diff options
Diffstat (limited to 'packaging/Caldera/OpenServer/man/cat.5/smb.conf.5')
-rw-r--r-- | packaging/Caldera/OpenServer/man/cat.5/smb.conf.5 | 9108 |
1 files changed, 9108 insertions, 0 deletions
diff --git a/packaging/Caldera/OpenServer/man/cat.5/smb.conf.5 b/packaging/Caldera/OpenServer/man/cat.5/smb.conf.5 new file mode 100644 index 00000000000..b9dc8c1b2b7 --- /dev/null +++ b/packaging/Caldera/OpenServer/man/cat.5/smb.conf.5 @@ -0,0 +1,9108 @@ + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + NNNNAAAAMMMMEEEE + smb.conf - The configuration file for the Samba suite + + SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS + The _s_m_b._c_o_n_f file is a configuration file for the Samba + suite. _s_m_b._c_o_n_f contains runtime configuration information + for the Samba programs. The _s_m_b._c_o_n_f file is designed to be + configured and administered by the sssswwwwaaaatttt((((8888)))) + program. The complete description of the file format and + possible parameters held within are here for reference + purposes. + + FFFFIIIILLLLEEEE FFFFOOOORRRRMMMMAAAATTTT + The file consists of sections and parameters. A section + begins with the name of the section in square brackets and + continues until the next section begins. Sections contain + parameters of the form + + _n_a_m_e = _v_a_l_u_e + + The file is line-based - that is, each newline-terminated + line represents either a comment, a section name or a + parameter. + + Section and parameter names are not case sensitive. + + Only the first equals sign in a parameter is significant. + Whitespace before or after the first equals sign is + discarded. Leading, trailing and internal whitespace in + section and parameter names is irrelevant. Leading and + trailing whitespace in a parameter value is discarded. + Internal whitespace within a parameter value is retained + verbatim. + + Any line beginning with a semicolon (';') or a hash ('#') + character is ignored, as are lines containing only + whitespace. + + Any line ending in a '\' is continued on the next line in + the customary UNIX fashion. + + The values following the equals sign in parameters are all + either a string (no quotes needed) or a boolean, which may + be given as yes/no, 0/1 or true/false. Case is not + significant in boolean values, but is preserved in string + values. Some items such as create modes are numeric. + + SSSSEEEECCCCTTTTIIIIOOOONNNN DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNNSSSS + Each section in the configuration file (except for the + [global] section) describes a shared resource (known as a + "share"). The section name is the name of the shared + resource and the parameters within the section define the + + + + Page 1 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + shares attributes. + + There are three special sections, [global], [homes] and + [printers], which are described under ssssppppeeeecccciiiiaaaallll sssseeeeccccttttiiiioooonnnnssss. The + following notes apply to ordinary section descriptions. + + A share consists of a directory to which access is being + given plus a description of the access rights which are + granted to the user of the service. Some housekeeping + options are also specifiable. + + Sections are either file share services (used by the client + as an extension of their native file systems) or printable + services (used by the client to access print services on the + host running the server). + + Sections may be designated gggguuuueeeesssstttt services, in which case no + password is required to access them. A specified UNIX gggguuuueeeesssstttt + aaaaccccccccoooouuuunnnntttt is used to define access privileges in this case. + + Sections other than guest services will require a password + to access them. The client provides the username. As older + clients only provide passwords and not usernames, you may + specify a list of usernames to check against the password + using the "user =" option in the share definition. For + modern clients such as Windows 95/98/ME/NT/2000, this should + not be necessary. + + Note that the access rights granted by the server are masked + by the access rights granted to the specified or guest UNIX + user by the host system. The server does not grant more + access than the host system grants. + + The following sample section defines a file space share. The + user has write access to the path /_h_o_m_e/_b_a_r. The share is + accessed via the share name "foo": + + [foo] + path = /home/bar + read only = no + + + + + The following sample section defines a printable share. The + share is readonly, but printable. That is, the only write + access permitted is via calls to open, write to and close a + spool file. The gggguuuueeeesssstttt ooookkkk parameter means access will be + permitted as the default guest user (specified elsewhere): + + [aprinter] + path = /usr/spool/public + + + + Page 2 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + read only = yes + printable = yes + guest ok = yes + + + + + SSSSPPPPEEEECCCCIIIIAAAALLLL SSSSEEEECCCCTTTTIIIIOOOONNNNSSSS + TTTTHHHHEEEE GGGGLLLLOOOOBBBBAAAALLLL SSSSEEEECCCCTTTTIIIIOOOONNNN + parameters in this section apply to the server as a whole, + or are defaults for sections which do not specifically + define certain items. See the notes under PARAMETERS for + more information. + + TTTTHHHHEEEE HHHHOOOOMMMMEEEESSSS SSSSEEEECCCCTTTTIIIIOOOONNNN + If a section called homes is included in the configuration + file, services connecting clients to their home directories + can be created on the fly by the server. + + When the connection request is made, the existing sections + are scanned. If a match is found, it is used. If no match is + found, the requested section name is treated as a user name + and looked up in the local password file. If the name exists + and the correct password has been given, a share is created + by cloning the [homes] section. + + Some modifications are then made to the newly created share: + + o+ The share name is changed from homes to the located + username. + + o+ If no path was given, the path is set to the user's home + directory. + + If you decide to use a ppppaaaatttthhhh ==== line in your [homes] section + then you may find it useful to use the %S macro. For example + : + + ppppaaaatttthhhh ==== ////ddddaaaattttaaaa////ppppcccchhhhoooommmmeeee////%%%%SSSS + + would be useful if you have different home directories for + your PCs than for UNIX access. + + This is a fast and simple way to give a large number of + clients access to their home directories with a minimum of + fuss. + + A similar process occurs if the requested section name is + "homes", except that the share name is not changed to that + of the requesting user. This method of using the [homes] + section works well if different users share a client PC. + + + + + Page 3 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + The [homes] section can specify all the parameters a normal + service section can specify, though some make more sense + than others. The following is a typical and suitable [homes] + section: + + [homes] + read only = no + + + + + An important point is that if guest access is specified in + the [homes] section, all home directories will be visible to + all clients wwwwiiiitttthhhhoooouuuutttt aaaa ppppaaaasssssssswwwwoooorrrrdddd. In the very unlikely event + that this is actually desirable, it would be wise to also + specify rrrreeeeaaaadddd oooonnnnllllyyyy aaaacccccccceeeessssssss. + + Note that the bbbbrrrroooowwwwsssseeeeaaaabbbblllleeee flag for auto home directories will + be inherited from the global browseable flag, not the + [homes] browseable flag. This is useful as it means setting + bbbbrrrroooowwwwsssseeeeaaaabbbblllleeee ==== nnnnoooo in the [homes] section will hide the [homes] + share but make any auto home directories visible. + + TTTTHHHHEEEE PPPPRRRRIIIINNNNTTTTEEEERRRRSSSS SSSSEEEECCCCTTTTIIIIOOOONNNN + This section works like [homes], but for printers. + + If a [printers] section occurs in the configuration file, + users are able to connect to any printer specified in the + local host's printcap file. + + When a connection request is made, the existing sections are + scanned. If a match is found, it is used. If no match is + found, but a [homes] section exists, it is used as described + above. Otherwise, the requested section name is treated as a + printer name and the appropriate printcap file is scanned to + see if the requested section name is a valid printer share + name. If a match is found, a new printer share is created by + cloning the [printers] section. + + A few modifications are then made to the newly created + share: + + o+ The share name is set to the located printer name + + o+ If no printer name was given, the printer name is set to + the located printer name + + o+ If the share does not permit guest access and no username + was given, the username is set to the located printer + name. + + Note that the [printers] service MUST be printable - if you + + + + Page 4 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + specify otherwise, the server will refuse to load the + configuration file. + + Typically the path specified would be that of a world- + writeable spool directory with the sticky bit set on it. A + typical [printers] entry would look like this: + + [printers] + path = /usr/spool/public + guest ok = yes + printable = yes + + + + All aliases given for a printer in the printcap file are + legitimate printer names as far as the server is concerned. + If your printing subsystem doesn't work like that, you will + have to set up a pseudo-printcap. This is a file consisting + of one or more lines like this: + + alias|alias|alias|alias... + + + + + Each alias should be an acceptable printer name for your + printing subsystem. In the [global] section, specify the new + file as your printcap. The server will then only recognize + names found in your pseudo-printcap, which of course can + contain whatever aliases you like. The same technique could + be used simply to limit access to a subset of your local + printers. + + An alias, by the way, is defined as any component of the + first entry of a printcap record. Records are separated by + newlines, components (if there are more than one) are + separated by vertical bar symbols ('|'). + + NOTE: On SYSV systems which use lpstat to determine what + printers are defined on the system you may be able to use + "printcap name = lpstat" to automatically obtain a list of + printers. See the "printcap name" option for more details. + + PPPPAAAARRRRAAAAMMMMEEEETTTTEEEERRRRSSSS + parameters define the specific attributes of sections. + + Some parameters are specific to the [global] section (e.g., + sssseeeeccccuuuurrrriiiittttyyyy). Some parameters are usable in all sections (e.g., + ccccrrrreeeeaaaatttteeee mmmmooooddddeeee). All others are permissible only in normal + sections. For the purposes of the following descriptions the + [homes] and [printers] sections will be considered normal. + The letter GGGG in parentheses indicates that a parameter is + + + + Page 5 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + specific to the [global] section. The letter SSSS indicates + that a parameter can be specified in a service specific + section. Note that all SSSS parameters can also be specified in + the [global] section - in which case they will define the + default behavior for all services. + + parameters are arranged here in alphabetical order - this + may not create best bedfellows, but at least you can find + them! Where there are synonyms, the preferred synonym is + described, others refer to the preferred synonym. + + VVVVAAAARRRRIIIIAAAABBBBLLLLEEEE SSSSUUUUBBBBSSSSTTTTIIIITTTTUUUUTTTTIIIIOOOONNNNSSSS + Many of the strings that are settable in the config file can + take substitutions. For example the option "path = /tmp/%u" + would be interpreted as "path = /tmp/john" if the user + connected with the username john. + + These substitutions are mostly noted in the descriptions + below, but there are some general substitutions which apply + whenever they might be relevant. These are: + + %%%%SSSS the name of the current service, if any. + + %%%%PPPP the root directory of the current service, if any. + + %%%%uuuu user name of the current service, if any. + + %%%%gggg primary group name of %u. + + %%%%UUUU session user name (the user name that the client + wanted, not necessarily the same as the one they got). + + %%%%GGGG primary group name of %U. + + %%%%HHHH the home directory of the user given by %u. + + %%%%vvvv the Samba version. + + %%%%hhhh the Internet hostname that Samba is running on. + + %%%%mmmm the NetBIOS name of the client machine (very useful). + + %%%%LLLL the NetBIOS name of the server. This allows you to + change your config based on what the client calls you. + Your server can have a "dual personality". + + Note that this paramater is not available when Samba + listens on port 445, as clients no longer send this + information + + %%%%MMMM the Internet name of the client machine. + + + + + Page 6 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + %%%%NNNN the name of your NIS home directory server. This is + obtained from your NIS auto.map entry. If you have not + compiled Samba with the --------wwwwiiiitttthhhh----aaaauuuuttttoooommmmoooouuuunnnntttt option then + this value will be the same as %L. + + %%%%pppp the path of the service's home directory, obtained from + your NIS auto.map entry. The NIS auto.map entry is + split up as "%N:%p". + + %%%%RRRR the selected protocol level after protocol negotiation. + It can be one of CORE, COREPLUS, LANMAN1, LANMAN2 or + NT1. + + %%%%dddd The process id of the current server process. + + %%%%aaaa the architecture of the remote machine. Only some are + recognized, and those may not be 100% reliable. It + currently recognizes Samba, WfWg, Win95, WinNT and + Win2k. Anything else will be known as "UNKNOWN". If it + gets it wrong then sending a level 3 log to + samba@samba.org + <URL:mailto:samba@samba.org> should allow it to be + fixed. + + %%%%IIII The IP address of the client machine. + + %%%%TTTT the current date and time. + + %%%%$$$$((((_e_n_v_v_a_r)))) + The value of the environment variable _e_n_v_a_r. + + There are some quite creative things that can be done with + these substitutions and other smb.conf options. + + NNNNAAAAMMMMEEEE MMMMAAAANNNNGGGGLLLLIIIINNNNGGGG + Samba supports "name mangling" so that DOS and Windows + clients can use files that don't conform to the 8.3 format. + It can also be set to adjust the case of 8.3 format + filenames. + + There are several options that control the way mangling is + performed, and they are grouped here rather than listed + separately. For the defaults look at the output of the + testparm program. + + All of these options can be set separately for each service + (or globally, of course). + + The options are: + + mmmmaaaannnngggglllliiiinnnngggg mmmmeeeetttthhhhoooodddd + controls the algorithm used for the generating the + + + + Page 7 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + mangled names. Can take two different values, "hash" + and "hash2". "hash" is the default and is the algorithm + that has been used in Samba for many years. "hash2" is + a newer and considered a better algorithm (generates + less collisions) in the names. However, many Win32 + applications store the mangled names and so changing to + the new algorithm must not be done lightly as these + applications may break unless reinstalled. New + installations of Samba may set the default to hash2. + Default hhhhaaaasssshhhh. + + mmmmaaaannnngggglllleeee ccccaaaasssseeee ==== yyyyeeeessss////nnnnoooo + controls if names that have characters that aren't of + the "default" case are mangled. For example, if this is + yes then a name like "Mail" would be mangled. Default + nnnnoooo. + + ccccaaaasssseeee sssseeeennnnssssiiiittttiiiivvvveeee ==== yyyyeeeessss////nnnnoooo + controls whether filenames are case sensitive. If they + aren't then Samba must do a filename search and match + on passed names. Default nnnnoooo. + + ddddeeeeffffaaaauuuulllltttt ccccaaaasssseeee ==== uuuuppppppppeeeerrrr////lllloooowwwweeeerrrr + controls what the default case is for new filenames. + Default lllloooowwwweeeerrrr. + + pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ==== yyyyeeeessss////nnnnoooo + controls if new files are created with the case that + the client passes, or if they are forced to be the + "default" case. Default yyyyeeeessss. + + sssshhhhoooorrrrtttt pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ==== yyyyeeeessss////nnnnoooo + controls if new files which conform to 8.3 syntax, that + is all in upper case and of suitable length, are + created upper case, or if they are forced to be the + "default" case. This option can be use with "preserve + case = yes" to permit long filenames to retain their + case, while short names are lowercased. Default yyyyeeeessss. + + By default, Samba 2.2 has the same semantics as a Windows NT + server, in that it is case insensitive but case preserving. + + NNNNOOOOTTTTEEEE AAAABBBBOOOOUUUUTTTT UUUUSSSSEEEERRRRNNNNAAAAMMMMEEEE////PPPPAAAASSSSSSSSWWWWOOOORRRRDDDD VVVVAAAALLLLIIIIDDDDAAAATTTTIIIIOOOONNNN + There are a number of ways in which a user can connect to a + service. The server uses the following steps in determining + if it will allow a connection to a specified service. If all + the steps fail, then the connection request is rejected. + However, if one of the steps succeeds, then the following + steps are not checked. + + If the service is marked "guest only = yes" and the server + is running with share-level security ("security = share") + + + + Page 8 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + then steps 1 to 5 are skipped. + + 1. If the client has passed a username/password pair and + that username/password pair is validated by the UNIX + system's password programs then the connection is made + as that username. Note that this includes the + \\server\service%_u_s_e_r_n_a_m_e method of passing a username. + + 2. If the client has previously registered a username with + the system and now supplies a correct password for that + username then the connection is allowed. + + 3. The client's NetBIOS name and any previously used user + names are checked against the supplied password, if + they match then the connection is allowed as the + corresponding user. + + 4. If the client has previously validated a + username/password pair with the server and the client + has passed the validation token then that username is + used. + + 5. If a "user = " field is given in the _s_m_b._c_o_n_f file for + the service and the client has supplied a password, and + that password matches (according to the UNIX system's + password checking) with one of the usernames from the + "user =" field then the connection is made as the + username in the "user =" line. If one of the username + in the "user =" list begins with a '@' then that name + expands to a list of names in the group of the same + name. + + 6. If the service is a guest service then a connection is + made as the username given in the "guest account =" for + the service, irrespective of the supplied password. + + CCCCOOOOMMMMPPPPLLLLEEEETTTTEEEE LLLLIIIISSSSTTTT OOOOFFFF GGGGLLLLOOOOBBBBAAAALLLL PPPPAAAARRRRAAAAMMMMEEEETTTTEEEERRRRSSSS + Here is a list of all global parameters. See the section of + each parameter for details. Note that some are synonyms. + + o+ _a_d_d _p_r_i_n_t_e_r _c_o_m_m_a_n_d + + o+ _a_d_d _s_h_a_r_e _c_o_m_m_a_n_d + + o+ _a_d_d _u_s_e_r _s_c_r_i_p_t + + o+ _a_l_l_o_w _t_r_u_s_t_e_d _d_o_m_a_i_n_s + + o+ _a_n_n_o_u_n_c_e _a_s + + o+ _a_n_n_o_u_n_c_e _v_e_r_s_i_o_n + + + + + Page 9 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _a_u_t_o _s_e_r_v_i_c_e_s + + o+ _b_i_n_d _i_n_t_e_r_f_a_c_e_s _o_n_l_y + + o+ _b_r_o_w_s_e _l_i_s_t + + o+ _c_h_a_n_g_e _n_o_t_i_f_y _t_i_m_e_o_u_t + + o+ _c_h_a_n_g_e _s_h_a_r_e _c_o_m_m_a_n_d + + o+ _c_h_a_r_a_c_t_e_r _s_e_t + + o+ _c_l_i_e_n_t _c_o_d_e _p_a_g_e + + o+ _c_o_d_e _p_a_g_e _d_i_r_e_c_t_o_r_y + + o+ _c_o_d_i_n_g _s_y_s_t_e_m + + o+ _c_o_n_f_i_g _f_i_l_e + + o+ _d_e_a_d_t_i_m_e + + o+ _d_e_b_u_g _h_i_r_e_s _t_i_m_e_s_t_a_m_p + + o+ _d_e_b_u_g _p_i_d + + o+ _d_e_b_u_g _t_i_m_e_s_t_a_m_p + + o+ _d_e_b_u_g _u_i_d + + o+ _d_e_b_u_g_l_e_v_e_l + + o+ _d_e_f_a_u_l_t + + o+ _d_e_f_a_u_l_t _s_e_r_v_i_c_e + + o+ _d_e_l_e_t_e _p_r_i_n_t_e_r _c_o_m_m_a_n_d + + o+ _d_e_l_e_t_e _s_h_a_r_e _c_o_m_m_a_n_d + + o+ _d_e_l_e_t_e _u_s_e_r _s_c_r_i_p_t + + o+ _d_f_r_e_e _c_o_m_m_a_n_d + + o+ _d_i_s_a_b_l_e _s_p_o_o_l_s_s + + o+ _d_n_s _p_r_o_x_y + + o+ _d_o_m_a_i_n _a_d_m_i_n _g_r_o_u_p + + o+ _d_o_m_a_i_n _g_u_e_s_t _g_r_o_u_p + + + + + Page 10 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _d_o_m_a_i_n _l_o_g_o_n_s + + o+ _d_o_m_a_i_n _m_a_s_t_e_r + + o+ _e_n_c_r_y_p_t _p_a_s_s_w_o_r_d_s + + o+ _e_n_h_a_n_c_e_d _b_r_o_w_s_i_n_g + + o+ _e_n_u_m_p_o_r_t_s _c_o_m_m_a_n_d + + o+ _g_e_t_w_d _c_a_c_h_e + + o+ _h_i_d_e _l_o_c_a_l _u_s_e_r_s + + o+ _h_i_d_e _u_n_r_e_a_d_a_b_l_e + + o+ _h_o_m_e_d_i_r _m_a_p + + o+ _h_o_s_t _m_s_d_f_s + + o+ _h_o_s_t_s _e_q_u_i_v + + o+ _i_n_t_e_r_f_a_c_e_s + + o+ _k_e_e_p_a_l_i_v_e + + o+ _k_e_r_n_e_l _o_p_l_o_c_k_s + + o+ _l_a_n_m_a_n _a_u_t_h + + o+ _l_a_r_g_e _r_e_a_d_w_r_i_t_e + + o+ _l_d_a_p _a_d_m_i_n _d_n + + o+ _l_d_a_p _f_i_l_t_e_r + + o+ _l_d_a_p _p_o_r_t + + o+ _l_d_a_p _s_e_r_v_e_r + + o+ _l_d_a_p _s_s_l + + o+ _l_d_a_p _s_u_f_f_i_x + + o+ _l_m _a_n_n_o_u_n_c_e + + o+ _l_m _i_n_t_e_r_v_a_l + + o+ _l_o_a_d _p_r_i_n_t_e_r_s + + o+ _l_o_c_a_l _m_a_s_t_e_r + + + + + Page 11 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _l_o_c_k _d_i_r + + o+ _l_o_c_k _d_i_r_e_c_t_o_r_y + + o+ _l_o_c_k _s_p_i_n _c_o_u_n_t + + o+ _l_o_c_k _s_p_i_n _t_i_m_e + + o+ _p_i_d _d_i_r_e_c_t_o_r_y + + o+ _l_o_g _f_i_l_e + + o+ _l_o_g _l_e_v_e_l + + o+ _l_o_g_o_n _d_r_i_v_e + + o+ _l_o_g_o_n _h_o_m_e + + o+ _l_o_g_o_n _p_a_t_h + + o+ _l_o_g_o_n _s_c_r_i_p_t + + o+ _l_p_q _c_a_c_h_e _t_i_m_e + + o+ _m_a_c_h_i_n_e _p_a_s_s_w_o_r_d _t_i_m_e_o_u_t + + o+ _m_a_n_g_l_e_d _s_t_a_c_k + + o+ _m_a_n_g_l_i_n_g _m_e_t_h_o_d + + o+ _m_a_p _t_o _g_u_e_s_t + + o+ _m_a_x _d_i_s_k _s_i_z_e + + o+ _m_a_x _l_o_g _s_i_z_e + + o+ _m_a_x _m_u_x + + o+ _m_a_x _o_p_e_n _f_i_l_e_s + + o+ _m_a_x _p_r_o_t_o_c_o_l + + o+ _m_a_x _s_m_b_d _p_r_o_c_e_s_s_e_s + + o+ _m_a_x _t_t_l + + o+ _m_a_x _w_i_n_s _t_t_l + + o+ _m_a_x _x_m_i_t + + o+ _m_e_s_s_a_g_e _c_o_m_m_a_n_d + + + + + Page 12 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _m_i_n _p_a_s_s_w_d _l_e_n_g_t_h + + o+ _m_i_n _p_a_s_s_w_o_r_d _l_e_n_g_t_h + + o+ _m_i_n _p_r_o_t_o_c_o_l + + o+ _m_i_n _w_i_n_s _t_t_l + + o+ _n_a_m_e _r_e_s_o_l_v_e _o_r_d_e_r + + o+ _n_e_t_b_i_o_s _a_l_i_a_s_e_s + + o+ _n_e_t_b_i_o_s _n_a_m_e + + o+ _n_e_t_b_i_o_s _s_c_o_p_e + + o+ _n_i_s _h_o_m_e_d_i_r + + o+ _n_t _p_i_p_e _s_u_p_p_o_r_t + + o+ _n_t _s_m_b _s_u_p_p_o_r_t + + o+ _n_t _s_t_a_t_u_s _s_u_p_p_o_r_t + + o+ _n_u_l_l _p_a_s_s_w_o_r_d_s + + o+ _o_b_e_y _p_a_m _r_e_s_t_r_i_c_t_i_o_n_s + + o+ _o_p_l_o_c_k _b_r_e_a_k _w_a_i_t _t_i_m_e + + o+ _o_s _l_e_v_e_l + + o+ _o_s_2 _d_r_i_v_e_r _m_a_p + + o+ _p_a_m _p_a_s_s_w_o_r_d _c_h_a_n_g_e + + o+ _p_a_n_i_c _a_c_t_i_o_n + + o+ _p_a_s_s_w_d _c_h_a_t + + o+ _p_a_s_s_w_d _c_h_a_t _d_e_b_u_g + + o+ _p_a_s_s_w_d _p_r_o_g_r_a_m + + o+ _p_a_s_s_w_o_r_d _l_e_v_e_l + + o+ _p_a_s_s_w_o_r_d _s_e_r_v_e_r + + o+ _p_r_e_f_e_r_e_d _m_a_s_t_e_r + + o+ _p_r_e_f_e_r_r_e_d _m_a_s_t_e_r + + + + + Page 13 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _p_r_e_l_o_a_d + + o+ _p_r_i_n_t_c_a_p + + o+ _p_r_i_n_t_c_a_p _n_a_m_e + + o+ _p_r_i_n_t_e_r _d_r_i_v_e_r _f_i_l_e + + o+ _p_r_o_t_o_c_o_l + + o+ _r_e_a_d _b_m_p_x + + o+ _r_e_a_d _r_a_w + + o+ _r_e_a_d _s_i_z_e + + o+ _r_e_m_o_t_e _a_n_n_o_u_n_c_e + + o+ _r_e_m_o_t_e _b_r_o_w_s_e _s_y_n_c + + o+ _r_e_s_t_r_i_c_t _a_n_o_n_y_m_o_u_s + + o+ _r_o_o_t + + o+ _r_o_o_t _d_i_r + + o+ _r_o_o_t _d_i_r_e_c_t_o_r_y + + o+ _s_e_c_u_r_i_t_y + + o+ _s_e_r_v_e_r _s_t_r_i_n_g + + o+ _s_h_o_w _a_d_d _p_r_i_n_t_e_r _w_i_z_a_r_d + + o+ _s_m_b _p_a_s_s_w_d _f_i_l_e + + o+ _s_o_c_k_e_t _a_d_d_r_e_s_s + + o+ _s_o_c_k_e_t _o_p_t_i_o_n_s + + o+ _s_o_u_r_c_e _e_n_v_i_r_o_n_m_e_n_t + + o+ _s_s_l + + o+ _s_s_l _C_A _c_e_r_t_D_i_r + + o+ _s_s_l _C_A _c_e_r_t_F_i_l_e + + o+ _s_s_l _c_i_p_h_e_r_s + + o+ _s_s_l _c_l_i_e_n_t _c_e_r_t + + + + + Page 14 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _s_s_l _c_l_i_e_n_t _k_e_y + + o+ _s_s_l _c_o_m_p_a_t_i_b_i_l_i_t_y + + o+ _s_s_l _e_g_d _s_o_c_k_e_t + + o+ _s_s_l _e_n_t_r_o_p_y _b_y_t_e_s + + o+ _s_s_l _e_n_t_r_o_p_y _f_i_l_e + + o+ _s_s_l _h_o_s_t_s + + o+ _s_s_l _h_o_s_t_s _r_e_s_i_g_n + + o+ _s_s_l _r_e_q_u_i_r_e _c_l_i_e_n_t_c_e_r_t + + o+ _s_s_l _r_e_q_u_i_r_e _s_e_r_v_e_r_c_e_r_t + + o+ _s_s_l _s_e_r_v_e_r _c_e_r_t + + o+ _s_s_l _s_e_r_v_e_r _k_e_y + + o+ _s_s_l _v_e_r_s_i_o_n + + o+ _s_t_a_t _c_a_c_h_e + + o+ _s_t_a_t _c_a_c_h_e _s_i_z_e + + o+ _s_t_r_i_p _d_o_t + + o+ _s_y_s_l_o_g + + o+ _s_y_s_l_o_g _o_n_l_y + + o+ _t_e_m_p_l_a_t_e _h_o_m_e_d_i_r + + o+ _t_e_m_p_l_a_t_e _s_h_e_l_l + + o+ _t_i_m_e _o_f_f_s_e_t + + o+ _t_i_m_e _s_e_r_v_e_r + + o+ _t_i_m_e_s_t_a_m_p _l_o_g_s + + o+ _t_o_t_a_l _p_r_i_n_t _j_o_b_s + + o+ _u_n_i_x _e_x_t_e_n_s_i_o_n_s + + o+ _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c + + o+ _u_p_d_a_t_e _e_n_c_r_y_p_t_e_d + + + + + Page 15 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _u_s_e _m_m_a_p + + o+ _u_s_e _r_h_o_s_t_s + + o+ _u_s_e_r_n_a_m_e _l_e_v_e_l + + o+ _u_s_e_r_n_a_m_e _m_a_p + + o+ _u_t_m_p + + o+ _u_t_m_p _d_i_r_e_c_t_o_r_y + + o+ _v_a_l_i_d _c_h_a_r_s + + o+ _w_i_n_b_i_n_d _c_a_c_h_e _t_i_m_e + + o+ _w_i_n_b_i_n_d _e_n_u_m _u_s_e_r_s + + o+ _w_i_n_b_i_n_d _e_n_u_m _g_r_o_u_p_s + + o+ _w_i_n_b_i_n_d _g_i_d + + o+ _w_i_n_b_i_n_d _s_e_p_a_r_a_t_o_r + + o+ _w_i_n_b_i_n_d _u_i_d + + o+ _w_i_n_b_i_n_d _u_s_e _d_e_f_a_u_l_t _d_o_m_a_i_n + + o+ _w_i_n_s _h_o_o_k + + o+ _w_i_n_s _p_r_o_x_y + + o+ _w_i_n_s _s_e_r_v_e_r + + o+ _w_i_n_s _s_u_p_p_o_r_t + + o+ _w_o_r_k_g_r_o_u_p + + o+ _w_r_i_t_e _r_a_w + + CCCCOOOOMMMMPPPPLLLLEEEETTTTEEEE LLLLIIIISSSSTTTT OOOOFFFF SSSSEEEERRRRVVVVIIIICCCCEEEE PPPPAAAARRRRAAAAMMMMEEEETTTTEEEERRRRSSSS + Here is a list of all service parameters. See the section on + each parameter for details. Note that some are synonyms. + + o+ _a_d_m_i_n _u_s_e_r_s + + o+ _a_l_l_o_w _h_o_s_t_s + + o+ _a_v_a_i_l_a_b_l_e + + o+ _b_l_o_c_k_i_n_g _l_o_c_k_s + + + + + Page 16 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _b_l_o_c_k _s_i_z_e + + o+ _b_r_o_w_s_a_b_l_e + + o+ _b_r_o_w_s_e_a_b_l_e + + o+ _c_a_s_e _s_e_n_s_i_t_i_v_e + + o+ _c_a_s_e_s_i_g_n_a_m_e_s + + o+ _c_o_m_m_e_n_t + + o+ _c_o_p_y + + o+ _c_r_e_a_t_e _m_a_s_k + + o+ _c_r_e_a_t_e _m_o_d_e + + o+ _c_s_c _p_o_l_i_c_y + + o+ _d_e_f_a_u_l_t _c_a_s_e + + o+ _d_e_f_a_u_l_t _d_e_v_m_o_d_e + + o+ _d_e_l_e_t_e _r_e_a_d_o_n_l_y + + o+ _d_e_l_e_t_e _v_e_t_o _f_i_l_e_s + + o+ _d_e_n_y _h_o_s_t_s + + o+ _d_i_r_e_c_t_o_r_y + + o+ _d_i_r_e_c_t_o_r_y _m_a_s_k + + o+ _d_i_r_e_c_t_o_r_y _m_o_d_e + + o+ _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_a_s_k + + o+ _d_o_n_t _d_e_s_c_e_n_d + + o+ _d_o_s _f_i_l_e_m_o_d_e + + o+ _d_o_s _f_i_l_e_t_i_m_e _r_e_s_o_l_u_t_i_o_n + + o+ _d_o_s _f_i_l_e_t_i_m_e_s + + o+ _e_x_e_c + + o+ _f_a_k_e _d_i_r_e_c_t_o_r_y _c_r_e_a_t_e _t_i_m_e_s + + o+ _f_a_k_e _o_p_l_o_c_k_s + + + + + Page 17 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _f_o_l_l_o_w _s_y_m_l_i_n_k_s + + o+ _f_o_r_c_e _c_r_e_a_t_e _m_o_d_e + + o+ _f_o_r_c_e _d_i_r_e_c_t_o_r_y _m_o_d_e + + o+ _f_o_r_c_e _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_o_d_e + + o+ _f_o_r_c_e _g_r_o_u_p + + o+ _f_o_r_c_e _s_e_c_u_r_i_t_y _m_o_d_e + + o+ _f_o_r_c_e _u_n_k_n_o_w_n _a_c_l _u_s_e_r + + o+ _f_o_r_c_e _u_s_e_r + + o+ _f_s_t_y_p_e + + o+ _g_r_o_u_p + + o+ _g_u_e_s_t _a_c_c_o_u_n_t + + o+ _g_u_e_s_t _o_k + + o+ _g_u_e_s_t _o_n_l_y + + o+ _h_i_d_e _d_o_t _f_i_l_e_s + + o+ _h_i_d_e _f_i_l_e_s + + o+ _h_o_s_t_s _a_l_l_o_w + + o+ _h_o_s_t_s _d_e_n_y + + o+ _i_n_c_l_u_d_e + + o+ _i_n_h_e_r_i_t _a_c_l_s + + o+ _i_n_h_e_r_i_t _p_e_r_m_i_s_s_i_o_n_s + + o+ _i_n_v_a_l_i_d _u_s_e_r_s + + o+ _l_e_v_e_l_2 _o_p_l_o_c_k_s + + o+ _l_o_c_k_i_n_g + + o+ _l_p_p_a_u_s_e _c_o_m_m_a_n_d + + o+ _l_p_q _c_o_m_m_a_n_d + + o+ _l_p_r_e_s_u_m_e _c_o_m_m_a_n_d + + + + + Page 18 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _l_p_r_m _c_o_m_m_a_n_d + + o+ _m_a_g_i_c _o_u_t_p_u_t + + o+ _m_a_g_i_c _s_c_r_i_p_t + + o+ _m_a_n_g_l_e _c_a_s_e + + o+ _m_a_n_g_l_e_d _m_a_p + + o+ _m_a_n_g_l_e_d _n_a_m_e_s + + o+ _m_a_n_g_l_i_n_g _c_h_a_r + + o+ _m_a_p _a_r_c_h_i_v_e + + o+ _m_a_p _h_i_d_d_e_n + + o+ _m_a_p _s_y_s_t_e_m + + o+ _m_a_x _c_o_n_n_e_c_t_i_o_n_s + + o+ _m_a_x _p_r_i_n_t _j_o_b_s + + o+ _m_i_n _p_r_i_n_t _s_p_a_c_e + + o+ _m_s_d_f_s _r_o_o_t + + o+ _n_t _a_c_l _s_u_p_p_o_r_t + + o+ _o_n_l_y _g_u_e_s_t + + o+ _o_n_l_y _u_s_e_r + + o+ _o_p_l_o_c_k _c_o_n_t_e_n_t_i_o_n _l_i_m_i_t + + o+ _o_p_l_o_c_k_s + + o+ _p_a_t_h + + o+ _p_o_s_i_x _l_o_c_k_i_n_g + + o+ _p_o_s_t_e_x_e_c + + o+ _p_o_s_t_s_c_r_i_p_t + + o+ _p_r_e_e_x_e_c + + o+ _p_r_e_e_x_e_c _c_l_o_s_e + + o+ _p_r_e_s_e_r_v_e _c_a_s_e + + + + + Page 19 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _p_r_i_n_t _c_o_m_m_a_n_d + + o+ _p_r_i_n_t _o_k + + o+ _p_r_i_n_t_a_b_l_e + + o+ _p_r_i_n_t_e_r + + o+ _p_r_i_n_t_e_r _a_d_m_i_n + + o+ _p_r_i_n_t_e_r _d_r_i_v_e_r + + o+ _p_r_i_n_t_e_r _d_r_i_v_e_r _l_o_c_a_t_i_o_n + + o+ _p_r_i_n_t_e_r _n_a_m_e + + o+ _p_r_i_n_t_i_n_g + + o+ _p_r_o_f_i_l_e _a_c_l_s + + o+ _p_u_b_l_i_c + + o+ _q_u_e_u_e_p_a_u_s_e _c_o_m_m_a_n_d + + o+ _q_u_e_u_e_r_e_s_u_m_e _c_o_m_m_a_n_d + + o+ _r_e_a_d _l_i_s_t + + o+ _r_e_a_d _o_n_l_y + + o+ _r_o_o_t _p_o_s_t_e_x_e_c + + o+ _r_o_o_t _p_r_e_e_x_e_c + + o+ _r_o_o_t _p_r_e_e_x_e_c _c_l_o_s_e + + o+ _s_e_c_u_r_i_t_y _m_a_s_k + + o+ _s_e_t _d_i_r_e_c_t_o_r_y + + o+ _s_h_a_r_e _m_o_d_e_s + + o+ _s_h_o_r_t _p_r_e_s_e_r_v_e _c_a_s_e + + o+ _s_t_a_t_u_s + + o+ _s_t_r_i_c_t _a_l_l_o_c_a_t_e + + o+ _s_t_r_i_c_t _l_o_c_k_i_n_g + + o+ _s_t_r_i_c_t _s_y_n_c + + + + + Page 20 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _s_y_n_c _a_l_w_a_y_s + + o+ _u_s_e _c_l_i_e_n_t _d_r_i_v_e_r + + o+ _u_s_e _s_e_n_d_f_i_l_e + + o+ _u_s_e_r + + o+ _u_s_e_r_n_a_m_e + + o+ _u_s_e_r_s + + o+ _v_a_l_i_d _u_s_e_r_s + + o+ _v_e_t_o _f_i_l_e_s + + o+ _v_e_t_o _o_p_l_o_c_k _f_i_l_e_s + + o+ _v_f_s _o_b_j_e_c_t + + o+ _v_f_s _o_p_t_i_o_n_s + + o+ _v_o_l_u_m_e + + o+ _w_i_d_e _l_i_n_k_s + + o+ _w_r_i_t_a_b_l_e + + o+ _w_r_i_t_e _c_a_c_h_e _s_i_z_e + + o+ _w_r_i_t_e _l_i_s_t + + o+ _w_r_i_t_e _o_k + + o+ _w_r_i_t_e_a_b_l_e + + EEEEXXXXPPPPLLLLAAAANNNNAAAATTTTIIIIOOOONNNN OOOOFFFF EEEEAAAACCCCHHHH PPPPAAAARRRRAAAAMMMMEEEETTTTEEEERRRR + aaaadddddddd pppprrrriiiinnnntttteeeerrrr ccccoooommmmmmmmaaaannnndddd ((((GGGG)))) + With the introduction of MS-RPC based printing support + for Windows NT/2000 clients in Samba 2.2, The MS Add + Printer Wizard (APW) icon is now also available in the + "Printers..." folder displayed a share listing. The APW + allows for printers to be add remotely to a Samba or + Windows NT/2000 print server. + + For a Samba host this means that the printer must be + physically added to the underlying printing system. The + _a_d_d _p_r_i_n_t_e_r _c_o_m_m_a_n_d defines a script to be run which + will perform the necessary operations for adding the + printer to the print system and to add the appropriate + service definition to the _s_m_b._c_o_n_f file in order that + it can be shared by ssssmmmmbbbbdddd((((8888)))) + + + + Page 21 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + The _a_d_d _p_r_i_n_t_e_r _c_o_m_m_a_n_d is automatically invoked with + the following parameter (in order: + + o+ _p_r_i_n_t_e_r _n_a_m_e + + o+ _s_h_a_r_e _n_a_m_e + + o+ _p_o_r_t _n_a_m_e + + o+ _d_r_i_v_e_r _n_a_m_e + + o+ _l_o_c_a_t_i_o_n + + o+ _W_i_n_d_o_w_s _9_x _d_r_i_v_e_r _l_o_c_a_t_i_o_n + + All parameters are filled in from the PRINTER_INFO_2 + structure sent by the Windows NT/2000 client with one + exception. The "Windows 9x driver location" parameter is + included for backwards compatibility only. The remaining + fields in the structure are generated from answers to the + APW questions. + + Once the _a_d_d _p_r_i_n_t_e_r _c_o_m_m_a_n_d has been executed, ssssmmmmbbbbdddd will + reparse the _s_m_b._c_o_n_f to determine if the share defined by + the APW exists. If the sharename is still invalid, then ssssmmmmbbbbdddd + will return an ACCESS_DENIED error to the client. + + See also _d_e_l_e_t_e _p_r_i_n_t_e_r _c_o_m_m_a_n_d, _p_r_i_n_t_i_n_g, _s_h_o_w _a_d_d _p_r_i_n_t_e_r + _w_i_z_a_r_d + + Default: nnnnoooonnnneeee + + Example: aaaaddddddddpppprrrriiiinnnntttteeeerrrr ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////aaaaddddddddpppprrrriiiinnnntttteeeerrrr + + aaaadddddddd sssshhhhaaaarrrreeee ccccoooommmmmmmmaaaannnndddd ((((GGGG)))) + Samba 2.2.0 introduced the ability to dynamically add + and delete shares via the Windows NT 4.0 Server + Manager. The _a_d_d _s_h_a_r_e _c_o_m_m_a_n_d is used to define an + external program or script which will add a new service + definition to _s_m_b._c_o_n_f. In order to successfully + execute the _a_d_d _s_h_a_r_e _c_o_m_m_a_n_d, ssssmmmmbbbbdddd requires that the + administrator be connected using a root account (i.e. + uid == 0). + + When executed, ssssmmmmbbbbdddd will automatically invoke the _a_d_d + _s_h_a_r_e _c_o_m_m_a_n_d with four parameters. + + o+ _c_o_n_f_i_g_F_i_l_e - the location of the global _s_m_b._c_o_n_f + file. + + o+ _s_h_a_r_e_N_a_m_e - the name of the new share. + + + + + Page 22 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ _p_a_t_h_N_a_m_e - path to an **existing** directory on disk. + + o+ _c_o_m_m_e_n_t - comment string to associate with the new + share. + + This parameter is only used for add file shares. To add + printer shares, see the _a_d_d _p_r_i_n_t_e_r _c_o_m_m_a_n_d. + + See also _c_h_a_n_g_e _s_h_a_r_e _c_o_m_m_a_n_d, _d_e_l_e_t_e _s_h_a_r_e _c_o_m_m_a_n_d. + + Default: nnnnoooonnnneeee + + Example: aaaadddddddd sssshhhhaaaarrrreeee ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////llllooooccccaaaallll////bbbbiiiinnnn////aaaaddddddddsssshhhhaaaarrrreeee + + aaaadddddddd uuuusssseeeerrrr ssssccccrrrriiiipppptttt ((((GGGG)))) + This is the full pathname to a script that will be run + AAAASSSS RRRROOOOOOOOTTTT by smbd(8) + under special circumstances described below. + + Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. + For sites that use Windows NT account databases as + their primary user database creating these users and + keeping the user list in sync with the Windows NT PDC + is an onerous task. This option allows smbd to create + the required UNIX users OOOONNNN DDDDEEEEMMMMAAAANNNNDDDD when a user accesses + the Samba server. + + In order to use this option, smbd must NNNNOOOOTTTT be set to + _s_e_c_u_r_i_t_y = _s_h_a_r_e and _a_d_d _u_s_e_r _s_c_r_i_p_t must be set to a + full pathname for a script that will create a UNIX user + given one argument of %_u, which expands into the UNIX + user name to create. + + When the Windows user attempts to access the Samba + server, at login (session setup in the SMB protocol) + time, smbd contacts the _p_a_s_s_w_o_r_d _s_e_r_v_e_r and attempts + to authenticate the given user with the given password. + If the authentication succeeds then ssssmmmmbbbbdddd attempts to + find a UNIX user in the UNIX password database to map + the Windows user into. If this lookup fails, and _a_d_d + _u_s_e_r _s_c_r_i_p_t is set then ssssmmmmbbbbdddd will call the specified + script AAAASSSS RRRROOOOOOOOTTTT, expanding any %_u argument to be the + user name to create. + + If this script successfully creates the user then ssssmmmmbbbbdddd + will continue on as though the UNIX user already + existed. In this way, UNIX users are dynamically + created to match existing Windows NT accounts. + + See also _s_e_c_u_r_i_t_y, _p_a_s_s_w_o_r_d _s_e_r_v_e_r, _d_e_l_e_t_e _u_s_e_r + _s_c_r_i_p_t. + + + + Page 23 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Default: aaaadddddddd uuuusssseeeerrrr ssssccccrrrriiiipppptttt ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + Example: aaaadddddddd uuuusssseeeerrrr ssssccccrrrriiiipppptttt ==== + ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////bbbbiiiinnnn////aaaadddddddd____uuuusssseeeerrrr %%%%uuuu + + aaaaddddmmmmiiiinnnn uuuusssseeeerrrrssss ((((SSSS)))) + This is a list of users who will be granted + administrative privileges on the share. This means that + they will do all file operations as the super-user + (root). + + You should use this option very carefully, as any user + in this list will be able to do anything they like on + the share, irrespective of file permissions. + + Default: nnnnoooo aaaaddddmmmmiiiinnnn uuuusssseeeerrrrssss + + Example: aaaaddddmmmmiiiinnnn uuuusssseeeerrrrssss ==== jjjjaaaassssoooonnnn + + aaaalllllllloooowwww hhhhoooossssttttssss ((((SSSS)))) + Synonym for _h_o_s_t_s _a_l_l_o_w. + + aaaalllllllloooowwww ttttrrrruuuusssstttteeeedddd ddddoooommmmaaaaiiiinnnnssss ((((GGGG)))) + This option only takes effect when the _s_e_c_u_r_i_t_y option + is set to server or domain. If it is set to no, then + attempts to connect to a resource from a domain or + workgroup other than the one which smbd is running in + will fail, even if that domain is trusted by the remote + server doing the authentication. + + This is useful if you only want your Samba server to + serve resources to users in the domain it is a member + of. As an example, suppose that there are two domains + DOMA and DOMB. DOMB is trusted by DOMA, which contains + the Samba server. Under normal circumstances, a user + with an account in DOMB can then access the resources + of a UNIX account with the same account name on the + Samba server even if they do not have an account in + DOMA. This can make implementing a security boundary + difficult. + + Default: aaaalllllllloooowwww ttttrrrruuuusssstttteeeedddd ddddoooommmmaaaaiiiinnnnssss ==== yyyyeeeessss + + aaaannnnnnnnoooouuuunnnncccceeee aaaassss ((((GGGG)))) + This specifies what type of server nnnnmmmmbbbbdddd will announce + itself as, to a network neighborhood browse list. By + default this is set to Windows NT. The valid options + are : "NT Server" (which can also be written as "NT"), + "NT Workstation", "Win95" or "WfW" meaning Windows NT + Server, Windows NT Workstation, Windows 95 and Windows + for Workgroups respectively. Do not change this + parameter unless you have a specific need to stop Samba + + + + Page 24 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + appearing as an NT server as this may prevent Samba + servers from participating as browser servers + correctly. + + Default: aaaannnnnnnnoooouuuunnnncccceeee aaaassss ==== NNNNTTTT SSSSeeeerrrrvvvveeeerrrr + + Example: aaaannnnnnnnoooouuuunnnncccceeee aaaassss ==== WWWWiiiinnnn99995555 + + aaaannnnnnnnoooouuuunnnncccceeee vvvveeeerrrrssssiiiioooonnnn ((((GGGG)))) + This specifies the major and minor version numbers that + nmbd will use when announcing itself as a server. The + default is 4.5. Do not change this parameter unless you + have a specific need to set a Samba server to be a + downlevel server. + + Default: aaaannnnnnnnoooouuuunnnncccceeee vvvveeeerrrrssssiiiioooonnnn ==== 4444....5555 + + Example: aaaannnnnnnnoooouuuunnnncccceeee vvvveeeerrrrssssiiiioooonnnn ==== 2222....0000 + + aaaauuuuttttoooo sssseeeerrrrvvvviiiicccceeeessss ((((GGGG)))) + This is a synonym for the _p_r_e_l_o_a_d. + + aaaavvvvaaaaiiiillllaaaabbbblllleeee ((((SSSS)))) + This parameter lets you "turn off" a service. If + _a_v_a_i_l_a_b_l_e = _n_o, then AAAALLLLLLLL attempts to connect to the + service will fail. Such failures are logged. + + Default: aaaavvvvaaaaiiiillllaaaabbbblllleeee ==== yyyyeeeessss + + bbbbiiiinnnndddd iiiinnnntttteeeerrrrffffaaaacccceeeessss oooonnnnllllyyyy ((((GGGG)))) + This global parameter allows the Samba admin to limit + what interfaces on a machine will serve SMB requests. + If affects file service smbd(8) and name service + nmbd(8) in slightly different ways. + + For name service it causes nnnnmmmmbbbbdddd to bind to ports 137 + and 138 on the interfaces listed in the interfaces + parameter. nnnnmmmmbbbbdddd also binds to the "all addresses" + interface (0.0.0.0) on ports 137 and 138 for the + purposes of reading broadcast messages. If this option + is not set then nnnnmmmmbbbbdddd will service name requests on all + of these sockets. If _b_i_n_d _i_n_t_e_r_f_a_c_e_s _o_n_l_y is set then + nnnnmmmmbbbbdddd will check the source address of any packets + coming in on the broadcast sockets and discard any that + don't match the broadcast addresses of the interfaces + in the _i_n_t_e_r_f_a_c_e_s parameter list. As unicast packets + are received on the other sockets it allows nnnnmmmmbbbbdddd to + refuse to serve names to machines that send packets + that arrive through any interfaces not listed in the + _i_n_t_e_r_f_a_c_e_s list. IP Source address spoofing does defeat + this simple check, however so it must not be used + seriously as a security feature for nnnnmmmmbbbbdddd. + + + + Page 25 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + For file service it causes smbd(8) to bind only to the + interface list given in the interfaces parameter. This + restricts the networks that ssssmmmmbbbbdddd will serve to packets + coming in those interfaces. Note that you should not + use this parameter for machines that are serving PPP or + other intermittent or non-broadcast network interfaces + as it will not cope with non-permanent interfaces. + + If _b_i_n_d _i_n_t_e_r_f_a_c_e_s _o_n_l_y is set then unless the network + address 111122227777....0000....0000....1111 is added to the _i_n_t_e_r_f_a_c_e_s parameter + list ssssmmmmbbbbppppaaaasssssssswwwwdddd((((8888)))) and sssswwwwaaaatttt((((8888)))) may not work as expected + due to the reasons covered below. + + To change a users SMB password, the ssssmmmmbbbbppppaaaasssssssswwwwdddd by + default connects to the llllooooccccaaaallllhhhhoooosssstttt ---- 111122227777....0000....0000....1111 address + as an SMB client to issue the password change request. + If _b_i_n_d _i_n_t_e_r_f_a_c_e_s _o_n_l_y is set then unless the network + address 111122227777....0000....0000....1111 is added to the _i_n_t_e_r_f_a_c_e_s parameter + list then ssssmmmmbbbbppppaaaasssssssswwwwdddd will fail to connect in it's + default mode. ssssmmmmbbbbppppaaaasssssssswwwwdddd can be forced to use the + primary IP interface of the local host by using its -_r + _r_e_m_o_t_e _m_a_c_h_i_n_e + parameter, with _r_e_m_o_t_e _m_a_c_h_i_n_e set to the IP name of + the primary interface of the local host. + + The sssswwwwaaaatttt status page tries to connect with ssssmmmmbbbbdddd and + nnnnmmmmbbbbdddd at the address 111122227777....0000....0000....1111 to determine if they are + running. Not adding 111122227777....0000....0000....1111 will cause ssssmmmmbbbbdddd and nnnnmmmmbbbbdddd + to always show "not running" even if they really are. + This can prevent sssswwwwaaaatttt from + starting/stopping/restarting ssssmmmmbbbbdddd and nnnnmmmmbbbbdddd. + + Default: bbbbiiiinnnndddd iiiinnnntttteeeerrrrffffaaaacccceeeessss oooonnnnllllyyyy ==== nnnnoooo + + bbbblllloooocccckkkk ssssiiiizzzzeeee ((((SSSS)))) + This parameter controls the behavior of smbd(8) when + reporting disk free sizes. By default, this reports a + disk block size of 1024 bytes. + + Changing this parameter may have some effect on the + efficiency of client writes, this is not yet confirmed. + This parameter was added to allow advanced + administrators to change it (usually to a higher value) + and test the effect it has on client write performance + without re-compiling the code. As this is an + experimental option it may be removed in a future + release. + + Changing this option does not change the disk free + reporting size, just the block size unit reported to + the client. + + + + + Page 26 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Default: bbbblllloooocccckkkk ssssiiiizzzzeeee ==== 1111000022224444 + + Example: bbbblllloooocccckkkk ssssiiiizzzzeeee ==== 66665555555533336666 + + bbbblllloooocccckkkkiiiinnnngggg lllloooocccckkkkssss ((((SSSS)))) + This parameter controls the behavior of smbd(8) when + given a request by a client to obtain a byte range lock + on a region of an open file, and the request has a time + limit associated with it. + + If this parameter is set and the lock range requested + cannot be immediately satisfied, Samba 2.2 will + internally queue the lock request, and periodically + attempt to obtain the lock until the timeout period + expires. + + If this parameter is set to no, then Samba 2.2 will + behave as previous versions of Samba would and will + fail the lock request immediately if the lock range + cannot be obtained. + + Default: bbbblllloooocccckkkkiiiinnnngggg lllloooocccckkkkssss ==== yyyyeeeessss + + bbbbrrrroooowwwwssssaaaabbbblllleeee ((((SSSS)))) + See the _b_r_o_w_s_e_a_b_l_e. + + bbbbrrrroooowwwwsssseeee lllliiiisssstttt ((((GGGG)))) + This controls whether ssssmmmmbbbbdddd((((8888)))) will serve a browse list + to a client doing a NNNNeeeettttSSSSeeeerrrrvvvveeeerrrrEEEEnnnnuuuummmm call. Normally set to + yes. You should never need to change this. + + Default: bbbbrrrroooowwwwsssseeee lllliiiisssstttt ==== yyyyeeeessss + + bbbbrrrroooowwwwsssseeeeaaaabbbblllleeee ((((SSSS)))) + This controls whether this share is seen in the list of + available shares in a net view and in the browse list. + + Default: bbbbrrrroooowwwwsssseeeeaaaabbbblllleeee ==== yyyyeeeessss + + ccccaaaasssseeee sssseeeennnnssssiiiittttiiiivvvveeee ((((SSSS)))) + See the discussion in the section NAME MANGLING. + + Default: ccccaaaasssseeee sssseeeennnnssssiiiittttiiiivvvveeee ==== nnnnoooo + + ccccaaaasssseeeessssiiiiggggnnnnaaaammmmeeeessss ((((SSSS)))) + Synonym for case sensitive. + + cccchhhhaaaannnnggggeeee nnnnoooottttiiiiffffyyyy ttttiiiimmmmeeeeoooouuuutttt ((((GGGG)))) + This SMB allows a client to tell a server to "watch" a + particular directory for any changes and only reply to + the SMB request when a change has occurred. Such + constant scanning of a directory is expensive under + + + + Page 27 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + UNIX, hence an ssssmmmmbbbbdddd((((8888)))) daemon only performs such a + scan on each requested directory once every _c_h_a_n_g_e + _n_o_t_i_f_y _t_i_m_e_o_u_t seconds. + + Default: cccchhhhaaaannnnggggeeee nnnnoooottttiiiiffffyyyy ttttiiiimmmmeeeeoooouuuutttt ==== 66660000 + + Example: cccchhhhaaaannnnggggeeee nnnnoooottttiiiiffffyyyy ttttiiiimmmmeeeeoooouuuutttt ==== 333300000000 + + Would change the scan time to every 5 minutes. + + cccchhhhaaaannnnggggeeee sssshhhhaaaarrrreeee ccccoooommmmmmmmaaaannnndddd ((((GGGG)))) + Samba 2.2.0 introduced the ability to dynamically add + and delete shares via the Windows NT 4.0 Server + Manager. The _c_h_a_n_g_e _s_h_a_r_e _c_o_m_m_a_n_d is used to define an + external program or script which will modify an + existing service definition in _s_m_b._c_o_n_f. In order to + successfully execute the _c_h_a_n_g_e _s_h_a_r_e _c_o_m_m_a_n_d, ssssmmmmbbbbdddd + requires that the administrator be connected using a + root account (i.e. uid == 0). + + When executed, ssssmmmmbbbbdddd will automatically invoke the + _c_h_a_n_g_e _s_h_a_r_e _c_o_m_m_a_n_d with four parameters. + + o+ _c_o_n_f_i_g_F_i_l_e - the location of the global _s_m_b._c_o_n_f + file. + + o+ _s_h_a_r_e_N_a_m_e - the name of the new share. + + o+ _p_a_t_h_N_a_m_e - path to an **existing** directory on disk. + + o+ _c_o_m_m_e_n_t - comment string to associate with the new + share. + + This parameter is only used modify existing file shares + definitions. To modify printer shares, use the "Printers..." + folder as seen when browsing the Samba host. + + See also _a_d_d _s_h_a_r_e _c_o_m_m_a_n_d, _d_e_l_e_t_e _s_h_a_r_e _c_o_m_m_a_n_d. + + Default: nnnnoooonnnneeee + + Example: cccchhhhaaaannnnggggeeee sssshhhhaaaarrrreeee ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////llllooooccccaaaallll////bbbbiiiinnnn////aaaaddddddddsssshhhhaaaarrrreeee + + cccchhhhaaaarrrraaaacccctttteeeerrrr sssseeeetttt ((((GGGG)))) + This allows smbd to map incoming filenames from a DOS + Code page (see the client code page parameter) to + several built in UNIX character sets. The built in code + page translations are: + + o+ ISO8859-1 : Western European UNIX character set. The + parameter _c_l_i_e_n_t _c_o_d_e _p_a_g_e MMMMUUUUSSSSTTTT be set to code page + 850 if the _c_h_a_r_a_c_t_e_r _s_e_t parameter is set to + + + + Page 28 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + ISO8859-1 in order for the conversion to the UNIX + character set to be done correctly. + + o+ ISO8859-2 : Eastern European UNIX character set. The + parameter _c_l_i_e_n_t _c_o_d_e _p_a_g_e MMMMUUUUSSSSTTTT be set to code page + 852 if the _c_h_a_r_a_c_t_e_r _s_e_t parameter is set to + ISO8859-2 in order for the conversion to the UNIX + character set to be done correctly. + + o+ ISO8859-5 : Russian Cyrillic UNIX character set. The + parameter _c_l_i_e_n_t _c_o_d_e _p_a_g_e MMMMUUUUSSSSTTTT be set to code page + 866 if the _c_h_a_r_a_c_t_e_r _s_e_t parameter is set to + ISO8859-5 in order for the conversion to the UNIX + character set to be done correctly. + + o+ ISO8859-7 : Greek UNIX character set. The parameter + _c_l_i_e_n_t _c_o_d_e _p_a_g_e MMMMUUUUSSSSTTTT be set to code page 737 if the + _c_h_a_r_a_c_t_e_r _s_e_t parameter is set to ISO8859-7 in order + for the conversion to the UNIX character set to be + done correctly. + + o+ KOI8-R : Alternate mapping for Russian Cyrillic UNIX + character set. The parameter _c_l_i_e_n_t _c_o_d_e _p_a_g_e MMMMUUUUSSSSTTTT be + set to code page 866 if the _c_h_a_r_a_c_t_e_r _s_e_t parameter + is set to KOI8-R in order for the conversion to the + UNIX character set to be done correctly. + + BBBBUUUUGGGG. These MSDOS code page to UNIX character set mappings + should be dynamic, like the loading of MS DOS code pages, + not static. + + Normally this parameter is not set, meaning no filename + translation is done. + + Default: cccchhhhaaaarrrraaaacccctttteeeerrrr sssseeeetttt ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + Example: cccchhhhaaaarrrraaaacccctttteeeerrrr sssseeeetttt ==== IIIISSSSOOOO8888888855559999----1111 + + cccclllliiiieeeennnntttt ccccooooddddeeee ppppaaaaggggeeee ((((GGGG)))) + This parameter specifies the DOS code page that the + clients accessing Samba are using. To determine what + code page a Windows or DOS client is using, open a DOS + command prompt and type the command cccchhhhccccpppp. This will + output the code page. The default for USA MS-DOS, + Windows 95, and Windows NT releases is code page 437. + The default for western European releases of the above + operating systems is code page 850. + + This parameter tells smbd(8) which of the _c_o_d_e_p_a_g_e._X_X_X + files to dynamically load on startup. These files, + described more fully in the manual page + mmmmaaaakkkkeeee____ssssmmmmbbbbccccooooddddeeeeppppaaaaggggeeee((((1111)))) tell ssssmmmmbbbbdddd how to map lower to + + + + Page 29 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + upper case characters to provide the case insensitivity + of filenames that Windows clients expect. + + Samba currently ships with the following code page + files : + + o+ Code Page 437 - MS-DOS Latin US + + o+ Code Page 737 - Windows '95 Greek + + o+ Code Page 850 - MS-DOS Latin 1 + + o+ Code Page 852 - MS-DOS Latin 2 + + o+ Code Page 861 - MS-DOS Icelandic + + o+ Code Page 866 - MS-DOS Cyrillic + + o+ Code Page 932 - MS-DOS Japanese SJIS + + o+ Code Page 936 - MS-DOS Simplified Chinese + + o+ Code Page 949 - MS-DOS Korean Hangul + + o+ Code Page 950 - MS-DOS Traditional Chinese + + Thus this parameter may have any of the values 437, 737, + 850, 852, 861, 932, 936, 949, or 950. If you don't find the + codepage you need, read the comments in one of the other + codepage files and the mmmmaaaakkkkeeee____ssssmmmmbbbbccccooooddddeeeeppppaaaaggggeeee((((1111)))) man page and + write one. Please remember to donate it back to the Samba + user community. + + This parameter co-operates with the _v_a_l_i_d _c_h_a_r_s parameter in + determining what characters are valid in filenames and how + capitalization is done. If you set both this parameter and + the _v_a_l_i_d _c_h_a_r_s parameter the _c_l_i_e_n_t _c_o_d_e _p_a_g_e parameter + MMMMUUUUSSSSTTTT be set before the _v_a_l_i_d _c_h_a_r_s parameter in the _s_m_b._c_o_n_f + file. The _v_a_l_i_d _c_h_a_r_s string will then augment the character + settings in the _c_l_i_e_n_t _c_o_d_e _p_a_g_e parameter. + + If not set, _c_l_i_e_n_t _c_o_d_e _p_a_g_e defaults to 850. + + See also : _v_a_l_i_d _c_h_a_r_s, _c_o_d_e _p_a_g_e _d_i_r_e_c_t_o_r_y + + Default: cccclllliiiieeeennnntttt ccccooooddddeeee ppppaaaaggggeeee ==== 888855550000 + + Example: cccclllliiiieeeennnntttt ccccooooddddeeee ppppaaaaggggeeee ==== 999933336666 + + ccccooooddddeeee ppppaaaaggggeeee ddddiiiirrrreeeeccccttttoooorrrryyyy ((((GGGG)))) + Define the location of the various client code page + files. + + + + Page 30 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + See also _c_l_i_e_n_t _c_o_d_e _p_a_g_e + + Default: ccccooooddddeeee ppppaaaaggggeeee ddddiiiirrrreeeeccccttttoooorrrryyyy ==== $$$${{{{pppprrrreeeeffffiiiixxxx}}}}////lllliiiibbbb////ccccooooddddeeeeppppaaaaggggeeeessss + + Example: ccccooooddddeeee ppppaaaaggggeeee ddddiiiirrrreeeeccccttttoooorrrryyyy ==== + ////uuuussssrrrr////sssshhhhaaaarrrreeee////ssssaaaammmmbbbbaaaa////ccccooooddddeeeeppppaaaaggggeeeessss + + ccccooooddddiiiinnnngggg ssssyyyysssstttteeeemmmm ((((GGGG)))) + This parameter is used to determine how incoming + Shift-JIS Japanese characters are mapped from the + incoming _c_l_i_e_n_t _c_o_d_e _p_a_g_e used by the client, into file + names in the UNIX filesystem. Only useful if _c_l_i_e_n_t + _c_o_d_e _p_a_g_e is set to 932 (Japanese Shift-JIS). The + options are : + + o+ SJIS - Shift-JIS. Does no conversion of the incoming + filename. + + o+ JIS8, J8BB, J8BH, J8@B, J8@J, J8@H - Convert from + incoming Shift-JIS to eight bit JIS code with + different shift-in, shift out codes. + + o+ JIS7, J7BB, J7BH, J7@B, J7@J, J7@H - Convert from + incoming Shift-JIS to seven bit JIS code with + different shift-in, shift out codes. + + o+ JUNET, JUBB, JUBH, JU@B, JU@J, JU@H - Convert from + incoming Shift-JIS to JUNET code with different + shift-in, shift out codes. + + o+ EUC - Convert an incoming Shift-JIS character to EUC + code. + + o+ HEX - Convert an incoming Shift-JIS character to a 3 + byte hex representation, i.e. :AB. + + o+ CAP - Convert an incoming Shift-JIS character to the + 3 byte hex representation used by the Columbia + AppleTalk Program (CAP), i.e. :AB. This is used for + compatibility between Samba and CAP. + + Default: ccccooooddddiiiinnnngggg ssssyyyysssstttteeeemmmm ==== <<<<eeeemmmmppppttttyyyy vvvvaaaalllluuuueeee>>>> + + ccccoooommmmmmmmeeeennnntttt ((((SSSS)))) + This is a text field that is seen next to a share when + a client does a queries the server, either via the + network neighborhood or via nnnneeeetttt vvvviiiieeeewwww to list what + shares are available. + + If you want to set the string that is displayed next to + the machine name then see the _s_e_r_v_e_r _s_t_r_i_n_g parameter. + + + + + Page 31 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Default: NNNNoooo ccccoooommmmmmmmeeeennnntttt ssssttttrrrriiiinnnngggg + + Example: ccccoooommmmmmmmeeeennnntttt ==== FFFFrrrreeeedddd''''ssss FFFFiiiilllleeeessss + + ccccoooonnnnffffiiiigggg ffffiiiilllleeee ((((GGGG)))) + This allows you to override the config file to use, + instead of the default (usually _s_m_b._c_o_n_f). There is a + chicken and egg problem here as this option is set in + the config file! + + For this reason, if the name of the config file has + changed when the parameters are loaded then it will + reload them from the new config file. + + This option takes the usual substitutions, which can be + very useful. + + If the config file doesn't exist then it won't be + loaded (allowing you to special case the config files + of just a few clients). + + Example: ccccoooonnnnffffiiiigggg ffffiiiilllleeee ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////lllliiiibbbb////ssssmmmmbbbb....ccccoooonnnnffff....%%%%mmmm + + ccccooooppppyyyy ((((SSSS)))) + This parameter allows you to "clone" service entries. + The specified service is simply duplicated under the + current service's name. Any parameters specified in the + current section will override those in the section + being copied. + + This feature lets you set up a 'template' service and + create similar services easily. Note that the service + being copied must occur earlier in the configuration + file than the service doing the copying. + + Default: nnnnoooo vvvvaaaalllluuuueeee + + Example: ccccooooppppyyyy ==== ooootttthhhheeeerrrrsssseeeerrrrvvvviiiicccceeee + + ccccrrrreeeeaaaatttteeee mmmmaaaasssskkkk ((((SSSS)))) + A synonym for this parameter is _c_r_e_a_t_e _m_o_d_e . + + When a file is created, the necessary permissions are + calculated according to the mapping from DOS modes to + UNIX permissions, and the resulting UNIX mode is then + bit-wise 'AND'ed with this parameter. This parameter + may be thought of as a bit-wise MASK for the UNIX modes + of a file. Any bit nnnnooootttt set here will be removed from + the modes set on a file when it is created. + + The default value of this parameter removes the 'group' + and 'other' write and execute bits from the UNIX modes. + + + + Page 32 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Following this Samba will bit-wise 'OR' the UNIX mode + created from this parameter with the value of the _f_o_r_c_e + _c_r_e_a_t_e _m_o_d_e parameter which is set to 000 by default. + + This parameter does not affect directory modes. See the + parameter _d_i_r_e_c_t_o_r_y _m_o_d_e for details. + + See also the _f_o_r_c_e _c_r_e_a_t_e _m_o_d_e parameter for forcing + particular mode bits to be set on created files. See + also the _d_i_r_e_c_t_o_r_y _m_o_d_e parameter for masking mode + bits on created directories. See also the _i_n_h_e_r_i_t + _p_e_r_m_i_s_s_i_o_n_s parameter. + + Note that this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the + administrator wishes to enforce a mask on access + control lists also, they need to set the _s_e_c_u_r_i_t_y _m_a_s_k. + + Default: ccccrrrreeeeaaaatttteeee mmmmaaaasssskkkk ==== 0000777744444444 + + Example: ccccrrrreeeeaaaatttteeee mmmmaaaasssskkkk ==== 0000777777775555 + + ccccrrrreeeeaaaatttteeee mmmmooooddddeeee ((((SSSS)))) + This is a synonym for _c_r_e_a_t_e _m_a_s_k. + + ccccsssscccc ppppoooolllliiiiccccyyyy ((((SSSS)))) + This stands for cccclllliiiieeeennnntttt----ssssiiiiddddeeee ccccaaaacccchhhhiiiinnnngggg ppppoooolllliiiiccccyyyy, and + specifies how clients capable of offline caching will + cache the files in the share. The valid values are: + manual, documents, programs, disable. + + These values correspond to those used on Windows + servers. + + For example, shares containing roaming profiles can + have offline caching disabled using ccccsssscccc ppppoooolllliiiiccccyyyy ==== + ddddiiiissssaaaabbbblllleeee . + + Default: ccccsssscccc ppppoooolllliiiiccccyyyy ==== mmmmaaaannnnuuuuaaaallll + + Example: ccccsssscccc ppppoooolllliiiiccccyyyy ==== pppprrrrooooggggrrrraaaammmmssss + + ddddeeeeaaaaddddttttiiiimmmmeeee ((((GGGG)))) + The value of the parameter (a decimal integer) + represents the number of minutes of inactivity before a + connection is considered dead, and it is disconnected. + The deadtime only takes effect if the number of open + files is zero. + + This is useful to stop a server's resources being + exhausted by a large number of inactive connections. + + + + + Page 33 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Most clients have an auto-reconnect feature when a + connection is broken so in most cases this parameter + should be transparent to users. + + Using this parameter with a timeout of a few minutes is + recommended for most systems. + + A deadtime of zero indicates that no auto-disconnection + should be performed. + + Default: ddddeeeeaaaaddddttttiiiimmmmeeee ==== 0000 + + Example: ddddeeeeaaaaddddttttiiiimmmmeeee ==== 11115555 + + ddddeeeebbbbuuuugggg hhhhiiiirrrreeeessss ttttiiiimmmmeeeessssttttaaaammmmpppp ((((GGGG)))) + Sometimes the timestamps in the log messages are needed + with a resolution of higher that seconds, this boolean + parameter adds microsecond resolution to the timestamp + message header when turned on. + + Note that the parameter _d_e_b_u_g _t_i_m_e_s_t_a_m_p must be on for + this to have an effect. + + Default: ddddeeeebbbbuuuugggg hhhhiiiirrrreeeessss ttttiiiimmmmeeeessssttttaaaammmmpppp ==== nnnnoooo + + ddddeeeebbbbuuuugggg ppppiiiidddd ((((GGGG)))) + When using only one log file for more then one forked + smbdprocess there may be hard to follow which process + outputs which message. This boolean parameter is adds + the process-id to the timestamp message headers in the + logfile when turned on. + + Note that the parameter _d_e_b_u_g _t_i_m_e_s_t_a_m_p must be on for + this to have an effect. + + Default: ddddeeeebbbbuuuugggg ppppiiiidddd ==== nnnnoooo + + ddddeeeebbbbuuuugggg ttttiiiimmmmeeeessssttttaaaammmmpppp ((((GGGG)))) + Samba 2.2 debug log messages are timestamped by + default. If you are running at a high _d_e_b_u_g _l_e_v_e_l + these timestamps can be distracting. This boolean + parameter allows timestamping to be turned off. + + Default: ddddeeeebbbbuuuugggg ttttiiiimmmmeeeessssttttaaaammmmpppp ==== yyyyeeeessss + + ddddeeeebbbbuuuugggg uuuuiiiidddd ((((GGGG)))) + Samba is sometimes run as root and sometime run as the + connected user, this boolean parameter inserts the + current euid, egid, uid and gid to the timestamp + message headers in the log file if turned on. + + Note that the parameter _d_e_b_u_g _t_i_m_e_s_t_a_m_p must be on for + + + + Page 34 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + this to have an effect. + + Default: ddddeeeebbbbuuuugggg uuuuiiiidddd ==== nnnnoooo + + ddddeeeebbbbuuuugggglllleeeevvvveeeellll ((((GGGG)))) + Synonym for _l_o_g _l_e_v_e_l. + + ddddeeeeffffaaaauuuulllltttt ((((GGGG)))) + A synonym for _d_e_f_a_u_l_t _s_e_r_v_i_c_e. + + ddddeeeeffffaaaauuuulllltttt ccccaaaasssseeee ((((SSSS)))) + See the section on NAME MANGLING. Also note the _s_h_o_r_t + _p_r_e_s_e_r_v_e _c_a_s_e parameter. + + Default: ddddeeeeffffaaaauuuulllltttt ccccaaaasssseeee ==== lllloooowwwweeeerrrr + + ddddeeeeffffaaaauuuulllltttt ddddeeeevvvvmmmmooooddddeeee ((((SSSS)))) + This parameter is only applicable to printable + services. When smbd is serving Printer Drivers to + Windows NT/2k/XP clients, each printer on the Samba + server has a Device Mode which defines things such as + paper size and orientation and duplex settings. The + device mode can only correctly be generated by the + printer driver itself (which can only be executed on a + Win32 platform). Because smbd is unable to execute the + driver code to generate the device mode, the default + behavior is to set this field to NULL. + + Most problems with serving printer drivers to Windows + NT/2k/XP clients can be traced to a problem with the + generated device mode. Certain drivers will do things + such as crashing the client's Explorer.exe with a NULL + devmode. However, other printer drivers can cause the + client's spooler service (spoolsv.exe) to die if the + devmode was not created by the driver itself (i.e. smbd + generates a default devmode). + + This parameter should be used with care and tested with + the printer driver in question. It is better to leave + the device mode to NULL and let the Windows client set + the correct values. Because drivers do not do this all + the time, setting ddddeeeeffffaaaauuuulllltttt ddddeeeevvvvmmmmooooddddeeee ==== yyyyeeeessss will instruct + smbd to generate a default one. + + For more information on Windows NT/2k printing and + Device Modes, see the MSDN documentation + <URL:http://msdn.microsoft.com/>. + + Default: ddddeeeeffffaaaauuuulllltttt ddddeeeevvvvmmmmooooddddeeee ==== nnnnoooo + + ddddeeeeffffaaaauuuulllltttt sssseeeerrrrvvvviiiicccceeee ((((GGGG)))) + This parameter specifies the name of a service which + + + + Page 35 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + will be connected to if the service actually requested + cannot be found. Note that the square brackets are NNNNOOOOTTTT + given in the parameter value (see example below). + + There is no default value for this parameter. If this + parameter is not given, attempting to connect to a + nonexistent service results in an error. + + Typically the default service would be a _g_u_e_s_t _o_k, + _r_e_a_d-_o_n_l_y service. + + Also note that the apparent service name will be + changed to equal that of the requested service, this is + very useful as it allows you to use macros like %_S to + make a wildcard service. + + Note also that any "_" characters in the name of the + service used in the default service will get mapped to + a "/". This allows for interesting things. + + Example: + + + [global] + default service = pub + + [pub] + path = /%S + + + + ddddeeeelllleeeetttteeee pppprrrriiiinnnntttteeeerrrr ccccoooommmmmmmmaaaannnndddd ((((GGGG)))) + With the introduction of MS-RPC based printer support + for Windows NT/2000 clients in Samba 2.2, it is now + possible to delete printer at run time by issuing the + DeletePrinter() RPC call. + + For a Samba host this means that the printer must be + physically deleted from underlying printing system. The + _d_e_l_e_t_e_p_r_i_n_t_e_r _c_o_m_m_a_n_d defines a script to be run which + will perform the necessary operations for removing the + printer from the print system and from _s_m_b._c_o_n_f. + + The _d_e_l_e_t_e _p_r_i_n_t_e_r _c_o_m_m_a_n_d is automatically called with + only one parameter: "_p_r_i_n_t_e_r _n_a_m_e". + + Once the _d_e_l_e_t_e _p_r_i_n_t_e_r _c_o_m_m_a_n_d has been executed, ssssmmmmbbbbdddd + will reparse the _s_m_b._c_o_n_f to associated printer no + longer exists. If the sharename is still valid, then + ssssmmmmbbbbdddd will return an ACCESS_DENIED error to the client. + + See also _a_d_d _p_r_i_n_t_e_r _c_o_m_m_a_n_d, _p_r_i_n_t_i_n_g, _s_h_o_w _a_d_d + + + + Page 36 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + _p_r_i_n_t_e_r _w_i_z_a_r_d + + Default: nnnnoooonnnneeee + + Example: ddddeeeelllleeeetttteeeepppprrrriiiinnnntttteeeerrrr ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////rrrreeeemmmmoooovvvveeeepppprrrriiiinnnntttteeeerrrr + + ddddeeeelllleeeetttteeee rrrreeeeaaaaddddoooonnnnllllyyyy ((((SSSS)))) + This parameter allows readonly files to be deleted. + This is not normal DOS semantics, but is allowed by + UNIX. + + This option may be useful for running applications such + as rcs, where UNIX file ownership prevents changing + file permissions, and DOS semantics prevent deletion of + a read only file. + + Default: ddddeeeelllleeeetttteeee rrrreeeeaaaaddddoooonnnnllllyyyy ==== nnnnoooo + + ddddeeeelllleeeetttteeee sssshhhhaaaarrrreeee ccccoooommmmmmmmaaaannnndddd ((((GGGG)))) + Samba 2.2.0 introduced the ability to dynamically add + and delete shares via the Windows NT 4.0 Server + Manager. The _d_e_l_e_t_e _s_h_a_r_e _c_o_m_m_a_n_d is used to define an + external program or script which will remove an + existing service definition from _s_m_b._c_o_n_f. In order to + successfully execute the _d_e_l_e_t_e _s_h_a_r_e _c_o_m_m_a_n_d, ssssmmmmbbbbdddd + requires that the administrator be connected using a + root account (i.e. uid == 0). + + When executed, ssssmmmmbbbbdddd will automatically invoke the + _d_e_l_e_t_e _s_h_a_r_e _c_o_m_m_a_n_d with two parameters. + + o+ _c_o_n_f_i_g_F_i_l_e - the location of the global _s_m_b._c_o_n_f + file. + + o+ _s_h_a_r_e_N_a_m_e - the name of the existing service. + + This parameter is only used to remove file shares. To delete + printer shares, see the _d_e_l_e_t_e _p_r_i_n_t_e_r _c_o_m_m_a_n_d. + + See also _a_d_d _s_h_a_r_e _c_o_m_m_a_n_d, _c_h_a_n_g_e _s_h_a_r_e _c_o_m_m_a_n_d. + + Default: nnnnoooonnnneeee + + Example: ddddeeeelllleeeetttteeee sssshhhhaaaarrrreeee ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////llllooooccccaaaallll////bbbbiiiinnnn////ddddeeeellllsssshhhhaaaarrrreeee + + ddddeeeelllleeeetttteeee uuuusssseeeerrrr ssssccccrrrriiiipppptttt ((((GGGG)))) + This is the full pathname to a script that will be run + AAAASSSS RRRROOOOOOOOTTTT by ssssmmmmbbbbdddd((((8888)))) under special circumstances + described below. + + Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. + + + + Page 37 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + For sites that use Windows NT account databases as + their primary user database creating these users and + keeping the user list in sync with the Windows NT PDC + is an onerous task. This option allows ssssmmmmbbbbdddd to delete + the required UNIX users OOOONNNN DDDDEEEEMMMMAAAANNNNDDDD when a user accesses + the Samba server and the Windows NT user no longer + exists. + + In order to use this option, ssssmmmmbbbbdddd must be set to + _s_e_c_u_r_i_t_y = _d_o_m_a_i_n or _s_e_c_u_r_i_t_y = _u_s_e_r and _d_e_l_e_t_e _u_s_e_r + _s_c_r_i_p_t must be set to a full pathname for a script that + will delete a UNIX user given one argument of %_u, which + expands into the UNIX user name to delete. + + When the Windows user attempts to access the Samba + server, at llllooooggggiiiinnnn (session setup in the SMB protocol) + time, ssssmmmmbbbbdddd contacts the _p_a_s_s_w_o_r_d _s_e_r_v_e_r and attempts + to authenticate the given user with the given password. + If the authentication fails with the specific Domain + error code meaning that the user no longer exists then + ssssmmmmbbbbdddd attempts to find a UNIX user in the UNIX password + database that matches the Windows user account. If this + lookup succeeds, and _d_e_l_e_t_e _u_s_e_r _s_c_r_i_p_t is set then + ssssmmmmbbbbdddd will all the specified script AAAASSSS RRRROOOOOOOOTTTT, expanding + any %_u argument to be the user name to delete. + + This script should delete the given UNIX username. In + this way, UNIX users are dynamically deleted to match + existing Windows NT accounts. + + See also security = domain, _p_a_s_s_w_o_r_d _s_e_r_v_e_r , _a_d_d _u_s_e_r + _s_c_r_i_p_t . + + Default: ddddeeeelllleeeetttteeee uuuusssseeeerrrr ssssccccrrrriiiipppptttt ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + Example: ddddeeeelllleeeetttteeee uuuusssseeeerrrr ssssccccrrrriiiipppptttt ==== + ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////bbbbiiiinnnn////ddddeeeellll____uuuusssseeeerrrr %%%%uuuu + + ddddeeeelllleeeetttteeee vvvveeeettttoooo ffffiiiilllleeeessss ((((SSSS)))) + This option is used when Samba is attempting to delete + a directory that contains one or more vetoed + directories (see the _v_e_t_o _f_i_l_e_s option). If this option + is set to no (the default) then if a vetoed directory + contains any non-vetoed files or directories then the + directory delete will fail. This is usually what you + want. + + If this option is set to yes, then Samba will attempt + to recursively delete any files and directories within + the vetoed directory. This can be useful for + integration with file serving systems such as NetAtalk + which create meta-files within directories you might + + + + Page 38 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + normally veto DOS/Windows users from seeing (e.g. + ._A_p_p_l_e_D_o_u_b_l_e) + + Setting ddddeeeelllleeeetttteeee vvvveeeettttoooo ffffiiiilllleeeessss ==== yyyyeeeessss allows these + directories to be transparently deleted when the parent + directory is deleted (so long as the user has + permissions to do so). + + See also the _v_e_t_o _f_i_l_e_s parameter. + + Default: ddddeeeelllleeeetttteeee vvvveeeettttoooo ffffiiiilllleeeessss ==== nnnnoooo + + ddddeeeennnnyyyy hhhhoooossssttttssss ((((SSSS)))) + Synonym for _h_o_s_t_s _d_e_n_y. + + ddddffffrrrreeeeeeee ccccoooommmmmmmmaaaannnndddd ((((GGGG)))) + The _d_f_r_e_e _c_o_m_m_a_n_d setting should only be used on + systems where a problem occurs with the internal disk + space calculations. This has been known to happen with + Ultrix, but may occur with other operating systems. The + symptom that was seen was an error of "Abort Retry + Ignore" at the end of each directory listing. + + This setting allows the replacement of the internal + routines to calculate the total disk space and amount + available with an external routine. The example below + gives a possible script that might fulfill this + function. + + The external program will be passed a single parameter + indicating a directory in the filesystem being queried. + This will typically consist of the string ./. The + script should return two integers in ASCII. The first + should be the total disk space in blocks, and the + second should be the number of available blocks. An + optional third return value can give the block size in + bytes. The default blocksize is 1024 bytes. + + Note: Your script should NNNNOOOOTTTT be setuid or setgid and + should be owned by (and writeable only by) root! + + Default: BBBByyyy ddddeeeeffffaaaauuuulllltttt iiiinnnntttteeeerrrrnnnnaaaallll rrrroooouuuuttttiiiinnnneeeessss ffffoooorrrr ddddeeeetttteeeerrrrmmmmiiiinnnniiiinnnngggg + tttthhhheeee ddddiiiisssskkkk ccccaaaappppaaaacccciiiittttyyyy aaaannnndddd rrrreeeemmmmaaaaiiiinnnniiiinnnngggg ssssppppaaaacccceeee wwwwiiiillllllll bbbbeeee uuuusssseeeedddd.... + + Example: ddddffffrrrreeeeeeee ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////bbbbiiiinnnn////ddddffffrrrreeeeeeee + + Where the script dfree (which must be made executable) + could be: + + + + #!/bin/sh + + + + Page 39 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + df $1 | tail -1 | awk '{print $2" "$4}' + + + + or perhaps (on Sys V based systems): + + + + #!/bin/sh + /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' + + + + Note that you may have to replace the command names + with full path names on some systems. + + ddddiiiirrrreeeeccccttttoooorrrryyyy ((((SSSS)))) + Synonym for _p_a_t_h . + + ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmaaaasssskkkk ((((SSSS)))) + This parameter is the octal modes which are used when + converting DOS modes to UNIX modes when creating UNIX + directories. + + When a directory is created, the necessary permissions + are calculated according to the mapping from DOS modes + to UNIX permissions, and the resulting UNIX mode is + then bit-wise 'AND'ed with this parameter. This + parameter may be thought of as a bit-wise MASK for the + UNIX modes of a directory. Any bit nnnnooootttt set here will be + removed from the modes set on a directory when it is + created. + + The default value of this parameter removes the 'group' + and 'other' write bits from the UNIX mode, allowing + only the user who owns the directory to modify it. + + Following this Samba will bit-wise 'OR' the UNIX mode + created from this parameter with the value of the _f_o_r_c_e + _d_i_r_e_c_t_o_r_y _m_o_d_e parameter. This parameter is set to 000 + by default (i.e. no extra mode bits are added). + + Note that this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the + administrator wishes to enforce a mask on access + control lists also, they need to set the _d_i_r_e_c_t_o_r_y + _s_e_c_u_r_i_t_y _m_a_s_k. + + See the _f_o_r_c_e _d_i_r_e_c_t_o_r_y _m_o_d_e parameter to cause + particular mode bits to always be set on created + directories. + + + + + Page 40 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + See also the _c_r_e_a_t_e _m_o_d_e parameter for masking mode + bits on created files, and the _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_a_s_k + parameter. + + Also refer to the _i_n_h_e_r_i_t _p_e_r_m_i_s_s_i_o_n_s parameter. + + Default: ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmaaaasssskkkk ==== 0000777755555555 + + Example: ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmaaaasssskkkk ==== 0000777777775555 + + ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmooooddddeeee ((((SSSS)))) + Synonym for _d_i_r_e_c_t_o_r_y _m_a_s_k + + ddddiiiirrrreeeeccccttttoooorrrryyyy sssseeeeccccuuuurrrriiiittttyyyy mmmmaaaasssskkkk ((((SSSS)))) + This parameter controls what UNIX permission bits can + be modified when a Windows NT client is manipulating + the UNIX permission on a directory using the native NT + security dialog box. + + This parameter is applied as a mask (AND'ed with) to + the changed permission bits, thus preventing any bits + not in this mask from being modified. Essentially, zero + bits in this mask may be treated as a set of bits the + user is not allowed to change. + + If not set explicitly this parameter is set to 0777 + meaning a user is allowed to modify all the + user/group/world permissions on a directory. + + NNNNooootttteeee that users who can access the Samba server through + other means can easily bypass this restriction, so it + is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably + want to leave it as the default of 0777. + + See also the _f_o_r_c_e _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_o_d_e, _s_e_c_u_r_i_t_y + _m_a_s_k, _f_o_r_c_e _s_e_c_u_r_i_t_y _m_o_d_e parameters. + + Default: ddddiiiirrrreeeeccccttttoooorrrryyyy sssseeeeccccuuuurrrriiiittttyyyy mmmmaaaasssskkkk ==== 0000777777777777 + + Example: ddddiiiirrrreeeeccccttttoooorrrryyyy sssseeeeccccuuuurrrriiiittttyyyy mmmmaaaasssskkkk ==== 0000777700000000 + + ddddiiiissssaaaabbbblllleeee ssssppppoooooooollllssssssss ((((GGGG)))) + Enabling this parameter will disables Samba's support + for the SPOOLSS set of MS-RPC's and will yield + identical behavior as Samba 2.0.x. Windows NT/2000 + clients will downgrade to using Lanman style printing + commands. Windows 9x/ME will be uneffected by the + parameter. However, this will also disable the ability + to upload printer drivers to a Samba server via the + Windows NT Add Printer Wizard or by using the NT + printer properties dialog window. It will also disable + + + + Page 41 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + the capability of Windows NT/2000 clients to download + print drivers from the Samba host upon demand. BBBBeeee vvvveeeerrrryyyy + ccccaaaarrrreeeeffffuuuullll aaaabbbboooouuuutttt eeeennnnaaaabbbblllliiiinnnngggg tttthhhhiiiissss ppppaaaarrrraaaammmmeeeetttteeeerrrr.... + + See also use client driver + + Default : ddddiiiissssaaaabbbblllleeee ssssppppoooooooollllssssssss ==== nnnnoooo + + ddddnnnnssss pppprrrrooooxxxxyyyy ((((GGGG)))) + Specifies that nmbd(8) when acting as a WINS server and + finding that a NetBIOS name has not been registered, + should treat the NetBIOS name word-for-word as a DNS + name and do a lookup with the DNS server for that name + on behalf of the name-querying client. + + Note that the maximum length for a NetBIOS name is 15 + characters, so the DNS name (or DNS alias) can likewise + only be 15 characters, maximum. + + nnnnmmmmbbbbdddd spawns a second copy of itself to do the DNS name + lookup requests, as doing a name lookup is a blocking + action. + + See also the parameter _w_i_n_s _s_u_p_p_o_r_t. + + Default: ddddnnnnssss pppprrrrooooxxxxyyyy ==== yyyyeeeessss + + ddddoooommmmaaaaiiiinnnn aaaaddddmmmmiiiinnnn ggggrrrroooouuuupppp ((((GGGG)))) + This parameter is intended as a temporary solution to + enable users to be a member of the "Domain Admins" + group when a Samba host is acting as a PDC. A complete + solution will be provided by a system for mapping + Windows NT/2000 groups onto UNIX groups. Please note + that this parameter has a somewhat confusing name. It + accepts a list of usernames and of group names in + standard _s_m_b._c_o_n_f notation. + + See also _d_o_m_a_i_n _g_u_e_s_t _g_r_o_u_p, _d_o_m_a_i_n _l_o_g_o_n_s + + Default: nnnnoooo ddddoooommmmaaaaiiiinnnn aaaaddddmmmmiiiinnnniiiissssttttrrrraaaattttoooorrrrssss + + Example: ddddoooommmmaaaaiiiinnnn aaaaddddmmmmiiiinnnn ggggrrrroooouuuupppp ==== rrrrooooooootttt @@@@wwwwhhhheeeeeeeellll + + ddddoooommmmaaaaiiiinnnn gggguuuueeeesssstttt ggggrrrroooouuuupppp ((((GGGG)))) + This parameter is intended as a temporary solution to + enable users to be a member of the "Domain Guests" + group when a Samba host is acting as a PDC. A complete + solution will be provided by a system for mapping + Windows NT/2000 groups onto UNIX groups. Please note + that this parameter has a somewhat confusing name. It + accepts a list of usernames and of group names in + standard _s_m_b._c_o_n_f notation. + + + + Page 42 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + See also _d_o_m_a_i_n _a_d_m_i_n _g_r_o_u_p, _d_o_m_a_i_n _l_o_g_o_n_s + + Default: nnnnoooo ddddoooommmmaaaaiiiinnnn gggguuuueeeessssttttssss + + Example: ddddoooommmmaaaaiiiinnnn gggguuuueeeesssstttt ggggrrrroooouuuupppp ==== nnnnoooobbbbooooddddyyyy @@@@gggguuuueeeesssstttt + + ddddoooommmmaaaaiiiinnnn llllooooggggoooonnnnssss ((((GGGG)))) + If set to yes, the Samba server will serve Windows + 95/98 Domain logons for the _w_o_r_k_g_r_o_u_p it is in. Samba + 2.2 also has limited capability to act as a domain + controller for Windows NT 4 Domains. For more details + on setting up this feature see the Samba-PDC-HOWTO + included in the _h_t_m_l_d_o_c_s/ directory shipped with the + source code. + + Default: ddddoooommmmaaaaiiiinnnn llllooooggggoooonnnnssss ==== nnnnoooo + + ddddoooommmmaaaaiiiinnnn mmmmaaaasssstttteeeerrrr ((((GGGG)))) + Tell nnnnmmmmbbbbdddd((((8888)))) to enable WAN-wide browse list collation. + Setting this option causes nnnnmmmmbbbbdddd to claim a special + domain specific NetBIOS name that identifies it as a + domain master browser for its given _w_o_r_k_g_r_o_u_p. Local + master browsers in the same _w_o_r_k_g_r_o_u_p on broadcast- + isolated subnets will give this nnnnmmmmbbbbdddd their local browse + lists, and then ask ssssmmmmbbbbdddd((((8888)))) for a complete copy of the + browse list for the whole wide area network. Browser + clients will then contact their local master browser, + and will receive the domain-wide browse list, instead + of just the list for their broadcast-isolated subnet. + + Note that Windows NT Primary Domain Controllers expect + to be able to claim this _w_o_r_k_g_r_o_u_p specific special + NetBIOS name that identifies them as domain master + browsers for that _w_o_r_k_g_r_o_u_p by default (i.e. there is + no way to prevent a Windows NT PDC from attempting to + do this). This means that if this parameter is set and + nnnnmmmmbbbbdddd claims the special name for a _w_o_r_k_g_r_o_u_p before a + Windows NT PDC is able to do so then cross subnet + browsing will behave strangely and may fail. + + If ddddoooommmmaaaaiiiinnnn llllooooggggoooonnnnssss ==== yyyyeeeessss , then the default behavior is + to enable the _d_o_m_a_i_n _m_a_s_t_e_r parameter. If _d_o_m_a_i_n _l_o_g_o_n_s + is not enabled (the default setting), then neither will + _d_o_m_a_i_n _m_a_s_t_e_r be enabled by default. + + Default: ddddoooommmmaaaaiiiinnnn mmmmaaaasssstttteeeerrrr ==== aaaauuuuttttoooo + + ddddoooonnnntttt ddddeeeesssscccceeeennnndddd ((((SSSS)))) + There are certain directories on some systems (e.g., + the /_p_r_o_c tree under Linux) that are either not of + interest to clients or are infinitely deep (recursive). + This parameter allows you to specify a comma-delimited + + + + Page 43 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + list of directories that the server should always show + as empty. + + Note that Samba can be very fussy about the exact + format of the "dont descend" entries. For example you + may need ./_p_r_o_c instead of just /_p_r_o_c. Experimentation + is the best policy :-) + + Default: nnnnoooonnnneeee ((((iiii....eeee....,,,, aaaallllllll ddddiiiirrrreeeeccccttttoooorrrriiiieeeessss aaaarrrreeee OOOOKKKK ttttoooo ddddeeeesssscccceeeennnndddd)))) + + Example: ddddoooonnnntttt ddddeeeesssscccceeeennnndddd ==== ////pppprrrroooocccc,,,,////ddddeeeevvvv + + ddddoooossss ffffiiiilllleeeemmmmooooddddeeee ((((SSSS)))) + The default behavior in Samba is to provide UNIX-like + behavior where only the owner of a file/directory is + able to change the permissions on it. However, this + behavior is often confusing to DOS/Windows users. + Enabling this parameter allows a user who has write + access to the file (by whatever means) to modify the + permissions on it. Note that a user belonging to the + group owning the file will not be allowed to change + permissions if the group is only granted read access. + Ownership of the file/directory is not changed, only + the permissions are modified. + + Default: ddddoooossss ffffiiiilllleeeemmmmooooddddeeee ==== nnnnoooo + + ddddoooossss ffffiiiilllleeeettttiiiimmmmeeee rrrreeeessssoooolllluuuuttttiiiioooonnnn ((((SSSS)))) + Under the DOS and Windows FAT filesystem, the finest + granularity on time resolution is two seconds. Setting + this parameter for a share causes Samba to round the + reported time down to the nearest two second boundary + when a query call that requires one second resolution + is made to ssssmmmmbbbbdddd((((8888)))) + + + This option is mainly used as a compatibility option + for Visual C++ when used against Samba shares. If + oplocks are enabled on a share, Visual C++ uses two + different time reading calls to check if a file has + changed since it was last read. One of these calls uses + a one-second granularity, the other uses a two second + granularity. As the two second call rounds any odd + second down, then if the file has a timestamp of an odd + number of seconds then the two timestamps will not + match and Visual C++ will keep reporting the file has + changed. Setting this option causes the two timestamps + to match, and Visual C++ is happy. + + Default: ddddoooossss ffffiiiilllleeeettttiiiimmmmeeee rrrreeeessssoooolllluuuuttttiiiioooonnnn ==== nnnnoooo + + ddddoooossss ffffiiiilllleeeettttiiiimmmmeeeessss ((((SSSS)))) + + + + Page 44 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Under DOS and Windows, if a user can write to a file + they can change the timestamp on it. Under POSIX + semantics, only the owner of the file or root may + change the timestamp. By default, Samba runs with POSIX + semantics and refuses to change the timestamp on a file + if the user ssssmmmmbbbbdddd is acting on behalf of is not the file + owner. Setting this option to yes allows DOS semantics + and smbd will change the file timestamp as DOS + requires. + + Default: ddddoooossss ffffiiiilllleeeettttiiiimmmmeeeessss ==== nnnnoooo + + eeeennnnccccrrrryyyypppptttt ppppaaaasssssssswwwwoooorrrrddddssss ((((GGGG)))) + This boolean controls whether encrypted passwords will + be negotiated with the client. Note that Windows NT 4.0 + SP3 and above and also Windows 98 will by default + expect encrypted passwords unless a registry entry is + changed. To use encrypted passwords in Samba see the + file ENCRYPTION.txt in the Samba documentation + directory _d_o_c_s/ shipped with the source code. + + In order for encrypted passwords to work correctly + ssssmmmmbbbbdddd((((8888)))) must either have access to a local _s_m_b_p_a_s_s_w_d(_5) + program for information on how to set up and maintain + this file), or set the security = [server|domain] + parameter which causes ssssmmmmbbbbdddd to authenticate against + another server. + + Default: eeeennnnccccrrrryyyypppptttt ppppaaaasssssssswwwwoooorrrrddddssss ==== nnnnoooo + + eeeennnnhhhhaaaannnncccceeeedddd bbbbrrrroooowwwwssssiiiinnnngggg ((((GGGG)))) + This option enables a couple of enhancements to cross- + subnet browse propagation that have been added in Samba + but which are not standard in Microsoft + implementations. + + The first enhancement to browse propagation consists of + a regular wildcard query to a Samba WINS server for all + Domain Master Browsers, followed by a browse + synchronization with each of the returned DMBs. The + second enhancement consists of a regular randomised + browse synchronization with all currently known DMBs. + + You may wish to disable this option if you have a + problem with empty workgroups not disappearing from + browse lists. Due to the restrictions of the browse + protocols these enhancements can cause a empty + workgroup to stay around forever which can be annoying. + + In general you should leave this option enabled as it + makes cross-subnet browse propagation much more + reliable. + + + + Page 45 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Default: eeeennnnhhhhaaaannnncccceeeedddd bbbbrrrroooowwwwssssiiiinnnngggg ==== yyyyeeeessss + + eeeennnnuuuummmmppppoooorrrrttttssss ccccoooommmmmmmmaaaannnndddd ((((GGGG)))) + The concept of a "port" is fairly foreign to UNIX + hosts. Under Windows NT/2000 print servers, a port is + associated with a port monitor and generally takes the + form of a local port (i.e. LPT1:, COM1:, FILE:) or a + remote port (i.e. LPD Port Monitor, etc...). By + default, Samba has only one port defined--"Samba + Printer Port". Under Windows NT/2000, all printers must + have a valid port name. If you wish to have a list of + ports displayed (ssssmmmmbbbbdddd does not use a port name for + anything) other than the default "Samba Printer Port", + you can define _e_n_u_m_p_o_r_t_s _c_o_m_m_a_n_d to point to a program + which should generate a list of ports, one per line, to + standard output. This listing will then be used in + response to the level 1 and 2 EnumPorts() RPC. + + Default: nnnnoooo eeeennnnuuuummmmppppoooorrrrttttssss ccccoooommmmmmmmaaaannnndddd + + Example: eeeennnnuuuummmmppppoooorrrrttttssss ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////lllliiiissssttttppppoooorrrrttttssss + + eeeexxxxeeeecccc ((((SSSS)))) + This is a synonym for _p_r_e_e_x_e_c. + + ffffaaaakkkkeeee ddddiiiirrrreeeeccccttttoooorrrryyyy ccccrrrreeeeaaaatttteeee ttttiiiimmmmeeeessss ((((SSSS)))) + NTFS and Windows VFAT file systems keep a create time + for all files and directories. This is not the same as + the ctime - status change time - that Unix keeps, so + Samba by default reports the earliest of the various + times Unix does keep. Setting this parameter for a + share causes Samba to always report midnight 1-1-1980 + as the create time for directories. + + This option is mainly used as a compatibility option + for Visual C++ when used against Samba shares. Visual + C++ generated makefiles have the object directory as a + dependency for each object file, and a make rule to + create the directory. Also, when NMAKE compares + timestamps it uses the creation time when examining a + directory. Thus the object directory will be created if + it does not exist, but once it does exist it will + always have an earlier timestamp than the object files + it contains. + + However, Unix time semantics mean that the create time + reported by Samba will be updated whenever a file is + created or or deleted in the directory. NMAKE finds all + object files in the object directory. The timestamp of + the last one built is then compared to the timestamp of + the object directory. If the directory's timestamp if + newer, then all object files will be rebuilt. Enabling + + + + Page 46 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + this option ensures directories always predate their + contents and an NMAKE build will proceed as expected. + + Default: ffffaaaakkkkeeee ddddiiiirrrreeeeccccttttoooorrrryyyy ccccrrrreeeeaaaatttteeee ttttiiiimmmmeeeessss ==== nnnnoooo + + ffffaaaakkkkeeee oooopppplllloooocccckkkkssss ((((SSSS)))) + Oplocks are the way that SMB clients get permission + from a server to locally cache file operations. If a + server grants an oplock (opportunistic lock) then the + client is free to assume that it is the only one + accessing the file and it will aggressively cache file + data. With some oplock types the client may even cache + file open/close operations. This can give enormous + performance benefits. + + When you set ffffaaaakkkkeeee oooopppplllloooocccckkkkssss ==== yyyyeeeessss, ssssmmmmbbbbdddd((((8888)))) will always + grant oplock requests no matter how many clients are + using the file. + + It is generally much better to use the real _o_p_l_o_c_k_s + support rather than this parameter. + + If you enable this option on all read-only shares or + shares that you know will only be accessed from one + client at a time such as physically read-only media + like CDROMs, you will see a big performance improvement + on many operations. If you enable this option on shares + where multiple clients may be accessing the files + read-write at the same time you can get data + corruption. Use this option carefully! + + Default: ffffaaaakkkkeeee oooopppplllloooocccckkkkssss ==== nnnnoooo + + ffffoooolllllllloooowwww ssssyyyymmmmlllliiiinnnnkkkkssss ((((SSSS)))) + This parameter allows the Samba administrator to stop + ssssmmmmbbbbdddd((((8888)))) from following symbolic links in a particular + share. Setting this parameter to no prevents any file + or directory that is a symbolic link from being + followed (the user will get an error). This option is + very useful to stop users from adding a symbolic link + to /_e_t_c/_p_a_s_s_w_d in their home directory for instance. + However it will slow filename lookups down slightly. + + This option is enabled (i.e. ssssmmmmbbbbdddd will follow symbolic + links) by default. + + Default: ffffoooolllllllloooowwww ssssyyyymmmmlllliiiinnnnkkkkssss ==== yyyyeeeessss + + ffffoooorrrrcccceeee ccccrrrreeeeaaaatttteeee mmmmooooddddeeee ((((SSSS)))) + This parameter specifies a set of UNIX mode bit + permissions that will aaaallllwwwwaaaayyyyssss be set on a file created + by Samba. This is done by bitwise 'OR'ing these bits + + + + Page 47 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + onto the mode bits of a file that is being created or + having its permissions changed. The default for this + parameter is (in octal) 000. The modes in this + parameter are bitwise 'OR'ed onto the file mode after + the mask set in the _c_r_e_a_t_e _m_a_s_k parameter is applied. + + See also the parameter _c_r_e_a_t_e _m_a_s_k for details on + masking mode bits on files. + + See also the _i_n_h_e_r_i_t _p_e_r_m_i_s_s_i_o_n_s parameter. + + Default: ffffoooorrrrcccceeee ccccrrrreeeeaaaatttteeee mmmmooooddddeeee ==== 000000000000 + + Example: ffffoooorrrrcccceeee ccccrrrreeeeaaaatttteeee mmmmooooddddeeee ==== 0000777755555555 + + would force all created files to have read and execute + permissions set for 'group' and 'other' as well as the + read/write/execute bits set for the 'user'. + + ffffoooorrrrcccceeee ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmooooddddeeee ((((SSSS)))) + This parameter specifies a set of UNIX mode bit + permissions that will aaaallllwwwwaaaayyyyssss be set on a directory + created by Samba. This is done by bitwise 'OR'ing these + bits onto the mode bits of a directory that is being + created. The default for this parameter is (in octal) + 0000 which will not add any extra permission bits to a + created directory. This operation is done after the + mode mask in the parameter _d_i_r_e_c_t_o_r_y _m_a_s_k is applied. + + See also the parameter _d_i_r_e_c_t_o_r_y _m_a_s_k for details on + masking mode bits on created directories. + + See also the _i_n_h_e_r_i_t _p_e_r_m_i_s_s_i_o_n_s parameter. + + Default: ffffoooorrrrcccceeee ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmooooddddeeee ==== 000000000000 + + Example: ffffoooorrrrcccceeee ddddiiiirrrreeeeccccttttoooorrrryyyy mmmmooooddddeeee ==== 0000777755555555 + + would force all created directories to have read and + execute permissions set for 'group' and 'other' as well + as the read/write/execute bits set for the 'user'. + + ffffoooorrrrcccceeee ddddiiiirrrreeeeccccttttoooorrrryyyy + This parameter controls what UNIX permission bits can + be modified when a Windows NT client is manipulating + the UNIX permission on a directory using the native NT + security dialog box. + + This parameter is applied as a mask (OR'ed with) to the + changed permission bits, thus forcing any bits in this + mask that the user may have modified to be on. + Essentially, one bits in this mask may be treated as a + + + + Page 48 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + set of bits that, when modifying security on a + directory, the user has always set to be 'on'. + + If not set explicitly this parameter is 000, which + allows a user to modify all the user/group/world + permissions on a directory without restrictions. + + NNNNooootttteeee that users who can access the Samba server through + other means can easily bypass this restriction, so it + is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably + want to leave it set as 0000. + + See also the _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_a_s_k, _s_e_c_u_r_i_t_y _m_a_s_k, + _f_o_r_c_e _s_e_c_u_r_i_t_y _m_o_d_e parameters. + + Default: ffffoooorrrrcccceeee ddddiiiirrrreeeeccccttttoooorrrryyyy sssseeeeccccuuuurrrriiiittttyyyy mmmmooooddddeeee ==== 0000 + + Example: ffffoooorrrrcccceeee ddddiiiirrrreeeeccccttttoooorrrryyyy sssseeeeccccuuuurrrriiiittttyyyy mmmmooooddddeeee ==== 777700000000 + + ffffoooorrrrcccceeee ggggrrrroooouuuupppp ((((SSSS)))) + This specifies a UNIX group name that will be assigned + as the default primary group for all users connecting + to this service. This is useful for sharing files by + ensuring that all access to files on service will use + the named group for their permissions checking. Thus, + by assigning permissions for this group to the files + and directories within this service the Samba + administrator can restrict or allow sharing of these + files. + + In Samba 2.0.5 and above this parameter has extended + functionality in the following way. If the group name + listed here has a '+' character prepended to it then + the current user accessing the share only has the + primary group default assigned to this group if they + are already assigned as a member of that group. This + allows an administrator to decide that only users who + are already in a particular group will create files + with group ownership set to that group. This gives a + finer granularity of ownership assignment. For example, + the setting _f_o_r_c_e _g_r_o_u_p = +_s_y_s means that only users + who are already in group sys will have their default + primary group assigned to sys when accessing this Samba + share. All other users will retain their ordinary + primary group. + + If the _f_o_r_c_e _u_s_e_r parameter is also set the group + specified in _f_o_r_c_e _g_r_o_u_p will override the primary + group set in _f_o_r_c_e _u_s_e_r. + + See also _f_o_r_c_e _u_s_e_r. + + + + Page 49 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Default: nnnnoooo ffffoooorrrrcccceeeedddd ggggrrrroooouuuupppp + + Example: ffffoooorrrrcccceeee ggggrrrroooouuuupppp ==== aaaaggggrrrroooouuuupppp + + ffffoooorrrrcccceeee sssseeeeccccuuuurrrriiiittttyyyy mmmmooooddddeeee ((((SSSS)))) + This parameter controls what UNIX permission bits can + be modified when a Windows NT client is manipulating + the UNIX permission on a file using the native NT + security dialog box. + + This parameter is applied as a mask (OR'ed with) to the + changed permission bits, thus forcing any bits in this + mask that the user may have modified to be on. + Essentially, one bits in this mask may be treated as a + set of bits that, when modifying security on a file, + the user has always set to be 'on'. + + If not set explicitly this parameter is set to 0, and + allows a user to modify all the user/group/world + permissions on a file, with no restrictions. + + NNNNooootttteeee that users who can access the Samba server through + other means can easily bypass this restriction, so it + is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably + want to leave this set to 0000. + + See also the _f_o_r_c_e _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_o_d_e, _d_i_r_e_c_t_o_r_y + _s_e_c_u_r_i_t_y _m_a_s_k, _s_e_c_u_r_i_t_y _m_a_s_k parameters. + + Default: ffffoooorrrrcccceeee sssseeeeccccuuuurrrriiiittttyyyy mmmmooooddddeeee ==== 0000 + + Example: ffffoooorrrrcccceeee sssseeeeccccuuuurrrriiiittttyyyy mmmmooooddddeeee ==== 777700000000 + + ffffoooorrrrcccceeee uuuunnnnkkkknnnnoooowwwwnnnn aaaaccccllll uuuusssseeeerrrr ((((SSSS)))) + If this parameter is set, a Windows NT ACL that + contains an unknown SID (security descriptor, or + representation of a user or group id) as the owner or + group owner of the file will be silently mapped into + the current UNIX uid or gid of the currently connected + user. + + This is designed to allow Windows NT clients to copy + files and folders containing ACLs that were created + locally on the client machine and contain users local + to that machine only (no domain users) to be copied to + a Samba server (usually with XCOPY /O) and have the + unknown userid and groupid of the file owner map to the + current connected user. This can only be fixed + correctly when winbindd allows arbitrary mapping from + any Windows NT SID to a UNIX uid or gid. + + + + + Page 50 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Try using this parameter when XCOPY /O gives an + ACCESS_DENIED error. + + See also _f_o_r_c_e _g_r_o_u_p + + Default: FFFFaaaallllsssseeee + + Example: ffffoooorrrrcccceeee uuuunnnnkkkknnnnoooowwwwnnnn aaaaccccllll uuuusssseeeerrrr ==== yyyyeeeessss + + ffffoooorrrrcccceeee uuuusssseeeerrrr ((((SSSS)))) + This specifies a UNIX user name that will be assigned + as the default user for all users connecting to this + service. This is useful for sharing files. You should + also use it carefully as using it incorrectly can cause + security problems. + + This user name only gets used once a connection is + established. Thus clients still need to connect as a + valid user and supply a valid password. Once connected, + all file operations will be performed as the "forced + user", no matter what username the client connected as. + This can be very useful. + + In Samba 2.0.5 and above this parameter also causes the + primary group of the forced user to be used as the + primary group for all file activity. Prior to 2.0.5 the + primary group was left as the primary group of the + connecting user (this was a bug). + + See also _f_o_r_c_e _g_r_o_u_p + + Default: nnnnoooo ffffoooorrrrcccceeeedddd uuuusssseeeerrrr + + Example: ffffoooorrrrcccceeee uuuusssseeeerrrr ==== aaaauuuusssseeeerrrr + + ffffssssttttyyyyppppeeee ((((SSSS)))) + This parameter allows the administrator to configure + the string that specifies the type of filesystem a + share is using that is reported by ssssmmmmbbbbdddd((((8888)))) + when a client queries the filesystem type for a share. + The default type is NTFS for compatibility with Windows + NT but this can be changed to other strings such as + Samba or FAT if required. + + Default: ffffssssttttyyyyppppeeee ==== NNNNTTTTFFFFSSSS + + Example: ffffssssttttyyyyppppeeee ==== SSSSaaaammmmbbbbaaaa + + ggggeeeettttwwwwdddd ccccaaaacccchhhheeee ((((GGGG)))) + This is a tuning option. When this is enabled a caching + algorithm will be used to reduce the time taken for + getwd() calls. This can have a significant impact on + + + + Page 51 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + performance, especially when the _w_i_d_e _l_i_n_k_s parameter + is set to no. + + Default: ggggeeeettttwwwwdddd ccccaaaacccchhhheeee ==== yyyyeeeessss + + ggggrrrroooouuuupppp ((((SSSS)))) + Synonym for _f_o_r_c_e _g_r_o_u_p. + + gggguuuueeeesssstttt aaaaccccccccoooouuuunnnntttt ((((SSSS)))) + This is a username which will be used for access to + services which are specified as _g_u_e_s_t _o_k (see below). + Whatever privileges this user has will be available to + any client connecting to the guest service. Typically + this user will exist in the password file, but will not + have a valid login. The user account "ftp" is often a + good choice for this parameter. If a username is + specified in a given service, the specified username + overrides this one. + + One some systems the default guest account "nobody" may + not be able to print. Use another account in this case. + You should test this by trying to log in as your guest + user (perhaps by using the ssssuuuu ---- command) and trying to + print using the system print command such as llllpppprrrr((((1111)))) or + llllpppp((((1111)))). + + Default: ssssppppeeeecccciiiiffffiiiieeeedddd aaaatttt ccccoooommmmppppiiiilllleeee ttttiiiimmmmeeee,,,, uuuussssuuuuaaaallllllllyyyy """"nnnnoooobbbbooooddddyyyy"""" + + Example: gggguuuueeeesssstttt aaaaccccccccoooouuuunnnntttt ==== ffffttttpppp + + gggguuuueeeesssstttt ooookkkk ((((SSSS)))) + If this parameter is yes for a service, then no + password is required to connect to the service. + Privileges will be those of the _g_u_e_s_t _a_c_c_o_u_n_t. + + See the section below on _s_e_c_u_r_i_t_y for more information + about this option. + + Default: gggguuuueeeesssstttt ooookkkk ==== nnnnoooo + + gggguuuueeeesssstttt oooonnnnllllyyyy ((((SSSS)))) + If this parameter is yes for a service, then only guest + connections to the service are permitted. This + parameter will have no effect if _g_u_e_s_t _o_k is not set + for the service. + + See the section below on _s_e_c_u_r_i_t_y for more information + about this option. + + Default: gggguuuueeeesssstttt oooonnnnllllyyyy ==== nnnnoooo + + hhhhiiiiddddeeee ddddooootttt ffffiiiilllleeeessss ((((SSSS)))) + + + + Page 52 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + This is a boolean parameter that controls whether files + starting with a dot appear as hidden files. + + Default: hhhhiiiiddddeeee ddddooootttt ffffiiiilllleeeessss ==== yyyyeeeessss + + hhhhiiiiddddeeee ffffiiiilllleeeessss((((SSSS)))) + This is a list of files or directories that are not + visible but are accessible. The DOS 'hidden' attribute + is applied to any files or directories that match. + + Each entry in the list must be separated by a '/', + which allows spaces to be included in the entry. '*' + and '?' can be used to specify multiple files or + directories as in DOS wildcards. + + Each entry must be a Unix path, not a DOS path and must + not include the Unix directory separator '/'. + + Note that the case sensitivity option is applicable in + hiding files. + + Setting this parameter will affect the performance of + Samba, as it will be forced to check all files and + directories for a match as they are scanned. + + See also _h_i_d_e _d_o_t _f_i_l_e_s, _v_e_t_o _f_i_l_e_s and _c_a_s_e + _s_e_n_s_i_t_i_v_e. + + Default: nnnnoooo ffffiiiilllleeee aaaarrrreeee hhhhiiiiddddddddeeeennnn + + Example: hhhhiiiiddddeeee ffffiiiilllleeeessss ==== + ////....****////DDDDeeeesssskkkkttttooooppppFFFFoooollllddddeeeerrrrDDDDBBBB////TTTTrrrraaaasssshhhhFFFFoooorrrr%%%%mmmm////rrrreeeessssoooouuuurrrrcccceeee....ffffrrrrkkkk//// + + The above example is based on files that the Macintosh + SMB client (DAVE) available from Thursby + <URL:http://www.thursby.com> creates for internal use, + and also still hides all files beginning with a dot. + + hhhhiiiiddddeeee llllooooccccaaaallll uuuusssseeeerrrrssss((((GGGG)))) + This parameter toggles the hiding of local UNIX users + (root, wheel, floppy, etc) from remote clients. + + Default: hhhhiiiiddddeeee llllooooccccaaaallll uuuusssseeeerrrrssss ==== nnnnoooo + + hhhhiiiiddddeeee uuuunnnnrrrreeeeaaaaddddaaaabbbblllleeee ((((SSSS)))) + This parameter prevents clients from seeing the + existance of files that cannot be read. Defaults to + off. + + Default: hhhhiiiiddddeeee uuuunnnnrrrreeeeaaaaddddaaaabbbblllleeee ==== nnnnoooo + + hhhhoooommmmeeeeddddiiiirrrr mmmmaaaapppp ((((GGGG)))) + + + + Page 53 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + If_n_i_s _h_o_m_e_d_i_r is yes, and ssssmmmmbbbbdddd((((8888)))) is also acting as a + Win95/98 _l_o_g_o_n _s_e_r_v_e_r then this parameter specifies the + NIS (or YP) map from which the server for the user's + home directory should be extracted. At present, only + the Sun auto.home map format is understood. The form of + the map is: + + uuuusssseeeerrrrnnnnaaaammmmeeee sssseeeerrrrvvvveeeerrrr::::////ssssoooommmmeeee////ffffiiiilllleeee////ssssyyyysssstttteeeemmmm + + and the program will extract the servername from before + the first ':'. There should probably be a better + parsing system that copes with different map formats + and also Amd (another automounter) maps. + + NNNNOOOOTTTTEEEE ::::A working NIS client is required on the system + for this option to work. + + See also _n_i_s _h_o_m_e_d_i_r , _d_o_m_a_i_n _l_o_g_o_n_s . + + Default: hhhhoooommmmeeeeddddiiiirrrr mmmmaaaapppp ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + Example: hhhhoooommmmeeeeddddiiiirrrr mmmmaaaapppp ==== aaaammmmdddd....hhhhoooommmmeeeeddddiiiirrrr + + hhhhoooosssstttt mmmmssssddddffffssss ((((GGGG)))) + This boolean parameter is only available if Samba has + been configured and compiled with the --------wwwwiiiitttthhhh----mmmmssssddddffffssss + option. If set to yes, Samba will act as a Dfs server, + and allow Dfs-aware clients to browse Dfs trees hosted + on the server. + + See also the _m_s_d_f_s _r_o_o_t share level parameter. For + more information on setting up a Dfs tree on Samba, + refer to msdfs_setup.html + + Default: hhhhoooosssstttt mmmmssssddddffffssss ==== nnnnoooo + + hhhhoooossssttttssss aaaalllllllloooowwww ((((SSSS)))) + A synonym for this parameter is _a_l_l_o_w _h_o_s_t_s. + + This parameter is a comma, space, or tab delimited set + of hosts which are permitted to access a service. + + If specified in the [global] section then it will apply + to all services, regardless of whether the individual + service has a different setting. + + You can specify the hosts by name or IP number. For + example, you could restrict access to only the hosts on + a Class C subnet with something like aaaalllllllloooowwww hhhhoooossssttttssss ==== + 111155550000....222200003333....5555.... . The full syntax of the list is described + in the man page _h_o_s_t_s__a_c_c_e_s_s(_5). Note that this man + page may not be present on your system, so a brief + + + + Page 54 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + description will be given here also. + + Note that the localhost address 127.0.0.1 will always + be allowed access unless specifically denied by a _h_o_s_t_s + _d_e_n_y option. + + You can also specify hosts by network/netmask pairs and + by netgroup names if your system supports netgroups. + The EEEEXXXXCCCCEEEEPPPPTTTT keyword can also be used to limit a wildcard + list. The following examples may provide some help: + + Example 1: allow all IPs in 150.203.*.*; except one + + hhhhoooossssttttssss aaaalllllllloooowwww ==== 111155550000....222200003333.... EEEEXXXXCCCCEEEEPPPPTTTT 111155550000....222200003333....6666....66666666 + + Example 2: allow hosts that match the given + network/netmask + + hhhhoooossssttttssss aaaalllllllloooowwww ==== 111155550000....222200003333....11115555....0000////222255555555....222255555555....222255555555....0000 + + Example 3: allow a couple of hosts + + hhhhoooossssttttssss aaaalllllllloooowwww ==== llllaaaappppllllaaaannnndddd,,,, aaaarrrrvvvviiiiddddssssjjjjaaaauuuurrrr + + Example 4: allow only hosts in NIS netgroup "foonet", + but deny access from one particular host + + hhhhoooossssttttssss aaaalllllllloooowwww ==== @@@@ffffoooooooonnnneeeetttt + + hhhhoooossssttttssss ddddeeeennnnyyyy ==== ppppiiiirrrraaaatttteeee + + Note that access still requires suitable user-level + passwords. + + See tttteeeessssttttppppaaaarrrrmmmm((((1111)))) + for a way of testing your host access to see if it + does what you expect. + + Default: nnnnoooonnnneeee ((((iiii....eeee....,,,, aaaallllllll hhhhoooossssttttssss ppppeeeerrrrmmmmiiiitttttttteeeedddd aaaacccccccceeeessssssss)))) + + Example: aaaalllllllloooowwww hhhhoooossssttttssss ==== 111155550000....222200003333....5555.... mmmmyyyyhhhhoooosssstttt....mmmmyyyynnnneeeetttt....eeeedddduuuu....aaaauuuu + + hhhhoooossssttttssss ddddeeeennnnyyyy ((((SSSS)))) + The opposite of _h_o_s_t_s _a_l_l_o_w - hosts listed here are NNNNOOOOTTTT + permitted access to services unless the specific + services have their own lists to override this one. + Where the lists conflict, the _a_l_l_o_w list takes + precedence. + + Default: nnnnoooonnnneeee ((((iiii....eeee....,,,, nnnnoooo hhhhoooossssttttssss ssssppppeeeecccciiiiffffiiiiccccaaaallllllllyyyy eeeexxxxcccclllluuuuddddeeeedddd)))) + + Example: hhhhoooossssttttssss ddddeeeennnnyyyy ==== 111155550000....222200003333....4444.... bbbbaaaaddddhhhhoooosssstttt....mmmmyyyynnnneeeetttt....eeeedddduuuu....aaaauuuu + + + + Page 55 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + hhhhoooossssttttssss eeeeqqqquuuuiiiivvvv ((((GGGG)))) + If this global parameter is a non-null string, it + specifies the name of a file to read for the names of + hosts and users who will be allowed access without + specifying a password. + + This is not be confused with _h_o_s_t_s _a_l_l_o_w which is + about hosts access to services and is more useful for + guest services. _h_o_s_t_s _e_q_u_i_v may be useful for NT + clients which will not supply passwords to Samba. + + NNNNOOOOTTTTEEEE :::: The use of _h_o_s_t_s _e_q_u_i_v can be a major security + hole. This is because you are trusting the PC to supply + the correct username. It is very easy to get a PC to + supply a false username. I recommend that the _h_o_s_t_s + _e_q_u_i_v option be only used if you really know what you + are doing, or perhaps on a home network where you trust + your spouse and kids. And only if you rrrreeeeaaaallllllllyyyy trust them + :-). + + Default: nnnnoooo hhhhoooosssstttt eeeeqqqquuuuiiiivvvvaaaalllleeeennnncccceeeessss + + Example: hhhhoooossssttttssss eeeeqqqquuuuiiiivvvv ==== ////eeeettttcccc////hhhhoooossssttttssss....eeeeqqqquuuuiiiivvvv + + iiiinnnncccclllluuuuddddeeee ((((GGGG)))) + This allows you to include one config file inside + another. The file is included literally, as though + typed in place. + + It takes the standard substitutions, except %_u , %_P and + %_S. + + Default: nnnnoooo ffffiiiilllleeee iiiinnnncccclllluuuuddddeeeedddd + + Example: iiiinnnncccclllluuuuddddeeee ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////lllliiiibbbb////aaaaddddmmmmiiiinnnn____ssssmmmmbbbb....ccccoooonnnnffff + + iiiinnnnhhhheeeerrrriiiitttt aaaaccccllllssss ((((SSSS)))) + This parameter can be used to ensure that if default + acls exist on parent directories, they are always + honored when creating a subdirectory. The default + behavior is to use the mode specified when creating the + directory. Enabling this option sets the mode to 0777, + thus guaranteeing that default directory acls are + propagated. + + Default: iiiinnnnhhhheeeerrrriiiitttt aaaaccccllllssss ==== nnnnoooo + + iiiinnnnhhhheeeerrrriiiitttt ppppeeeerrrrmmmmiiiissssssssiiiioooonnnnssss ((((SSSS)))) + The permissions on new files and directories are + normally governed by _c_r_e_a_t_e _m_a_s_k, _d_i_r_e_c_t_o_r_y _m_a_s_k, + _f_o_r_c_e _c_r_e_a_t_e _m_o_d_e and _f_o_r_c_e _d_i_r_e_c_t_o_r_y _m_o_d_e but the + boolean inherit permissions parameter overrides this. + + + + Page 56 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + New directories inherit the mode of the parent + directory, including bits such as setgid. + + New files inherit their read/write bits from the parent + directory. Their execute bits continue to be determined + by _m_a_p _a_r_c_h_i_v_e , _m_a_p _h_i_d_d_e_n and _m_a_p _s_y_s_t_e_m as usual. + + Note that the setuid bit is nnnneeeevvvveeeerrrr set via inheritance + (the code explicitly prohibits this). + + This can be particularly useful on large systems with + many users, perhaps several thousand, to allow a single + [homes] share to be used flexibly by each user. + + See also _c_r_e_a_t_e _m_a_s_k , _d_i_r_e_c_t_o_r_y _m_a_s_k, _f_o_r_c_e _c_r_e_a_t_e + _m_o_d_e and _f_o_r_c_e _d_i_r_e_c_t_o_r_y _m_o_d_e . + + Default: iiiinnnnhhhheeeerrrriiiitttt ppppeeeerrrrmmmmiiiissssssssiiiioooonnnnssss ==== nnnnoooo + + iiiinnnntttteeeerrrrffffaaaacccceeeessss ((((GGGG)))) + This option allows you to override the default network + interfaces list that Samba will use for browsing, name + registration and other NBT traffic. By default Samba + will query the kernel for the list of all active + interfaces and use any interfaces except 127.0.0.1 that + are broadcast capable. + + The option takes a list of interface strings. Each + string can be in any of the following forms: + + o+ a network interface name (such as eth0). This may + include shell-like wildcards so eth* will match any + interface starting with the substring "eth" + + o+ an IP address. In this case the netmask is determined + from the list of interfaces obtained from the kernel + + o+ an IP/mask pair. + + o+ a broadcast/mask pair. + + The "mask" parameters can either be a bit length (such as 24 + for a C class network) or a full netmask in dotted decimal + form. + + The "IP" parameters above can either be a full dotted + decimal IP address or a hostname which will be looked up via + the OS's normal hostname resolution mechanisms. + + For example, the following line: + + iiiinnnntttteeeerrrrffffaaaacccceeeessss ==== eeeetttthhhh0000 111199992222....111166668888....2222....11110000////22224444 111199992222....111166668888....3333....11110000////222255555555....222255555555....222255555555....0000 + + + + Page 57 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + would configure three network interfaces corresponding to + the eth0 device and IP addresses 192.168.2.10 and + 192.168.3.10. The netmasks of the latter two interfaces + would be set to 255.255.255.0. + + See also _b_i_n_d _i_n_t_e_r_f_a_c_e_s _o_n_l_y. + + Default: aaaallllllll aaaaccccttttiiiivvvveeee iiiinnnntttteeeerrrrffffaaaacccceeeessss eeeexxxxcccceeeepppptttt 111122227777....0000....0000....1111 tttthhhhaaaatttt aaaarrrreeee + bbbbrrrrooooaaaaddddccccaaaasssstttt ccccaaaappppaaaabbbblllleeee + + iiiinnnnvvvvaaaalllliiiidddd uuuusssseeeerrrrssss ((((SSSS)))) + This is a list of users that should not be allowed to + login to this service. This is really a ppppaaaarrrraaaannnnooooiiiidddd check + to absolutely ensure an improper setting does not + breach your security. + + A name starting with a '@' is interpreted as an NIS + netgroup first (if your system supports NIS), and then + as a UNIX group if the name was not found in the NIS + netgroup database. + + A name starting with '+' is interpreted only by looking + in the UNIX group database. A name starting with '&' is + interpreted only by looking in the NIS netgroup + database (this requires NIS to be working on your + system). The characters '+' and '&' may be used at the + start of the name in either order so the value +&_g_r_o_u_p + means check the UNIX group database, followed by the + NIS netgroup database, and the value &+_g_r_o_u_p means + check the NIS netgroup database, followed by the UNIX + group database (the same as the '@' prefix). + + The current servicename is substituted for %_S. This is + useful in the [homes] section. + + See also _v_a_l_i_d _u_s_e_r_s . + + Default: nnnnoooo iiiinnnnvvvvaaaalllliiiidddd uuuusssseeeerrrrssss + + Example: iiiinnnnvvvvaaaalllliiiidddd uuuusssseeeerrrrssss ==== rrrrooooooootttt ffffrrrreeeedddd aaaaddddmmmmiiiinnnn @@@@wwwwhhhheeeeeeeellll + + kkkkeeeeeeeeppppaaaalllliiiivvvveeee ((((GGGG)))) + The value of the parameter (an integer) represents the + number of seconds between _k_e_e_p_a_l_i_v_e packets. If this + parameter is zero, no keepalive packets will be sent. + Keepalive packets, if sent, allow the server to tell + whether a client is still present and responding. + + Keepalives should, in general, not be needed if the + socket being used has the SO_KEEPALIVE attribute set on + it (see _s_o_c_k_e_t _o_p_t_i_o_n_s). Basically you should only use + this option if you strike difficulties. + + + + Page 58 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Default: kkkkeeeeeeeeppppaaaalllliiiivvvveeee ==== 333300000000 + + Example: kkkkeeeeeeeeppppaaaalllliiiivvvveeee ==== 666600000000 + + kkkkeeeerrrrnnnneeeellll oooopppplllloooocccckkkkssss ((((GGGG)))) + For UNIXes that support kernel based _o_p_l_o_c_k_s (currently + only IRIX and the Linux 2.4 kernel), this parameter + allows the use of them to be turned on or off. + + Kernel oplocks support allows Samba _o_p_l_o_c_k_s to be + broken whenever a local UNIX process or NFS operation + accesses a file that ssssmmmmbbbbdddd((((8888)))) + has oplocked. This allows complete data consistency + between SMB/CIFS, NFS and local file access (and is a + vvvveeeerrrryyyy cool feature :-). + + This parameter defaults to on, but is translated to a + no-op on systems that no not have the necessary kernel + support. You should never need to touch this + parameter. + + See also the _o_p_l_o_c_k_s and _l_e_v_e_l_2 _o_p_l_o_c_k_s parameters. + + Default: kkkkeeeerrrrnnnneeeellll oooopppplllloooocccckkkkssss ==== yyyyeeeessss + + llllaaaannnnmmmmaaaannnn aaaauuuutttthhhh ((((GGGG)))) + This parameter determines whether or not smbd will + attempt to authenticate users using the LANMAN password + hash. If disabled, only clients which support NT + password hashes (e.g. Windows NT/2000 clients, + smbclient, etc... but not Windows 95/98 or the MS DOS + network client) will be able to connect to the Samba + host. + + Default : llllaaaannnnmmmmaaaannnn aaaauuuutttthhhh ==== yyyyeeeessss + + llllaaaarrrrggggeeee rrrreeeeaaaaddddwwwwrrrriiiitttteeee ((((GGGG)))) + This parameter determines whether or not smbd supports + the new 64k streaming read and write varient SMB + requests introduced with Windows 2000. Note that due to + Windows 2000 client redirector bugs this requires Samba + to be running on a 64-bit capable operating system such + as IRIX, Solaris or a Linux 2.4 kernel. Can improve + performance by 10% with Windows 2000 clients. Defaults + to on. Windows NT 4.0 only supports read version of + this call, and ignores the write version. + + Default : llllaaaarrrrggggeeee rrrreeeeaaaaddddwwwwrrrriiiitttteeee ==== yyyyeeeessss + + llllddddaaaapppp aaaaddddmmmmiiiinnnn ddddnnnn ((((GGGG)))) + This parameter is only available if Samba has been + configure to include the --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm option at + + + + Page 59 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + compile time. This option should be considered + experimental and under active development. + + The _l_d_a_p _a_d_m_i_n _d_n defines the Distinguished Name (DN) + name used by Samba to contact the ldap server when + retreiving user account information. The _l_d_a_p _a_d_m_i_n _d_n + is used in conjunction with the admin dn password + stored in the _p_r_i_v_a_t_e/_s_e_c_r_e_t_s._t_d_b file. See the + ssssmmmmbbbbppppaaaasssssssswwwwdddd((((8888)))) man page for more information on how to + accmplish this. + + Default : nnnnoooonnnneeee + + llllddddaaaapppp ffffiiiilllltttteeeerrrr ((((GGGG)))) + This parameter is only available if Samba has been + configure to include the --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm option at + compile time. This option should be considered + experimental and under active development. + + This parameter specifies the RFC 2254 compliant LDAP + search filter. The default is to match the login name + with the uid attribute for all entries matching the + sambaAccount objectclass. Note that this filter should + only return one entry. + + Default : llllddddaaaapppp ffffiiiilllltttteeeerrrr ==== + ((((&&&&((((uuuuiiiidddd====%%%%uuuu))))((((oooobbbbjjjjeeeeccccttttccccllllaaaassssssss====ssssaaaammmmbbbbaaaaAAAAccccccccoooouuuunnnntttt)))))))) + + llllddddaaaapppp ppppoooorrrrtttt ((((GGGG)))) + This parameter is only available if Samba has been + configure to include the --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm option at + compile time. This option should be considered + experimental and under active development. + + This option is used to control the tcp port number used + to contact the _l_d_a_p _s_e_r_v_e_r. The default is to use the + stand LDAPS port 636. + + See Also: ldap ssl + + Default : llllddddaaaapppp ppppoooorrrrtttt ==== 666633336666 ;;;; iiiiffff llllddddaaaapppp ssssssssllll ==== oooonnnn + + Default : llllddddaaaapppp ppppoooorrrrtttt ==== 333388889999 ;;;; iiiiffff llllddddaaaapppp ssssssssllll ==== ooooffffffff + + llllddddaaaapppp sssseeeerrrrvvvveeeerrrr ((((GGGG)))) + This parameter is only available if Samba has been + configure to include the --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm option at + compile time. This option should be considered + experimental and under active development. + + This parameter should contains the FQDN of the ldap + directory server which should be queried to locate user + + + + Page 60 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + account information. + + Default : llllddddaaaapppp sssseeeerrrrvvvveeeerrrr ==== llllooooccccaaaallllhhhhoooosssstttt + + llllddddaaaapppp ssssssssllll ((((GGGG)))) + This parameter is only available if Samba has been + configure to include the --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm option at + compile time. This option should be considered + experimental and under active development. + + This option is used to define whether or not Samba + should use SSL when connecting to the _l_d_a_p _s_e_r_v_e_r. This + is NNNNOOOOTTTT related to Samba SSL support which is enabled by + specifying the --------wwwwiiiitttthhhh----ssssssssllll option to the _c_o_n_f_i_g_u_r_e + script (see _s_s_l). + + The _l_d_a_p _s_s_l can be set to one of three values: (a) on + - Always use SSL when contacting the _l_d_a_p _s_e_r_v_e_r, (b) + off - Never use SSL when querying the directory, or (c) + start_tls - Use the LDAPv3 StartTLS extended operation + (RFC2830) for communicating with the directory server. + + Default : llllddddaaaapppp ssssssssllll ==== oooonnnn + + llllddddaaaapppp ssssuuuuffffffffiiiixxxx ((((GGGG)))) + This parameter is only available if Samba has been + configure to include the --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm option at + compile time. This option should be considered + experimental and under active development. + + Default : nnnnoooonnnneeee + + lllleeeevvvveeeellll2222 oooopppplllloooocccckkkkssss ((((SSSS)))) + This parameter controls whether Samba supports level2 + (read-only) oplocks on a share. + + Level2, or read-only oplocks allow Windows NT clients + that have an oplock on a file to downgrade from a + read-write oplock to a read-only oplock once a second + client opens the file (instead of releasing all oplocks + on a second open, as in traditional, exclusive + oplocks). This allows all openers of the file that + support level2 oplocks to cache the file for read-ahead + only (ie. they may not cache writes or lock requests) + and increases performance for many accesses of files + that are not commonly written (such as application .EXE + files). + + Once one of the clients which have a read-only oplock + writes to the file all clients are notified (no reply + is needed or waited for) and told to break their + oplocks to "none" and delete any read-ahead caches. + + + + Page 61 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + It is recommended that this parameter be turned on to + speed access to shared executables. + + For more discussions on level2 oplocks see the CIFS + spec. + + Currently, if _k_e_r_n_e_l _o_p_l_o_c_k_s are supported then level2 + oplocks are not granted (even if this parameter is set + to yes). Note also, the _o_p_l_o_c_k_s parameter must be set + to yes on this share in order for this parameter to + have any effect. + + See also the _o_p_l_o_c_k_s and _k_e_r_n_e_l _o_p_l_o_c_k_s parameters. + + Default: lllleeeevvvveeeellll2222 oooopppplllloooocccckkkkssss ==== yyyyeeeessss + + llllmmmm aaaannnnnnnnoooouuuunnnncccceeee ((((GGGG)))) + This parameter determines if nnnnmmmmbbbbdddd((((8888)))) will produce + Lanman announce broadcasts that are needed by OS/2 + clients in order for them to see the Samba server in + their browse list. This parameter can have three + values, yes, no, or auto. The default is auto. If set + to no Samba will never produce these broadcasts. If set + to yes Samba will produce Lanman announce broadcasts at + a frequency set by the parameter _l_m _i_n_t_e_r_v_a_l. If set to + auto Samba will not send Lanman announce broadcasts by + default but will listen for them. If it hears such a + broadcast on the wire it will then start sending them + at a frequency set by the parameter _l_m _i_n_t_e_r_v_a_l. + + See also _l_m _i_n_t_e_r_v_a_l . + + Default: llllmmmm aaaannnnnnnnoooouuuunnnncccceeee ==== aaaauuuuttttoooo + + Example: llllmmmm aaaannnnnnnnoooouuuunnnncccceeee ==== yyyyeeeessss + + llllmmmm iiiinnnntttteeeerrrrvvvvaaaallll ((((GGGG)))) + If Samba is set to produce Lanman announce broadcasts + needed by OS/2 clients (see the _l_m _a_n_n_o_u_n_c_e parameter) + then this parameter defines the frequency in seconds + with which they will be made. If this is set to zero + then no Lanman announcements will be made despite the + setting of the _l_m _a_n_n_o_u_n_c_e parameter. + + See also _l_m _a_n_n_o_u_n_c_e. + + Default: llllmmmm iiiinnnntttteeeerrrrvvvvaaaallll ==== 66660000 + + Example: llllmmmm iiiinnnntttteeeerrrrvvvvaaaallll ==== 111122220000 + + llllooooaaaadddd pppprrrriiiinnnntttteeeerrrrssss ((((GGGG)))) + A boolean variable that controls whether all printers + + + + Page 62 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + in the printcap will be loaded for browsing by default. + See the printers section for more details. + + Default: llllooooaaaadddd pppprrrriiiinnnntttteeeerrrrssss ==== yyyyeeeessss + + llllooooccccaaaallll mmmmaaaasssstttteeeerrrr ((((GGGG)))) + This option allows nnnnmmmmbbbbdddd((((8888)))) to try and become a local + master browser on a subnet. If set to no then nnnnmmmmbbbbdddd + will not attempt to become a local master browser on a + subnet and will also lose in all browsing elections. By + default this value is set to yes. Setting this value to + yes doesn't mean that Samba will bbbbeeeeccccoooommmmeeee the local + master browser on a subnet, just that nnnnmmmmbbbbdddd will + ppppaaaarrrrttttiiiicccciiiippppaaaatttteeee in elections for local master browser. + + Setting this value to no will cause nnnnmmmmbbbbdddd nnnneeeevvvveeeerrrr to + become a local master browser. + + Default: llllooooccccaaaallll mmmmaaaasssstttteeeerrrr ==== yyyyeeeessss + + lllloooocccckkkk ddddiiiirrrr ((((GGGG)))) + Synonym for _l_o_c_k _d_i_r_e_c_t_o_r_y. + + lllloooocccckkkk ddddiiiirrrreeeeccccttttoooorrrryyyy ((((GGGG)))) + This option specifies the directory where lock files + will be placed. The lock files are used to implement + the _m_a_x _c_o_n_n_e_c_t_i_o_n_s option. + + Default: lllloooocccckkkk ddddiiiirrrreeeeccccttttoooorrrryyyy ==== $$$${{{{pppprrrreeeeffffiiiixxxx}}}}////vvvvaaaarrrr////lllloooocccckkkkssss + + Example: lllloooocccckkkk ddddiiiirrrreeeeccccttttoooorrrryyyy ==== ////vvvvaaaarrrr////rrrruuuunnnn////ssssaaaammmmbbbbaaaa////lllloooocccckkkkssss + + lllloooocccckkkk ssssppppiiiinnnn ccccoooouuuunnnntttt ((((GGGG)))) + This parameter controls the number of times that smbd + should attempt to gain a byte range lock on the behalf + of a client request. Experiments have shown that + Windows 2k servers do not reply with a failure if the + lock could not be immediately granted, but try a few + more times in case the lock could later be aquired. + This behavior is used to support PC database formats + such as MS Access and FoxPro. + + Default: lllloooocccckkkk ssssppppiiiinnnn ccccoooouuuunnnntttt ==== 2222 + + lllloooocccckkkk ssssppppiiiinnnn ttttiiiimmmmeeee ((((GGGG)))) + The time in microseconds that smbd should pause before + attempting to gain a failed lock. See _l_o_c_k _s_p_i_n _c_o_u_n_t + for more details. + + Default: lllloooocccckkkk ssssppppiiiinnnn ttttiiiimmmmeeee ==== 11110000 + + lllloooocccckkkkiiiinnnngggg ((((SSSS)))) + + + + Page 63 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + This controls whether or not locking will be performed + by the server in response to lock requests from the + client. + + If lllloooocccckkkkiiiinnnngggg ==== nnnnoooo, all lock and unlock requests will + appear to succeed and all lock queries will report that + the file in question is available for locking. + + If lllloooocccckkkkiiiinnnngggg ==== yyyyeeeessss, real locking will be performed by the + server. + + This option mmmmaaaayyyy be useful for read-only filesystems + which mmmmaaaayyyy not need locking (such as CDROM drives), + although setting this parameter of no is not really + recommended even in this case. + + Be careful about disabling locking either globally or + in a specific service, as lack of locking may result in + data corruption. You should never need to set this + parameter. + + Default: lllloooocccckkkkiiiinnnngggg ==== yyyyeeeessss + + lllloooogggg ffffiiiilllleeee ((((GGGG)))) + This option allows you to override the name of the + Samba log file (also known as the debug file). + + This option takes the standard substitutions, allowing + you to have separate log files for each user or + machine. + + Example: lllloooogggg ffffiiiilllleeee ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////vvvvaaaarrrr////lllloooogggg....%%%%mmmm + + lllloooogggg lllleeeevvvveeeellll ((((GGGG)))) + The value of the parameter (an integer) allows the + debug level (logging level) to be specified in the + _s_m_b._c_o_n_f file. This is to give greater flexibility in + the configuration of the system. + + The default will be the log level specified on the + command line or level zero if none was specified. + + Example: lllloooogggg lllleeeevvvveeeellll ==== 3333 + + llllooooggggoooonnnn ddddrrrriiiivvvveeee ((((GGGG)))) + This parameter specifies the local path to which the + home directory will be connected (see _l_o_g_o_n _h_o_m_e) and + is only used by NT Workstations. + + Note that this option is only useful if Samba is set up + as a logon server. + + + + + Page 64 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Default: llllooooggggoooonnnn ddddrrrriiiivvvveeee ==== zzzz:::: + + Example: llllooooggggoooonnnn ddddrrrriiiivvvveeee ==== hhhh:::: + + llllooooggggoooonnnn hhhhoooommmmeeee ((((GGGG)))) + This parameter specifies the home directory location + when a Win95/98 or NT Workstation logs into a Samba + PDC. It allows you to do + + C:\> NNNNEEEETTTT UUUUSSSSEEEE HHHH:::: ////HHHHOOOOMMMMEEEE + + from a command prompt, for example. + + This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or + machine. + + This parameter can be used with Win9X workstations to + ensure that roaming profiles are stored in a + subdirectory of the user's home directory. This is done + in the following way: + + llllooooggggoooonnnn hhhhoooommmmeeee ==== \\\\\\\\%%%%NNNN\\\\%%%%UUUU\\\\pppprrrrooooffffiiiilllleeee + + This tells Samba to return the above string, with + substitutions made when a client requests the info, + generally in a NetUserGetInfo request. Win9X clients + truncate the info to \\server\share when a user does + nnnneeeetttt uuuusssseeee ////hhhhoooommmmeeee but use the whole string when dealing + with profiles. + + Note that in prior versions of Samba, the _l_o_g_o_n _p_a_t_h + was returned rather than _l_o_g_o_n _h_o_m_e. This broke nnnneeeetttt uuuusssseeee + ////hhhhoooommmmeeee but allowed profiles outside the home directory. + The current implementation is correct, and can be used + for profiles if you use the above trick. + + This option is only useful if Samba is set up as a + logon server. + + Default: llllooooggggoooonnnn hhhhoooommmmeeee ==== """"\\\\\\\\%%%%NNNN\\\\%%%%UUUU"""" + + Example: llllooooggggoooonnnn hhhhoooommmmeeee ==== """"\\\\\\\\rrrreeeemmmmooootttteeee____ssssmmmmbbbb____sssseeeerrrrvvvveeeerrrr\\\\%%%%UUUU"""" + + llllooooggggoooonnnn ppppaaaatttthhhh ((((GGGG)))) + This parameter specifies the home directory where + roaming profiles (NTuser.dat etc files for Windows NT) + are stored. Contrary to previous versions of these + manual pages, it has nothing to do with Win 9X roaming + profiles. To find out how to handle roaming profiles + for Win 9X system, see the _l_o_g_o_n _h_o_m_e parameter. + + + + + Page 65 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or + machine. It also specifies the directory from which the + "Application Data", (_d_e_s_k_t_o_p, _s_t_a_r_t _m_e_n_u, _n_e_t_w_o_r_k + _n_e_i_g_h_b_o_r_h_o_o_d, _p_r_o_g_r_a_m_s and other folders, and their + contents, are loaded and displayed on your Windows NT + client. + + The share and the path must be readable by the user for + the preferences and directories to be loaded onto the + Windows NT client. The share must be writeable when the + user logs in for the first time, in order that the + Windows NT client can create the NTuser.dat and other + directories. + + Thereafter, the directories and any of the contents + can, if required, be made read-only. It is not + advisable that the NTuser.dat file be made read-only - + rename it to NTuser.man to achieve the desired effect + (a MMMMAAAANNNNdatory profile). + + Windows clients can sometimes maintain a connection to + the [homes] share, even though there is no user logged + in. Therefore, it is vital that the logon path does not + include a reference to the homes share (i.e. setting + this parameter to \%N\%U\profile_path will cause + problems). + + This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or + machine. + + Note that this option is only useful if Samba is set up + as a logon server. + + Default: llllooooggggoooonnnn ppppaaaatttthhhh ==== \\\\\\\\%%%%NNNN\\\\%%%%UUUU\\\\pppprrrrooooffffiiiilllleeee + + Example: llllooooggggoooonnnn ppppaaaatttthhhh ==== \\\\\\\\PPPPRRRROOOOFFFFIIIILLLLEEEESSSSEEEERRRRVVVVEEEERRRR\\\\PPPPRRRROOOOFFFFIIIILLLLEEEE\\\\%%%%UUUU + + llllooooggggoooonnnn ssssccccrrrriiiipppptttt ((((GGGG)))) + This parameter specifies the batch file (.bat) or NT + command file (.cmd) to be downloaded and run on a + machine when a user successfully logs in. The file must + contain the DOS style CR/LF line endings. Using a DOS- + style editor to create the file is recommended. + + The script must be a relative path to the [netlogon] + service. If the [netlogon] service specifies a _p_a_t_h of + /_u_s_r/_l_o_c_a_l/_s_a_m_b_a/_n_e_t_l_o_g_o_n , and llllooooggggoooonnnn ssssccccrrrriiiipppptttt ==== + SSSSTTTTAAAARRRRTTTTUUUUPPPP....BBBBAAAATTTT, then the file that will be downloaded is: + + /_u_s_r/_l_o_c_a_l/_s_a_m_b_a/_n_e_t_l_o_g_o_n/_S_T_A_R_T_U_P._B_A_T + + + + Page 66 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + The contents of the batch file are entirely your + choice. A suggested command would be to add NNNNEEEETTTT TTTTIIIIMMMMEEEE + \\\\\\\\SSSSEEEERRRRVVVVEEEERRRR ////SSSSEEEETTTT ////YYYYEEEESSSS, to force every machine to + synchronize clocks with the same time server. Another + use would be to add NNNNEEEETTTT UUUUSSSSEEEE UUUU:::: \\\\\\\\SSSSEEEERRRRVVVVEEEERRRR\\\\UUUUTTTTIIIILLLLSSSS for + commonly used utilities, or NNNNEEEETTTT UUUUSSSSEEEE QQQQ:::: + \\\\\\\\SSSSEEEERRRRVVVVEEEERRRR\\\\IIIISSSSOOOO9999000000001111____QQQQAAAA for example. + + Note that it is particularly important not to allow + write access to the [netlogon] share, or to grant users + write permission on the batch files in a secure + environment, as this would allow the batch files to be + arbitrarily modified and security to be breached. + + This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or + machine. + + This option is only useful if Samba is set up as a + logon server. + + Default: nnnnoooo llllooooggggoooonnnn ssssccccrrrriiiipppptttt ddddeeeeffffiiiinnnneeeedddd + + Example: llllooooggggoooonnnn ssssccccrrrriiiipppptttt ==== ssssccccrrrriiiippppttttssss\\\\%%%%UUUU....bbbbaaaatttt + + llllppppppppaaaauuuusssseeee ccccoooommmmmmmmaaaannnndddd ((((SSSS)))) + This parameter specifies the command to be executed on + the server host in order to stop printing or spooling a + specific print job. + + This command should be a program or script which takes + a printer name and job number to pause the print job. + One way of implementing this is by using job + priorities, where jobs having a too low priority won't + be sent to the printer. + + If a %_p is given then the printer name is put in its + place. A %_j is replaced with the job number (an + integer). On HPUX (see _p_r_i_n_t_i_n_g=_h_p_u_x ), if the -_p%_p + option is added to the lpq command, the job will show + up with the correct status, i.e. if the job priority is + lower than the set fence priority it will have the + PAUSED status, whereas if the priority is equal or + higher it will have the SPOOLED or PRINTING status. + + Note that it is good practice to include the absolute + path in the lppause command as the PATH may not be + available to the server. + + See also the _p_r_i_n_t_i_n_g parameter. + + Default: Currently no default value is given to this + + + + Page 67 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + string, unless the value of the _p_r_i_n_t_i_n_g parameter is + SYSV, in which case the default is : + + llllpppp ----iiii %%%%pppp----%%%%jjjj ----HHHH hhhhoooolllldddd + + or if the value of the _p_r_i_n_t_i_n_g parameter is SOFTQ, + then the default is: + + qqqqssssttttaaaatttt ----ssss ----jjjj%%%%jjjj ----hhhh + + Example for HPUX: llllppppppppaaaauuuusssseeee ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////llllppppaaaalllltttt %%%%pppp---- + %%%%jjjj ----pppp0000 + + llllppppqqqq ccccaaaacccchhhheeee ttttiiiimmmmeeee ((((GGGG)))) + This controls how long lpq info will be cached for to + prevent the llllppppqqqq command being called too often. A + separate cache is kept for each variation of the llllppppqqqq + command used by the system, so if you use different llllppppqqqq + commands for different users then they won't share + cache information. + + The cache files are stored in /_t_m_p/_l_p_q._x_x_x_x where xxxx + is a hash of the llllppppqqqq command in use. + + The default is 10 seconds, meaning that the cached + results of a previous identical llllppppqqqq command will be + used if the cached data is less than 10 seconds old. A + large value may be advisable if your llllppppqqqq command is + very slow. + + A value of 0 will disable caching completely. + + See also the _p_r_i_n_t_i_n_g parameter. + + Default: llllppppqqqq ccccaaaacccchhhheeee ttttiiiimmmmeeee ==== 11110000 + + Example: llllppppqqqq ccccaaaacccchhhheeee ttttiiiimmmmeeee ==== 33330000 + + llllppppqqqq ccccoooommmmmmmmaaaannnndddd ((((SSSS)))) + This parameter specifies the command to be executed on + the server host in order to obtain llllppppqqqq -style printer + status information. + + This command should be a program or script which takes + a printer name as its only parameter and outputs + printer status information. + + Currently nine styles of printer status information are + supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, + and SOFTQ. This covers most UNIX systems. You control + which type is expected using the _p_r_i_n_t_i_n_g = option. + + + + + Page 68 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Some clients (notably Windows for Workgroups) may not + correctly send the connection number for the printer + they are requesting status information about. To get + around this, the server reports on the first printer + service connected to by the client. This only happens + if the connection number sent is invalid. + + If a %_p is given then the printer name is put in its + place. Otherwise it is placed at the end of the + command. + + Note that it is good practice to include the absolute + path in the _l_p_q _c_o_m_m_a_n_d as the $$$$PPPPAAAATTTTHHHH may not be + available to the server. When compiled with the CUPS + libraries, no _l_p_q _c_o_m_m_a_n_d is needed because smbd will + make a library call to obtain the print queue listing. + + See also the _p_r_i_n_t_i_n_g parameter. + + Default: ddddeeeeppppeeeennnnddddssss oooonnnn tttthhhheeee sssseeeettttttttiiiinnnngggg ooooffff _p_r_i_n_t_i_n_g + + Example: llllppppqqqq ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////llllppppqqqq ----PPPP%%%%pppp + + llllpppprrrreeeessssuuuummmmeeee ccccoooommmmmmmmaaaannnndddd ((((SSSS)))) + This parameter specifies the command to be executed on + the server host in order to restart or continue + printing or spooling a specific print job. + + This command should be a program or script which takes + a printer name and job number to resume the print job. + See also the _l_p_p_a_u_s_e _c_o_m_m_a_n_d parameter. + + If a %_p is given then the printer name is put in its + place. A %_j is replaced with the job number (an + integer). + + Note that it is good practice to include the absolute + path in the _l_p_r_e_s_u_m_e _c_o_m_m_a_n_d as the PATH may not be + available to the server. + + See also the _p_r_i_n_t_i_n_g parameter. + + Default: Currently no default value is given to this + string, unless the value of the _p_r_i_n_t_i_n_g parameter is + SYSV, in which case the default is : + + llllpppp ----iiii %%%%pppp----%%%%jjjj ----HHHH rrrreeeessssuuuummmmeeee + + or if the value of the _p_r_i_n_t_i_n_g parameter is SOFTQ, + then the default is: + + qqqqssssttttaaaatttt ----ssss ----jjjj%%%%jjjj ----rrrr + + + + Page 69 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Example for HPUX: llllpppprrrreeeessssuuuummmmeeee ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////llllppppaaaalllltttt + %%%%pppp----%%%%jjjj ----pppp2222 + + llllpppprrrrmmmm ccccoooommmmmmmmaaaannnndddd ((((SSSS)))) + This parameter specifies the command to be executed on + the server host in order to delete a print job. + + This command should be a program or script which takes + a printer name and job number, and deletes the print + job. + + If a %_p is given then the printer name is put in its + place. A %_j is replaced with the job number (an + integer). + + Note that it is good practice to include the absolute + path in the _l_p_r_m _c_o_m_m_a_n_d as the PATH may not be + available to the server. + + See also the _p_r_i_n_t_i_n_g parameter. + + Default: ddddeeeeppppeeeennnnddddssss oooonnnn tttthhhheeee sssseeeettttttttiiiinnnngggg ooooffff _p_r_i_n_t_i_n_g + + Example 1: llllpppprrrrmmmm ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////llllpppprrrrmmmm ----PPPP%%%%pppp %%%%jjjj + + Example 2: llllpppprrrrmmmm ccccoooommmmmmmmaaaannnndddd ==== ////uuuussssrrrr////bbbbiiiinnnn////ccccaaaannnncccceeeellll %%%%pppp----%%%%jjjj + + mmmmaaaacccchhhhiiiinnnneeee ppppaaaasssssssswwwwoooorrrrdddd ttttiiiimmmmeeeeoooouuuutttt ((((GGGG)))) + If a Samba server is a member of a Windows NT Domain + (see the security = domain) parameter) then + periodically a running smbd(8) process will try and + change the MACHINE ACCOUNT PASSWORD stored in the TDB + called _p_r_i_v_a_t_e/_s_e_c_r_e_t_s._t_d_b . This parameter specifies + how often this password will be changed, in seconds. + The default is one week (expressed in seconds), the + same as a Windows NT Domain member server. + + See also ssssmmmmbbbbppppaaaasssssssswwwwdddd((((8888)))) + and the security = domain) parameter. + + Default: mmmmaaaacccchhhhiiiinnnneeee ppppaaaasssssssswwwwoooorrrrdddd ttttiiiimmmmeeeeoooouuuutttt ==== 666600004444888800000000 + + mmmmaaaaggggiiiicccc oooouuuuttttppppuuuutttt ((((SSSS)))) + This parameter specifies the name of a file which will + contain output created by a magic script (see the _m_a_g_i_c + _s_c_r_i_p_t parameter below). + + Warning: If two clients use the same _m_a_g_i_c _s_c_r_i_p_t in + the same directory the output file content is + undefined. + + Default: mmmmaaaaggggiiiicccc oooouuuuttttppppuuuutttt ==== <<<<mmmmaaaaggggiiiicccc ssssccccrrrriiiipppptttt nnnnaaaammmmeeee>>>>....oooouuuutttt + + + + Page 70 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Example: mmmmaaaaggggiiiicccc oooouuuuttttppppuuuutttt ==== mmmmyyyyffffiiiilllleeee....ttttxxxxtttt + + mmmmaaaaggggiiiicccc ssssccccrrrriiiipppptttt ((((SSSS)))) + This parameter specifies the name of a file which, if + opened, will be executed by the server when the file is + closed. This allows a UNIX script to be sent to the + Samba host and executed on behalf of the connected + user. + + Scripts executed in this way will be deleted upon + completion assuming that the user has the appropriate + level of privilege and the file permissions allow the + deletion. + + If the script generates output, output will be sent to + the file specified by the _m_a_g_i_c _o_u_t_p_u_t parameter (see + above). + + Note that some shells are unable to interpret scripts + containing CR/LF instead of CR as the end-of-line + marker. Magic scripts must be executable aaaassss iiiissss on the + host, which for some hosts and some shells will require + filtering at the DOS end. + + Magic scripts are EEEEXXXXPPPPEEEERRRRIIIIMMMMEEEENNNNTTTTAAAALLLL and should NNNNOOOOTTTT be relied + upon. + + Default: NNNNoooonnnneeee.... MMMMaaaaggggiiiicccc ssssccccrrrriiiippppttttssss ddddiiiissssaaaabbbblllleeeedddd.... + + Example: mmmmaaaaggggiiiicccc ssssccccrrrriiiipppptttt ==== uuuusssseeeerrrr....ccccsssshhhh + + mmmmaaaannnngggglllleeee ccccaaaasssseeee ((((SSSS)))) + See the section on NAME MANGLING + + Default: mmmmaaaannnngggglllleeee ccccaaaasssseeee ==== nnnnoooo + + mmmmaaaannnngggglllleeeedddd mmmmaaaapppp ((((SSSS)))) + This is for those who want to directly map UNIX file + names which cannot be represented on Windows/DOS. The + mangling of names is not always what is needed. In + particular you may have documents with file extensions + that differ between DOS and UNIX. For example, under + UNIX it is common to use ._h_t_m_l for HTML files, whereas + under Windows/DOS ._h_t_m is more commonly used. + + So to map _h_t_m_l to _h_t_m you would use: + + mmmmaaaannnngggglllleeeedddd mmmmaaaapppp ==== ((((****....hhhhttttmmmmllll ****....hhhhttttmmmm)))) + + One very useful case is to remove the annoying ;_1 off + the ends of filenames on some CDROMs (only visible + under some UNIXes). To do this use a map of (*;1 *;). + + + + Page 71 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Default: nnnnoooo mmmmaaaannnngggglllleeeedddd mmmmaaaapppp + + Example: mmmmaaaannnngggglllleeeedddd mmmmaaaapppp ==== ((((****;;;;1111 ****;;;;)))) + + mmmmaaaannnngggglllleeeedddd nnnnaaaammmmeeeessss ((((SSSS)))) + This controls whether non-DOS names under UNIX should + be mapped to DOS-compatible names ("mangled") and made + visible, or whether non-DOS names should simply be + ignored. + + See the section on NAME MANGLING for details on how to + control the mangling process. + + If mangling algorithm "hash" is used then the mangling + algorithm is as follows: + + o+ The first (up to) five alphanumeric characters before + the rightmost dot of the filename are preserved, + forced to upper case, and appear as the first (up to) + five characters of the mangled name. + + o+ A tilde "~" is appended to the first part of the + mangled name, followed by a two-character unique + sequence, based on the original root name (i.e., the + original filename minus its final extension). The + final extension is included in the hash calculation + only if it contains any upper case characters or is + longer than three characters. + + Note that the character to use may be specified using + the _m_a_n_g_l_i_n_g _c_h_a_r option, if you don't like '~'. + + o+ The first three alphanumeric characters of the final + extension are preserved, forced to upper case and + appear as the extension of the mangled name. The + final extension is defined as that part of the + original filename after the rightmost dot. If there + are no dots in the filename, the mangled name will + have no extension (except in the case of "hidden + files" - see below). + + o+ Files whose UNIX name begins with a dot will be + presented as DOS hidden files. The mangled name will + be created as for other filenames, but with the + leading dot removed and "___" as its extension + regardless of actual original extension (that's three + underscores). + + The two-digit hash value consists of upper case alphanumeric + characters. + + This algorithm can cause name collisions only if files in a + + + + Page 72 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + directory share the same first five alphanumeric characters. + The probability of such a clash is 1/1300. + + If mangling algorithm "hash2" is used then the mangling + algorithm is as follows: + + o+ The first alphanumeric character before the rightmost + dot of the filename is preserved, forced to upper + case, and appears as the first character of the + mangled name. + + o+ A base63 hash of 5 characters is generated and the + first 4 characters of that hash are appended to the + first character. + + o+ A tilde "~" is appended to the first part of the + mangled name, followed by the final character of the + base36 hash of the name. + + Note that the character to use may be specified using + the _m_a_n_g_l_i_n_g _c_h_a_r option, if you don't like '~'. + + o+ The first three alphanumeric characters of the final + extension are preserved, forced to upper case and + appear as the extension of the mangled name. The + final extension is defined as that part of the + original filename after the rightmost dot. If there + are no dots in the filename, the mangled name will + have no extension (except in the case of "hidden + files" - see below). + + o+ Files whose UNIX name begins with a dot will be + presented as DOS hidden files. The mangled name will + be created as for other filenames, but with the + leading dot removed and "___" as its extension + regardless of actual original extension (that's three + underscores). + + The name mangling (if enabled) allows a file to be copied + between UNIX directories from Windows/DOS while retaining + the long UNIX filename. UNIX files can be renamed to a new + extension from Windows/DOS and will retain the same + basename. Mangled names do not change between sessions. + + Default: mmmmaaaannnngggglllleeeedddd nnnnaaaammmmeeeessss ==== yyyyeeeessss + + mmmmaaaannnngggglllleeeedddd ssssttttaaaacccckkkk ((((GGGG)))) + This parameter controls the number of mangled names + that should be cached in the Samba server smbd(8) + + This stack is a list of recently mangled base names + (extensions are only maintained if they are longer than + + + + Page 73 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + 3 characters or contains upper case characters). + + The larger this value, the more likely it is that + mangled names can be successfully converted to correct + long UNIX names. However, large stack sizes will slow + most directory accesses. Smaller stacks save memory in + the server (each stack element costs 256 bytes). + + It is not possible to absolutely guarantee correct long + filenames, so be prepared for some surprises! + + Default: mmmmaaaannnngggglllleeeedddd ssssttttaaaacccckkkk ==== 55550000 + + Example: mmmmaaaannnngggglllleeeedddd ssssttttaaaacccckkkk ==== 111100000000 + + mmmmaaaannnngggglllliiiinnnngggg cccchhhhaaaarrrr ((((SSSS)))) + This controls what character is used as the mmmmaaaaggggiiiicccc + character in name mangling. The default is a '~' but + this may interfere with some software. Use this option + to set it to whatever you prefer. + + Default: mmmmaaaannnngggglllliiiinnnngggg cccchhhhaaaarrrr ==== ~~~~ + + Example: mmmmaaaannnngggglllliiiinnnngggg cccchhhhaaaarrrr ==== ^^^^ + + mmmmaaaannnngggglllliiiinnnngggg mmmmaaaatttthhhhoooodddd((((GGGG)))) + controls the algorithm used for the generating the + mangled names. Can take two different values, "hash" + and "hash2". "hash" is the default and is the algorithm + that has been used in Samba for many years. "hash2" is + a newer and considered a better algorithm (generates + less collisions) in the names. However, many Win32 + applications store the mangled names and so changing to + the new algorithm must not be done lightly as these + applications may break unless reinstalled. New + installations of Samba may set the default to hash2. + + Default: mmmmaaaannnngggglllliiiinnnngggg mmmmeeeetttthhhhoooodddd ==== hhhhaaaasssshhhh + + Example: mmmmaaaannnngggglllliiiinnnngggg mmmmeeeetttthhhhoooodddd ==== hhhhaaaasssshhhh2222 + + mmmmaaaapppp aaaarrrrcccchhhhiiiivvvveeee ((((SSSS)))) + This controls whether the DOS archive attribute should + be mapped to the UNIX owner execute bit. The DOS + archive bit is set when a file has been modified since + its last backup. One motivation for this option it to + keep Samba/your PC from making any file it touches from + becoming executable under UNIX. This can be quite + annoying for shared source code, documents, etc... + + Note that this requires the _c_r_e_a_t_e _m_a_s_k parameter to be + set such that owner execute bit is not masked out (i.e. + + + + Page 74 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + it must include 100). See the parameter _c_r_e_a_t_e _m_a_s_k + for details. + + Default: mmmmaaaapppp aaaarrrrcccchhhhiiiivvvveeee ==== yyyyeeeessss + + mmmmaaaapppp hhhhiiiiddddddddeeeennnn ((((SSSS)))) + This controls whether DOS style hidden files should be + mapped to the UNIX world execute bit. + + Note that this requires the _c_r_e_a_t_e _m_a_s_k to be set such + that the world execute bit is not masked out (i.e. it + must include 001). See the parameter _c_r_e_a_t_e _m_a_s_k for + details. + + Default: mmmmaaaapppp hhhhiiiiddddddddeeeennnn ==== nnnnoooo + + mmmmaaaapppp ssssyyyysssstttteeeemmmm ((((SSSS)))) + This controls whether DOS style system files should be + mapped to the UNIX group execute bit. + + Note that this requires the _c_r_e_a_t_e _m_a_s_k to be set such + that the group execute bit is not masked out (i.e. it + must include 010). See the parameter _c_r_e_a_t_e _m_a_s_k for + details. + + Default: mmmmaaaapppp ssssyyyysssstttteeeemmmm ==== nnnnoooo + + mmmmaaaapppp ttttoooo gggguuuueeeesssstttt ((((GGGG)))) + This parameter is only useful in security modes other + than _s_e_c_u_r_i_t_y = _s_h_a_r_e - i.e. user, server, and domain. + + This parameter can take three different values, which + tell smbd(8) what to do with user login requests that + don't match a valid UNIX user in some way. + + The three settings are : + + o+ Never - Means user login requests with an invalid + password are rejected. This is the default. + + o+ Bad User - Means user logins with an invalid password + are rejected, unless the username does not exist, in + which case it is treated as a guest login and mapped + into the _g_u_e_s_t _a_c_c_o_u_n_t. + + o+ Bad Password - Means user logins with an invalid + password are treated as a guest login and mapped into + the guest account. Note that this can cause problems + as it means that any user incorrectly typing their + password will be silently logged on as "guest" - and + will not know the reason they cannot access files + they think they should - there will have been no + + + + Page 75 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + message given to them that they got their password + wrong. Helpdesk services will hhhhaaaatttteeee you if you set the + _m_a_p _t_o _g_u_e_s_t parameter this way :-). + + Note that this parameter is needed to set up "Guest" share + services when using _s_e_c_u_r_i_t_y modes other than share. This is + because in these modes the name of the resource being + requested is nnnnooootttt sent to the server until after the server + has successfully authenticated the client so the server + cannot make authentication decisions at the correct time + (connection to the share) for "Guest" shares. + + For people familiar with the older Samba releases, this + parameter maps to the old compile-time setting of the + GUEST_SESSSETUP value in local.h. + + Default: mmmmaaaapppp ttttoooo gggguuuueeeesssstttt ==== NNNNeeeevvvveeeerrrr + + Example: mmmmaaaapppp ttttoooo gggguuuueeeesssstttt ==== BBBBaaaadddd UUUUsssseeeerrrr + + mmmmaaaaxxxx ccccoooonnnnnnnneeeeccccttttiiiioooonnnnssss ((((SSSS)))) + This option allows the number of simultaneous + connections to a service to be limited. If _m_a_x + _c_o_n_n_e_c_t_i_o_n_s is greater than 0 then connections will be + refused if this number of connections to the service + are already open. A value of zero mean an unlimited + number of connections may be made. + + Record lock files are used to implement this feature. + The lock files will be stored in the directory + specified by the _l_o_c_k _d_i_r_e_c_t_o_r_y option. + + Default: mmmmaaaaxxxx ccccoooonnnnnnnneeeeccccttttiiiioooonnnnssss ==== 0000 + + Example: mmmmaaaaxxxx ccccoooonnnnnnnneeeeccccttttiiiioooonnnnssss ==== 11110000 + + mmmmaaaaxxxx ddddiiiisssskkkk ssssiiiizzzzeeee ((((GGGG)))) + This option allows you to put an upper limit on the + apparent size of disks. If you set this option to 100 + then all shares will appear to be not larger than 100 + MB in size. + + Note that this option does not limit the amount of data + you can put on the disk. In the above case you could + still store much more than 100 MB on the disk, but if a + client ever asks for the amount of free disk space or + the total disk size then the result will be bounded by + the amount specified in _m_a_x _d_i_s_k _s_i_z_e. + + This option is primarily useful to work around bugs in + some pieces of software that can't handle very large + disks, particularly disks over 1GB in size. + + + + Page 76 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + A _m_a_x _d_i_s_k _s_i_z_e of 0 means no limit. + + Default: mmmmaaaaxxxx ddddiiiisssskkkk ssssiiiizzzzeeee ==== 0000 + + Example: mmmmaaaaxxxx ddddiiiisssskkkk ssssiiiizzzzeeee ==== 1111000000000000 + + mmmmaaaaxxxx lllloooogggg ssssiiiizzzzeeee ((((GGGG)))) + This option (an integer in kilobytes) specifies the max + size the log file should grow to. Samba periodically + checks the size and if it is exceeded it will rename + the file, adding a ._o_l_d extension. + + A size of 0 means no limit. + + Default: mmmmaaaaxxxx lllloooogggg ssssiiiizzzzeeee ==== 5555000000000000 + + Example: mmmmaaaaxxxx lllloooogggg ssssiiiizzzzeeee ==== 1111000000000000 + + mmmmaaaaxxxx mmmmuuuuxxxx ((((GGGG)))) + This option controls the maximum number of outstanding + simultaneous SMB operations that Samba tells the client + it will allow. You should never need to set this + parameter. + + Default: mmmmaaaaxxxx mmmmuuuuxxxx ==== 55550000 + + mmmmaaaaxxxx ooooppppeeeennnn ffffiiiilllleeeessss ((((GGGG)))) + This parameter limits the maximum number of open files + that one smbd(8) file serving process may have open for + a client at any one time. The default for this + parameter is set very high (10,000) as Samba uses only + one bit per unopened file. + + The limit of the number of open files is usually set by + the UNIX per-process file descriptor limit rather than + this parameter so you should never need to touch this + parameter. + + Default: mmmmaaaaxxxx ooooppppeeeennnn ffffiiiilllleeeessss ==== 11110000000000000000 + + mmmmaaaaxxxx pppprrrriiiinnnntttt jjjjoooobbbbssss ((((SSSS)))) + This parameter limits the maximum number of jobs + allowable in a Samba printer queue at any given moment. + If this number is exceeded, ssssmmmmbbbbdddd((((8888)))) will remote "Out + of Space" to the client. See all _t_o_t_a_l _p_r_i_n_t _j_o_b_s. + + Default: mmmmaaaaxxxx pppprrrriiiinnnntttt jjjjoooobbbbssss ==== 1111000000000000 + + Example: mmmmaaaaxxxx pppprrrriiiinnnntttt jjjjoooobbbbssss ==== 5555000000000000 + + mmmmaaaaxxxx pppprrrroooottttooooccccoooollll ((((GGGG)))) + The value of the parameter (a string) is the highest + + + + Page 77 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + protocol level that will be supported by the server. + + Possible values are : + + o+ CORE: Earliest version. No concept of user names. + + o+ COREPLUS: Slight improvements on CORE for efficiency. + + o+ LANMAN1: First mmmmooooddddeeeerrrrnnnn version of the protocol. Long + filename support. + + o+ LANMAN2: Updates to Lanman1 protocol. + + o+ NT1: Current up to date version of the protocol. Used + by Windows NT. Known as CIFS. + + Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol. + + See also _m_i_n _p_r_o_t_o_c_o_l + + Default: mmmmaaaaxxxx pppprrrroooottttooooccccoooollll ==== NNNNTTTT1111 + + Example: mmmmaaaaxxxx pppprrrroooottttooooccccoooollll ==== LLLLAAAANNNNMMMMAAAANNNN1111 + + mmmmaaaaxxxx ssssmmmmbbbbdddd pppprrrroooocccceeeesssssssseeeessss ((((GGGG)))) + This parameter limits the maximum number of ssssmmmmbbbbdddd((((8888)))) + processes concurrently running on a system and is + intended as a stopgap to prevent degrading service to + clients in the event that the server has insufficient + resources to handle more than this number of + connections. Remember that under normal operating + conditions, each user will have an smbd associated with + him or her to handle connections to all shares from a + given host. + + Default: mmmmaaaaxxxx ssssmmmmbbbbdddd pppprrrroooocccceeeesssssssseeeessss ==== 0000 ## no limit + + Example: mmmmaaaaxxxx ssssmmmmbbbbdddd pppprrrroooocccceeeesssssssseeeessss ==== 1111000000000000 + + mmmmaaaaxxxx ttttttttllll ((((GGGG)))) + This option tells nmbd(8) what the default 'time to + live' of NetBIOS names should be (in seconds) when nnnnmmmmbbbbdddd + is requesting a name using either a broadcast packet or + from a WINS server. You should never need to change + this parameter. The default is 3 days. + + Default: mmmmaaaaxxxx ttttttttllll ==== 222255559999222200000000 + + mmmmaaaaxxxx wwwwiiiinnnnssss ttttttttllll ((((GGGG)))) + This option tells nmbd(8) + + + + Page 78 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + when acting as a WINS server ( _w_i_n_s _s_u_p_p_o_r_t = _y_e_s) + what the maximum 'time to live' of NetBIOS names that + nnnnmmmmbbbbdddd will grant will be (in seconds). You should never + need to change this parameter. The default is 6 days + (518400 seconds). + + See also the _m_i_n _w_i_n_s _t_t_l parameter. + + Default: mmmmaaaaxxxx wwwwiiiinnnnssss ttttttttllll ==== 555511118888444400000000 + + mmmmaaaaxxxx xxxxmmmmiiiitttt ((((GGGG)))) + This option controls the maximum packet size that will + be negotiated by Samba. The default in Samba 2.2.6 is + now 16644 (changed from 65535 in earlier releases) + which matches Windows 2000. This allows better + performance with Windows NT clients. The maximum is + 65535. In some cases you may find you get better + performance with a smaller value. A value below 2048 is + likely to cause problems. + + Default: mmmmaaaaxxxx xxxxmmmmiiiitttt ==== 11116666666644444444 + + Example: mmmmaaaaxxxx xxxxmmmmiiiitttt ==== 8888111199992222 + + mmmmeeeessssssssaaaaggggeeee ccccoooommmmmmmmaaaannnndddd ((((GGGG)))) + This specifies what command to run when the server + receives a WinPopup style message. + + This would normally be a command that would deliver the + message somehow. How this is to be done is up to your + imagination. + + An example is: + + mmmmeeeessssssssaaaaggggeeee ccccoooommmmmmmmaaaannnndddd ==== ccccsssshhhh ----cccc ''''xxxxeeeeddddiiiitttt %%%%ssss;;;;rrrrmmmm %%%%ssss'''' &&&& + + This delivers the message using xxxxeeeeddddiiiitttt, then removes it + afterwards. NNNNOOOOTTTTEEEE TTTTHHHHAAAATTTT IIIITTTT IIIISSSS VVVVEEEERRRRYYYY IIIIMMMMPPPPOOOORRRRTTTTAAAANNNNTTTT TTTTHHHHAAAATTTT TTTTHHHHIIIISSSS + CCCCOOOOMMMMMMMMAAAANNNNDDDD RRRREEEETTTTUUUURRRRNNNN IIIIMMMMMMMMEEEEDDDDIIIIAAAATTTTEEEELLLLYYYY. That's why I have the '&' + on the end. If it doesn't return immediately then your + PCs may freeze when sending messages (they should + recover after 30 seconds, hopefully). + + All messages are delivered as the global guest user. + The command takes the standard substitutions, although + %_u won't work (%_U may be better in this case). + + Apart from the standard substitutions, some additional + ones apply. In particular: + + o+ %_s = the filename containing the message. + + + + + Page 79 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ %_t = the destination that the message was sent to + (probably the server name). + + o+ %_f = who the message is from. + + You could make this command send mail, or whatever else + takes your fancy. Please let us know of any really + interesting ideas you have. + + Here's a way of sending the messages as mail to root: + + mmmmeeeessssssssaaaaggggeeee ccccoooommmmmmmmaaaannnndddd ==== ////bbbbiiiinnnn////mmmmaaaaiiiillll ----ssss ''''mmmmeeeessssssssaaaaggggeeee ffffrrrroooommmm %%%%ffff oooonnnn %%%%mmmm'''' rrrrooooooootttt + <<<< %%%%ssss;;;; rrrrmmmm %%%%ssss + + If you don't have a message command then the message won't + be delivered and Samba will tell the sender there was an + error. Unfortunately WfWg totally ignores the error code and + carries on regardless, saying that the message was + delivered. + + If you want to silently delete it then try: + + mmmmeeeessssssssaaaaggggeeee ccccoooommmmmmmmaaaannnndddd ==== rrrrmmmm %%%%ssss + + Default: nnnnoooo mmmmeeeessssssssaaaaggggeeee ccccoooommmmmmmmaaaannnndddd + + Example: mmmmeeeessssssssaaaaggggeeee ccccoooommmmmmmmaaaannnndddd ==== ccccsssshhhh ----cccc ''''xxxxeeeeddddiiiitttt %%%%ssss;;;; rrrrmmmm %%%%ssss'''' &&&& + + mmmmiiiinnnn ppppaaaasssssssswwwwdddd lllleeeennnnggggtttthhhh ((((GGGG)))) + Synonym for _m_i_n _p_a_s_s_w_o_r_d _l_e_n_g_t_h. + + mmmmiiiinnnn ppppaaaasssssssswwwwoooorrrrdddd lllleeeennnnggggtttthhhh ((((GGGG)))) + This option sets the minimum length in characters of a + plaintext password that ssssmmmmbbbbdddd will accept when + performing UNIX password changing. + + See also _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c, _p_a_s_s_w_d _p_r_o_g_r_a_m and _p_a_s_s_w_d + _c_h_a_t _d_e_b_u_g . + + Default: mmmmiiiinnnn ppppaaaasssssssswwwwoooorrrrdddd lllleeeennnnggggtttthhhh ==== 5555 + + mmmmiiiinnnn pppprrrriiiinnnntttt ssssppppaaaacccceeee ((((SSSS)))) + This sets the minimum amount of free disk space that + must be available before a user will be able to spool a + print job. It is specified in kilobytes. The default is + 0, which means a user can always spool a print job. + + See also the _p_r_i_n_t_i_n_g parameter. + + Default: mmmmiiiinnnn pppprrrriiiinnnntttt ssssppppaaaacccceeee ==== 0000 + + Example: mmmmiiiinnnn pppprrrriiiinnnntttt ssssppppaaaacccceeee ==== 2222000000000000 + + + + Page 80 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + mmmmiiiinnnn pppprrrroooottttooooccccoooollll ((((GGGG)))) + The value of the parameter (a string) is the lowest SMB + protocol dialect than Samba will support. Please refer + to the _m_a_x _p_r_o_t_o_c_o_l parameter for a list of valid + protocol names and a brief description of each. You may + also wish to refer to the C source code in + _s_o_u_r_c_e/_s_m_b_d/_n_e_g_p_r_o_t._c for a listing of known protocol + dialects supported by clients. + + If you are viewing this parameter as a security + measure, you should also refer to the _l_a_n_m_a_n _a_u_t_h + parameter. Otherwise, you should never need to change + this parameter. + + Default : mmmmiiiinnnn pppprrrroooottttooooccccoooollll ==== CCCCOOOORRRREEEE + + Example : mmmmiiiinnnn pppprrrroooottttooooccccoooollll ==== NNNNTTTT1111 # disable DOS clients + + mmmmiiiinnnn wwwwiiiinnnnssss ttttttttllll ((((GGGG)))) + This option tells nmbd(8) when acting as a WINS server + ( _w_i_n_s _s_u_p_p_o_r_t = _y_e_s) what the minimum 'time to live' + of NetBIOS names that nnnnmmmmbbbbdddd will grant will be (in + seconds). You should never need to change this + parameter. The default is 6 hours (21600 seconds). + + Default: mmmmiiiinnnn wwwwiiiinnnnssss ttttttttllll ==== 22221111666600000000 + + mmmmssssddddffffssss rrrrooooooootttt ((((SSSS)))) + This boolean parameter is only available if Samba is + configured and compiled with the --------wwwwiiiitttthhhh----mmmmssssddddffffssss option. + If set to yes, Samba treats the share as a Dfs root and + allows clients to browse the distributed file system + tree rooted at the share directory. Dfs links are + specified in the share directory by symbolic links of + the form _m_s_d_f_s:_s_e_r_v_e_r_A\_s_h_a_r_e_A,_s_e_r_v_e_r_B\_s_h_a_r_e_B and so on. + For more information on setting up a Dfs tree on Samba, + refer to msdfs_setup.html + + + See also _h_o_s_t _m_s_d_f_s + + Default: mmmmssssddddffffssss rrrrooooooootttt ==== nnnnoooo + + nnnnaaaammmmeeee rrrreeeessssoooollllvvvveeee oooorrrrddddeeeerrrr ((((GGGG)))) + This option is used by the programs in the Samba suite + to determine what naming services to use and in what + order to resolve host names to IP addresses. The option + takes a space separated string of name resolution + options. + + The options are :"lmhosts", "host", "wins" and "bcast". + They cause names to be resolved as follows : + + + + Page 81 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ lmhosts : Lookup an IP address in the Samba lmhosts + file. If the line in lmhosts has no name type + attached to the NetBIOS name (see the lmhosts(5) for + details) then any name type matches for lookup. + + o+ host : Do a standard host name to IP address + resolution, using the system /_e_t_c/_h_o_s_t_s , NIS, or DNS + lookups. This method of name resolution is operating + system depended for instance on IRIX or Solaris this + may be controlled by the /_e_t_c/_n_s_s_w_i_t_c_h._c_o_n_f file. + Note that this method is only used if the NetBIOS + name type being queried is the 0x20 (server) name + type, otherwise it is ignored. + + o+ wins : Query a name with the IP address listed in the + _w_i_n_s _s_e_r_v_e_r parameter. If no WINS server has been + specified this method will be ignored. + + o+ bcast : Do a broadcast on each of the known local + interfaces listed in the _i_n_t_e_r_f_a_c_e_s parameter. This + is the least reliable of the name resolution methods + as it depends on the target host being on a locally + connected subnet. + + Default: nnnnaaaammmmeeee rrrreeeessssoooollllvvvveeee oooorrrrddddeeeerrrr ==== llllmmmmhhhhoooossssttttssss hhhhoooosssstttt wwwwiiiinnnnssss bbbbccccaaaasssstttt + + Example: nnnnaaaammmmeeee rrrreeeessssoooollllvvvveeee oooorrrrddddeeeerrrr ==== llllmmmmhhhhoooossssttttssss bbbbccccaaaasssstttt hhhhoooosssstttt + + This will cause the local lmhosts file to be examined first, + followed by a broadcast attempt, followed by a normal system + hostname lookup. + + nnnneeeettttbbbbiiiioooossss aaaalllliiiiaaaasssseeeessss ((((GGGG)))) + This is a list of NetBIOS names that nmbd(8) will + advertise as additional names by which the Samba server + is known. This allows one machine to appear in browse + lists under multiple names. If a machine is acting as a + browse server or logon server none of these names will + be advertised as either browse server or logon servers, + only the primary name of the machine will be advertised + with these capabilities. + + See also _n_e_t_b_i_o_s _n_a_m_e. + + Default: eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg ((((nnnnoooo aaaaddddddddiiiittttiiiioooonnnnaaaallll nnnnaaaammmmeeeessss)))) + + Example: nnnneeeettttbbbbiiiioooossss aaaalllliiiiaaaasssseeeessss ==== TTTTEEEESSSSTTTT TTTTEEEESSSSTTTT1111 TTTTEEEESSSSTTTT2222 + + nnnneeeettttbbbbiiiioooossss nnnnaaaammmmeeee ((((GGGG)))) + This sets the NetBIOS name by which a Samba server is + known. By default it is the same as the first component + of the host's DNS name. If a machine is a browse server + + + + Page 82 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + or logon server this name (or the first component of + the hosts DNS name) will be the name that these + services are advertised under. + + See also _n_e_t_b_i_o_s _a_l_i_a_s_e_s. + + Default: mmmmaaaacccchhhhiiiinnnneeee DDDDNNNNSSSS nnnnaaaammmmeeee + + Example: nnnneeeettttbbbbiiiioooossss nnnnaaaammmmeeee ==== MMMMYYYYNNNNAAAAMMMMEEEE + + nnnneeeettttbbbbiiiioooossss ssssccccooooppppeeee ((((GGGG)))) + This sets the NetBIOS scope that Samba will operate + under. This should not be set unless every machine on + your LAN also sets this value. + + nnnniiiissss hhhhoooommmmeeeeddddiiiirrrr ((((GGGG)))) + Get the home share server from a NIS map. For UNIX + systems that use an automounter, the user's home + directory will often be mounted on a workstation on + demand from a remote server. + + When the Samba logon server is not the actual home + directory server, but is mounting the home directories + via NFS then two network hops would be required to + access the users home directory if the logon server + told the client to use itself as the SMB server for + home directories (one over SMB and one over NFS). This + can be very slow. + + This option allows Samba to return the home share as + being on a different server to the logon server and as + long as a Samba daemon is running on the home directory + server, it will be mounted on the Samba client directly + from the directory server. When Samba is returning the + home share to the client, it will consult the NIS map + specified in _h_o_m_e_d_i_r _m_a_p and return the server listed + there. + + Note that for this option to work there must be a + working NIS system and the Samba server with this + option must also be a logon server. + + Default: nnnniiiissss hhhhoooommmmeeeeddddiiiirrrr ==== nnnnoooo + + nnnntttt aaaaccccllll ssssuuuuppppppppoooorrrrtttt ((((SSSS)))) + This boolean parameter controls whether smbd(8) will + attempt to map UNIX permissions into Windows NT access + control lists. This parameter was formally a global + parameter in releases prior to 2.2.2. + + Default: nnnntttt aaaaccccllll ssssuuuuppppppppoooorrrrtttt ==== yyyyeeeessss + + + + + Page 83 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + nnnntttt ppppiiiippppeeee ssssuuuuppppppppoooorrrrtttt ((((GGGG)))) + This boolean parameter controls whether smbd(8) will + allow Windows NT clients to connect to the NT SMB + specific IPC$ pipes. This is a developer debugging + option and can be left alone. + + Default: nnnntttt ppppiiiippppeeee ssssuuuuppppppppoooorrrrtttt ==== yyyyeeeessss + + nnnntttt ssssmmmmbbbb ssssuuuuppppppppoooorrrrtttt ((((GGGG)))) + This boolean parameter controls whether smbd(8) will + negotiate NT specific SMB support with Windows NT/2k/XP + clients. Although this is a developer debugging option + and should be left alone, benchmarking has discovered + that Windows NT clients give faster performance with + this option set to no. This is still being + investigated. If this option is set to no then Samba + offers exactly the same SMB calls that versions prior + to Samba 2.0 offered. This information may be of use + if any users are having problems with NT SMB support. + + You should not need to ever disable this parameter. + + Default: nnnntttt ssssmmmmbbbb ssssuuuuppppppppoooorrrrtttt ==== yyyyeeeessss + + nnnntttt ssssttttaaaattttuuuussss ssssuuuuppppppppoooorrrrtttt ((((GGGG)))) + This boolean parameter controls whether smbd(8) will + negotiate NT specific status support with Windows + NT/2k/XP clients. This is a developer debugging option + and should be left alone. If this option is set to no + then Samba offers exactly the same DOS error codes that + versions prior to Samba 2.2.3 reported. + + You should not need to ever disable this parameter. + + Default: nnnntttt ssssttttaaaattttuuuussss ssssuuuuppppppppoooorrrrtttt ==== yyyyeeeessss + + nnnnuuuullllllll ppppaaaasssssssswwwwoooorrrrddddssss ((((GGGG)))) + Allow or disallow client access to accounts that have + null passwords. + + See also smbpasswd (5) + + Default: nnnnuuuullllllll ppppaaaasssssssswwwwoooorrrrddddssss ==== nnnnoooo + + oooobbbbeeeeyyyy ppppaaaammmm rrrreeeessssttttrrrriiiiccccttttiiiioooonnnnssss ((((GGGG)))) + When Samba 2.2 is configured to enable PAM support + (i.e. --with-pam), this parameter will control whether + or not Samba should obey PAM's account and session + management directives. The default behavior is to use + PAM for clear text authentication only and to ignore + any account or session management. Note that Samba + always ignores PAM for authentication in the case of + + + + Page 84 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + _e_n_c_r_y_p_t _p_a_s_s_w_o_r_d_s _= _y_e_s . The reason is that PAM + modules cannot support the challenge/response + authentication mechanism needed in the presence of SMB + password encryption. + + Default: oooobbbbeeeeyyyy ppppaaaammmm rrrreeeessssttttrrrriiiiccccttttiiiioooonnnnssss ==== nnnnoooo + + oooonnnnllllyyyy uuuusssseeeerrrr ((((SSSS)))) + This is a boolean option that controls whether + connections with usernames not in the _u_s_e_r list will be + allowed. By default this option is disabled so that a + client can supply a username to be used by the server. + Enabling this parameter will force the server to only + user the login names from the _u_s_e_r list and is only + really useful in shave level security. + + Note that this also means Samba won't try to deduce + usernames from the service name. This can be annoying + for the [homes] section. To get around this you could + use uuuusssseeeerrrr ==== %%%%SSSS which means your _u_s_e_r list will be just + the service name, which for home directories is the + name of the user. + + See also the _u_s_e_r parameter. + + Default: oooonnnnllllyyyy uuuusssseeeerrrr ==== nnnnoooo + + oooonnnnllllyyyy gggguuuueeeesssstttt ((((SSSS)))) + A synonym for _g_u_e_s_t _o_n_l_y. + + oooopppplllloooocccckkkk bbbbrrrreeeeaaaakkkk wwwwaaaaiiiitttt ttttiiiimmmmeeee ((((GGGG)))) + This is a tuning parameter added due to bugs in both + Windows 9x and WinNT. If Samba responds to a client too + quickly when that client issues an SMB that can cause + an oplock break request, then the network client can + fail and not respond to the break request. This tuning + parameter (which is set in milliseconds) is the amount + of time Samba will wait before sending an oplock break + request to such (broken) clients. + + DDDDOOOO NNNNOOOOTTTT CCCCHHHHAAAANNNNGGGGEEEE TTTTHHHHIIIISSSS PPPPAAAARRRRAAAAMMMMEEEETTTTEEEERRRR UUUUNNNNLLLLEEEESSSSSSSS YYYYOOOOUUUU HHHHAAAAVVVVEEEE RRRREEEEAAAADDDD AAAANNNNDDDD + UUUUNNNNDDDDEEEERRRRSSSSTTTTOOOOOOOODDDD TTTTHHHHEEEE SSSSAAAAMMMMBBBBAAAA OOOOPPPPLLLLOOOOCCCCKKKK CCCCOOOODDDDEEEE. + + Default: oooopppplllloooocccckkkk bbbbrrrreeeeaaaakkkk wwwwaaaaiiiitttt ttttiiiimmmmeeee ==== 0000 + + oooopppplllloooocccckkkk ccccoooonnnntttteeeennnnttttiiiioooonnnn lllliiiimmmmiiiitttt ((((SSSS)))) + This is a vvvveeeerrrryyyy advanced smbd(8) tuning option to + improve the efficiency of the granting of oplocks under + multiple client contention for the same file. + + In brief it specifies a number, which causes smbd not + to grant an oplock even when requested if the + + + + Page 85 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + approximate number of clients contending for an oplock + on the same file goes over this limit. This causes ssssmmmmbbbbdddd + to behave in a similar way to Windows NT. + + DDDDOOOO NNNNOOOOTTTT CCCCHHHHAAAANNNNGGGGEEEE TTTTHHHHIIIISSSS PPPPAAAARRRRAAAAMMMMEEEETTTTEEEERRRR UUUUNNNNLLLLEEEESSSSSSSS YYYYOOOOUUUU HHHHAAAAVVVVEEEE RRRREEEEAAAADDDD AAAANNNNDDDD + UUUUNNNNDDDDEEEERRRRSSSSTTTTOOOOOOOODDDD TTTTHHHHEEEE SSSSAAAAMMMMBBBBAAAA OOOOPPPPLLLLOOOOCCCCKKKK CCCCOOOODDDDEEEE. + + Default: oooopppplllloooocccckkkk ccccoooonnnntttteeeennnnttttiiiioooonnnn lllliiiimmmmiiiitttt ==== 2222 + + oooopppplllloooocccckkkkssss ((((SSSS)))) + This boolean option tells ssssmmmmbbbbdddd whether to issue oplocks + (opportunistic locks) to file open requests on this + share. The oplock code can dramatically (approx. 30% or + more) improve the speed of access to files on Samba + servers. It allows the clients to aggressively cache + files locally and you may want to disable this option + for unreliable network environments (it is turned on by + default in Windows NT Servers). For more information + see the file _S_p_e_e_d._t_x_t in the Samba _d_o_c_s/ directory. + + Oplocks may be selectively turned off on certain files + with a share. See the _v_e_t_o _o_p_l_o_c_k _f_i_l_e_s parameter. On + some systems oplocks are recognized by the underlying + operating system. This allows data synchronization + between all access to oplocked files, whether it be via + Samba or NFS or a local UNIX process. See the _k_e_r_n_e_l + _o_p_l_o_c_k_s parameter for details. + + See also the _k_e_r_n_e_l _o_p_l_o_c_k_s and _l_e_v_e_l_2 _o_p_l_o_c_k_s + parameters. + + Default: oooopppplllloooocccckkkkssss ==== yyyyeeeessss + + oooossss lllleeeevvvveeeellll ((((GGGG)))) + This integer value controls what level Samba advertises + itself as for browse elections. The value of this + parameter determines whether nmbd(8) has a chance of + becoming a local master browser for the _W_O_R_K_G_R_O_U_P in + the local broadcast area. + + NNNNooootttteeee ::::By default, Samba will win a local master + browsing election over all Microsoft operating systems + except a Windows NT 4.0/2000 Domain Controller. This + means that a misconfigured Samba host can effectively + isolate a subnet for browsing purposes. See + _B_R_O_W_S_I_N_G._t_x_t in the Samba _d_o_c_s/ directory for details. + + Default: oooossss lllleeeevvvveeeellll ==== 22220000 + + Example: oooossss lllleeeevvvveeeellll ==== 66665555 + + oooossss2222 ddddrrrriiiivvvveeeerrrr mmmmaaaapppp ((((GGGG)))) + + + + Page 86 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + The parameter is used to define the absolute path to a + file containing a mapping of Windows NT printer driver + names to OS/2 printer driver names. The format is: + + <nt driver name> = <os2 driver name>.<device name> + + For example, a valid entry using the HP LaserJet 5 + printer driver would appear as HHHHPPPP LLLLaaaasssseeeerrrrJJJJeeeetttt 5555LLLL ==== + LLLLAAAASSSSEEEERRRRJJJJEEEETTTT....HHHHPPPP LLLLaaaasssseeeerrrrJJJJeeeetttt 5555LLLL. + + The need for the file is due to the printer driver + namespace problem described in the Samba Printing HOWTO + For more details on OS/2 clients, please refer to the + OS2-Client-HOWTO + containing in the Samba documentation. + + Default: oooossss2222 ddddrrrriiiivvvveeeerrrr mmmmaaaapppp ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + ppppaaaammmm ppppaaaasssssssswwwwoooorrrrdddd cccchhhhaaaannnnggggeeee ((((GGGG)))) + With the addition of better PAM support in Samba 2.2, + this parameter, it is possible to use PAM's password + change control flag for Samba. If enabled, then PAM + will be used for password changes when requested by an + SMB client instead of the program listed in _p_a_s_s_w_d + _p_r_o_g_r_a_m. It should be possible to enable this without + changing your _p_a_s_s_w_d _c_h_a_t parameter for most setups. + + Default: ppppaaaammmm ppppaaaasssssssswwwwoooorrrrdddd cccchhhhaaaannnnggggeeee ==== nnnnoooo + + ppppaaaannnniiiicccc aaaaccccttttiiiioooonnnn ((((GGGG)))) + This is a Samba developer option that allows a system + command to be called when either smbd(8) crashes. This + is usually used to draw attention to the fact that a + problem occurred. + + Default: ppppaaaannnniiiicccc aaaaccccttttiiiioooonnnn ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + Example: ppppaaaannnniiiicccc aaaaccccttttiiiioooonnnn ==== """"////bbbbiiiinnnn////sssslllleeeeeeeepppp 99990000000000000000"""" + + ppppaaaasssssssswwwwdddd cccchhhhaaaatttt ((((GGGG)))) + This string controls the """"cccchhhhaaaatttt"""" conversation that takes + places between smbd and the local password changing + program to change the user's password. The string + describes a sequence of response-receive pairs that + smbd(8) uses to determine what to send to the _p_a_s_s_w_d + _p_r_o_g_r_a_m and what to expect back. If the expected output + is not received then the password is not changed. + + This chat sequence is often quite site specific, + depending on what local methods are used for password + control (such as NIS etc). + + + + + Page 87 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Note that this parameter only is only used if the _u_n_i_x + _p_a_s_s_w_o_r_d _s_y_n_c parameter is set to yes. This sequence is + then called AAAASSSS RRRROOOOOOOOTTTT when the SMB password in the + smbpasswd file is being changed, without access to the + old password cleartext. This means that root must be + able to reset the user's password without knowing the + text of the previous password. In the presence of + NIS/YP, this means that the passwd program must be + executed on the NIS master. + + The string can contain the macro %_n which is + substituted for the new password. The chat sequence can + also contain the standard macros \n, \r, \t and \s to + give line-feed, carriage-return, tab and space. The + chat sequence string can also contain a '*' which + matches any sequence of characters. Double quotes can + be used to collect strings with spaces in them into a + single string. + + If the send string in any part of the chat sequence is + a full stop ".", then no string is sent. Similarly, if + the expect string is a full stop then no string is + expected. + + If the _p_a_m _p_a_s_s_w_o_r_d _c_h_a_n_g_e parameter is set to yes, the + chat pairs may be matched in any order, and success is + determined by the PAM result, not any particular + output. The \n macro is ignored for PAM conversions. + + See also _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c, _p_a_s_s_w_d _p_r_o_g_r_a_m , _p_a_s_s_w_d + _c_h_a_t _d_e_b_u_g and _p_a_m _p_a_s_s_w_o_r_d _c_h_a_n_g_e. + + Default: ppppaaaasssssssswwwwdddd cccchhhhaaaatttt ==== ****nnnneeeewwww****ppppaaaasssssssswwwwoooorrrrdddd**** %%%%nnnn\\\\nnnn + ****nnnneeeewwww****ppppaaaasssssssswwwwoooorrrrdddd**** %%%%nnnn\\\\nnnn ****cccchhhhaaaannnnggggeeeedddd**** + + Example: ppppaaaasssssssswwwwdddd cccchhhhaaaatttt ==== """"****EEEEnnnntttteeeerrrr OOOOLLLLDDDD ppppaaaasssssssswwwwoooorrrrdddd****"""" %%%%oooo\\\\nnnn + """"****EEEEnnnntttteeeerrrr NNNNEEEEWWWW ppppaaaasssssssswwwwoooorrrrdddd****"""" %%%%nnnn\\\\nnnn """"****RRRReeeeeeeennnntttteeeerrrr NNNNEEEEWWWW ppppaaaasssssssswwwwoooorrrrdddd****"""" + %%%%nnnn\\\\nnnn """"****PPPPaaaasssssssswwwwoooorrrrdddd cccchhhhaaaannnnggggeeeedddd****"""" + + ppppaaaasssssssswwwwdddd cccchhhhaaaatttt ddddeeeebbbbuuuugggg ((((GGGG)))) + This boolean specifies if the passwd chat script + parameter is run in ddddeeeebbbbuuuugggg mode. In this mode the + strings passed to and received from the passwd chat are + printed in the smbd(8) log with a _d_e_b_u_g _l_e_v_e_l of 100. + This is a dangerous option as it will allow plaintext + passwords to be seen in the ssssmmmmbbbbdddd log. It is available + to help Samba admins debug their _p_a_s_s_w_d _c_h_a_t scripts + when calling the _p_a_s_s_w_d _p_r_o_g_r_a_m and should be turned + off after this has been done. This option has no effect + if the _p_a_m _p_a_s_s_w_o_r_d _c_h_a_n_g_e paramter is set. This + parameter is off by default. + + + + + Page 88 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + See also _p_a_s_s_w_d _c_h_a_t , _p_a_m _p_a_s_s_w_o_r_d _c_h_a_n_g_e , _p_a_s_s_w_d + _p_r_o_g_r_a_m . + + Default: ppppaaaasssssssswwwwdddd cccchhhhaaaatttt ddddeeeebbbbuuuugggg ==== nnnnoooo + + ppppaaaasssssssswwwwdddd pppprrrrooooggggrrrraaaammmm ((((GGGG)))) + The name of a program that can be used to set UNIX user + passwords. Any occurrences of %_u will be replaced with + the user name. The user name is checked for existence + before calling the password changing program. + + Also note that many passwd programs insist in + rrrreeeeaaaassssoooonnnnaaaabbbblllleeee passwords, such as a minimum length, or the + inclusion of mixed case chars and digits. This can pose + a problem as some clients (such as Windows for + Workgroups) uppercase the password before sending it. + + NNNNooootttteeee that if the _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c parameter is set to + yes then this program is called AAAASSSS RRRROOOOOOOOTTTT before the SMB + password in the smbpasswd(5) + file is changed. If this UNIX password change fails, + then ssssmmmmbbbbdddd will fail to change the SMB password also + (this is by design). + + If the _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c parameter is set this + parameter MMMMUUUUSSSSTTTT UUUUSSSSEEEE AAAABBBBSSSSOOOOLLLLUUUUTTTTEEEE PPPPAAAATTTTHHHHSSSS for AAAALLLLLLLL programs + called, and must be examined for security implications. + Note that by default _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c is set to no. + + See also _u_n_i_x _p_a_s_s_w_o_r_d _s_y_n_c. + + Default: ppppaaaasssssssswwwwdddd pppprrrrooooggggrrrraaaammmm ==== ////bbbbiiiinnnn////ppppaaaasssssssswwwwdddd + + Example: ppppaaaasssssssswwwwdddd pppprrrrooooggggrrrraaaammmm ==== ////ssssbbbbiiiinnnn////nnnnppppaaaasssssssswwwwdddd %%%%uuuu + + ppppaaaasssssssswwwwoooorrrrdddd lllleeeevvvveeeellll ((((GGGG)))) + Some client/server combinations have difficulty with + mixed-case passwords. One offending client is Windows + for Workgroups, which for some reason forces passwords + to upper case when using the LANMAN1 protocol, but + leaves them alone when using COREPLUS! Another problem + child is the Windows 95/98 family of operating systems. + These clients upper case clear text passwords even when + NT LM 0.12 selected by the protocol negotiation + request/response. + + This parameter defines the maximum number of characters + that may be upper case in passwords. + + For example, say the password given was "FRED". If + _p_a_s_s_w_o_r_d _l_e_v_e_l is set to 1, the following combinations + would be tried if "FRED" failed: + + + + Page 89 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + "Fred", "fred", "fRed", "frEd","freD" + + If _p_a_s_s_w_o_r_d _l_e_v_e_l was set to 2, the following + combinations would also be tried: + + "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", .. + + And so on. + + The higher value this parameter is set to the more + likely it is that a mixed case password will be matched + against a single case password. However, you should be + aware that use of this parameter reduces security and + increases the time taken to process a new connection. + + A value of zero will cause only two attempts to be made + - the password as is and the password in all-lower + case. + + Default: ppppaaaasssssssswwwwoooorrrrdddd lllleeeevvvveeeellll ==== 0000 + + Example: ppppaaaasssssssswwwwoooorrrrdddd lllleeeevvvveeeellll ==== 4444 + + ppppaaaasssssssswwwwoooorrrrdddd sssseeeerrrrvvvveeeerrrr ((((GGGG)))) + By specifying the name of another SMB server (such as a + WinNT box) with this option, and using sssseeeeccccuuuurrrriiiittttyyyy ==== + ddddoooommmmaaaaiiiinnnn or sssseeeeccccuuuurrrriiiittttyyyy ==== sssseeeerrrrvvvveeeerrrr you can get Samba to do all + its username/password validation via a remote server. + + This option sets the name of the password server to + use. It must be a NetBIOS name, so if the machine's + NetBIOS name is different from its Internet name then + you may have to add its NetBIOS name to the lmhosts + file which is stored in the same directory as the + _s_m_b._c_o_n_f file. + + The name of the password server is looked up using the + parameter _n_a_m_e _r_e_s_o_l_v_e _o_r_d_e_r and so may resolved by any + method and order described in that parameter. + + The password server much be a machine capable of using + the "LM1.2X002" or the "NT LM 0.12" protocol, and it + must be in user level security mode. + + NNNNOOOOTTTTEEEE:::: Using a password server means your UNIX box + (running Samba) is only as secure as your password + server. DDDDOOOO NNNNOOOOTTTT CCCCHHHHOOOOOOOOSSSSEEEE AAAA PPPPAAAASSSSSSSSWWWWOOOORRRRDDDD SSSSEEEERRRRVVVVEEEERRRR TTTTHHHHAAAATTTT YYYYOOOOUUUU DDDDOOOONNNN''''TTTT + CCCCOOOOMMMMPPPPLLLLEEEETTTTEEEELLLLYYYY TTTTRRRRUUUUSSSSTTTT. + + Never point a Samba server at itself for password + serving. This will cause a loop and could lock up your + Samba server! + + + + Page 90 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + The name of the password server takes the standard + substitutions, but probably the only useful one is %_m , + which means the Samba server will use the incoming + client as the password server. If you use this then you + better trust your clients, and you had better restrict + them with hosts allow! + + If the _s_e_c_u_r_i_t_y parameter is set to domain, then the + list of machines in this option must be a list of + Primary or Backup Domain controllers for the Domain or + the character '*', as the Samba server is effectively + in that domain, and will use cryptographically + authenticated RPC calls to authenticate the user + logging on. The advantage of using sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn + is that if you list several hosts in the _p_a_s_s_w_o_r_d + _s_e_r_v_e_r option then ssssmmmmbbbbdddd will try each in turn till it + finds one that responds. This is useful in case your + primary server goes down. + + If the _p_a_s_s_w_o_r_d _s_e_r_v_e_r option is set to the character + '*', then Samba will attempt to auto-locate the Primary + or Backup Domain controllers to authenticate against by + doing a query for the name WORKGROUP<1C> and then + contacting each server returned in the list of IP + addresses from the name resolution source. + + If the _s_e_c_u_r_i_t_y parameter is set to server, then there + are different restrictions that sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn + doesn't suffer from: + + o+ You may list several password servers in the _p_a_s_s_w_o_r_d + _s_e_r_v_e_r parameter, however if an ssssmmmmbbbbdddd makes a + connection to a password server, and then the + password server fails, no more users will be able to + be authenticated from this ssssmmmmbbbbdddd. This is a + restriction of the SMB/CIFS protocol when in sssseeeeccccuuuurrrriiiittttyyyy + ==== sssseeeerrrrvvvveeeerrrr mode and cannot be fixed in Samba. + + o+ If you are using a Windows NT server as your password + server then you will have to ensure that your users + are able to login from the Samba server, as when in + sssseeeeccccuuuurrrriiiittttyyyy ==== sssseeeerrrrvvvveeeerrrr mode the network logon will appear + to come from there rather than from the users + workstation. + + See also the _s_e_c_u_r_i_t_y parameter. + + Default: ppppaaaasssssssswwwwoooorrrrdddd sssseeeerrrrvvvveeeerrrr ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + Example: ppppaaaasssssssswwwwoooorrrrdddd sssseeeerrrrvvvveeeerrrr ==== NNNNTTTT----PPPPDDDDCCCC,,,, NNNNTTTT----BBBBDDDDCCCC1111,,,, NNNNTTTT----BBBBDDDDCCCC2222 + + Example: ppppaaaasssssssswwwwoooorrrrdddd sssseeeerrrrvvvveeeerrrr ==== **** + + + + Page 91 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + ppppaaaatttthhhh ((((SSSS)))) + This parameter specifies a directory to which the user + of the service is to be given access. In the case of + printable services, this is where print data will spool + prior to being submitted to the host for printing. + + For a printable service offering guest access, the + service should be readonly and the path should be + world-writeable and have the sticky bit set. This is + not mandatory of course, but you probably won't get the + results you expect if you do otherwise. + + Any occurrences of %_u in the path will be replaced with + the UNIX username that the client is using on this + connection. Any occurrences of %_m will be replaced by + the NetBIOS name of the machine they are connecting + from. These replacements are very useful for setting up + pseudo home directories for users. + + Note that this path will be based on _r_o_o_t _d_i_r if one + was specified. + + Default: nnnnoooonnnneeee + + Example: ppppaaaatttthhhh ==== ////hhhhoooommmmeeee////ffffrrrreeeedddd + + ppppiiiidddd ddddiiiirrrreeeeccccttttoooorrrryyyy ((((GGGG)))) + This option specifies the directory where pid files + will be placed. + + Default: ppppiiiidddd ddddiiiirrrreeeeccccttttoooorrrryyyy ==== $$$${{{{pppprrrreeeeffffiiiixxxx}}}}////vvvvaaaarrrr////lllloooocccckkkkssss + + Example: ppppiiiidddd ddddiiiirrrreeeeccccttttoooorrrryyyy ==== ////vvvvaaaarrrr////rrrruuuunnnn//// + + ppppoooossssiiiixxxx lllloooocccckkkkiiiinnnngggg ((((SSSS)))) + The ssssmmmmbbbbdddd((((8888)))) daemon maintains an database of file locks + obtained by SMB clients. The default behavior is to + map this internal database to POSIX locks. This means + that file locks obtained by SMB clients are consistent + with those seen by POSIX compliant applications + accessing the files via a non-SMB method (e.g. NFS or + local file access). You should never need to disable + this parameter. + + Default: ppppoooossssiiiixxxx lllloooocccckkkkiiiinnnngggg ==== yyyyeeeessss + + ppppoooosssstttteeeexxxxeeeecccc ((((SSSS)))) + This option specifies a command to be run whenever the + service is disconnected. It takes the usual + substitutions. The command may be run as the root on + some systems. + + + + + Page 92 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + An interesting example may be to unmount server + resources: + + ppppoooosssstttteeeexxxxeeeecccc ==== ////eeeettttcccc////uuuummmmoooouuuunnnntttt ////ccccddddrrrroooommmm + + See also _p_r_e_e_x_e_c . + + Default: nnnnoooonnnneeee ((((nnnnoooo ccccoooommmmmmmmaaaannnndddd eeeexxxxeeeeccccuuuutttteeeedddd)))) + + Example: ppppoooosssstttteeeexxxxeeeecccc ==== eeeecccchhhhoooo \\\\""""%%%%uuuu ddddiiiissssccccoooonnnnnnnneeeecccctttteeeedddd ffffrrrroooommmm %%%%SSSS ffffrrrroooommmm + %%%%mmmm ((((%%%%IIII))))\\\\"""" >>>>>>>> ////ttttmmmmpppp////lllloooogggg + + ppppoooossssttttssssccccrrrriiiipppptttt ((((SSSS)))) + This parameter forces a printer to interpret the print + files as PostScript. This is done by adding a %! to + the start of print output. + + This is most useful when you have lots of PCs that + persist in putting a control-D at the start of print + jobs, which then confuses your printer. + + Default: ppppoooossssttttssssccccrrrriiiipppptttt ==== nnnnoooo + + pppprrrreeeeeeeexxxxeeeecccc ((((SSSS)))) + This option specifies a command to be run whenever the + service is connected to. It takes the usual + substitutions. + + An interesting example is to send the users a welcome + message every time they log in. Maybe a message of the + day? Here is an example: + + pppprrrreeeeeeeexxxxeeeecccc ==== ccccsssshhhh ----cccc ''''eeeecccchhhhoooo \\\\""""WWWWeeeellllccccoooommmmeeee ttttoooo %%%%SSSS!!!!\\\\"""" |||| + ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////bbbbiiiinnnn////ssssmmmmbbbbcccclllliiiieeeennnntttt ----MMMM %%%%mmmm ----IIII %%%%IIII'''' &&&& + + Of course, this could get annoying after a while :-) + + See also _p_r_e_e_x_e_c _c_l_o_s_e and _p_o_s_t_e_x_e_c . + + Default: nnnnoooonnnneeee ((((nnnnoooo ccccoooommmmmmmmaaaannnndddd eeeexxxxeeeeccccuuuutttteeeedddd)))) + + Example: pppprrrreeeeeeeexxxxeeeecccc ==== eeeecccchhhhoooo \\\\""""%%%%uuuu ccccoooonnnnnnnneeeecccctttteeeedddd ttttoooo %%%%SSSS ffffrrrroooommmm %%%%mmmm + ((((%%%%IIII))))\\\\"""" >>>>>>>> ////ttttmmmmpppp////lllloooogggg + + pppprrrreeeeeeeexxxxeeeecccc cccclllloooosssseeee ((((SSSS)))) + This boolean option controls whether a non-zero return + code from _p_r_e_e_x_e_c should close the service being + connected to. + + Default: pppprrrreeeeeeeexxxxeeeecccc cccclllloooosssseeee ==== nnnnoooo + + pppprrrreeeeffffeeeerrrrrrrreeeedddd mmmmaaaasssstttteeeerrrr ((((GGGG)))) + + + + Page 93 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + This boolean parameter controls if nmbd(8) is a + preferred master browser for its workgroup. + + If this is set to yes, on startup, nnnnmmmmbbbbdddd will force an + election, and it will have a slight advantage in + winning the election. It is recommended that this + parameter is used in conjunction with _d_o_m_a_i_n _m_a_s_t_e_r ==== + yyyyeeeessss, so that nnnnmmmmbbbbdddd can guarantee becoming a domain + master. + + Use this option with caution, because if there are + several hosts (whether Samba servers, Windows 95 or NT) + that are preferred master browsers on the same subnet, + they will each periodically and continuously attempt to + become the local master browser. This will result in + unnecessary broadcast traffic and reduced browsing + capabilities. + + See also _o_s _l_e_v_e_l . + + Default: pppprrrreeeeffffeeeerrrrrrrreeeedddd mmmmaaaasssstttteeeerrrr ==== aaaauuuuttttoooo + + pppprrrreeeeffffeeeerrrreeeedddd mmmmaaaasssstttteeeerrrr ((((GGGG)))) + Synonym for _p_r_e_f_e_r_r_e_d _m_a_s_t_e_r for people who cannot + spell :-). + + pppprrrreeeellllooooaaaadddd + This is a list of services that you want to be + automatically added to the browse lists. This is most + useful for homes and printers services that would + otherwise not be visible. + + Note that if you just want all printers in your + printcap file loaded then the _l_o_a_d _p_r_i_n_t_e_r_s option is + easier. + + Default: nnnnoooo pppprrrreeeellllooooaaaaddddeeeedddd sssseeeerrrrvvvviiiicccceeeessss + + Example: pppprrrreeeellllooooaaaadddd ==== ffffrrrreeeedddd llllpppp ccccoooolllloooorrrrllllpppp + + pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ((((SSSS)))) + This controls if new filenames are created with the + case that the client passes, or if they are forced to + be the _d_e_f_a_u_l_t _c_a_s_e . + + Default: pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ==== yyyyeeeessss + + See the section on NAME MANGLING for a fuller + discussion. + + pppprrrriiiinnnntttt ccccoooommmmmmmmaaaannnndddd ((((SSSS)))) + After a print job has finished spooling to a service, + + + + Page 94 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + this command will be used via a ssssyyyysssstttteeeemmmm(((()))) call to + process the spool file. Typically the command specified + will submit the spool file to the host's printing + subsystem, but there is no requirement that this be the + case. The server will not remove the spool file, so + whatever command you specify should remove the spool + file when it has been processed, otherwise you will + need to manually remove old spool files. + + The print command is simply a text string. It will be + used verbatim after macro substitutions have been made: + + s, %p - the path to the spool file name + + %p - the appropriate printer name + + %J - the job name as transmitted by the client. + + %c - The number of printed pages of the spooled job (if + known). + + %z - the size of the spooled print job (in bytes) + + The print command MMMMUUUUSSSSTTTT contain at least one occurrence + of %_s or %_f - the %_p is optional. At the time a job is + submitted, if no printer name is supplied the %_p will + be silently removed from the printer command. + + If specified in the [global] section, the print command + given will be used for any printable service that does + not have its own print command specified. + + If there is neither a specified print command for a + printable service nor a global print command, spool + files will be created but not processed and (most + importantly) not removed. + + Note that printing may fail on some UNIXes from the + nobody account. If this happens then create an + alternative guest account that can print and set the + _g_u_e_s_t _a_c_c_o_u_n_t in the [global] section. + + You can form quite complex print commands by realizing + that they are just passed to a shell. For example the + following will log a print job, print the file, then + remove it. Note that ';' is the usual separator for + command in shell scripts. + + pppprrrriiiinnnntttt ccccoooommmmmmmmaaaannnndddd ==== eeeecccchhhhoooo PPPPrrrriiiinnnnttttiiiinnnngggg %%%%ssss >>>>>>>> ////ttttmmmmpppp////pppprrrriiiinnnntttt....lllloooogggg;;;; llllpppprrrr + ----PPPP %%%%pppp %%%%ssss;;;; rrrrmmmm %%%%ssss + + You may have to vary this command considerably + + + + Page 95 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + depending on how you normally print files on your + system. The default for the parameter varies depending + on the setting of the _p_r_i_n_t_i_n_g parameter. + + Default: For pppprrrriiiinnnnttttiiiinnnngggg ==== BBBBSSSSDDDD,,,, AAAAIIIIXXXX,,,, QQQQNNNNXXXX,,,, LLLLPPPPRRRRNNNNGGGG oooorrrr PPPPLLLLPPPP :::: + + pppprrrriiiinnnntttt ccccoooommmmmmmmaaaannnndddd ==== llllpppprrrr ----rrrr ----PPPP%%%%pppp %%%%ssss + + For pppprrrriiiinnnnttttiiiinnnngggg ==== SSSSYYYYSSSSVVVV oooorrrr HHHHPPPPUUUUXXXX :::: + + pppprrrriiiinnnntttt ccccoooommmmmmmmaaaannnndddd ==== llllpppp ----cccc ----dddd%%%%pppp %%%%ssss;;;; rrrrmmmm %%%%ssss + + For pppprrrriiiinnnnttttiiiinnnngggg ==== SSSSOOOOFFFFTTTTQQQQ :::: + + pppprrrriiiinnnntttt ccccoooommmmmmmmaaaannnndddd ==== llllpppp ----dddd%%%%pppp ----ssss %%%%ssss;;;; rrrrmmmm %%%%ssss + + For printing = CUPS : If SAMBA is compiled against + libcups, then printcap = cups uses the CUPS API to + submit jobs, etc. Otherwise it maps to the System V + commands with the -oraw option for printing, i.e. it + uses llllpppp ----cccc ----dddd%%%%pppp ----oooorrrraaaawwww;;;; rrrrmmmm %%%%ssss. With pppprrrriiiinnnnttttiiiinnnngggg ==== ccccuuuuppppssss, and + if SAMBA is compiled against libcups, any manually set + print command will be ignored. + + Example: pppprrrriiiinnnntttt ccccoooommmmmmmmaaaannnndddd ==== + ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////bbbbiiiinnnn////mmmmyyyypppprrrriiiinnnnttttssssccccrrrriiiipppptttt %%%%pppp %%%%ssss + + pppprrrriiiinnnntttt ooookkkk ((((SSSS)))) + Synonym for _p_r_i_n_t_a_b_l_e. + + pppprrrriiiinnnnttttaaaabbbblllleeee ((((SSSS)))) + If this parameter is yes, then clients may open, write + to and submit spool files on the directory specified + for the service. + + Note that a printable service will ALWAYS allow writing + to the service path (user privileges permitting) via + the spooling of print data. The _r_e_a_d _o_n_l_y parameter + controls only non-printing access to the resource. + + Default: pppprrrriiiinnnnttttaaaabbbblllleeee ==== nnnnoooo + + pppprrrriiiinnnnttttccccaaaapppp ((((GGGG)))) + Synonym for _p_r_i_n_t_c_a_p _n_a_m_e. + + pppprrrriiiinnnnttttccccaaaapppp nnnnaaaammmmeeee ((((GGGG)))) + This parameter may be used to override the compiled-in + default printcap name used by the server (usually + /_e_t_c/_p_r_i_n_t_c_a_p). See the discussion of the [printers] + section above for reasons why you might want to do + this. + + + + + Page 96 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + To use the CUPS printing interface set pppprrrriiiinnnnttttccccaaaapppp nnnnaaaammmmeeee ==== + ccccuuuuppppssss . This should be supplemented by an addtional + setting printing = cups in the [global] section. + pppprrrriiiinnnnttttccccaaaapppp nnnnaaaammmmeeee ==== ccccuuuuppppssss will use the "dummy" printcap + created by CUPS, as specified in your CUPS + configuration file. + + On System V systems that use llllppppssssttttaaaatttt to list available + printers you can use pppprrrriiiinnnnttttccccaaaapppp nnnnaaaammmmeeee ==== llllppppssssttttaaaatttt to + automatically obtain lists of available printers. This + is the default for systems that define SYSV at + configure time in Samba (this includes most System V + based systems). If _p_r_i_n_t_c_a_p _n_a_m_e is set to llllppppssssttttaaaatttt on + these systems then Samba will launch llllppppssssttttaaaatttt ----vvvv and + attempt to parse the output to obtain a printer list. + + A minimal printcap file would look something like this: + + + print1|My Printer 1 + print2|My Printer 2 + print3|My Printer 3 + print4|My Printer 4 + print5|My Printer 5 + + + + where the '|' separates aliases of a printer. The fact + that the second alias has a space in it gives a hint to + Samba that it's a comment. + + NNNNOOOOTTTTEEEE: Under AIX the default printcap name is + /_e_t_c/_q_c_o_n_f_i_g. Samba will assume the file is in AIX + _q_c_o_n_f_i_g format if the string _q_c_o_n_f_i_g appears in the + printcap filename. + + Default: pppprrrriiiinnnnttttccccaaaapppp nnnnaaaammmmeeee ==== ////eeeettttcccc////pppprrrriiiinnnnttttccccaaaapppp + + Example: pppprrrriiiinnnnttttccccaaaapppp nnnnaaaammmmeeee ==== ////eeeettttcccc////mmmmyyyypppprrrriiiinnnnttttccccaaaapppp + + pppprrrriiiinnnntttteeeerrrr aaaaddddmmmmiiiinnnn ((((SSSS)))) + This is a list of users that can do anything to + printers via the remote administration interfaces + offered by MS-RPC (usually using a NT workstation). + Note that the root user always has admin rights. + + Default: pppprrrriiiinnnntttteeeerrrr aaaaddddmmmmiiiinnnn ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + Example: pppprrrriiiinnnntttteeeerrrr aaaaddddmmmmiiiinnnn ==== aaaaddddmmmmiiiinnnn,,,, @@@@ssssttttaaaaffffffff + + pppprrrriiiinnnntttteeeerrrr ddddrrrriiiivvvveeeerrrr ((((SSSS)))) + NNNNooootttteeee ::::This is a deprecated parameter and will be + + + + Page 97 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + removed in the next major release following version + 2.2. Please see the instructions in the Samba 2.2. + Printing HOWTO for more information on the new method + of loading printer drivers onto a Samba server. + + This option allows you to control the string that + clients receive when they ask the server for the + printer driver associated with a printer. If you are + using Windows95 or Windows NT then you can use this to + automate the setup of printers on your system. + + You need to set this parameter to the exact string + (case sensitive) that describes the appropriate printer + driver for your system. If you don't know the exact + string to use then you should first try with no + _p_r_i_n_t_e_r _d_r_i_v_e_r option set and the client will give you + a list of printer drivers. The appropriate strings are + shown in a scroll box after you have chosen the printer + manufacturer. + + See also _p_r_i_n_t_e_r _d_r_i_v_e_r _f_i_l_e. + + Example: pppprrrriiiinnnntttteeeerrrr ddddrrrriiiivvvveeeerrrr ==== HHHHPPPP LLLLaaaasssseeeerrrrJJJJeeeetttt 4444LLLL + + pppprrrriiiinnnntttteeeerrrr ddddrrrriiiivvvveeeerrrr ffffiiiilllleeee ((((GGGG)))) + NNNNooootttteeee ::::This is a deprecated parameter and will be + removed in the next major release following version + 2.2. Please see the instructions in the Samba 2.2. + Printing HOWTO for more information on the new method + of loading printer drivers onto a Samba server. + + This parameter tells Samba where the printer driver + definition file, used when serving drivers to Windows + 95 clients, is to be found. If this is not set, the + default is : + + _S_A_M_B_A__I_N_S_T_A_L_L__D_I_R_E_C_T_O_R_Y /_l_i_b/_p_r_i_n_t_e_r_s._d_e_f + + This file is created from Windows 95 _m_s_p_r_i_n_t._i_n_f files + found on the Windows 95 client system. For more details + on setting up serving of printer drivers to Windows 95 + clients, see the outdated documentation file in the + _d_o_c_s/ directory, _P_R_I_N_T_E_R__D_R_I_V_E_R._t_x_t. + + See also _p_r_i_n_t_e_r _d_r_i_v_e_r _l_o_c_a_t_i_o_n. + + Default: NNNNoooonnnneeee ((((sssseeeetttt iiiinnnn ccccoooommmmppppiiiilllleeee)))).... + + Example: pppprrrriiiinnnntttteeeerrrr ddddrrrriiiivvvveeeerrrr ffffiiiilllleeee ==== + ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////pppprrrriiiinnnntttteeeerrrrssss////ddddrrrriiiivvvveeeerrrrssss....ddddeeeeffff + + pppprrrriiiinnnntttteeeerrrr ddddrrrriiiivvvveeeerrrr llllooooccccaaaattttiiiioooonnnn ((((SSSS)))) + + + + Page 98 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + NNNNooootttteeee ::::This is a deprecated parameter and will be + removed in the next major release following version + 2.2. Please see the instructions in the Samba 2.2. + Printing HOWTO for more information on the new method + of loading printer drivers onto a Samba server. + + This parameter tells clients of a particular printer + share where to find the printer driver files for the + automatic installation of drivers for Windows 95 + machines. If Samba is set up to serve printer drivers + to Windows 95 machines, this should be set to + + \\\\\\\\MMMMAAAACCCCHHHHIIIINNNNEEEE\\\\PPPPRRRRIIIINNNNTTTTEEEERRRR$$$$ + + Where MACHINE is the NetBIOS name of your Samba server, + and PRINTER$ is a share you set up for serving printer + driver files. For more details on setting this up see + the outdated documentation file in the _d_o_c_s/ directory, + _P_R_I_N_T_E_R__D_R_I_V_E_R._t_x_t. + + See also _p_r_i_n_t_e_r _d_r_i_v_e_r _f_i_l_e. + + Default: nnnnoooonnnneeee + + Example: pppprrrriiiinnnntttteeeerrrr ddddrrrriiiivvvveeeerrrr llllooooccccaaaattttiiiioooonnnn ==== \\\\\\\\MMMMAAAACCCCHHHHIIIINNNNEEEE\\\\PPPPRRRRIIIINNNNTTTTEEEERRRR$$$$ + + pppprrrriiiinnnntttteeeerrrr nnnnaaaammmmeeee ((((SSSS)))) + This parameter specifies the name of the printer to + which print jobs spooled through a printable service + will be sent. + + If specified in the [global] section, the printer name + given will be used for any printable service that does + not have its own printer name specified. + + Default: nnnnoooonnnneeee ((((bbbbuuuutttt mmmmaaaayyyy bbbbeeee llllpppp oooonnnn mmmmaaaannnnyyyy ssssyyyysssstttteeeemmmmssss)))) + + Example: pppprrrriiiinnnntttteeeerrrr nnnnaaaammmmeeee ==== llllaaaasssseeeerrrrwwwwrrrriiiitttteeeerrrr + + pppprrrriiiinnnntttteeeerrrr ((((SSSS)))) + Synonym for _p_r_i_n_t_e_r _n_a_m_e. + + pppprrrriiiinnnnttttiiiinnnngggg ((((SSSS)))) + This parameters controls how printer status information + is interpreted on your system. It also affects the + default values for the _p_r_i_n_t _c_o_m_m_a_n_d, _l_p_q _c_o_m_m_a_n_d, + _l_p_p_a_u_s_e _c_o_m_m_a_n_d , _l_p_r_e_s_u_m_e _c_o_m_m_a_n_d, and _l_p_r_m _c_o_m_m_a_n_d if + specified in the [global] section. + + Currently nine printing styles are supported. They are + BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, SOFTQ, and CUPS. + + + + + Page 99 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + To see what the defaults are for the other print + commands when using the various options use the + testparm(1) program. + + This option can be set on a per printer basis + + See also the discussion in the [printers] section. + + pppprrrrooooffffiiiilllleeee aaaaccccllllssss ((((SSSS)))) + This boolean parameter was added to fix the problems + that people have been having with storing user profiles + on Samba shares from Windows 2000 or Windows XP + clients. New versions of Windows 2000 or Windows XP + service packs do security ACL checking on the owner and + ability to write of the profile directory stored on a + local workstation when copied from a Samba share. When + not in domain mode with winbindd then the security info + copied onto the local workstation has no meaning to the + logged in user (SID) on that workstation so the profile + storing fails. Adding this parameter onto a share used + for profile storage changes two things about the + returned Windows ACL. Firstly it changes the owner and + group owner of all reported files and directories to be + BUILTIN\Administrators, BUILTIN\Users respectively + (SIDs S-1-5-32-544, S-1-5-32-545). Secondly it adds an + ACE entry of "Full Control" to the SID BUILTIN\Users to + every returned ACL. This will allow any Windows 2000 or + XP workstation user to access the profile. Note that if + you have multiple users logging on to a workstation + then in order to prevent them from being able to access + each others profiles you must remove the "Bypass + traverse checking" advanced user right. This will + prevent access to other users profile directories as + the top level profile directory (named after the user) + is created by the workstation profile code and has an + ACL restricting entry to the directory tree to the + owning user. + + If you didn't understand the above text, you probably + should not set this parameter :-). + + Default pppprrrrooooffffiiiilllleeee aaaaccccllllssss ==== nnnnoooo + + pppprrrroooottttooooccccoooollll ((((GGGG)))) + Synonym for _m_a_x _p_r_o_t_o_c_o_l. + + ppppuuuubbbblllliiiicccc ((((SSSS)))) + Synonym for _g_u_e_s_t _o_k. + + qqqquuuueeeeuuuueeeeppppaaaauuuusssseeee ccccoooommmmmmmmaaaannnndddd ((((SSSS)))) + This parameter specifies the command to be executed on + the server host in order to pause the printer queue. + + + + Page 100 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + This command should be a program or script which takes + a printer name as its only parameter and stops the + printer queue, such that no longer jobs are submitted + to the printer. + + This command is not supported by Windows for + Workgroups, but can be issued from the Printers window + under Windows 95 and NT. + + If a %_p is given then the printer name is put in its + place. Otherwise it is placed at the end of the + command. + + Note that it is good practice to include the absolute + path in the command as the PATH may not be available to + the server. + + Default: ddddeeeeppppeeeennnnddddssss oooonnnn tttthhhheeee sssseeeettttttttiiiinnnngggg ooooffff _p_r_i_n_t_i_n_g + + Example: qqqquuuueeeeuuuueeeeppppaaaauuuusssseeee ccccoooommmmmmmmaaaannnndddd ==== ddddiiiissssaaaabbbblllleeee %%%%pppp + + qqqquuuueeeeuuuueeeerrrreeeessssuuuummmmeeee ccccoooommmmmmmmaaaannnndddd ((((SSSS)))) + This parameter specifies the command to be executed on + the server host in order to resume the printer queue. + It is the command to undo the behavior that is caused + by the previous parameter ( _q_u_e_u_e_p_a_u_s_e _c_o_m_m_a_n_d). + + This command should be a program or script which takes + a printer name as its only parameter and resumes the + printer queue, such that queued jobs are resubmitted to + the printer. + + This command is not supported by Windows for + Workgroups, but can be issued from the Printers window + under Windows 95 and NT. + + If a %_p is given then the printer name is put in its + place. Otherwise it is placed at the end of the + command. + + Note that it is good practice to include the absolute + path in the command as the PATH may not be available to + the server. + + Default: ddddeeeeppppeeeennnnddddssss oooonnnn tttthhhheeee sssseeeettttttttiiiinnnngggg ooooffff _p_r_i_n_t_i_n_g + + Example: qqqquuuueeeeuuuueeeeppppaaaauuuusssseeee ccccoooommmmmmmmaaaannnndddd ==== eeeennnnaaaabbbblllleeee %%%%pppp + + rrrreeeeaaaadddd bbbbmmmmppppxxxx ((((GGGG)))) + This boolean parameter controls whether smbd(8) will + support the "Read Block Multiplex" SMB. This is now + rarely used and defaults to no. You should never need + + + + Page 101 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + to set this parameter. + + Default: rrrreeeeaaaadddd bbbbmmmmppppxxxx ==== nnnnoooo + + rrrreeeeaaaadddd lllliiiisssstttt ((((SSSS)))) + This is a list of users that are given read-only access + to a service. If the connecting user is in this list + then they will not be given write access, no matter + what the _r_e_a_d _o_n_l_y option is set to. The list can + include group names using the syntax described in the + _i_n_v_a_l_i_d _u_s_e_r_s parameter. + + See also the _w_r_i_t_e _l_i_s_t parameter and the _i_n_v_a_l_i_d + _u_s_e_r_s parameter. + + Default: rrrreeeeaaaadddd lllliiiisssstttt ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + Example: rrrreeeeaaaadddd lllliiiisssstttt ==== mmmmaaaarrrryyyy,,,, @@@@ssssttttuuuuddddeeeennnnttttssss + + rrrreeeeaaaadddd oooonnnnllllyyyy ((((SSSS)))) + An inverted synonym is _w_r_i_t_e_a_b_l_e. + + If this parameter is yes, then users of a service may + not create or modify files in the service's directory. + + Note that a printable service (pppprrrriiiinnnnttttaaaabbbblllleeee ==== yyyyeeeessss) will + AAAALLLLWWWWAAAAYYYYSSSS allow writing to the directory (user privileges + permitting), but only via spooling operations. + + Default: rrrreeeeaaaadddd oooonnnnllllyyyy ==== yyyyeeeessss + + rrrreeeeaaaadddd rrrraaaawwww ((((GGGG)))) + This parameter controls whether or not the server will + support the raw read SMB requests when transferring + data to clients. + + If enabled, raw reads allow reads of 65535 bytes in one + packet. This typically provides a major performance + benefit. + + However, some clients either negotiate the allowable + block size incorrectly or are incapable of supporting + larger block sizes, and for these clients you may need + to disable raw reads. + + In general this parameter should be viewed as a system + tuning tool and left severely alone. See also _w_r_i_t_e + _r_a_w. + + Default: rrrreeeeaaaadddd rrrraaaawwww ==== yyyyeeeessss + + rrrreeeeaaaadddd ssssiiiizzzzeeee ((((GGGG)))) + + + + Page 102 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + The option _r_e_a_d _s_i_z_e affects the overlap of disk + reads/writes with network reads/writes. If the amount + of data being transferred in several of the SMB + commands (currently SMBwrite, SMBwriteX and + SMBreadbraw) is larger than this value then the server + begins writing the data before it has received the + whole packet from the network, or in the case of + SMBreadbraw, it begins writing to the network before + all the data has been read from disk. + + This overlapping works best when the speeds of disk and + network access are similar, having very little effect + when the speed of one is much greater than the other. + + The default value is 16384, but very little + experimentation has been done yet to determine the + optimal value, and it is likely that the best value + will vary greatly between systems anyway. A value over + 65536 is pointless and will cause you to allocate + memory unnecessarily. + + Default: rrrreeeeaaaadddd ssssiiiizzzzeeee ==== 11116666333388884444 + + Example: rrrreeeeaaaadddd ssssiiiizzzzeeee ==== 8888111199992222 + + rrrreeeemmmmooootttteeee aaaannnnnnnnoooouuuunnnncccceeee ((((GGGG)))) + This option allows you to setup nmbd(8) to periodically + announce itself to arbitrary IP addresses with an + arbitrary workgroup name. + + This is useful if you want your Samba server to appear + in a remote workgroup for which the normal browse + propagation rules don't work. The remote workgroup can + be anywhere that you can send IP packets to. + + For example: + + rrrreeeemmmmooootttteeee aaaannnnnnnnoooouuuunnnncccceeee ==== 111199992222....111166668888....2222....222255555555////SSSSEEEERRRRVVVVEEEERRRRSSSS + 111199992222....111166668888....4444....222255555555////SSSSTTTTAAAAFFFFFFFF + + the above line would cause nnnnmmmmbbbbdddd to announce itself to + the two given IP addresses using the given workgroup + names. If you leave out the workgroup name then the one + given in the _w_o_r_k_g_r_o_u_p parameter is used instead. + + The IP addresses you choose would normally be the + broadcast addresses of the remote networks, but can + also be the IP addresses of known browse masters if + your network config is that stable. + + See the documentation file _B_R_O_W_S_I_N_G._t_x_t in the _d_o_c_s/ + directory. + + + + Page 103 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Default: rrrreeeemmmmooootttteeee aaaannnnnnnnoooouuuunnnncccceeee ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + rrrreeeemmmmooootttteeee bbbbrrrroooowwwwsssseeee ssssyyyynnnncccc ((((GGGG)))) + This option allows you to setup nmbd(8) to periodically + request synchronization of browse lists with the master + browser of a Samba server that is on a remote segment. + This option will allow you to gain browse lists for + multiple workgroups across routed networks. This is + done in a manner that does not work with any non-Samba + servers. + + This is useful if you want your Samba server and all + local clients to appear in a remote workgroup for which + the normal browse propagation rules don't work. The + remote workgroup can be anywhere that you can send IP + packets to. + + For example: + + rrrreeeemmmmooootttteeee bbbbrrrroooowwwwsssseeee ssssyyyynnnncccc ==== 111199992222....111166668888....2222....222255555555 111199992222....111166668888....4444....222255555555 + + the above line would cause nnnnmmmmbbbbdddd to request the master + browser on the specified subnets or addresses to + synchronize their browse lists with the local server. + + The IP addresses you choose would normally be the + broadcast addresses of the remote networks, but can + also be the IP addresses of known browse masters if + your network config is that stable. If a machine IP + address is given Samba makes NO attempt to validate + that the remote machine is available, is listening, nor + that it is in fact the browse master on its segment. + + Default: rrrreeeemmmmooootttteeee bbbbrrrroooowwwwsssseeee ssssyyyynnnncccc ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + rrrreeeessssttttrrrriiiicccctttt aaaannnnoooonnnnyyyymmmmoooouuuussss ((((GGGG)))) + This is a boolean parameter. If it is yes, then + anonymous access to the server will be restricted, + namely in the case where the server is expecting the + client to send a username, but it doesn't. Setting it + to yes will force these anonymous connections to be + denied, and the client will be required to always + supply a username and password when connecting. Use of + this parameter is only recommended for homogeneous NT + client environments. + + This parameter makes the use of macro expansions that + rely on the username (%U, %G, etc) consistent. NT 4.0 + likes to use anonymous connections when refreshing the + share list, and this is a way to work around that. + + When restrict anonymous is yes, all anonymous + + + + Page 104 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + connections are denied no matter what they are for. + This can effect the ability of a machine to access the + Samba Primary Domain Controller to revalidate its + machine account after someone else has logged on the + client interactively. The NT client will display a + message saying that the machine's account in the domain + doesn't exist or the password is bad. The best way to + deal with this is to reboot NT client machines between + interactive logons, using "Shutdown and Restart", + rather than "Close all programs and logon as a + different user". + + Default: rrrreeeessssttttrrrriiiicccctttt aaaannnnoooonnnnyyyymmmmoooouuuussss ==== nnnnoooo + + rrrrooooooootttt ((((GGGG)))) + Synonym for _r_o_o_t _d_i_r_e_c_t_o_r_y". + + rrrrooooooootttt ddddiiiirrrr ((((GGGG)))) + Synonym for _r_o_o_t _d_i_r_e_c_t_o_r_y". + + rrrrooooooootttt ddddiiiirrrreeeeccccttttoooorrrryyyy ((((GGGG)))) + The server will cccchhhhrrrrooooooootttt(((()))) (i.e. Change its root + directory) to this directory on startup. This is not + strictly necessary for secure operation. Even without + it the server will deny access to files not in one of + the service entries. It may also check for, and deny + access to, soft links to other parts of the filesystem, + or attempts to use ".." in file names to access other + directories (depending on the setting of the _w_i_d_e _l_i_n_k_s + parameter). + + Adding a _r_o_o_t _d_i_r_e_c_t_o_r_y entry other than "/" adds an + extra level of security, but at a price. It absolutely + ensures that no access is given to files not in the + sub-tree specified in the _r_o_o_t _d_i_r_e_c_t_o_r_y option, + iiiinnnncccclllluuuuddddiiiinnnngggg some files needed for complete operation of + the server. To maintain full operability of the server + you will need to mirror some system files into the _r_o_o_t + _d_i_r_e_c_t_o_r_y tree. In particular you will need to mirror + /_e_t_c/_p_a_s_s_w_d (or a subset of it), and any binaries or + configuration files needed for printing (if required). + The set of files that must be mirrored is operating + system dependent. + + Default: rrrrooooooootttt ddddiiiirrrreeeeccccttttoooorrrryyyy ==== //// + + Example: rrrrooooooootttt ddddiiiirrrreeeeccccttttoooorrrryyyy ==== ////hhhhoooommmmeeeessss////ssssmmmmbbbb + + rrrrooooooootttt ppppoooosssstttteeeexxxxeeeecccc ((((SSSS)))) + This is the same as the _p_o_s_t_e_x_e_c parameter except that + the command is run as root. This is useful for + unmounting filesystems (such as CDROMs) after a + + + + Page 105 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + connection is closed. + + See also _p_o_s_t_e_x_e_c. + + Default: rrrrooooooootttt ppppoooosssstttteeeexxxxeeeecccc ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + rrrrooooooootttt pppprrrreeeeeeeexxxxeeeecccc ((((SSSS)))) + This is the same as the _p_r_e_e_x_e_c parameter except that + the command is run as root. This is useful for mounting + filesystems (such as CDROMs) when a connection is + opened. + + See also _p_r_e_e_x_e_c and _p_r_e_e_x_e_c _c_l_o_s_e. + + Default: rrrrooooooootttt pppprrrreeeeeeeexxxxeeeecccc ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + rrrrooooooootttt pppprrrreeeeeeeexxxxeeeecccc cccclllloooosssseeee ((((SSSS)))) + This is the same as the _p_r_e_e_x_e_c _c_l_o_s_e parameter except + that the command is run as root. + + See also _p_r_e_e_x_e_c and _p_r_e_e_x_e_c _c_l_o_s_e. + + Default: rrrrooooooootttt pppprrrreeeeeeeexxxxeeeecccc cccclllloooosssseeee ==== nnnnoooo + + sssseeeeccccuuuurrrriiiittttyyyy ((((GGGG)))) + This option affects how clients respond to Samba and is + one of the most important settings in the _s_m_b._c_o_n_f + file. + + The option sets the "security mode bit" in replies to + protocol negotiations with smbd(8) + to turn share level security on or off. Clients decide + based on this bit whether (and how) to transfer user + and password information to the server. + + The default is sssseeeeccccuuuurrrriiiittttyyyy ==== uuuusssseeeerrrr, as this is the most + common setting needed when talking to Windows 98 and + Windows NT. + + The alternatives are sssseeeeccccuuuurrrriiiittttyyyy ==== sssshhhhaaaarrrreeee, sssseeeeccccuuuurrrriiiittttyyyy ==== + sssseeeerrrrvvvveeeerrrr or sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn . + + In versions of Samba prior to 2.0.0, the default was + sssseeeeccccuuuurrrriiiittttyyyy ==== sssshhhhaaaarrrreeee mainly because that was the only + option at one stage. + + There is a bug in WfWg that has relevance to this + setting. When in user or server level security a WfWg + client will totally ignore the password you type in the + "connect drive" dialog box. This makes it very + difficult (if not impossible) to connect to a Samba + service as anyone except the user that you are logged + + + + Page 106 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + into WfWg as. + + If your PCs use usernames that are the same as their + usernames on the UNIX machine then you will want to use + sssseeeeccccuuuurrrriiiittttyyyy ==== uuuusssseeeerrrr. If you mostly use usernames that don't + exist on the UNIX box then use sssseeeeccccuuuurrrriiiittttyyyy ==== sssshhhhaaaarrrreeee. + + You should also use sssseeeeccccuuuurrrriiiittttyyyy ==== sssshhhhaaaarrrreeee if you want to + mainly setup shares without a password (guest shares). + This is commonly used for a shared printer server. It + is more difficult to setup guest shares with sssseeeeccccuuuurrrriiiittttyyyy ==== + uuuusssseeeerrrr, see the _m_a_p _t_o _g_u_e_s_t parameter for details. + + It is possible to use ssssmmmmbbbbdddd in a hhhhyyyybbbbrrrriiiidddd mmmmooooddddeeee where it + is offers both user and share level security under + different _N_e_t_B_I_O_S _a_l_i_a_s_e_s. + + The different settings will now be explained. + + SSSSEEEECCCCUUUURRRRIIIITTTTYYYY ==== SSSSHHHHAAAARRRREEEE + + When clients connect to a share level security server + they need not log onto the server with a valid username + and password before attempting to connect to a shared + resource (although modern clients such as Windows 95/98 + and Windows NT will send a logon request with a + username but no password when talking to a sssseeeeccccuuuurrrriiiittttyyyy ==== + sssshhhhaaaarrrreeee server). Instead, the clients send authentication + information (passwords) on a per-share basis, at the + time they attempt to connect to that share. + + Note that ssssmmmmbbbbdddd AAAALLLLWWWWAAAAYYYYSSSS uses a valid UNIX user to act on + behalf of the client, even in sssseeeeccccuuuurrrriiiittttyyyy ==== sssshhhhaaaarrrreeee level + security. + + As clients are not required to send a username to the + server in share level security, ssssmmmmbbbbdddd uses several + techniques to determine the correct UNIX user to use on + behalf of the client. + + A list of possible UNIX usernames to match with the + given client password is constructed using the + following methods : + + o+ If the _g_u_e_s_t _o_n_l_y parameter is set, then all the + other stages are missed and only the _g_u_e_s_t _a_c_c_o_u_n_t + username is checked. + + o+ Is a username is sent with the share connection + request, then this username (after mapping - see + _u_s_e_r_n_a_m_e _m_a_p), is added as a potential username. + + + + + Page 107 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ If the client did a previous llllooooggggoooonnnn request (the + SessionSetup SMB call) then the username sent in this + SMB will be added as a potential username. + + o+ The name of the service the client requested is added + as a potential username. + + o+ The NetBIOS name of the client is added to the list + as a potential username. + + o+ Any users on the _u_s_e_r list are added as potential + usernames. + + If the _g_u_e_s_t _o_n_l_y parameter is not set, then this list is + then tried with the supplied password. The first user for + whom the password matches will be used as the UNIX user. + + If the _g_u_e_s_t _o_n_l_y parameter is set, or no username can be + determined then if the share is marked as available to the + _g_u_e_s_t _a_c_c_o_u_n_t, then this guest user will be used, otherwise + access is denied. + + Note that it can be vvvveeeerrrryyyy confusing in share-level security + as to which UNIX username will eventually be used in + granting access. + + See also the section NOTE ABOUT USERNAME/PASSWORD + VALIDATION. + + SSSSEEEECCCCUUUURRRRIIIITTTTYYYY ==== UUUUSSSSEEEERRRR + + This is the default security setting in Samba 2.2. With + user-level security a client must first "log-on" with a + valid username and password (which can be mapped using the + _u_s_e_r_n_a_m_e _m_a_p parameter). Encrypted passwords (see the + _e_n_c_r_y_p_t_e_d _p_a_s_s_w_o_r_d_s parameter) can also be used in this + security mode. Parameters such as _u_s_e_r and _g_u_e_s_t _o_n_l_y if + set are then applied and may change the UNIX user to use on + this connection, but only after the user has been + successfully authenticated. + + NNNNooootttteeee that the name of the resource being requested is nnnnooootttt + sent to the server until after the server has successfully + authenticated the client. This is why guest shares don't + work in user level security without allowing the server to + automatically map unknown users into the _g_u_e_s_t _a_c_c_o_u_n_t. See + the _m_a_p _t_o _g_u_e_s_t parameter for details on doing this. + + See also the section NOTE ABOUT USERNAME/PASSWORD + VALIDATION. + + SSSSEEEECCCCUUUURRRRIIIITTTTYYYY ==== SSSSEEEERRRRVVVVEEEERRRR + + + + Page 108 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + In this mode Samba will try to validate the + username/password by passing it to another SMB server, such + as an NT box. If this fails it will revert to sssseeeeccccuuuurrrriiiittttyyyy ==== + uuuusssseeeerrrr, but note that if encrypted passwords have been + negotiated then Samba cannot revert back to checking the + UNIX password file, it must have a valid _s_m_b_p_a_s_s_w_d file to + check users against. See the documentation file in the _d_o_c_s/ + directory _E_N_C_R_Y_P_T_I_O_N._t_x_t for details on how to set this up. + + NNNNooootttteeee that from the client's point of view sssseeeeccccuuuurrrriiiittttyyyy ==== sssseeeerrrrvvvveeeerrrr + is the same as sssseeeeccccuuuurrrriiiittttyyyy ==== uuuusssseeeerrrr. It only affects how the + server deals with the authentication, it does not in any way + affect what the client sees. + + NNNNooootttteeee that the name of the resource being requested is nnnnooootttt + sent to the server until after the server has successfully + authenticated the client. This is why guest shares don't + work in user level security without allowing the server to + automatically map unknown users into the _g_u_e_s_t _a_c_c_o_u_n_t. See + the _m_a_p _t_o _g_u_e_s_t parameter for details on doing this. + + See also the section NOTE ABOUT USERNAME/PASSWORD + VALIDATION. + + See also the _p_a_s_s_w_o_r_d _s_e_r_v_e_r parameter and the _e_n_c_r_y_p_t_e_d + _p_a_s_s_w_o_r_d_s parameter. + + SSSSEEEECCCCUUUURRRRIIIITTTTYYYY ==== DDDDOOOOMMMMAAAAIIIINNNN + + This mode will only work correctly if smbpasswd(8) has been + used to add this machine into a Windows NT Domain. It + expects the _e_n_c_r_y_p_t_e_d _p_a_s_s_w_o_r_d_s parameter to be set to yes. + In this mode Samba will try to validate the + username/password by passing it to a Windows NT Primary or + Backup Domain Controller, in exactly the same way that a + Windows NT Server would do. + + NNNNooootttteeee that a valid UNIX user must still exist as well as the + account on the Domain Controller to allow Samba to have a + valid UNIX account to map file access to. + + NNNNooootttteeee that from the client's point of view sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn + is the same as sssseeeeccccuuuurrrriiiittttyyyy ==== uuuusssseeeerrrr . It only affects how the + server deals with the authentication, it does not in any way + affect what the client sees. + + NNNNooootttteeee that the name of the resource being requested is nnnnooootttt + sent to the server until after the server has successfully + authenticated the client. This is why guest shares don't + work in user level security without allowing the server to + automatically map unknown users into the _g_u_e_s_t _a_c_c_o_u_n_t. See + the _m_a_p _t_o _g_u_e_s_t parameter for details on doing this. + + + + Page 109 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + BBBBUUUUGGGG:::: There is currently a bug in the implementation of + sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn with respect to multi-byte character set + usernames. The communication with a Domain Controller must + be done in UNICODE and Samba currently does not widen + multi-byte user names to UNICODE correctly, thus a multi- + byte username will not be recognized correctly at the Domain + Controller. This issue will be addressed in a future + release. + + See also the section NOTE ABOUT USERNAME/PASSWORD + VALIDATION. + + See also the _p_a_s_s_w_o_r_d _s_e_r_v_e_r parameter and the _e_n_c_r_y_p_t_e_d + _p_a_s_s_w_o_r_d_s parameter. + + Default: sssseeeeccccuuuurrrriiiittttyyyy ==== UUUUSSSSEEEERRRR + + Example: sssseeeeccccuuuurrrriiiittttyyyy ==== DDDDOOOOMMMMAAAAIIIINNNN + + sssseeeeccccuuuurrrriiiittttyyyy mmmmaaaasssskkkk ((((SSSS)))) + This parameter controls what UNIX permission bits can + be modified when a Windows NT client is manipulating + the UNIX permission on a file using the native NT + security dialog box. + + This parameter is applied as a mask (AND'ed with) to + the changed permission bits, thus preventing any bits + not in this mask from being modified. Essentially, zero + bits in this mask may be treated as a set of bits the + user is not allowed to change. + + If not set explicitly this parameter is 0777, allowing + a user to modify all the user/group/world permissions + on a file. + + NNNNooootttteeee that users who can access the Samba server through + other means can easily bypass this restriction, so it + is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably + want to leave it set to 0777. + + See also the _f_o_r_c_e _d_i_r_e_c_t_o_r_y _s_e_c_u_r_i_t_y _m_o_d_e, _d_i_r_e_c_t_o_r_y + _s_e_c_u_r_i_t_y _m_a_s_k, _f_o_r_c_e _s_e_c_u_r_i_t_y _m_o_d_e parameters. + + Default: sssseeeeccccuuuurrrriiiittttyyyy mmmmaaaasssskkkk ==== 0000777777777777 + + Example: sssseeeeccccuuuurrrriiiittttyyyy mmmmaaaasssskkkk ==== 0000777777770000 + + sssseeeerrrrvvvveeeerrrr ssssttttrrrriiiinnnngggg ((((GGGG)))) + This controls what string will show up in the printer + comment box in print manager and next to the IPC + connection in nnnneeeetttt vvvviiiieeeewwww. It can be any string that you + + + + Page 110 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + wish to show to your users. + + It also sets what will appear in browse lists next to + the machine name. + + A %_v will be replaced with the Samba version number. + + A %_h will be replaced with the hostname. + + Default: sssseeeerrrrvvvveeeerrrr ssssttttrrrriiiinnnngggg ==== SSSSaaaammmmbbbbaaaa %%%%vvvv + + Example: sssseeeerrrrvvvveeeerrrr ssssttttrrrriiiinnnngggg ==== UUUUnnnniiiivvvveeeerrrrssssiiiittttyyyy ooooffff GGGGNNNNUUUUssss SSSSaaaammmmbbbbaaaa + SSSSeeeerrrrvvvveeeerrrr + + sssseeeetttt ddddiiiirrrreeeeccccttttoooorrrryyyy ((((SSSS)))) + If sssseeeetttt ddddiiiirrrreeeeccccttttoooorrrryyyy ==== nnnnoooo, then users of the service may + not use the setdir command to change directory. + + The sssseeeettttddddiiiirrrr command is only implemented in the Digital + Pathworks client. See the Pathworks documentation for + details. + + Default: sssseeeetttt ddddiiiirrrreeeeccccttttoooorrrryyyy ==== nnnnoooo + + sssshhhhaaaarrrreeee mmmmooooddddeeeessss ((((SSSS)))) + This enables or disables the honoring of the _s_h_a_r_e + _m_o_d_e_s during a file open. These modes are used by + clients to gain exclusive read or write access to a + file. + + These open modes are not directly supported by UNIX, so + they are simulated using shared memory, or lock files + if your UNIX doesn't support shared memory (almost all + do). + + The share modes that are enabled by this option are + DENY_DOS, DENY_ALL, DENY_READ, DENY_WRITE, DENY_NONE + and DENY_FCB. + + This option gives full share compatibility and enabled + by default. + + You should NNNNEEEEVVVVEEEERRRR turn this parameter off as many + Windows applications will break if you do so. + + Default: sssshhhhaaaarrrreeee mmmmooooddddeeeessss ==== yyyyeeeessss + + sssshhhhoooorrrrtttt pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ((((SSSS)))) + This boolean parameter controls if new files which + conform to 8.3 syntax, that is all in upper case and of + suitable length, are created upper case, or if they are + forced to be the _d_e_f_a_u_l_t _c_a_s_e . This option can be use + + + + Page 111 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + with pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ==== yyyyeeeessss to permit long filenames to + retain their case, while short names are lowered. + + See the section on NAME MANGLING. + + Default: sssshhhhoooorrrrtttt pppprrrreeeesssseeeerrrrvvvveeee ccccaaaasssseeee ==== yyyyeeeessss + + sssshhhhoooowwww aaaadddddddd pppprrrriiiinnnntttteeeerrrr wwwwiiiizzzzaaaarrrrdddd ((((GGGG)))) + With the introduction of MS-RPC based printing support + for Windows NT/2000 client in Samba 2.2, a + "Printers..." folder will appear on Samba hosts in the + share listing. Normally this folder will contain an + icon for the MS Add Printer Wizard (APW). However, it + is possible to disable this feature regardless of the + level of privilege of the connected user. + + Under normal circumstances, the Windows NT/2000 client + will open a handle on the printer server with + OpenPrinterEx() asking for Administrator privileges. If + the user does not have administrative access on the + print server (i.e is not root or a member of the + _p_r_i_n_t_e_r _a_d_m_i_n group), the OpenPrinterEx() call fails + and the client makes another open call with a request + for a lower privilege level. This should succeed, + however the APW icon will not be displayed. + + Disabling the _s_h_o_w _a_d_d _p_r_i_n_t_e_r _w_i_z_a_r_d parameter will + always cause the OpenPrinterEx() on the server to fail. + Thus the APW icon will never be displayed. NNNNooootttteeee ::::This + does not prevent the same user from having + administrative privilege on an individual printer. + + See also _a_d_d_p_r_i_n_t_e_r _c_o_m_m_a_n_d, _d_e_l_e_t_e_p_r_i_n_t_e_r _c_o_m_m_a_n_d, + _p_r_i_n_t_e_r _a_d_m_i_n + + Default :sssshhhhoooowwww aaaadddddddd pppprrrriiiinnnntttteeeerrrr wwwwiiiizzzzaaaarrrrdddd ==== yyyyeeeessss + + ssssmmmmbbbb ppppaaaasssssssswwwwdddd ffffiiiilllleeee ((((GGGG)))) + This option sets the path to the encrypted smbpasswd + file. By default the path to the smbpasswd file is + compiled into Samba. + + Default: ssssmmmmbbbb ppppaaaasssssssswwwwdddd ffffiiiilllleeee ==== $$$${{{{pppprrrreeeeffffiiiixxxx}}}}////pppprrrriiiivvvvaaaatttteeee////ssssmmmmbbbbppppaaaasssssssswwwwdddd + + Example: ssssmmmmbbbb ppppaaaasssssssswwwwdddd ffffiiiilllleeee ==== ////eeeettttcccc////ssssaaaammmmbbbbaaaa////ssssmmmmbbbbppppaaaasssssssswwwwdddd + + ssssoooocccckkkkeeeetttt aaaaddddddddrrrreeeessssssss ((((GGGG)))) + This option allows you to control what address Samba + will listen for connections on. This is used to support + multiple virtual interfaces on the one server, each + with a different configuration. + + + + + Page 112 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + By default Samba will accept connections on any + address. + + Example: ssssoooocccckkkkeeeetttt aaaaddddddddrrrreeeessssssss ==== 111199992222....111166668888....2222....22220000 + + ssssoooocccckkkkeeeetttt ooooppppttttiiiioooonnnnssss ((((GGGG)))) + This option allows you to set socket options to be used + when talking with the client. + + Socket options are controls on the networking layer of + the operating systems which allow the connection to be + tuned. + + This option will typically be used to tune your Samba + server for optimal performance for your local network. + There is no way that Samba can know what the optimal + parameters are for your net, so you must experiment and + choose them yourself. We strongly suggest you read the + appropriate documentation for your operating system + first (perhaps mmmmaaaannnn sssseeeettttssssoooocccckkkkoooopppptttt will help). + + You may find that on some systems Samba will say + "Unknown socket option" when you supply an option. This + means you either incorrectly typed it or you need to + add an include file to includes.h for your OS. If the + latter is the case please send the patch to + samba@samba.org <URL:mailto:samba@samba.org>. + + Any of the supported socket options may be combined in + any way you like, as long as your OS allows it. + + This is the list of socket options currently settable + using this option: + + o+ SO_KEEPALIVE + + o+ SO_REUSEADDR + + o+ SO_BROADCAST + + o+ TCP_NODELAY + + o+ IPTOS_LOWDELAY + + o+ IPTOS_THROUGHPUT + + o+ SO_SNDBUF * + + o+ SO_RCVBUF * + + o+ SO_SNDLOWAT * + + + + + Page 113 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ SO_RCVLOWAT * + + Those marked with a ''''****'''' take an integer argument. The others + can optionally take a 1 or 0 argument to enable or disable + the option, by default they will be enabled if you don't + specify 1 or 0. + + To specify an argument use the syntax SOME_OPTION = VALUE + for example SSSSOOOO____SSSSNNNNDDDDBBBBUUUUFFFF ==== 8888111199992222. Note that you must not have + any spaces before or after the = sign. + + If you are on a local network then a sensible option might + be + + ssssoooocccckkkkeeeetttt ooooppppttttiiiioooonnnnssss ==== IIIIPPPPTTTTOOOOSSSS____LLLLOOOOWWWWDDDDEEEELLLLAAAAYYYY + + If you have a local network then you could try: + + ssssoooocccckkkkeeeetttt ooooppppttttiiiioooonnnnssss ==== IIIIPPPPTTTTOOOOSSSS____LLLLOOOOWWWWDDDDEEEELLLLAAAAYYYY TTTTCCCCPPPP____NNNNOOOODDDDEEEELLLLAAAAYYYY + + If you are on a wide area network then perhaps try setting + IPTOS_THROUGHPUT. + + Note that several of the options may cause your Samba server + to fail completely. Use these options with caution! + + Default: ssssoooocccckkkkeeeetttt ooooppppttttiiiioooonnnnssss ==== TTTTCCCCPPPP____NNNNOOOODDDDEEEELLLLAAAAYYYY + + Example: ssssoooocccckkkkeeeetttt ooooppppttttiiiioooonnnnssss ==== IIIIPPPPTTTTOOOOSSSS____LLLLOOOOWWWWDDDDEEEELLLLAAAAYYYY + + ssssoooouuuurrrrcccceeee eeeennnnvvvviiiirrrroooonnnnmmmmeeeennnntttt ((((GGGG)))) + This parameter causes Samba to set environment + variables as per the content of the file named. + + If the value of this parameter starts with a "|" + character then Samba will treat that value as a pipe + command to open and will set the environment variables + from the output of the pipe. + + The contents of the file or the output of the pipe + should be formatted as the output of the standard Unix + eeeennnnvvvv((((1111)))) command. This is of the form : + + Example environment entry: + + SSSSAAAAMMMMBBBBAAAA____NNNNEEEETTTTBBBBIIIIOOOOSSSS____NNNNAAAAMMMMEEEE ==== mmmmyyyyhhhhoooossssttttnnnnaaaammmmeeee + + Default: NNNNoooo ddddeeeeffffaaaauuuulllltttt vvvvaaaalllluuuueeee + + Examples: ssssoooouuuurrrrcccceeee eeeennnnvvvviiiirrrroooonnnnmmmmeeeennnntttt ==== ||||////eeeettttcccc////ssssmmmmbbbb....ccccoooonnnnffff....sssshhhh + + Example: ssssoooouuuurrrrcccceeee eeeennnnvvvviiiirrrroooonnnnmmmmeeeennnntttt ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssmmmmbbbb____eeeennnnvvvv____vvvvaaaarrrrssss + + + + Page 114 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + ssssssssllll ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + This variable enables or disables the entire SSL mode. + If it is set to no, the SSL-enabled Samba behaves + exactly like the non-SSL Samba. If set to yes, it + depends on the variables _s_s_l _h_o_s_t_s and _s_s_l _h_o_s_t_s + _r_e_s_i_g_n whether an SSL connection will be required. + + Default: ssssssssllll ==== nnnnoooo + + ssssssssllll CCCCAAAA cccceeeerrrrttttDDDDiiiirrrr ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + This variable defines where to look up the + Certification Authorities. The given directory should + contain one file for each CA that Samba will trust. The + file name must be the hash value over the + "Distinguished Name" of the CA. How this directory is + set up is explained later in this document. All files + within the directory that don't fit into this naming + scheme are ignored. You don't need this variable if you + don't verify client certificates. + + Default: ssssssssllll CCCCAAAA cccceeeerrrrttttDDDDiiiirrrr ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssssssllll////cccceeeerrrrttttssss + + ssssssssllll CCCCAAAA cccceeeerrrrttttFFFFiiiilllleeee ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + This variable is a second way to define the trusted + CAs. The certificates of the trusted CAs are collected + in one big file and this variable points to the file. + You will probably only use one of the two ways to + define your CAs. The first choice is preferable if you + have many CAs or want to be flexible, the second is + preferable if you only have one CA and want to keep + things simple (you won't need to create the hashed file + names). You don't need this variable if you don't + verify client certificates. + + Default: ssssssssllll CCCCAAAA cccceeeerrrrttttFFFFiiiilllleeee ==== + ////uuuussssrrrr////llllooooccccaaaallll////ssssssssllll////cccceeeerrrrttttssss////ttttrrrruuuusssstttteeeeddddCCCCAAAAssss....ppppeeeemmmm + + + + + Page 115 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + ssssssssllll cccciiiipppphhhheeeerrrrssss ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + This variable defines the ciphers that should be + offered during SSL negotiation. You should not set this + variable unless you know what you are doing. + + ssssssssllll cccclllliiiieeeennnntttt cccceeeerrrrtttt ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + The certificate in this file is used by ssssmmmmbbbbcccclllliiiieeeennnntttt((((1111)))) + if it exists. It's needed if the server requires a + client certificate. + + Default: ssssssssllll cccclllliiiieeeennnntttt cccceeeerrrrtttt ==== + ////uuuussssrrrr////llllooooccccaaaallll////ssssssssllll////cccceeeerrrrttttssss////ssssmmmmbbbbcccclllliiiieeeennnntttt....ppppeeeemmmm + + ssssssssllll cccclllliiiieeeennnntttt kkkkeeeeyyyy ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + This is the private key for ssssmmmmbbbbcccclllliiiieeeennnntttt((((1111)))) It's only + needed if the client should have a certificate. + + Default: ssssssssllll cccclllliiiieeeennnntttt kkkkeeeeyyyy ==== + ////uuuussssrrrr////llllooooccccaaaallll////ssssssssllll////pppprrrriiiivvvvaaaatttteeee////ssssmmmmbbbbcccclllliiiieeeennnntttt....ppppeeeemmmm + + ssssssssllll ccccoooommmmppppaaaattttiiiibbbbiiiilllliiiittttyyyy ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + This variable defines whether OpenSSL should be + configured for bug compatibility with other SSL + implementations. This is probably not desirable because + currently no clients with SSL implementations other + than OpenSSL exist. + + Default: ssssssssllll ccccoooommmmppppaaaattttiiiibbbbiiiilllliiiittttyyyy ==== nnnnoooo + + ssssssssllll eeeeggggdddd ssssoooocccckkkkeeeetttt ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + + + + Page 116 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + This option is used to define the location of the + communiation socket of an EGD or PRNGD daemon, from + which entropy can be retrieved. This option can be used + instead of or together with the _s_s_l _e_n_t_r_o_p_y _f_i_l_e + directive. 255 bytes of entropy will be retrieved from + the daemon. + + Default: nnnnoooonnnneeee + + ssssssssllll eeeennnnttttrrrrooooppppyyyy bbbbyyyytttteeeessss ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + This parameter is used to define the number of bytes + which should be read from the _s_s_l _e_n_t_r_o_p_y _f_i_l_e If a -1 + is specified, the entire file will be read. + + Default: ssssssssllll eeeennnnttttrrrrooooppppyyyy bbbbyyyytttteeeessss ==== 222255555555 + + ssssssssllll eeeennnnttttrrrrooooppppyyyy ffffiiiilllleeee ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + This parameter is used to specify a file from which + processes will read "random bytes" on startup. In order + to seed the internal pseudo random number generator, + entropy must be provided. On system with a /_d_e_v/_u_r_a_n_d_o_m + device file, the processes will retrieve its entropy + from the kernel. On systems without kernel entropy + support, a file can be supplied that will be read on + startup and that will be used to seed the PRNG. + + Default: nnnnoooonnnneeee + + ssssssssllll hhhhoooossssttttssss ((((GGGG)))) + See _s_s_l _h_o_s_t_s _r_e_s_i_g_n. + + ssssssssllll hhhhoooossssttttssss rrrreeeessssiiiiggggnnnn ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + These two variables define whether Samba will go into + SSL mode or not. If none of them is defined, Samba will + + + + Page 117 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + allow only SSL connections. If the _s_s_l _h_o_s_t_s variable + lists hosts (by IP-address, IP-address range, net group + or name), only these hosts will be forced into SSL + mode. If the _s_s_l _h_o_s_t_s _r_e_s_i_g_n variable lists hosts, + only these hosts will NNNNOOOOTTTT be forced into SSL mode. The + syntax for these two variables is the same as for the + _h_o_s_t_s _a_l_l_o_w and _h_o_s_t_s _d_e_n_y pair of variables, only + that the subject of the decision is different: It's not + the access right but whether SSL is used or not. + + The example below requires SSL connections from all + hosts outside the local net (which is 192.168.*.*). + + Default: ssssssssllll hhhhoooossssttttssss ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + ssssssssllll hhhhoooossssttttssss rrrreeeessssiiiiggggnnnn ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + Example: ssssssssllll hhhhoooossssttttssss rrrreeeessssiiiiggggnnnn ==== 111199992222....111166668888.... + + ssssssssllll rrrreeeeqqqquuuuiiiirrrreeee cccclllliiiieeeennnnttttcccceeeerrrrtttt ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + If this variable is set to yes, the server will not + tolerate connections from clients that don't have a + valid certificate. The directory/file given in _s_s_l _C_A + _c_e_r_t_D_i_r and _s_s_l _C_A _c_e_r_t_F_i_l_e will be used to look up the + CAs that issued the client's certificate. If the + certificate can't be verified positively, the + connection will be terminated. If this variable is set + to no, clients don't need certificates. Contrary to web + applications you really sssshhhhoooouuuulllldddd require client + certificates. In the web environment the client's data + is sensitive (credit card numbers) and the server must + prove to be trustworthy. In a file server environment + the server's data will be sensitive and the clients + must prove to be trustworthy. + + Default: ssssssssllll rrrreeeeqqqquuuuiiiirrrreeee cccclllliiiieeeennnnttttcccceeeerrrrtttt ==== nnnnoooo + + ssssssssllll rrrreeeeqqqquuuuiiiirrrreeee sssseeeerrrrvvvveeeerrrrcccceeeerrrrtttt ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + If this variable is set to yes, the ssssmmmmbbbbcccclllliiiieeeennnntttt((((1111)))) + will request a certificate from the server. Same as + _s_s_l _r_e_q_u_i_r_e _c_l_i_e_n_t_c_e_r_t for the server. + + + + + Page 118 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Default: ssssssssllll rrrreeeeqqqquuuuiiiirrrreeee sssseeeerrrrvvvveeeerrrrcccceeeerrrrtttt ==== nnnnoooo + + ssssssssllll sssseeeerrrrvvvveeeerrrr cccceeeerrrrtttt ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + This is the file containing the server's certificate. + The server mmmmuuuusssstttt have a certificate. The file may also + contain the server's private key. See later for how + certificates and private keys are created. + + Default: ssssssssllll sssseeeerrrrvvvveeeerrrr cccceeeerrrrtttt ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + ssssssssllll sssseeeerrrrvvvveeeerrrr kkkkeeeeyyyy ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + This file contains the private key of the server. If + this variable is not defined, the key is looked up in + the certificate file (it may be appended to the + certificate). The server mmmmuuuusssstttt have a private key and + the certificate mmmmuuuusssstttt match this private key. + + Default: ssssssssllll sssseeeerrrrvvvveeeerrrr kkkkeeeeyyyy ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + ssssssssllll vvvveeeerrrrssssiiiioooonnnn ((((GGGG)))) + This variable is part of SSL-enabled Samba. This is + only available if the SSL libraries have been compiled + on your system and the configure option --------wwwwiiiitttthhhh----ssssssssllll was + given at configure time. + + This enumeration variable defines the versions of the + SSL protocol that will be used. ssl2or3 allows dynamic + negotiation of SSL v2 or v3, ssl2 results in SSL v2, + ssl3 results in SSL v3 and tls1 results in TLS v1. TLS + (Transport Layer Security) is the new standard for SSL. + + Default: ssssssssllll vvvveeeerrrrssssiiiioooonnnn ==== """"ssssssssllll2222oooorrrr3333"""" + + ssssttttaaaatttt ccccaaaacccchhhheeee ((((GGGG)))) + This parameter determines if smbd(8) will use a cache + in order to speed up case insensitive name mappings. + You should never need to change this parameter. + + Default: ssssttttaaaatttt ccccaaaacccchhhheeee ==== yyyyeeeessss + + ssssttttaaaatttt ccccaaaacccchhhheeee ssssiiiizzzzeeee ((((GGGG)))) + This parameter determines the number of entries in the + + + + Page 119 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + _s_t_a_t _c_a_c_h_e. You should never need to change this + parameter. + + Default: ssssttttaaaatttt ccccaaaacccchhhheeee ssssiiiizzzzeeee ==== 55550000 + + ssssttttaaaattttuuuussss ((((GGGG)))) + This enables or disables logging of connections to a + status file that smbstatus(1) can read. + + With this disabled ssssmmmmbbbbssssttttaaaattttuuuussss won't be able to tell you + what connections are active. You should never need to + change this parameter. + + Default: ssssttttaaaattttuuuussss ==== yyyyeeeessss + + ssssttttrrrriiiicccctttt aaaallllllllooooccccaaaatttteeee ((((SSSS)))) + This is a boolean that controls the handling of disk + space allocation in the server. When this is set to yes + the server will change from UNIX behaviour of not + committing real disk storage blocks when a file is + extended to the Windows behaviour of actually forcing + the disk system to allocate real storage blocks when a + file is created or extended to be a given size. In UNIX + terminology this means that Samba will stop creating + sparse files. This can be slow on some systems. + + When strict allocate is no the server does sparse disk + block allocation when a file is extended. + + Setting this to yes can help Samba return out of quota + messages on systems that are restricting the disk quota + of users. + + Default: ssssttttrrrriiiicccctttt aaaallllllllooooccccaaaatttteeee ==== nnnnoooo + + ssssttttrrrriiiicccctttt lllloooocccckkkkiiiinnnngggg ((((SSSS)))) + This is a boolean that controls the handling of file + locking in the server. When this is set to yes the + server will check every read and write access for file + locks, and deny access if locks exist. This can be slow + on some systems. + + When strict locking is no the server does file lock + checks only when the client explicitly asks for them. + + Well-behaved clients always ask for lock checks when it + is important, so in the vast majority of cases ssssttttrrrriiiicccctttt + lllloooocccckkkkiiiinnnngggg ==== nnnnoooo is preferable. + + Default: ssssttttrrrriiiicccctttt lllloooocccckkkkiiiinnnngggg ==== nnnnoooo + + ssssttttrrrriiiicccctttt ssssyyyynnnncccc ((((SSSS)))) + + + + Page 120 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Many Windows applications (including the Windows 98 + explorer shell) seem to confuse flushing buffer + contents to disk with doing a sync to disk. Under UNIX, + a sync call forces the process to be suspended until + the kernel has ensured that all outstanding data in + kernel disk buffers has been safely stored onto stable + storage. This is very slow and should only be done + rarely. Setting this parameter to no (the default) + means that smbd ignores the Windows applications + requests for a sync call. There is only a possibility + of losing data if the operating system itself that + Samba is running on crashes, so there is little danger + in this default setting. In addition, this fixes many + performance problems that people have reported with the + new Windows98 explorer shell file copies. + + See also the _s_y_n_c _a_l_w_a_y_s> parameter. + + Default: ssssttttrrrriiiicccctttt ssssyyyynnnncccc ==== nnnnoooo + + ssssttttrrrriiiipppp ddddooootttt ((((GGGG)))) + This parameter is now unused in Samba (2.2.5 and + above). It used strip trailing dots off UNIX filenames + but was not correctly implmented. In Samba 2.2.5 and + above UNIX filenames ending in a dot are invalid + Windows long filenames (as they are in Windows NT and + above) and are mangled to 8.3 before being returned to + a client. + + Default: ssssttttrrrriiiipppp ddddooootttt ==== nnnnoooo + + ssssyyyynnnncccc aaaallllwwwwaaaayyyyssss ((((SSSS)))) + This is a boolean parameter that controls whether + writes will always be written to stable storage before + the write call returns. If this is no then the server + will be guided by the client's request in each write + call (clients can set a bit indicating that a + particular write should be synchronous). If this is yes + then every write will be followed by a ffffssssyyyynnnncccc(((()))) call to + ensure the data is written to disk. Note that the + _s_t_r_i_c_t _s_y_n_c parameter must be set to yes in order for + this parameter to have any affect. + + See also the _s_t_r_i_c_t _s_y_n_c parameter. + + Default: ssssyyyynnnncccc aaaallllwwwwaaaayyyyssss ==== nnnnoooo + + ssssyyyysssslllloooogggg ((((GGGG)))) + This parameter maps how Samba debug messages are logged + onto the system syslog logging levels. Samba debug + level zero maps onto syslog LOG_ERR, debug level one + maps onto LOG_WARNING, debug level two maps onto + + + + Page 121 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + LOG_NOTICE, debug level three maps onto LOG_INFO. All + higher levels are mapped to LOG_DEBUG. + + This parameter sets the threshold for sending messages + to syslog. Only messages with debug level less than + this value will be sent to syslog. + + Default: ssssyyyysssslllloooogggg ==== 1111 + + ssssyyyysssslllloooogggg oooonnnnllllyyyy ((((GGGG)))) + If this parameter is set then Samba debug messages are + logged into the system syslog only, and not to the + debug log files. + + Default: ssssyyyysssslllloooogggg oooonnnnllllyyyy ==== nnnnoooo + + tttteeeemmmmppppllllaaaatttteeee hhhhoooommmmeeeeddddiiiirrrr ((((GGGG)))) + When filling out the user information for a Windows NT + user, the winbindd(8) daemon uses this parameter to + fill in the home directory for that user. If the string + %_D is present it is substituted with the user's Windows + NT domain name. If the string %_U is present it is + substituted with the user's Windows NT user name. + + Default: tttteeeemmmmppppllllaaaatttteeee hhhhoooommmmeeeeddddiiiirrrr ==== ////hhhhoooommmmeeee////%%%%DDDD////%%%%UUUU + + tttteeeemmmmppppllllaaaatttteeee sssshhhheeeellllllll ((((GGGG)))) + When filling out the user information for a Windows NT + user, the winbindd(8) daemon uses this parameter to + fill in the login shell for that user. + + Default: tttteeeemmmmppppllllaaaatttteeee sssshhhheeeellllllll ==== ////bbbbiiiinnnn////ffffaaaallllsssseeee + + ttttiiiimmmmeeee ooooffffffffsssseeeetttt ((((GGGG)))) + This parameter is a setting in minutes to add to the + normal GMT to local time conversion. This is useful if + you are serving a lot of PCs that have incorrect + daylight saving time handling. + + Default: ttttiiiimmmmeeee ooooffffffffsssseeeetttt ==== 0000 + + Example: ttttiiiimmmmeeee ooooffffffffsssseeeetttt ==== 66660000 + + ttttiiiimmmmeeee sssseeeerrrrvvvveeeerrrr ((((GGGG)))) + This parameter determines if nmbd(8) advertises itself + as a time server to Windows clients. + + Default: ttttiiiimmmmeeee sssseeeerrrrvvvveeeerrrr ==== nnnnoooo + + ttttiiiimmmmeeeessssttttaaaammmmpppp llllooooggggssss ((((GGGG)))) + Synonym for _d_e_b_u_g _t_i_m_e_s_t_a_m_p. + + + + + Page 122 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + ttttoooottttaaaallll pppprrrriiiinnnntttt jjjjoooobbbbssss ((((GGGG)))) + This parameter accepts an integer value which defines a + limit on the maximum number of print jobs that will be + accepted system wide at any given time. If a print job + is submitted by a client which will exceed this number, + then smbd will return an error indicating that no space + is available on the server. The default value of 0 + means that no such limit exists. This parameter can be + used to prevent a server from exceeding its capacity + and is designed as a printing throttle. See also _m_a_x + _p_r_i_n_t _j_o_b_s. + + Default: ttttoooottttaaaallll pppprrrriiiinnnntttt jjjjoooobbbbssss ==== 0000 + + Example: ttttoooottttaaaallll pppprrrriiiinnnntttt jjjjoooobbbbssss ==== 5555000000000000 + + uuuunnnniiiixxxx eeeexxxxtttteeeennnnssssiiiioooonnnnssss((((GGGG)))) + This boolean parameter controls whether Samba implments + the CIFS UNIX extensions, as defined by HP. These + extensions enable Samba to better serve UNIX CIFS + clients by supporting features such as symbolic links, + hard links, etc... These extensions require a + similarly enabled client, and are of no current use to + Windows clients. + + Default: uuuunnnniiiixxxx eeeexxxxtttteeeennnnssssiiiioooonnnnssss ==== nnnnoooo + + uuuunnnniiiixxxx ppppaaaasssssssswwwwoooorrrrdddd ssssyyyynnnncccc ((((GGGG)))) + This boolean parameter controls whether Samba attempts + to synchronize the UNIX password with the SMB password + when the encrypted SMB password in the smbpasswd file + is changed. If this is set to yes the program specified + in the _p_a_s_s_w_d _p_r_o_g_r_a_mparameter is called AAAASSSS RRRROOOOOOOOTTTT - to + allow the new UNIX password to be set without access to + the old UNIX password (as the SMB password change code + has no access to the old password cleartext, only the + new). + + See also _p_a_s_s_w_d _p_r_o_g_r_a_m, _p_a_s_s_w_d _c_h_a_t. + + Default: uuuunnnniiiixxxx ppppaaaasssssssswwwwoooorrrrdddd ssssyyyynnnncccc ==== nnnnoooo + + uuuuppppddddaaaatttteeee eeeennnnccccrrrryyyypppptttteeeedddd ((((GGGG)))) + This boolean parameter allows a user logging on with a + plaintext password to have their encrypted (hashed) + password in the smbpasswd file to be updated + automatically as they log on. This option allows a site + to migrate from plaintext password authentication + (users authenticate with plaintext password over the + wire, and are checked against a UNIX account database) + to encrypted password authentication (the SMB + challenge/response authentication mechanism) without + + + + Page 123 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + forcing all users to re-enter their passwords via + smbpasswd at the time the change is made. This is a + convenience option to allow the change over to + encrypted passwords to be made over a longer period. + Once all users have encrypted representations of their + passwords in the smbpasswd file this parameter should + be set to no. + + In order for this parameter to work correctly the + _e_n_c_r_y_p_t _p_a_s_s_w_o_r_d_s parameter must be set to no when this + parameter is set to yes. + + Note that even when this parameter is set a user + authenticating to ssssmmmmbbbbdddd must still enter a valid + password in order to connect correctly, and to update + their hashed (smbpasswd) passwords. + + Default: uuuuppppddddaaaatttteeee eeeennnnccccrrrryyyypppptttteeeedddd ==== nnnnoooo + + uuuusssseeee cccclllliiiieeeennnntttt ddddrrrriiiivvvveeeerrrr ((((SSSS)))) + This parameter applies only to Windows NT/2000 clients. + It has no affect on Windows 95/98/ME clients. When + serving a printer to Windows NT/2000 clients without + first installing a valid printer driver on the Samba + host, the client will be required to install a local + printer driver. From this point on, the client will + treat the print as a local printer and not a network + printer connection. This is much the same behavior that + will occur when ddddiiiissssaaaabbbblllleeee ssssppppoooooooollllssssssss ==== yyyyeeeessss. + + The differentiating factor is that under normal + circumstances, the NT/2000 client will attempt to open + the network printer using MS-RPC. The problem is that + because the client considers the printer to be local, + it will attempt to issue the OpenPrinterEx() call + requesting access rights associated with the logged on + user. If the user possesses local administator rights + but not root privilegde on the Samba host (often the + case), the OpenPrinterEx() call will fail. The result + is that the client will now display an "Access Denied; + Unable to connect" message in the printer queue window + (even though jobs may successfully be printed). + + If this parameter is enabled for a printer, then any + attempt to open the printer with the + PRINTER_ACCESS_ADMINISTER right is mapped to + PRINTER_ACCESS_USE instead. Thus allowing the + OpenPrinterEx() call to succeed. TTTThhhhiiiissss ppppaaaarrrraaaammmmeeeetttteeeerrrr MMMMUUUUSSSSTTTT + nnnnooootttt bbbbeeee aaaabbbblllleeee eeeennnnaaaabbbblllleeeedddd oooonnnn aaaa pppprrrriiiinnnntttt sssshhhhaaaarrrreeee wwwwhhhhiiiicccchhhh hhhhaaaassss vvvvaaaalllliiiidddd + pppprrrriiiinnnntttt ddddrrrriiiivvvveeeerrrr iiiinnnnssssttttaaaalllllllleeeedddd oooonnnn tttthhhheeee SSSSaaaammmmbbbbaaaa sssseeeerrrrvvvveeeerrrr.... + + See also disable spoolss + + + + Page 124 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Default: uuuusssseeee cccclllliiiieeeennnntttt ddddrrrriiiivvvveeeerrrr ==== nnnnoooo + + uuuusssseeee mmmmmmmmaaaapppp ((((GGGG)))) + This global parameter determines if the tdb internals + of Samba can depend on mmap working correctly on the + running system. Samba requires a coherent mmap/read- + write system memory cache. Currently only HPUX does not + have such a coherent cache, and so this parameter is + set to no by default on HPUX. On all other systems this + parameter should be left alone. This parameter is + provided to help the Samba developers track down + problems with the tdb internal code. + + Default: uuuusssseeee mmmmmmmmaaaapppp ==== yyyyeeeessss + + uuuusssseeee rrrrhhhhoooossssttttssss ((((GGGG)))) + If this global parameter is yes, it specifies that the + UNIX user's ._r_h_o_s_t_s file in their home directory will + be read to find the names of hosts and users who will + be allowed access without specifying a password. + + NNNNOOOOTTTTEEEE:::: The use of _u_s_e _r_h_o_s_t_s can be a major security + hole. This is because you are trusting the PC to supply + the correct username. It is very easy to get a PC to + supply a false username. I recommend that the _u_s_e + _r_h_o_s_t_s option be only used if you really know what you + are doing. + + Default: uuuusssseeee rrrrhhhhoooossssttttssss ==== nnnnoooo + + uuuusssseeeerrrr ((((SSSS)))) + Synonym for _u_s_e_r_n_a_m_e. + + uuuusssseeeerrrrssss ((((SSSS)))) + Synonym for _u_s_e_r_n_a_m_e. + + uuuusssseeeerrrrnnnnaaaammmmeeee ((((SSSS)))) + Multiple users may be specified in a comma-delimited + list, in which case the supplied password will be + tested against each username in turn (left to right). + + The _u_s_e_r_n_a_m_e line is needed only when the PC is unable + to supply its own username. This is the case for the + COREPLUS protocol or where your users have different + WfWg usernames to UNIX usernames. In both these cases + you may also be better using the \\server\share%user + syntax instead. + + The _u_s_e_r_n_a_m_e line is not a great solution in many cases + as it means Samba will try to validate the supplied + password against each of the usernames in the _u_s_e_r_n_a_m_e + line in turn. This is slow and a bad idea for lots of + + + + Page 125 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + users in case of duplicate passwords. You may get + timeouts or security breaches using this parameter + unwisely. + + Samba relies on the underlying UNIX security. This + parameter does not restrict who can login, it just + offers hints to the Samba server as to what usernames + might correspond to the supplied password. Users can + login as whoever they please and they will be able to + do no more damage than if they started a telnet + session. The daemon runs as the user that they log in + as, so they cannot do anything that user cannot do. + + To restrict a service to a particular set of users you + can use the _v_a_l_i_d _u_s_e_r_s parameter. + + If any of the usernames begin with a '@' then the name + will be looked up first in the NIS netgroups list (if + Samba is compiled with netgroup support), followed by a + lookup in the UNIX groups database and will expand to a + list of all users in the group of that name. + + If any of the usernames begin with a '+' then the name + will be looked up only in the UNIX groups database and + will expand to a list of all users in the group of that + name. + + If any of the usernames begin with a '&'then the name + will be looked up only in the NIS netgroups database + (if Samba is compiled with netgroup support) and will + expand to a list of all users in the netgroup group of + that name. + + Note that searching though a groups database can take + quite some time, and some clients may time out during + the search. + + See the section NOTE ABOUT USERNAME/PASSWORD VALIDATION + for more information on how this parameter determines + access to the services. + + Default: TTTThhhheeee gggguuuueeeesssstttt aaaaccccccccoooouuuunnnntttt iiiiffff aaaa gggguuuueeeesssstttt sssseeeerrrrvvvviiiicccceeee,,,, eeeellllsssseeee + <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>>.... + + Examples:uuuusssseeeerrrrnnnnaaaammmmeeee ==== ffffrrrreeeedddd,,,, mmmmaaaarrrryyyy,,,, jjjjaaaacccckkkk,,,, jjjjaaaannnneeee,,,, @@@@uuuusssseeeerrrrssss,,,, + @@@@ppppccccggggrrrroooouuuupppp + + uuuusssseeeerrrrnnnnaaaammmmeeee lllleeeevvvveeeellll ((((GGGG)))) + This option helps Samba to try and 'guess' at the real + UNIX username, as many DOS clients send an all- + uppercase username. By default Samba tries all + lowercase, followed by the username with the first + + + + Page 126 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + letter capitalized, and fails if the username is not + found on the UNIX machine. + + If this parameter is set to non-zero the behavior + changes. This parameter is a number that specifies the + number of uppercase combinations to try while trying to + determine the UNIX user name. The higher the number the + more combinations will be tried, but the slower the + discovery of usernames will be. Use this parameter when + you have strange usernames on your UNIX machine, such + as AstrangeUser . + + Default: uuuusssseeeerrrrnnnnaaaammmmeeee lllleeeevvvveeeellll ==== 0000 + + Example: uuuusssseeeerrrrnnnnaaaammmmeeee lllleeeevvvveeeellll ==== 5555 + + uuuusssseeeerrrrnnnnaaaammmmeeee mmmmaaaapppp ((((GGGG)))) + This option allows you to specify a file containing a + mapping of usernames from the clients to the server. + This can be used for several purposes. The most common + is to map usernames that users use on DOS or Windows + machines to those that the UNIX box uses. The other is + to map multiple users to a single username so that they + can more easily share files. + + The map file is parsed line by line. Each line should + contain a single UNIX username on the left then a '=' + followed by a list of usernames on the right. The list + of usernames on the right may contain names of the form + @group in which case they will match any UNIX username + in that group. The special client name '*' is a + wildcard and matches any name. Each line of the map + file may be up to 1023 characters long. + + The file is processed on each line by taking the + supplied username and comparing it with each username + on the right hand side of the '=' signs. If the + supplied name matches any of the names on the right + hand side then it is replaced with the name on the + left. Processing then continues with the next line. + + If any line begins with a '#' or a ';' then it is + ignored + + If any line begins with an '!' then the processing will + stop after that line if a mapping was done by the line. + Otherwise mapping continues with every line being + processed. Using '!' is most useful when you have a + wildcard mapping line later in the file. + + For example to map from the name admin or administrator + to the UNIX name root you would use: + + + + Page 127 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + rrrrooooooootttt ==== aaaaddddmmmmiiiinnnn aaaaddddmmmmiiiinnnniiiissssttttrrrraaaattttoooorrrr + + Or to map anyone in the UNIX group system to the UNIX + name sys you would use: + + ssssyyyyssss ==== @@@@ssssyyyysssstttteeeemmmm + + You can have as many mappings as you like in a username + map file. + + If your system supports the NIS NETGROUP option then + the netgroup database is checked before the /_e_t_c/_g_r_o_u_p + database for matching groups. + + You can map Windows usernames that have spaces in them + by using double quotes around the name. For example: + + ttttrrrriiiiddddggggeeee ==== """"AAAAnnnnddddrrrreeeewwww TTTTrrrriiiiddddggggeeeellllllll"""" + + would map the windows username "Andrew Tridgell" to the + unix username "tridge". + + The following example would map mary and fred to the + unix user sys, and map the rest to guest. Note the use + of the '!' to tell Samba to stop processing if it gets + a match on that line. + + + !sys = mary fred + guest = * + + + + Note that the remapping is applied to all occurrences + of usernames. Thus if you connect to \\server\fred and + fred is remapped to mary then you will actually be + connecting to \\server\mary and will need to supply a + password suitable for mary not fred. The only exception + to this is the username passed to the _p_a_s_s_w_o_r_d _s_e_r_v_e_r + (if you have one). The password server will receive + whatever username the client supplies without + modification. + + Also note that no reverse mapping is done. The main + effect this has is with printing. Users who have been + mapped may have trouble deleting print jobs as + PrintManager under WfWg will think they don't own the + print job. + + Default: nnnnoooo uuuusssseeeerrrrnnnnaaaammmmeeee mmmmaaaapppp + + Example: uuuusssseeeerrrrnnnnaaaammmmeeee mmmmaaaapppp ==== ////uuuussssrrrr////llllooooccccaaaallll////ssssaaaammmmbbbbaaaa////lllliiiibbbb////uuuusssseeeerrrrssss....mmmmaaaapppp + + + + Page 128 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + uuuusssseeee sssseeeennnnddddffffiiiilllleeee ((((SSSS)))) + If this parameter is yes, and Samba was built with the + --with-sendfile-support option, and the underlying + operating system supports sendfile system call, then + some SMB read calls (mainly ReadAndX and ReadRaw) will + use the more efficient sendfile system call for files + that are exclusively oplocked. This may make more + efficient use of the system CPU's and cause Samba to be + faster. This is off by default as it's effects are + unknown as yet. + + Default: uuuusssseeee sssseeeennnnddddffffiiiilllleeee ==== nnnnoooo + + uuuuttttmmmmpppp ((((GGGG)))) + This boolean parameter is only available if Samba has + been configured and compiled with the option --------wwwwiiiitttthhhh---- + uuuuttttmmmmpppp. If set to yes then Samba will attempt to add utmp + or utmpx records (depending on the UNIX system) + whenever a connection is made to a Samba server. Sites + may use this to record the user connecting to a Samba + share. + + See also the _u_t_m_p _d_i_r_e_c_t_o_r_y parameter. + + Default: uuuuttttmmmmpppp ==== nnnnoooo + + uuuuttttmmmmpppp ddddiiiirrrreeeeccccttttoooorrrryyyy((((GGGG)))) + This parameter is only available if Samba has been + configured and compiled with the option --------wwwwiiiitttthhhh----uuuuttttmmmmpppp. + It specifies a directory pathname that is used to store + the utmp or utmpx files (depending on the UNIX system) + that record user connections to a Samba server. See + also the _u_t_m_p parameter. By default this is not set, + meaning the system will use whatever utmp file the + native system is set to use (usually /_v_a_r/_r_u_n/_u_t_m_p on + Linux). + + Default: nnnnoooo uuuuttttmmmmpppp ddddiiiirrrreeeeccccttttoooorrrryyyy + + vvvvaaaalllliiiidddd cccchhhhaaaarrrrssss ((((GGGG)))) + The option allows you to specify additional characters + that should be considered valid by the server in + filenames. This is particularly useful for national + character sets, such as adding u-umlaut or a-ring. + + The option takes a list of characters in either integer + or character form with spaces between them. If you give + two characters with a colon between them then it will + be taken as an lowercase:uppercase pair. + + If you have an editor capable of entering the + characters into the config file then it is probably + + + + Page 129 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + easiest to use this method. Otherwise you can specify + the characters in octal, decimal or hexadecimal form + using the usual C notation. + + For example to add the single character 'Z' to the + charset (which is a pointless thing to do as it's + already there) you could do one of the following + + + valid chars = Z + valid chars = z:Z + valid chars = 0132:0172 + + + + The last two examples above actually add two + characters, and alter the uppercase and lowercase + mappings appropriately. + + Note that you MMMMUUUUSSSSTTTT specify this parameter after the + _c_l_i_e_n_t _c_o_d_e _p_a_g_e parameter if you have both set. If + _c_l_i_e_n_t _c_o_d_e _p_a_g_e is set after the _v_a_l_i_d _c_h_a_r_s parameter + the _v_a_l_i_d _c_h_a_r_s settings will be overwritten. + + See also the _c_l_i_e_n_t _c_o_d_e _p_a_g_e parameter. + + Default: SSSSaaaammmmbbbbaaaa ddddeeeeffffaaaauuuullllttttssss ttttoooo uuuussssiiiinnnngggg aaaa rrrreeeeaaaassssoooonnnnaaaabbbblllleeee sssseeeetttt ooooffff + vvvvaaaalllliiiidddd cccchhhhaaaarrrraaaacccctttteeeerrrrssss ffffoooorrrr EEEEnnnngggglllliiiisssshhhh ssssyyyysssstttteeeemmmmssss + + Example: vvvvaaaalllliiiidddd cccchhhhaaaarrrrssss ==== 0000333344445555::::0000333300005555 0000333366666666::::0000333322226666 0000333344444444::::0000333300004444 + + The above example allows filenames to have the Swedish + characters in them. + + NNNNOOOOTTTTEEEE:::: It is actually quite difficult to correctly + produce a _v_a_l_i_d _c_h_a_r_s line for a particular system. To + automate the process tino@augsburg.net + <URL:mailto:tino@augsburg.net> has written a package + called vvvvaaaalllliiiiddddcccchhhhaaaarrrrssss which will automatically produce a + complete _v_a_l_i_d _c_h_a_r_s line for a given client system. + Look in the _e_x_a_m_p_l_e_s/_v_a_l_i_d_c_h_a_r_s/ subdirectory of your + Samba source code distribution for this package. + + vvvvaaaalllliiiidddd uuuusssseeeerrrrssss ((((SSSS)))) + This is a list of users that should be allowed to login + to this service. Names starting with '@', '+' and '&' + are interpreted using the same rules as described in + the _i_n_v_a_l_i_d _u_s_e_r_s parameter. + + If this is empty (the default) then any user can login. + If a username is in both this list and the _i_n_v_a_l_i_d + _u_s_e_r_s list then access is denied for that user. + + + + Page 130 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + The current servicename is substituted for %_S . This is + useful in the [homes] section. + + See also _i_n_v_a_l_i_d _u_s_e_r_s + + Default: NNNNoooo vvvvaaaalllliiiidddd uuuusssseeeerrrrssss lllliiiisssstttt ((((aaaannnnyyyyoooonnnneeee ccccaaaannnn llllooooggggiiiinnnn)))) + + Example: vvvvaaaalllliiiidddd uuuusssseeeerrrrssss ==== ggggrrrreeeegggg,,,, @@@@ppppccccuuuusssseeeerrrrssss + + vvvveeeettttoooo ffffiiiilllleeeessss((((SSSS)))) + This is a list of files and directories that are + neither visible nor accessible. Each entry in the list + must be separated by a '/', which allows spaces to be + included in the entry. '*' and '?' can be used to + specify multiple files or directories as in DOS + wildcards. + + Each entry must be a unix path, not a DOS path and must + nnnnooootttt include the unix directory separator '/'. + + Note that the _c_a_s_e _s_e_n_s_i_t_i_v_e option is applicable in + vetoing files. + + One feature of the veto files parameter that it is + important to be aware of is Samba's behaviour when + trying to delete a directory. If a directory that is to + be deleted contains nothing but veto files this + deletion will ffffaaaaiiiillll unless you also set the _d_e_l_e_t_e _v_e_t_o + _f_i_l_e_s parameter to _y_e_s. + + Setting this parameter will affect the performance of + Samba, as it will be forced to check all files and + directories for a match as they are scanned. + + See also _h_i_d_e _f_i_l_e_s and _c_a_s_e _s_e_n_s_i_t_i_v_e. + + Default: NNNNoooo ffffiiiilllleeeessss oooorrrr ddddiiiirrrreeeeccccttttoooorrrriiiieeeessss aaaarrrreeee vvvveeeettttooooeeeedddd.... + + Examples: + + ; Veto any files containing the word Security, + ; any ending in .tmp, and any directory containing the + ; word root. + veto files = /*Security*/*.tmp/*root*/ + + ; Veto the Apple specific files that a NetAtalk server + ; creates. + veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ + + + vvvveeeettttoooo oooopppplllloooocccckkkk ffffiiiilllleeeessss ((((SSSS)))) + This parameter is only valid when the _o_p_l_o_c_k_s parameter + + + + Page 131 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + is turned on for a share. It allows the Samba + administrator to selectively turn off the granting of + oplocks on selected files that match a wildcarded list, + similar to the wildcarded list used in the _v_e_t_o _f_i_l_e_s + parameter. + + Default: NNNNoooo ffffiiiilllleeeessss aaaarrrreeee vvvveeeettttooooeeeedddd ffffoooorrrr oooopppplllloooocccckkkk ggggrrrraaaannnnttttssss + + You might want to do this on files that you know will + be heavily contended for by clients. A good example of + this is in the NetBench SMB benchmark program, which + causes heavy client contention for files ending in + ._S_E_M. To cause Samba not to grant oplocks on these + files you would use the line (either in the [global] + section or in the section for the particular NetBench + share : + + Example: vvvveeeettttoooo oooopppplllloooocccckkkk ffffiiiilllleeeessss ==== ////****....SSSSEEEEMMMM//// + + vvvvffffssss oooobbbbjjjjeeeecccctttt ((((SSSS)))) + This parameter specifies a shared object file that is + used for Samba VFS I/O operations. By default, normal + disk I/O operations are used but these can be + overloaded with a VFS object. The Samba VFS layer is + new to Samba 2.2 and must be enabled at compile time + with --with-vfs. + + Default : nnnnoooo vvvvaaaalllluuuueeee + + vvvvffffssss ooooppppttttiiiioooonnnnssss ((((SSSS)))) + This parameter allows parameters to be passed to the + vfs layer at initialization time. The Samba VFS layer + is new to Samba 2.2 and must be enabled at compile time + with --with-vfs. See also _v_f_s _o_b_j_e_c_t. + + Default : nnnnoooo vvvvaaaalllluuuueeee + + vvvvoooolllluuuummmmeeee ((((SSSS)))) + This allows you to override the volume label returned + for a share. Useful for CDROMs with installation + programs that insist on a particular volume label. + + Default: tttthhhheeee nnnnaaaammmmeeee ooooffff tttthhhheeee sssshhhhaaaarrrreeee + + wwwwiiiiddddeeee lllliiiinnnnkkkkssss ((((SSSS)))) + This parameter controls whether or not links in the + UNIX file system may be followed by the server. Links + that point to areas within the directory tree exported + by the server are always allowed; this parameter + controls access only to areas that are outside the + directory tree being exported. + + + + + Page 132 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Note that setting this parameter can have a negative + effect on your server performance due to the extra + system calls that Samba has to do in order to perform + the link checks. + + Default: wwwwiiiiddddeeee lllliiiinnnnkkkkssss ==== yyyyeeeessss + + wwwwiiiinnnnbbbbiiiinnnndddd ccccaaaacccchhhheeee ttttiiiimmmmeeee ((((GGGG)))) + This parameter specifies the number of seconds the + winbindd(8) daemon will cache user and group + information before querying a Windows NT server again. + + Default: wwwwiiiinnnnbbbbiiiinnnndddd ccccaaaacccchhhheeee ttttyyyyppppeeee ==== 11115555 + + wwwwiiiinnnnbbbbiiiinnnndddd eeeennnnuuuummmm uuuusssseeeerrrrssss ((((GGGG)))) + On large installations using winbindd(8) it may be + necessary to suppress the enumeration of users through + the sssseeeettttppppwwwweeeennnntttt(((()))), ggggeeeettttppppwwwweeeennnntttt(((()))) and eeeennnnddddppppwwwweeeennnntttt(((()))) group of + system calls. If the _w_i_n_b_i_n_d _e_n_u_m _u_s_e_r_s parameter is + no, calls to the ggggeeeettttppppwwwweeeennnntttt system call will not return + any data. + + WWWWaaaarrrrnnnniiiinnnngggg:::: Turning off user enumeration may cause some + programs to behave oddly. For example, the finger + program relies on having access to the full user list + when searching for matching usernames. + + Default: wwwwiiiinnnnbbbbiiiinnnndddd eeeennnnuuuummmm uuuusssseeeerrrrssss ==== yyyyeeeessss + + wwwwiiiinnnnbbbbiiiinnnndddd eeeennnnuuuummmm ggggrrrroooouuuuppppssss ((((GGGG)))) + On large installations using winbindd(8) it may be + necessary to suppress the enumeration of groups through + the sssseeeettttggggrrrreeeennnntttt(((()))), ggggeeeettttggggrrrreeeennnntttt(((()))) and eeeennnnddddggggrrrreeeennnntttt(((()))) group of + system calls. If the _w_i_n_b_i_n_d _e_n_u_m _g_r_o_u_p_s parameter is + no, calls to the ggggeeeettttggggrrrreeeennnntttt(((()))) system call will not return + any data. + + WWWWaaaarrrrnnnniiiinnnngggg:::: Turning off group enumeration may cause some + programs to behave oddly. + + Default: wwwwiiiinnnnbbbbiiiinnnndddd eeeennnnuuuummmm ggggrrrroooouuuuppppssss ==== yyyyeeeessss + + wwwwiiiinnnnbbbbiiiinnnndddd ggggiiiidddd ((((GGGG)))) + The winbind gid parameter specifies the range of group + ids that are allocated by the winbindd(8) daemon. This + range of group ids should have no existing local or NIS + groups within it as strange conflicts can occur + otherwise. + + Default: wwwwiiiinnnnbbbbiiiinnnndddd ggggiiiidddd ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + Example: wwwwiiiinnnnbbbbiiiinnnndddd ggggiiiidddd ==== 11110000000000000000----22220000000000000000 + + + + Page 133 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + wwwwiiiinnnnbbbbiiiinnnndddd sssseeeeppppaaaarrrraaaattttoooorrrr ((((GGGG)))) + This parameter allows an admin to define the character + used when listing a username of the form of _D_O_M_A_I_N + \_u_s_e_r. This parameter is only applicable when using the + _p_a_m__w_i_n_b_i_n_d._s_o and _n_s_s__w_i_n_b_i_n_d._s_o modules for UNIX + services. + + Please note that setting this parameter to + causes + problems with group membership at least on glibc + systems, as the character + is used as a special + character for NIS in /etc/group. + + Default: wwwwiiiinnnnbbbbiiiinnnndddd sssseeeeppppaaaarrrraaaattttoooorrrr ==== ''''\\\\'''' + + Example: wwwwiiiinnnnbbbbiiiinnnndddd sssseeeeppppaaaarrrraaaattttoooorrrr ==== ++++ + + wwwwiiiinnnnbbbbiiiinnnndddd uuuuiiiidddd ((((GGGG)))) + The winbind gid parameter specifies the range of group + ids that are allocated by the winbindd(8) daemon. This + range of ids should have no existing local or NIS users + within it as strange conflicts can occur otherwise. + + Default: wwwwiiiinnnnbbbbiiiinnnndddd uuuuiiiidddd ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + Example: wwwwiiiinnnnbbbbiiiinnnndddd uuuuiiiidddd ==== 11110000000000000000----22220000000000000000 + + wwwwiiiinnnnbbbbiiiinnnndddd uuuusssseeee ddddeeeeffffaaaauuuulllltttt ddddoooommmmaaaaiiiinnnn + + wwwwiiiinnnnbbbbiiiinnnndddd uuuusssseeee ddddeeeeffffaaaauuuulllltttt ddddoooommmmaaaaiiiinnnn + This parameter specifies whether the winbindd(8) + daemon should operate on users without domain component + in their username. Users without a domain component are + treated as is part of the winbindd server's own domain. + While this does not benifit Windows users, it makes + SSH, FTP and e-mail function in a way much closer to + the way they would in a native unix system. + + Default: wwwwiiiinnnnbbbbiiiinnnndddd uuuusssseeee ddddeeeeffffaaaauuuulllltttt ddddoooommmmaaaaiiiinnnn ==== <<<<nnnnoooo>>>> + + Example: wwwwiiiinnnnbbbbiiiinnnndddd uuuusssseeee ddddeeeeffffaaaauuuulllltttt ddddoooommmmaaaaiiiinnnn ==== yyyyeeeessss + + wwwwiiiinnnnssss hhhhooooooookkkk ((((GGGG)))) + When Samba is running as a WINS server this allows you + to call an external program for all changes to the WINS + database. The primary use for this option is to allow + the dynamic update of external name resolution + databases such as dynamic DNS. + + The wins hook parameter specifies the name of a script + or executable that will be called as follows: + + wwwwiiiinnnnssss____hhhhooooooookkkk ooooppppeeeerrrraaaattttiiiioooonnnn nnnnaaaammmmeeee nnnnaaaammmmeeeettttyyyyppppeeee ttttttttllll IIIIPPPP____lllliiiisssstttt + + + + Page 134 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + o+ The first argument is the operation and is one of + "add", "delete", or "refresh". In most cases the + operation can be ignored as the rest of the + parameters provide sufficient information. Note that + "refresh" may sometimes be called when the name has + not previously been added, in that case it should be + treated as an add. + + o+ The second argument is the NetBIOS name. If the name + is not a legal name then the wins hook is not called. + Legal names contain only letters, digits, hyphens, + underscores and periods. + + o+ The third argument is the NetBIOS name type as a 2 + digit hexadecimal number. + + o+ The fourth argument is the TTL (time to live) for the + name in seconds. + + o+ The fifth and subsequent arguments are the IP + addresses currently registered for that name. If this + list is empty then the name should be deleted. + + An example script that calls the BIND dynamic DNS update + program nnnnssssuuuuppppddddaaaatttteeee is provided in the examples directory of + the Samba source code. + + wwwwiiiinnnnssss pppprrrrooooxxxxyyyy ((((GGGG)))) + This is a boolean that controls if nmbd(8) will respond + to broadcast name queries on behalf of other hosts. You + may need to set this to yes for some older clients. + + Default: wwwwiiiinnnnssss pppprrrrooooxxxxyyyy ==== nnnnoooo + + wwwwiiiinnnnssss sssseeeerrrrvvvveeeerrrr ((((GGGG)))) + This specifies the IP address (or DNS name: IP address + for preference) of the WINS server that nmbd(8) should + register with. If you have a WINS server on your + network then you should set this to the WINS server's + IP. + + You should point this at your WINS server if you have a + multi-subnetted network. + + NNNNOOOOTTTTEEEE. You need to set up Samba to point to a WINS + server if you have multiple subnets and wish cross- + subnet browsing to work correctly. + + See the documentation file _B_R_O_W_S_I_N_G._t_x_t in the docs/ + directory of your Samba source distribution. + + Default: nnnnooootttt eeeennnnaaaabbbblllleeeedddd + + + + Page 135 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + Example: wwwwiiiinnnnssss sssseeeerrrrvvvveeeerrrr ==== 111199992222....9999....222200000000....1111 + + wwwwiiiinnnnssss ssssuuuuppppppppoooorrrrtttt ((((GGGG)))) + This boolean controls if the nmbd(8) process in Samba + will act as a WINS server. You should not set this to + yes unless you have a multi-subnetted network and you + wish a particular nnnnmmmmbbbbdddd to be your WINS server. Note + that you should NNNNEEEEVVVVEEEERRRR set this to yes on more than one + machine in your network. + + Default: wwwwiiiinnnnssss ssssuuuuppppppppoooorrrrtttt ==== nnnnoooo + + wwwwoooorrrrkkkkggggrrrroooouuuupppp ((((GGGG)))) + This controls what workgroup your server will appear to + be in when queried by clients. Note that this parameter + also controls the Domain name used with the sssseeeeccccuuuurrrriiiittttyyyy ==== + ddddoooommmmaaaaiiiinnnn setting. + + Default: sssseeeetttt aaaatttt ccccoooommmmppppiiiilllleeee ttttiiiimmmmeeee ttttoooo WWWWOOOORRRRKKKKGGGGRRRROOOOUUUUPPPP + + Example: wwwwoooorrrrkkkkggggrrrroooouuuupppp ==== MMMMYYYYGGGGRRRROOOOUUUUPPPP + + wwwwrrrriiiittttaaaabbbblllleeee ((((SSSS)))) + Synonym for _w_r_i_t_e_a_b_l_e for people who can't spell :-). + + wwwwrrrriiiitttteeee ccccaaaacccchhhheeee ssssiiiizzzzeeee ((((SSSS)))) + If this integer parameter is set to non-zero value, + Samba will create an in-memory cache for each oplocked + file (it does nnnnooootttt do this for non-oplocked files). All + writes that the client does not request to be flushed + directly to disk will be stored in this cache if + possible. The cache is flushed onto disk when a write + comes in whose offset would not fit into the cache or + when the file is closed by the client. Reads for the + file are also served from this cache if the data is + stored within it. + + This cache allows Samba to batch client writes into a + more efficient write size for RAID disks (i.e. writes + may be tuned to be the RAID stripe size) and can + improve performance on systems where the disk subsystem + is a bottleneck but there is free memory for userspace + programs. + + The integer parameter specifies the size of this cache + (per oplocked file) in bytes. + + Default: wwwwrrrriiiitttteeee ccccaaaacccchhhheeee ssssiiiizzzzeeee ==== 0000 + + Example: wwwwrrrriiiitttteeee ccccaaaacccchhhheeee ssssiiiizzzzeeee ==== 222266662222111144444444 + + for a 256k cache size per file. + + + + Page 136 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + wwwwrrrriiiitttteeee lllliiiisssstttt ((((SSSS)))) + This is a list of users that are given read-write + access to a service. If the connecting user is in this + list then they will be given write access, no matter + what the _r_e_a_d _o_n_l_y option is set to. The list can + include group names using the @group syntax. + + Note that if a user is in both the read list and the + write list then they will be given write access. + + See also the _r_e_a_d _l_i_s_t option. + + Default: wwwwrrrriiiitttteeee lllliiiisssstttt ==== <<<<eeeemmmmppppttttyyyy ssssttttrrrriiiinnnngggg>>>> + + Example: wwwwrrrriiiitttteeee lllliiiisssstttt ==== aaaaddddmmmmiiiinnnn,,,, rrrrooooooootttt,,,, @@@@ssssttttaaaaffffffff + + wwwwrrrriiiitttteeee ooookkkk ((((SSSS)))) + Inverted synonym for _r_e_a_d _o_n_l_y. + + wwwwrrrriiiitttteeee rrrraaaawwww ((((GGGG)))) + This parameter controls whether or not the server will + support raw write SMB's when transferring data from + clients. You should never need to change this + parameter. + + Default: wwwwrrrriiiitttteeee rrrraaaawwww ==== yyyyeeeessss + + wwwwrrrriiiitttteeeeaaaabbbblllleeee ((((SSSS)))) + Inverted synonym for _r_e_a_d _o_n_l_y. + + WWWWAAAARRRRNNNNIIIINNNNGGGGSSSS + Although the configuration file permits service names to + contain spaces, your client software may not. Spaces will be + ignored in comparisons anyway, so it shouldn't be a problem + - but be aware of the possibility. + + On a similar note, many clients - especially DOS clients - + limit service names to eight characters. smbd(8) + has no such limitation, but attempts to connect from such + clients will fail if they truncate the service names. For + this reason you should probably keep your service names down + to eight characters in length. + + Use of the [homes] and [printers] special sections make life + for an administrator easy, but the various combinations of + default attributes can be tricky. Take extreme care when + designing these sections. In particular, ensure that the + permissions on spool directories are correct. + + VVVVEEEERRRRSSSSIIIIOOOONNNN + This man page is correct for version 2.2 of the Samba suite. + + + + + Page 137 (printed 1/7/103) + + + + + + + SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((11115555 OOOOccccttttoooobbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBB....CCCCOOOONNNNFFFF((((5555)))) + + + + SSSSEEEEEEEE AAAALLLLSSSSOOOO + samba(7) ssssmmmmbbbbppppaaaasssssssswwwwdddd((((8888)))) sssswwwwaaaatttt((((8888)))) ssssmmmmbbbbdddd((((8888)))) nnnnmmmmbbbbdddd((((8888)))) ssssmmmmbbbbcccclllliiiieeeennnntttt((((1111)))) + nnnnmmmmbbbbllllooooooookkkkuuuupppp((((1111)))) tttteeeessssttttppppaaaarrrrmmmm((((1111)))) tttteeeessssttttpppprrrrnnnnssss((((1111)))) + + AAAAUUUUTTTTHHHHOOOORRRR + The original Samba software and related utilities were + created by Andrew Tridgell. Samba is now developed by the + Samba Team as an Open Source project similar to the way the + Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. The + man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/ + <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the + Samba 2.0 release by Jeremy Allison. The conversion to + DocBook for Samba 2.2 was done by Gerald Carter + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Page 138 (printed 1/7/103) + + + |