+ set to no by default on HPUX. On all other systems this
+ parameter should be left alone. This parameter is
+ provided to help the Samba developers track down
+ problems with the tdb internal code.
+
+ Default: uuuusssseeee mmmmmmmmaaaapppp ==== yyyyeeeessss
+
+ uuuusssseeee rrrrhhhhoooossssttttssss ((((GGGG))))
+ If this global parameter is yes, it specifies that the
+ UNIX user's ._r_h_o_s_t_s file in their home directory will
+ be read to find the names of hosts and users who will
+ be allowed access without specifying a password.
+
+ NNNNOOOOTTTTEEEE:::: The use of _u_s_e _r_h_o_s_t_s can be a major security
+ hole. This is because you are trusting the PC to supply
+ the correct username. It is very easy to get a PC to
+ supply a false username. I recommend that the _u_s_e
+ _r_h_o_s_t_s option be only used if you really know what you
+ are doing.
+
+ Default: uuuusssseeee rrrrhhhhoooossssttttssss ==== nnnnoooo
+
+ uuuusssseeeerrrr ((((SSSS))))
+ Synonym for _u_s_e_r_n_a_m_e.
+
+ uuuusssseeeerrrrssss ((((SSSS))))
+ Synonym for _u_s_e_r_n_a_m_e.
+
+ uuuusssseeeerrrrnnnnaaaammmmeeee ((((SSSS))))
+ Multiple users may be specified in a comma-delimited
+ list, in which case the supplied password will be
+ tested against each username in turn (left to right).
+
+ The _u_s_e_r_n_a_m_e line is needed only when the PC is unable
+ to supply its own username. This is the case for the
+ COREPLUS protocol or where your users have different
+ WfWg usernames to UNIX usernames. In both these cases
+ you may also be better using the \\server\share%user
+ syntax instead.
+
+ The _u_s_e_r_n_a_m_e line is not a great solution in many cases
+ as it means Samba will try to validate the supplied
+ password against each of the usernames in the _u_s_e_r_n_a_m_e
+ line in turn. This is slow and a bad idea for lots of
+
+
+
+ Page 125 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ users in case of duplicate passwords. You may get
+ timeouts or security breaches using this parameter
+ unwisely.
+
+ Samba relies on the underlying UNIX security. This
+ parameter does not restrict who can login, it just
+ offers hints to the Samba server as to what usernames
+ might correspond to the supplied password. Users can
+ login as whoever they please and they will be able to
+ do no more damage than if they started a telnet
+ session. The daemon runs as the user that they log in
+ as, so they cannot do anything that user cannot do.
+
+ To restrict a service to a particular set of users you
+ can use the _v_a_l_i_d _u_s_e_r_s parameter.
+
+ If any of the usernames begin with a '@' then the name
+ will be looked up first in the NIS netgroups list (if
+ Samba is compiled with netgroup support), followed by a
+ lookup in the UNIX groups database and will expand to a
+ list of all users in the group of that name.
+
+ If any of the usernames begin with a '+' then the name
+ will be looked up only in the UNIX groups database and
+ will expand to a list of all users in the group of that
+ name.
+
+ If any of the usernames begin with a '&'then the name
+ will be looked up only in the NIS netgroups database
+ (if Samba is compiled with netgroup support) and will
+ expand to a list of all users in the netgroup group of
+ that name.
+
+ Note that searching though a groups database can take
+ quite some time, and some clients may time out during
+ the search.
+
+ See the section NOTE ABOUT USERNAME/PASSWORD VALIDATION
+ for more information on how this parameter determines
+ access to the services.
+
+ Default: TTTThhhheeee gggguuuueeeesssstttt aaaaccccccccoooouuuunnnntttt iiiiffff aaaa gggguuuueeeesssstttt sssseeeerrrrvvvviiiicccceeee,,,, eeeellllsssseeee
+ <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>....
+
+ Examples:uuuusssseeeerrrrnnnnaaaammmmeeee ==== ffffrrrreeeedddd,,,, mmmmaaaarrrryyyy,,,, jjjjaaaacccckkkk,,,, jjjjaaaannnneeee,,,, @@@@uuuusssseeeerrrrssss,,,,
+ @@@@ppppccccggggrrrroooouuuupppp
+
+ uuuusssseeeerrrrnnnnaaaammmmeeee lllleeeevvvveeeellll ((((GGGG))))
+ This option helps Samba to try and 'guess' at the real
+ UNIX username, as many DOS clients send an all-
+ uppercase username. By default Samba tries all
+ lowercase, followed by the username with the first
+
+
+
+ Page 126 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ letter capitalized, and fails if the username is not
+ found on the UNIX machine.
+
+ If this parameter is set to non-zero the behavior
+ changes. This parameter is a number that specifies the
+ number of uppercase combinations to try while trying to
+ determine the UNIX user name. The higher the number the
+ more combinations will be tried, but the slower the
+ discovery of usernames will be. Use this parameter when
+ you have strange usernames on your UNIX machine, such
+ as AstrangeUser .
+
+ Default: uuuusssseeeerrrrnnnnaaaammmmeeee lllleeeevvvveeeellll ==== 0000
+
+ Example: uuuusssseeeerrrrnnnnaaaammmmeeee lllleeeevvvveeeellll ==== 5555
+
+ uuuusssseeeerrrrnnnnaaaammmmeeee mmmmaaaapppp ((((GGGG))))
+ This option allows you to specify a file containing a
+ mapping of usernames from the clients to the server.
+ This can be used for several purposes. The most common
+ is to map usernames that users use on DOS or Windows
+ machines to those that the UNIX box uses. The other is
+ to map multiple users to a single username so that they
+ can more easily share files.
+
+ The map file is parsed line by line. Each line should
+ contain a single UNIX username on the left then a '='
+ followed by a list of usernames on the right. The list
+ of usernames on the right may contain names of the form
+ @group in which case they will match any UNIX username
+ in that group. The special client name '*' is a
+ wildcard and matches any name. Each line of the map
+ file may be up to 1023 characters long.
+
+ The file is processed on each line by taking the
+ supplied username and comparing it with each username
+ on the right hand side of the '=' signs. If the
+ supplied name matches any of the names on the right
+ hand side then it is replaced with the name on the
+ left. Processing then continues with the next line.
+
+ If any line begins with a '#' or a ';' then it is
+ ignored
+
+ If any line begins with an '!' then the processing will
+ stop after that line if a mapping was done by the line.
+ Otherwise mapping continues with every line being
+ processed. Using '!' is most useful when you have a
+ wildcard mapping line later in the file.
+
+ For example to map from the name admin or administrator
+ to the UNIX name root you would use:
+
+
+
+ Page 127 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ rrrrooooooootttt ==== aaaaddddmmmmiiiinnnn aaaaddddmmmmiiiinnnniiiissssttttrrrraaaattttoooorrrr
+
+ Or to map anyone in the UNIX group system to the UNIX
+ name sys you would use:
+
+ ssssyyyyssss ==== @@@@ssssyyyysssstttteeeemmmm
+
+ You can have as many mappings as you like in a username
+ map file.
+
+ If your system supports the NIS NETGROUP option then
+ the netgroup database is checked before the /_e_t_c/_g_r_o_u_p
+ database for matching groups.
+
+ You can map Windows usernames that have spaces in them
+ by using double quotes around the name. For example:
+
+ ttttrrrriiiiddddggggeeee ==== """"AAAAnnnnddddrrrreeeewwww TTTTrrrriiiiddddggggeeeellllllll""""
+
+ would map the windows username "Andrew Tridgell" to the
+ unix username "tridge".
+
+ The following example would map mary and fred to the
+ unix user sys, and map the rest to guest. Note the use
+ of the '!' to tell Samba to stop processing if it gets
+ a match on that line.
+
+
+ !sys = mary fred
+ guest = *
+
+
+
+ Note that the remapping is applied to all occurrences
+ of usernames. Thus if you connect to \\server\fred and
+ fred is remapped to mary then you will actually be
+ connecting to \\server\mary and will need to supply a
+ password suitable for mary not fred. The only exception
+ to this is the username passed to the _p_a_s_s_w_o_r_d _s_e_r_v_e_r
+ (if you have one). The password server will receive
+ whatever username the client supplies without
+ modification.
+
+ Also note that no reverse mapping is done. The main
+ effect this has is with printing. Users who have been
+ mapped may have trouble deleting print jobs as
+ PrintManager under WfWg will think they don't own the
+ print job.
+
+ Default: nnnnoooo uuuusssseeeerrrrnnnnaaaammmmeeee mmmmaaaapppp
+
+ Example: uuuusssseeeerrrrnnnnaaaammmmeeee mmmmaaaapppp ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////lllliiiibbbb////uuuusssseeeerrrrssss....mmmmaaaapppp
+
+
+
+ Page 128 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ uuuusssseeee sssseeeennnnddddffffiiiilllleeee ((((SSSS))))
+ If this parameter is yes, and Samba was built with the
+ --with-sendfile-support option, and the underlying
+ operating system supports sendfile system call, then
+ some SMB read calls (mainly ReadAndX and ReadRaw) will
+ use the more efficient sendfile system call for files
+ that are exclusively oplocked. This may make more
+ efficient use of the system CPU's and cause Samba to be
+ faster. This is off by default as it's effects are
+ unknown as yet.
+
+ Default: uuuusssseeee sssseeeennnnddddffffiiiilllleeee ==== nnnnoooo
+
+ uuuuttttmmmmpppp ((((GGGG))))
+ This boolean parameter is only available if Samba has
+ been configured and compiled with the option --------wwwwiiiitttthhhh----
+ uuuuttttmmmmpppp. If set to yes then Samba will attempt to add utmp
+ or utmpx records (depending on the UNIX system)
+ whenever a connection is made to a Samba server. Sites
+ may use this to record the user connecting to a Samba
+ share.
+
+ See also the _u_t_m_p _d_i_r_e_c_t_o_r_y parameter.
+
+ Default: uuuuttttmmmmpppp ==== nnnnoooo
+
+ uuuuttttmmmmpppp ddddiiiirrrreeeeccccttttoooorrrryyyy((((GGGG))))
+ This parameter is only available if Samba has been
+ configured and compiled with the option --------wwwwiiiitttthhhh----uuuuttttmmmmpppp.
+ It specifies a directory pathname that is used to store
+ the utmp or utmpx files (depending on the UNIX system)
+ that record user connections to a Samba server. See
+ also the _u_t_m_p parameter. By default this is not set,
+ meaning the system will use whatever utmp file the
+ native system is set to use (usually /_v_a_r/_r_u_n/_u_t_m_p on
+ Linux).
+
+ Default: nnnnoooo uuuuttttmmmmpppp ddddiiiirrrreeeeccccttttoooorrrryyyy
+
+ vvvvaaaalllliiiidddd cccchhhhaaaarrrrssss ((((GGGG))))
+ The option allows you to specify additional characters
+ that should be considered valid by the server in
+ filenames. This is particularly useful for national
+ character sets, such as adding u-umlaut or a-ring.
+
+ The option takes a list of characters in either integer
+ or character form with spaces between them. If you give
+ two characters with a colon between them then it will
+ be taken as an lowercase:uppercase pair.
+
+ If you have an editor capable of entering the
+ characters into the config file then it is probably
+
+
+
+ Page 129 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ easiest to use this method. Otherwise you can specify
+ the characters in octal, decimal or hexadecimal form
+ using the usual C notation.
+
+ For example to add the single character 'Z' to the
+ charset (which is a pointless thing to do as it's
+ already there) you could do one of the following
+
+
+ valid chars = Z
+ valid chars = z:Z
+ valid chars = 0132:0172
+
+
+
+ The last two examples above actually add two
+ characters, and alter the uppercase and lowercase
+ mappings appropriately.
+
+ Note that you MMMMUUUUSSSSTTTT specify this parameter after the
+ _c_l_i_e_n_t _c_o_d_e _p_a_g_e parameter if you have both set. If
+ _c_l_i_e_n_t _c_o_d_e _p_a_g_e is set after the _v_a_l_i_d _c_h_a_r_s parameter
+ the _v_a_l_i_d _c_h_a_r_s settings will be overwritten.
+
+ See also the _c_l_i_e_n_t _c_o_d_e _p_a_g_e parameter.
+
+ Default: SSSSaaaammmmbbbbaaaa ddddeeeeffffaaaauuuullllttttssss ttttoooo uuuussssiiiinnnngggg aaaa rrrreeeeaaaassssoooonnnnaaaabbbblllleeee sssseeeetttt ooooffff
+ vvvvaaaalllliiiidddd cccchhhhaaaarrrraaaacccctttteeeerrrrssss ffffoooorrrr EEEEnnnngggglllliiiisssshhhh ssssyyyysssstttteeeemmmmssss
+
+ Example: vvvvaaaalllliiiidddd cccchhhhaaaarrrrssss ==== 0000333344445555::::0000333300005555 0000333366666666::::0000333322226666 0000333344444444::::0000333300004444
+
+ The above example allows filenames to have the Swedish
+ characters in them.
+
+ NNNNOOOOTTTTEEEE:::: It is actually quite difficult to correctly
+ produce a _v_a_l_i_d _c_h_a_r_s line for a particular system. To
+ automate the process tino@augsburg.net
+ <URL:mailto:tino@augsburg.net> has written a package
+ called vvvvaaaalllliiiiddddcccchhhhaaaarrrrssss which will automatically produce a
+ complete _v_a_l_i_d _c_h_a_r_s line for a given client system.
+ Look in the _e_x_a_m_p_l_e_s/_v_a_l_i_d_c_h_a_r_s/ subdirectory of your
+ Samba source code distribution for this package.
+
+ vvvvaaaalllliiiidddd uuuusssseeeerrrrssss ((((SSSS))))
+ This is a list of users that should be allowed to login
+ to this service. Names starting with '@', '+' and '&'
+ are interpreted using the same rules as described in
+ the _i_n_v_a_l_i_d _u_s_e_r_s parameter.
+
+ If this is empty (the default) then any user can login.
+ If a username is in both this list and the _i_n_v_a_l_i_d
+ _u_s_e_r_s list then access is denied for that user.
+
+
+
+ Page 130 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ The current servicename is substituted for %_S . This is
+ useful in the [homes] section.
+
+ See also _i_n_v_a_l_i_d _u_s_e_r_s
+
+ Default: NNNNoooo vvvvaaaalllliiiidddd uuuusssseeeerrrrssss lllliiiisssstttt ((((aaaannnnyyyyoooonnnneeee ccccaaaannnn llllooooggggiiiinnnn))))
+
+ Example: vvvvaaaalllliiiidddd uuuusssseeeerrrrssss ==== ggggrrrreeeegggg,,,, @@@@ppppccccuuuusssseeeerrrrssss
+
+ vvvveeeettttoooo ffffiiiilllleeeessss((((SSSS))))
+ This is a list of files and directories that are
+ neither visible nor accessible. Each entry in the list
+ must be separated by a '/', which allows spaces to be
+ included in the entry. '*' and '?' can be used to
+ specify multiple files or directories as in DOS
+ wildcards.
+
+ Each entry must be a unix path, not a DOS path and must
+ nnnnooootttt include the unix directory separator '/'.
+
+ Note that the _c_a_s_e _s_e_n_s_i_t_i_v_e option is applicable in
+ vetoing files.
+
+ One feature of the veto files parameter that it is
+ important to be aware of is Samba's behaviour when
+ trying to delete a directory. If a directory that is to
+ be deleted contains nothing but veto files this
+ deletion will ffffaaaaiiiillll unless you also set the _d_e_l_e_t_e _v_e_t_o
+ _f_i_l_e_s parameter to _y_e_s.
+
+ Setting this parameter will affect the performance of
+ Samba, as it will be forced to check all files and
+ directories for a match as they are scanned.
+
+ See also _h_i_d_e _f_i_l_e_s and _c_a_s_e _s_e_n_s_i_t_i_v_e.
+
+ Default: NNNNoooo ffffiiiilllleeeessss oooorrrr ddddiiiirrrreeeeccccttttoooorrrriiiieeeessss aaaarrrreeee vvvveeeettttooooeeeedddd....
+
+ Examples:
+
+ ; Veto any files containing the word Security,
+ ; any ending in .tmp, and any directory containing the
+ ; word root.
+ veto files = /*Security*/*.tmp/*root*/
+
+ ; Veto the Apple specific files that a NetAtalk server
+ ; creates.
+ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
+
+
+ vvvveeeettttoooo oooopppplllloooocccckkkk ffffiiiilllleeeessss ((((SSSS))))
+ This parameter is only valid when the _o_p_l_o_c_k_s parameter
+
+
+
+ Page 131 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ is turned on for a share. It allows the Samba
+ administrator to selectively turn off the granting of
+ oplocks on selected files that match a wildcarded list,
+ similar to the wildcarded list used in the _v_e_t_o _f_i_l_e_s
+ parameter.
+
+ Default: NNNNoooo ffffiiiilllleeeessss aaaarrrreeee vvvveeeettttooooeeeedddd ffffoooorrrr oooopppplllloooocccckkkk ggggrrrraaaannnnttttssss
+
+ You might want to do this on files that you know will
+ be heavily contended for by clients. A good example of
+ this is in the NetBench SMB benchmark program, which
+ causes heavy client contention for files ending in
+ ._S_E_M. To cause Samba not to grant oplocks on these
+ files you would use the line (either in the [global]
+ section or in the section for the particular NetBench
+ share :
+
+ Example: vvvveeeettttoooo oooopppplllloooocccckkkk ffffiiiilllleeeessss ==== ////****....SSSSEEEEMMMM////
+
+ vvvvffffssss oooobbbbjjjjeeeecccctttt ((((SSSS))))
+ This parameter specifies a shared object file that is
+ used for Samba VFS I/O operations. By default, normal
+ disk I/O operations are used but these can be
+ overloaded with a VFS object. The Samba VFS layer is
+ new to Samba 2.2 and must be enabled at compile time
+ with --with-vfs.
+
+ Default : nnnnoooo vvvvaaaalllluuuueeee
+
+ vvvvffffssss ooooppppttttiiiioooonnnnssss ((((SSSS))))
+ This parameter allows parameters to be passed to the
+ vfs layer at initialization time. The Samba VFS layer
+ is new to Samba 2.2 and must be enabled at compile time
+ with --with-vfs. See also _v_f_s _o_b_j_e_c_t.
+
+ Default : nnnnoooo vvvvaaaalllluuuueeee
+
+ vvvvoooolllluuuummmmeeee ((((SSSS))))
+ This allows you to override the volume label returned
+ for a share. Useful for CDROMs with installation
+ programs that insist on a particular volume label.
+
+ Default: tttthhhheeee nnnnaaaammmmeeee ooooffff tttthhhheeee sssshhhhaaaarrrreeee
+
+ wwwwiiiiddddeeee lllliiiinnnnkkkkssss ((((SSSS))))
+ This parameter controls whether or not links in the
+ UNIX file system may be followed by the server. Links
+ that point to areas within the directory tree exported
+ by the server are always allowed; this parameter
+ controls access only to areas that are outside the
+ directory tree being exported.
+
+
+
+
+ Page 132 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Note that setting this parameter can have a negative
+ effect on your server performance due to the extra
+ system calls that Samba has to do in order to perform
+ the link checks.
+
+ Default: wwwwiiiiddddeeee lllliiiinnnnkkkkssss ==== yyyyeeeessss
+
+ wwwwiiiinnnnbbbbiiiinnnndddd ccccaaaacccchhhheeee ttttiiiimmmmeeee ((((GGGG))))
+ This parameter specifies the number of seconds the
+ winbindd(8) daemon will cache user and group
+ information before querying a Windows NT server again.
+
+ Default: wwwwiiiinnnnbbbbiiiinnnndddd ccccaaaacccchhhheeee ttttyyyyppppeeee ==== 11115555
+
+ wwwwiiiinnnnbbbbiiiinnnndddd eeeennnnuuuummmm uuuusssseeeerrrrssss ((((GGGG))))
+ On large installations using winbindd(8) it may be
+ necessary to suppress the enumeration of users through
+ the sssseeeettttppppwwwweeeennnntttt(((()))), ggggeeeettttppppwwwweeeennnntttt(((()))) and eeeennnnddddppppwwwweeeennnntttt(((()))) group of
+ system calls. If the _w_i_n_b_i_n_d _e_n_u_m _u_s_e_r_s parameter is
+ no, calls to the ggggeeeettttppppwwwweeeennnntttt system call will not return
+ any data.
+
+ WWWWaaaarrrrnnnniiiinnnngggg:::: Turning off user enumeration may cause some
+ programs to behave oddly. For example, the finger
+ program relies on having access to the full user list
+ when searching for matching usernames.
+
+ Default: wwwwiiiinnnnbbbbiiiinnnndddd eeeennnnuuuummmm uuuusssseeeerrrrssss ==== yyyyeeeessss
+
+ wwwwiiiinnnnbbbbiiiinnnndddd eeeennnnuuuummmm ggggrrrroooouuuuppppssss ((((GGGG))))
+ On large installations using winbindd(8) it may be
+ necessary to suppress the enumeration of groups through
+ the sssseeeettttggggrrrreeeennnntttt(((()))), ggggeeeettttggggrrrreeeennnntttt(((()))) and eeeennnnddddggggrrrreeeennnntttt(((()))) group of
+ system calls. If the _w_i_n_b_i_n_d _e_n_u_m _g_r_o_u_p_s parameter is
+ no, calls to the ggggeeeettttggggrrrreeeennnntttt(((()))) system call will not return
+ any data.
+
+ WWWWaaaarrrrnnnniiiinnnngggg:::: Turning off group enumeration may cause some
+ programs to behave oddly.
+
+ Default: wwwwiiiinnnnbbbbiiiinnnndddd eeeennnnuuuummmm ggggrrrroooouuuuppppssss ==== yyyyeeeessss
+
+ wwwwiiiinnnnbbbbiiiinnnndddd ggggiiiidddd ((((GGGG))))
+ The winbind gid parameter specifies the range of group
+ ids that are allocated by the winbindd(8) daemon. This
+ range of group ids should have no existing local or NIS
+ groups within it as strange conflicts can occur
+ otherwise.
+
+ Default: wwwwiiiinnnnbbbbiiiinnnndddd ggggiiiidddd ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ Example: wwwwiiiinnnnbbbbiiiinnnndddd ggggiiiidddd ==== 11110000000000000000----22220000000000000000
+
+
+
+ Page 133 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ wwwwiiiinnnnbbbbiiiinnnndddd sssseeeeppppaaaarrrraaaattttoooorrrr ((((GGGG))))
+ This parameter allows an admin to define the character
+ used when listing a username of the form of _D_O_M_A_I_N
+ \_u_s_e_r. This parameter is only applicable when using the
+ _p_a_m__w_i_n_b_i_n_d._s_o and _n_s_s__w_i_n_b_i_n_d._s_o modules for UNIX
+ services.
+
+ Please note that setting this parameter to + causes
+ problems with group membership at least on glibc
+ systems, as the character + is used as a special
+ character for NIS in /etc/group.
+
+ Default: wwwwiiiinnnnbbbbiiiinnnndddd sssseeeeppppaaaarrrraaaattttoooorrrr ==== ''''\\\\''''
+
+ Example: wwwwiiiinnnnbbbbiiiinnnndddd sssseeeeppppaaaarrrraaaattttoooorrrr ==== ++++
+
+ wwwwiiiinnnnbbbbiiiinnnndddd uuuuiiiidddd ((((GGGG))))
+ The winbind gid parameter specifies the range of group
+ ids that are allocated by the winbindd(8) daemon. This
+ range of ids should have no existing local or NIS users
+ within it as strange conflicts can occur otherwise.
+
+ Default: wwwwiiiinnnnbbbbiiiinnnndddd uuuuiiiidddd ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ Example: wwwwiiiinnnnbbbbiiiinnnndddd uuuuiiiidddd ==== 11110000000000000000----22220000000000000000
+
+ wwwwiiiinnnnbbbbiiiinnnndddd uuuusssseeee ddddeeeeffffaaaauuuulllltttt ddddoooommmmaaaaiiiinnnn
+
+ wwwwiiiinnnnbbbbiiiinnnndddd uuuusssseeee ddddeeeeffffaaaauuuulllltttt ddddoooommmmaaaaiiiinnnn
+ This parameter specifies whether the winbindd(8)
+ daemon should operate on users without domain component
+ in their username. Users without a domain component are
+ treated as is part of the winbindd server's own domain.
+ While this does not benifit Windows users, it makes
+ SSH, FTP and e-mail function in a way much closer to
+ the way they would in a native unix system.
+
+ Default: wwwwiiiinnnnbbbbiiiinnnndddd uuuusssseeee ddddeeeeffffaaaauuuulllltttt ddddoooommmmaaaaiiiinnnn ==== <<<<nnnnoooo>>>>
+
+ Example: wwwwiiiinnnnbbbbiiiinnnndddd uuuusssseeee ddddeeeeffffaaaauuuulllltttt ddddoooommmmaaaaiiiinnnn ==== yyyyeeeessss
+
+ wwwwiiiinnnnssss hhhhooooooookkkk ((((GGGG))))
+ When Samba is running as a WINS server this allows you
+ to call an external program for all changes to the WINS
+ database. The primary use for this option is to allow
+ the dynamic update of external name resolution
+ databases such as dynamic DNS.
+
+ The wins hook parameter specifies the name of a script
+ or executable that will be called as follows:
+
+ wwwwiiiinnnnssss____hhhhooooooookkkk ooooppppeeeerrrraaaattttiiiioooonnnn nnnnaaaammmmeeee nnnnaaaammmmeeeettttyyyyppppeeee ttttttttllll IIIIPPPP____lllliiiisssstttt
+
+
+
+ Page 134 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ o+ The first argument is the operation and is one of
+ "add", "delete", or "refresh". In most cases the
+ operation can be ignored as the rest of the
+ parameters provide sufficient information. Note that
+ "refresh" may sometimes be called when the name has
+ not previously been added, in that case it should be
+ treated as an add.
+
+ o+ The second argument is the NetBIOS name. If the name
+ is not a legal name then the wins hook is not called.
+ Legal names contain only letters, digits, hyphens,
+ underscores and periods.
+
+ o+ The third argument is the NetBIOS name type as a 2
+ digit hexadecimal number.
+
+ o+ The fourth argument is the TTL (time to live) for the
+ name in seconds.
+
+ o+ The fifth and subsequent arguments are the IP
+ addresses currently registered for that name. If this
+ list is empty then the name should be deleted.
+
+ An example script that calls the BIND dynamic DNS update
+ program nnnnssssuuuuppppddddaaaatttteeee is provided in the examples directory of
+ the Samba source code.
+
+ wwwwiiiinnnnssss pppprrrrooooxxxxyyyy ((((GGGG))))
+ This is a boolean that controls if nmbd(8) will respond
+ to broadcast name queries on behalf of other hosts. You
+ may need to set this to yes for some older clients.
+
+ Default: wwwwiiiinnnnssss pppprrrrooooxxxxyyyy ==== nnnnoooo
+
+ wwwwiiiinnnnssss sssseeeerrrrvvvveeeerrrr ((((GGGG))))
+ This specifies the IP address (or DNS name: IP address
+ for preference) of the WINS server that nmbd(8) should
+ register with. If you have a WINS server on your
+ network then you should set this to the WINS server's
+ IP.
+
+ You should point this at your WINS server if you have a
+ multi-subnetted network.
+
+ NNNNOOOOTTTTEEEE. You need to set up Samba to point to a WINS
+ server if you have multiple subnets and wish cross-
+ subnet browsing to work correctly.
+
+ See the documentation file _B_R_O_W_S_I_N_G._t_x_t in the docs/
+ directory of your Samba source distribution.
+
+ Default: nnnnooootttt eeeennnnaaaabbbblllleeeedddd
+
+
+
+ Page 135 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ Example: wwwwiiiinnnnssss sssseeeerrrrvvvveeeerrrr ==== 111199992222....9999....222200000000....1111
+
+ wwwwiiiinnnnssss ssssuuuuppppppppoooorrrrtttt ((((GGGG))))
+ This boolean controls if the nmbd(8) process in Samba
+ will act as a WINS server. You should not set this to
+ yes unless you have a multi-subnetted network and you
+ wish a particular nnnnmmmmbbbbdddd to be your WINS server. Note
+ that you should NNNNEEEEVVVVEEEERRRR set this to yes on more than one
+ machine in your network.
+
+ Default: wwwwiiiinnnnssss ssssuuuuppppppppoooorrrrtttt ==== nnnnoooo
+
+ wwwwoooorrrrkkkkggggrrrroooouuuupppp ((((GGGG))))
+ This controls what workgroup your server will appear to
+ be in when queried by clients. Note that this parameter
+ also controls the Domain name used with the sssseeeeccccuuuurrrriiiittttyyyy ====
+ ddddoooommmmaaaaiiiinnnn setting.
+
+ Default: sssseeeetttt aaaatttt ccccoooommmmppppiiiilllleeee ttttiiiimmmmeeee ttttoooo WWWWOOOORRRRKKKKGGGGRRRROOOOUUUUPPPP
+
+ Example: wwwwoooorrrrkkkkggggrrrroooouuuupppp ==== MMMMYYYYGGGGRRRROOOOUUUUPPPP
+
+ wwwwrrrriiiittttaaaabbbblllleeee ((((SSSS))))
+ Synonym for _w_r_i_t_e_a_b_l_e for people who can't spell :-).
+
+ wwwwrrrriiiitttteeee ccccaaaacccchhhheeee ssssiiiizzzzeeee ((((SSSS))))
+ If this integer parameter is set to non-zero value,
+ Samba will create an in-memory cache for each oplocked
+ file (it does nnnnooootttt do this for non-oplocked files). All
+ writes that the client does not request to be flushed
+ directly to disk will be stored in this cache if
+ possible. The cache is flushed onto disk when a write
+ comes in whose offset would not fit into the cache or
+ when the file is closed by the client. Reads for the
+ file are also served from this cache if the data is
+ stored within it.
+
+ This cache allows Samba to batch client writes into a
+ more efficient write size for RAID disks (i.e. writes
+ may be tuned to be the RAID stripe size) and can
+ improve performance on systems where the disk subsystem
+ is a bottleneck but there is free memory for userspace
+ programs.
+
+ The integer parameter specifies the size of this cache
+ (per oplocked file) in bytes.
+
+ Default: wwwwrrrriiiitttteeee ccccaaaacccchhhheeee ssssiiiizzzzeeee ==== 0000
+
+ Example: wwwwrrrriiiitttteeee ccccaaaacccchhhheeee ssssiiiizzzzeeee ==== 222266662222111144444444
+
+ for a 256k cache size per file.
+
+
+
+ Page 136 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ wwwwrrrriiiitttteeee lllliiiisssstttt ((((SSSS))))
+ This is a list of users that are given read-write
+ access to a service. If the connecting user is in this
+ list then they will be given write access, no matter
+ what the _r_e_a_d _o_n_l_y option is set to. The list can
+ include group names using the @group syntax.
+
+ Note that if a user is in both the read list and the
+ write list then they will be given write access.
+
+ See also the _r_e_a_d _l_i_s_t option.
+
+ Default: wwwwrrrriiiitttteeee lllliiiisssstttt ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>
+
+ Example: wwwwrrrriiiitttteeee lllliiiisssstttt ==== aaaaddddmmmmiiiinnnn,,,, rrrrooooooootttt,,,, @@@@ssssttttaaaaffffffff
+
+ wwwwrrrriiiitttteeee ooookkkk ((((SSSS))))
+ Inverted synonym for _r_e_a_d _o_n_l_y.
+
+ wwwwrrrriiiitttteeee rrrraaaawwww ((((GGGG))))
+ This parameter controls whether or not the server will
+ support raw write SMB's when transferring data from
+ clients. You should never need to change this
+ parameter.
+
+ Default: wwwwrrrriiiitttteeee rrrraaaawwww ==== yyyyeeeessss
+
+ wwwwrrrriiiitttteeeeaaaabbbblllleeee ((((SSSS))))
+ Inverted synonym for _r_e_a_d _o_n_l_y.
+
+ WWWWAAAARRRRNNNNIIIINNNNGGGGSSSS
+ Although the configuration file permits service names to
+ contain spaces, your client software may not. Spaces will be
+ ignored in comparisons anyway, so it shouldn't be a problem
+ - but be aware of the possibility.
+
+ On a similar note, many clients - especially DOS clients -
+ limit service names to eight characters. smbd(8)
+ has no such limitation, but attempts to connect from such
+ clients will fail if they truncate the service names. For
+ this reason you should probably keep your service names down
+ to eight characters in length.
+
+ Use of the [homes] and [printers] special sections make life
+ for an administrator easy, but the various combinations of
+ default attributes can be tricky. Take extreme care when
+ designing these sections. In particular, ensure that the
+ permissions on spool directories are correct.
+
+ VVVVEEEERRRRSSSSIIIIOOOONNNN
+ This man page is correct for version 2.2 of the Samba suite.
+
+
+
+
+ Page 137 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555))))
+
+
+
+ SSSSEEEEEEEE AAAALLLLSSSSOOOO
+ samba(7) ssssmmmmbbbbppppaaaasssssssswwwwdddd((((8888)))) sssswwwwaaaatttt((((8888)))) ssssmmmmbbbbdddd((((8888)))) nnnnmmmmbbbbdddd((((8888)))) ssssmmmmbbbbcccclllliiiieeeennnntttt((((1111))))
+ nnnnmmmmbbbbllllooooooookkkkuuuupppp((((1111)))) tttteeeessssttttppppaaaarrrrmmmm((((1111)))) tttteeeessssttttpppprrrrnnnnssss((((1111))))
+
+ AAAAUUUUTTTTHHHHOOOORRRR
+ The original Samba software and related utilities were
+ created by Andrew Tridgell. Samba is now developed by the
+ Samba Team as an Open Source project similar to the way the
+ Linux kernel is developed.
+
+ The original Samba man pages were written by Karl Auer. The
+ man page sources were converted to YODL format (another
+ excellent piece of Open Source software, available at
+ ftp://ftp.icce.rug.nl/pub/unix/
+ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the
+ Samba 2.0 release by Jeremy Allison. The conversion to
+ DocBook for Samba 2.2 was done by Gerald Carter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Page 138 (printed 1/7/103)
+
+
+
View Lorry Controller Status