diff options
author | Jeremy Allison <jra@samba.org> | 1998-11-11 01:23:43 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-11-11 01:23:43 +0000 |
commit | af60ba31e124e87473aaa2822997f989dd52f876 (patch) | |
tree | 1b267c21c5de74b798fa543c36c4f0f71d03c60a | |
parent | 26552543ff2960ab9c483240a27adfe15cf9c813 (diff) | |
download | samba-af60ba31e124e87473aaa2822997f989dd52f876.tar.gz samba-af60ba31e124e87473aaa2822997f989dd52f876.tar.bz2 samba-af60ba31e124e87473aaa2822997f989dd52f876.zip |
First version of HTML docs generated from YODL source.
Jeremy.
(This used to be commit 8f5f0bffc6af97e1f382cb3baa03ccecb0f151c4)
-rw-r--r-- | docs/htmldocs/lmhosts.5.html | 98 | ||||
-rw-r--r-- | docs/htmldocs/make_smbcodepage.1.html | 142 | ||||
-rw-r--r-- | docs/htmldocs/nmbd.8.html | 206 | ||||
-rw-r--r-- | docs/htmldocs/nmblookup.1.html | 143 | ||||
-rw-r--r-- | docs/htmldocs/samba.7.html | 137 | ||||
-rw-r--r-- | docs/htmldocs/smb.conf.5.html | 4451 | ||||
-rw-r--r-- | docs/htmldocs/smbclient.1.html | 581 | ||||
-rw-r--r-- | docs/htmldocs/smbd.8.html | 376 | ||||
-rw-r--r-- | docs/htmldocs/smbpasswd.5.html | 191 | ||||
-rw-r--r-- | docs/htmldocs/smbpasswd.8.html | 270 | ||||
-rw-r--r-- | docs/htmldocs/smbrun.1.html | 84 | ||||
-rw-r--r-- | docs/htmldocs/smbstatus.1.html | 81 | ||||
-rw-r--r-- | docs/htmldocs/smbtar.1.html | 128 | ||||
-rw-r--r-- | docs/htmldocs/testparm.1.html | 99 | ||||
-rw-r--r-- | docs/htmldocs/testprns.1.html | 96 |
15 files changed, 7083 insertions, 0 deletions
diff --git a/docs/htmldocs/lmhosts.5.html b/docs/htmldocs/lmhosts.5.html new file mode 100644 index 0000000000..b325c283ce --- /dev/null +++ b/docs/htmldocs/lmhosts.5.html @@ -0,0 +1,98 @@ + + + + + +<html><head><title>lmhosts</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>lmhosts</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + lmhosts - The Samba NetBIOS hosts file +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br>lmhosts is the <strong>Samba</strong> NetBIOS name to IP address mapping file. +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This file is part of the <strong>Samba</strong> suite. +<p><br>lmhosts is the <strong>Samba</strong> NetBIOS name to IP address mapping file. It +is very similar to the <strong>/etc/hosts</strong> file format, except that the +hostname component must correspond to the NetBIOS naming format. +<p><br><a name="FILEFORMAT"></a> +<h2>FILE FORMAT</h2> + +<p><br>It is an ASCII file containing one line for NetBIOS name. The two +fields on each line are separated from each other by white space. Any +entry beginning with # is ignored. Each line in the lmhosts file +contains the following information : +<p><br><ul> +<p><br><li > <strong>IP Address</strong> - in dotted decimal format. +<p><br><li > <strong>NetBIOS Name</strong> - This name format is a maximum fifteen +character host name, with an optional trailing <code>'#'</code> character +followed by the NetBIOS name type as two hexadecimal digits. +<p><br>If the trailing <code>'#'</code> is omitted then the given IP address will be +returned for all names that match the given name, whatever the NetBIOS +name type in the lookup. +<p><br></ul> +<p><br>An example follows : +<p><br><pre> + + +# +# Sample Samba lmhosts file. +# +192.9.200.1 TESTPC +192.9.200.20 NTSERVER#20 +192.9.200.21 SAMBASERVER + +</pre> + +<p><br>Contains three IP to NetBIOS name mappings. The first and third will +be returned for any queries for the names <code>"TESTPC"</code> and +<code>"SAMBASERVER"</code> respectively, whatever the type component of the +NetBIOS name requested. +<p><br>The second mapping will be returned only when the <code>"0x20"</code> name type +for a name <code>"NTSERVER"</code> is queried. Any other name type will not be +resolved. +<p><br>The default location of the <strong>lmhosts</strong> file is in the same directory +as the <a href="smb.conf.html"><strong>smb.conf</strong></a> file. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><a href="smb.conf.5.html#nameresolveorder"><strong>smb.conf (5)</strong></a>, +<a href="smbclient.1.html#minusR"><strong>smbclient (1)</strong></a>, +<a href="smbpasswd.8.html#minusR"><strong>smbpasswd (8)</strong></a>, <a href="samba.7.html"><strong>samba (7)</strong></a>. +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba.anu.edu.au). Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. +</body> +</html> diff --git a/docs/htmldocs/make_smbcodepage.1.html b/docs/htmldocs/make_smbcodepage.1.html new file mode 100644 index 0000000000..db119b0e8d --- /dev/null +++ b/docs/htmldocs/make_smbcodepage.1.html @@ -0,0 +1,142 @@ + + + + + +<html><head><title>make_smbcodepage</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>make_smbcodepage</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + make_codepage - Construct a codepage file for Samba +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>make_smbcodepage</strong> [<a href="make_smbcodepage.1.html#cord">c|d</a>] <a href="make_smbcodepage.1.html#codepage">codepage</a> <a href="make_smbcodepage.1.html#inputfile">inputfile</a> <a href="make_smbcodepage.1.html#outputfile">outputfile</a> +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br><strong>make_smbcodepage</strong> compiles or de-compiles codepage files for use +with the internationalization features of Samba 2.0 +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="cord"></a> +<li><strong>c|d</strong> This tells make_smbcodepage if it is compiling (c) a text +format code page file to binary, or (d) de-compiling a binary codepage +file to text. +<p><br><a name="codepage"></a> +<li><strong>codepage</strong> This is the codepage we are processing (a number, eg. 850). +<p><br><a name="inputfile"></a> +<li><strong>inputfile</strong> This is the input file to process. In the 'c' case this +will be a text codepage definition file such as the ones found in the +Samba <em>source/codepages</em> directory. In the 'd' case this will be the +binary format codepage definition file normally found in the +<em>lib/codepages</em> directory in the Samba install directory path. +<p><br><a name="outputfile"></a> +<li><strong>outputfile</strong> This is the output file to produce. +<p><br></ul> +<p><br><a name="SambaCodepageFiles"></a> +<h2>Samba Codepage Files</h2> + +<p><br>A text Samba codepage definition file is a description that tells +Samba how to map from upper to lower case for characters greater than +ascii 127 in the specified DOS code page. Note that for certain DOS +codepages (437 for example) mapping from lower to upper case may be +asynchronous. For example, in code page 437 lower case a acute maps to +a plain upper case A when going from lower to upper case, but maps +from plain upper case A to plain lower case a when lower casing a +character. +<p><br>A binary Samba codepage definition file is a binary representation of +the same information, including a value that specifies what codepage +this file is describing. +<p><br>As Samba does not yet use UNICODE (current for Samba version 2.0) you +must specify the client code page that your DOS and Windows clients +are using if you wish to have case insensitivity done correctly for +your particular language. The default codepage Samba uses is 850 +(Western European). Text codepage definition sample files are +provided in the Samba distribution for codepages 437 (USA), 737 +(Greek), 850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), +866 (Cyrillic), 932 (Kanji SJIS), 936 (Simplified Chinese), 949 +(Hangul) and 950 (Traditional Chinese). Users are encouraged to write +text codepage definition files for their own code pages and donate +them to <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. All codepage files in the +Samba <em>source/codepages</em> directory are compiled and installed when a +<em>'make install'</em> command is issued there. +<p><br>The client codepage used by the <a href="smbd.8.html"><strong>smbd</strong></a> server is +configured using the <a href="smb.conf.5.html#clientcodepage"><strong>client code +page</strong></a> parameter in the +<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. +<p><br><a name="FILES"></a> +<h2>FILES</h2> + +<p><br><strong>codepage_def.<codepage></strong> +<p><br>These are the input (text) codepage files provided in the Samba +<em>source/codepages</em> directory. +<p><br>A text codepage definition file consists of multiple lines +containing four fields. These fields are : +<p><br><ul> +<p><br><li > <strong>lower</strong>: which is the (hex) lower case character mapped on this +line. +<p><br><li > <strong>upper</strong>: which is the (hex) upper case character that the lower +case character will map to. +<p><br><li > <strong>map upper to lower</strong> which is a boolean value (put either True +or False here) which tells Samba if it is to map the given upper case +character to the given lower case character when lower casing a +filename. +<p><br><li > <strong>map lower to upper</strong> which is a boolean value (put either True +or False here) which tells Samba if it is to map the given lower case +character to the given upper case character when upper casing a +filename. +<p><br></ul> +<p><br><strong>codepage.<codepage></strong> These are the output (binary) codepage files +produced and placed in the Samba destination <em>lib/codepage</em> +directory. +<p><br><a name="INSTALLATION"></a> +<h2>INSTALLATION</h2> + +<p><br>The location of the server and its support files is a matter for +individual system administrators. The following are thus suggestions +only. +<p><br>It is recommended that the <strong>make_smbcodepage</strong> program be installed +under the <em>/usr/local/samba</em> hierarchy, in a directory readable by +all, writeable only by root. The program itself should be executable +by all. The program should NOT be setuid or setgid! +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><a href="smb.conf.5.html"><strong>smb.conf(5)</strong></a>, <a href="smbd.8.html"><strong>smbd (8)</strong></a> +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. +</body> +</html> diff --git a/docs/htmldocs/nmbd.8.html b/docs/htmldocs/nmbd.8.html new file mode 100644 index 0000000000..e922434430 --- /dev/null +++ b/docs/htmldocs/nmbd.8.html @@ -0,0 +1,206 @@ + + + + + +<html><head><title>nmbd</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>nmbd</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + nmbd - NetBIOS name server to provide NetBIOS over IP +naming services to clients +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>nmbd</strong> [<a href="nmbd.8.html#minusD">-D</a>] [<a href="nmbd.8.html#minuso">-o</a>] [<a href="nmbd.8.html#minusa">-a</a>] [<a href="nmbd.8.html#minusH">-H lmhosts file</a>] [<a href="nmbd.8.html#minusd">-d debuglevel</a>] [<a href="nmbd.8.html#minusl">-l log file basename</a>] [<a href="nmbd.8.html#minusn">-n primary NetBIOS name</a>] [<a href="nmbd.8.html#minusp">-p port number</a>] [<a href="nmbd.8.html#minuss">-s configuration file</a>] [<a href="nmbd.8.html#minusi">-i NetBIOS scope</a>] [<a href="nmbd.8.html#minush">-h</a>] +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br><strong>nmbd</strong> is a server that understands and can reply to NetBIOS over IP +name service requests, like those produced by SMBD/CIFS clients such +as Windows 95/98, Windows NT and LanManager clients. It also +participates in the browsing protocols which make up the Windows +"Network Neighborhood" view. +<p><br>SMB/CIFS clients, when they start up, may wish to locate an SMB/CIFS +server. That is, they wish to know what IP number a specified host is +using. +<p><br>Amongst other services, this program will listen for such requests, +and if its own NetBIOS name is specified it will respond with the IP +number of the host it is running on. Its "own NetBIOS name" is by +default the primary DNS name of the host it is running on, but this +can be overriden with the <strong>-n</strong> option (see <em>OPTIONS</em> below). Thus +nmbd will reply to broadcast queries for its own name(s). Additional +names for nmbd to respond on can be set via parameters in the +<strong>smb.conf (5)</strong> configuration file. +<p><br>nmbd can also be used as a WINS (Windows Internet Name Server) +server. What this basically means is that it will act as a WINS +database server, creating a database from name registration requests +that it receives and replying to queries from clients for these names. +<p><br>In addition, nmbd can act as a WINS proxy, relaying broadcast queries +from clients that do not understand how to talk the WINS protocol to a +WIN server. +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="minusD"></a> +<li><strong><strong>-D</strong></strong> If specified, this parameter causes the server to operate +as a daemon. That is, it detaches itself and runs in the background, +fielding requests on the appropriate port. By default, the server will +NOT operate as a daemon. nmbd can also be operated from the inetd +meta-daemon, although this is not recommended. +<p><br><a name="minusa"></a> +<li><strong><strong>-a</strong></strong> If this parameter is specified, each new connection will +append log messages to the log file. This is the default. +<p><br><a name="minuso"></a> +<li><strong><strong>-o</strong></strong> If this parameter is specified, the log files will be +overwritten when opened. By default, the log files will be appended +to. +<p><br><a name="minusH"></a> +<li><strong><strong>-H filename</strong></strong> NetBIOS lmhosts file. +<p><br>The lmhosts file is a list of NetBIOS names to IP addresses that is +loaded by the nmbd server and used via the name resolution mechanism +<em>name resolve order</em> described in <strong>smbd.conf (5)</strong> to resolve any +NetBIOS name queries needed by the server. Note that the contents of +this file are <em>NOT</em> used by nmbd to answer any name queries, adding +a line to this file affects name NetBIOS resolution from this host +<em>ONLY</em>. +<p><br>The default path to this file is compiled into Samba as part of the +build process. Common defaults are <em>/usr/local/samba/lib/lmhosts</em>, +<em>/usr/samba/lib/lmhosts</em> or <em>/etc/lmhosts</em>. See the <strong>lmhosts +(5)</strong> man page for details on the contents of this file. +<p><br><a name="minusd"></a> +<li><strong><strong>-d debuglevel</strong></strong> debuglevel is an integer from 0 to 10. +<p><br>The default value if this parameter is not specified is zero. +<p><br>The higher this value, the more detail will be logged to the log files +about the activities of the server. At level 0, only critical errors +and serious warnings will be logged. Level 1 is a reasonable level for +day to day running - it generates a small amount of information about +operations carried out. +<p><br>Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem. Levels above 3 are +designed for use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic. +<p><br>Note that specifying this parameter here will override the <a href="smb.conf.5.html#loglevel"><strong>log +level</strong></a> parameter in the <a href="smb.conf.5.html"><strong>smb.conf +(5)</strong></a> file. +<p><br><a name="minusl"></a> +<li><strong><strong>-l logfile</strong></strong> The <strong>-l</strong> parameter specifies a path and base +filename into which operational data from the running nmbd server will +be logged. The actual log file name is generated by appending the +extension ".nmb" to the specified base name. For example, if the name +specified was "log" then the file log.nmb would contain the debugging +data. +<p><br>The default log file path is is compiled into Samba as part of the +build process. Common defaults are <em>/usr/local/samba/var/log.nmb</em>, +<em>/usr/samba/var/log.nmb</em> or <em>/var/log/log.nmb</em>. +<p><br><a name="minusn"></a> +<li><strong><strong>-n primary NetBIOS name</strong></strong> This option allows you to override +the NetBIOS name that Samba uses for itself. This is identical to +setting the <a href="smb.conf.5.html#netbiosname"><strong>NetBIOS name</strong></a> parameter +in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file +but will override the setting in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. +<p><br><a name="minusp"></a> +<li><strong><strong>-p UDP port number</strong></strong> UDP port number is a positive integer value. +<p><br>This option changes the default UDP port number (normally 137) that +nmbd responds to name queries on. Don't use this option unless you are +an expert, in which case you won't need help! +<p><br><a name="minuss"></a> +<li><strong><strong>-s configuration file</strong></strong> The default configuration file name is +set at build time, typically as <em>/usr/local/samba/lib/smb.conf</em>, but +this may be changed when Samba is autoconfigured. +<p><br>The file specified contains the configuration details required by the +server. See <a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> for more information. +<p><br><a name="minusi"></a> +<li><strong><strong>-i scope</strong></strong> This specifies a NetBIOS scope that the server will use +to communicate with when generating NetBIOS names. For details on the +use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes +are <em>very</em> rarely used, only set this parameter if you are the +system administrator in charge of all the NetBIOS systems you +communicate with. +<p><br><a name="minush"></a> +<li><strong><strong>-h</strong></strong> Prints the help information (usage) for nmbd. +<p><br></ul> +<p><br><a name="FILES"></a> +<h2>FILES</h2> + +<p><br><strong>/etc/inetd.conf</strong> +<p><br>If the server is to be run by the inetd meta-daemon, this file must +contain suitable startup information for the meta-daemon. +<p><br><strong>/etc/rc</strong> +<p><br>(or whatever initialisation script your system uses). +<p><br>If running the server as a daemon at startup, this file will need to +contain an appropriate startup sequence for the server. +<p><br><strong>/usr/local/samba/lib/smb.conf</strong> +<p><br>This is the default location of the <em>smb.conf</em> server configuration +file. Other common places that systems install this file are +<em>/usr/samba/lib/smb.conf</em> and <em>/etc/smb.conf</em>. +<p><br>When run as a <strong>WINS</strong> server (see the <a href="smb.conf.5.html#winssupport"><strong>wins support</strong></a> +parameter in the <a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> man page), <strong>nmbd</strong> will +store the WINS database in the file <code>wins.dat</code> in the <code>var/locks</code> directory +configured under wherever Samba was configured to install itself. +<p><br>If <strong>nmbd</strong> is acting as a <strong>browse master</strong> (see the <a href="smb.conf.5.html#localmaster"><strong>local master</strong></a> +parameter in the <a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> man page), <strong>nmbd</strong> will +store the browsing database in the file <code>browse.dat</code> in the <code>var/locks</code> directory +configured under wherever Samba was configured to install itself. +<p><br><a name="SIGNALS"></a> +<h2>SIGNALS</h2> + +<p><br>To shut down an nmbd process it is recommended that SIGKILL (-9) +<em>NOT</em> be used, except as a last resort, as this may leave the name +database in an inconsistant state. The correct way to terminate +nmbd is to send it a SIGTERM (-15) signal and wait for it to die on +its own. +<p><br>nmbd will accept SIGHUP, which will cause it to dump out it's +namelists into the file namelist.debug in the +<em>/usr/local/samba/var/locks</em> directory (or the <em>var/locks</em> +directory configured under wherever Samba was configured to install +itself). This will also cause nmbd to dump out it's server database in +the log.nmb file. In addition, the the debug log level of nmbd may be raised +by sending it a SIGUSR1 (<code>kill -USR1 <nmbd-pid></code>) and lowered by sending it a +SIGUSR2 (<code>kill -USR2 <nmbd-pid></code>). This is to allow transient +problems to be diagnosed, whilst still running at a normally low log +level. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><strong>inetd (8)</strong>, <a href="smbd.8.html"><strong>smbd (8)</strong></a>, <a href="smb.conf.5.html"><strong>smb.conf +(5)</strong></a>, <a href="smbclient.1.html"><strong>smbclient (1)</strong></a>, +<a href="testparm.1.html"><strong>testparm (1)</strong></a>, <a href="testprns.1.html"><strong>testprns +(1)</strong></a>, and the Internet RFC's <strong>rfc1001.txt</strong>, +<strong>rfc1002.txt</strong>. In addition the CIFS (formerly SMB) specification is +available as a link from the Web page : +<a href="http://samba.anu.edu.au/cifs/">http://samba.anu.edu.au/cifs/</a>. +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba.anu.edu.au). Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full list of contributors +and details on how to submit bug reports, comments etc. +</body> +</html> diff --git a/docs/htmldocs/nmblookup.1.html b/docs/htmldocs/nmblookup.1.html new file mode 100644 index 0000000000..90120a9ec6 --- /dev/null +++ b/docs/htmldocs/nmblookup.1.html @@ -0,0 +1,143 @@ + + + + + +<html><head><title>nmblookup</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>nmblookup</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + nmblookup - NetBIOS over TCP/IP client used to lookup NetBIOS names +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>nmblookup</strong> [<a href="nmblookup.1.html#minusM">-M</a>] [<a href="nmblookup.1.html#minusR">-R</a>] [<a href="nmblookup.1.html#minusS">-S</a>] [<a href="nmblookup.1.html#minusr">-r</a>] [<a href="nmblookup.1.html#minusA">-A</a>] [<a href="nmblookup.1.html#minush">-h</a>] [<a href="nmblookup.1.html#minusB">-B broadcast address</a>] [<a href="nmblookup.1.html#minusU">-U unicast address</a>] [<a href="nmblookup.1.html#minusd">-d debuglevel</a>] [<a href="nmblookup.1.html#minuss">-s smb config file</a>] [<a href="nmblookup.1.html#minusi">-i NetBIOS scope</a>] <a href="nmblookup.1.html#name">name</a> +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br><strong>nmblookup</strong> is used to query NetBIOS names and map them to IP +addresses in a network using NetBIOS over TCP/IP queries. The options +allow the name queries to be directed at a particlar IP broadcast area +or to a particular machine. All queries are done over UDP. +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="minusM"></a> +<li><strong><strong>-M</strong></strong> Searches for a master browser. This is done by doing a +broadcast lookup on the special name <code>__MSBROWSE__</code>. +<p><br><a name="minusR"></a> +<li><strong><strong>-R</strong></strong> Set the recursion desired bit in the packet to do a +recursive lookup. This is used when sending a name query to a machine +running a WINS server and the user wishes to query the names in the +WINS server. If this bit is unset the normal (broadcast responding) +NetBIOS processing code on a machine is used instead. See rfc1001, +rfc1002 for details. +<p><br><a name="minusS"></a> +<li><strong><strong>-S</strong></strong> Once the name query has returned an IP address then do a +node status query as well. +<p><br><a name="minusr"></a> +<li><strong><strong>-r</strong></strong> Try and bind to UDP port 137 to send and receive UDP +datagrams. The reason for this option is a bug in Windows 95 where it +ignores the source port of the requesting packet and only replies to +UDP port 137. Unfortunately, on most UNIX systems root privillage is +needed to bind to this port, and in addition, if the +<a href="nmbd.8.html"><strong>nmbd</strong></a> daemon is running on this machine it also +binds to this port. +<p><br><a name="minusA"></a> +<li><strong><strong>-A</strong></strong> Interpret <name> as an IP Address and do a node status +query on this address. +<p><br><a name="minush"></a> +<li><strong><strong>-h</strong></strong> Print a help (usage) message. +<p><br><a name="minusB"></a> +<li><strong><strong>-B broadcast address</strong></strong> Send the query to the given broadcast +address. Without this option the default behavior of nmblookup is to +send the query to the broadcast address of the primary network +interface as either auto-detected or defined in the +<a href="smb.conf.5.html#interfaces"><strong>interfaces</strong></a> parameter of the +<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> file. +<p><br><a name="minusU"></a> +<li><strong><strong>-U unicast address</strong></strong> Do a unicast query to the specified +address or host <code>"unicast address"</code>. This option (along with the +<a href="nmblookup.1.html#minusR"><strong>-R</strong></a> option) is needed to query a WINS server. +<p><br><a name="minusd"></a> +<li><strong><strong>-d debuglevel</strong></strong> debuglevel is an integer from 0 to 10. +<p><br>The default value if this parameter is not specified is zero. +<p><br>The higher this value, the more detail will be logged about the +activities of <strong>nmblookup</strong>. At level 0, only critical errors and +serious warnings will be logged. +<p><br>Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem. Levels above 3 are +designed for use only by developers and generate HUGE amounts of +data, most of which is extremely cryptic. +<p><br>Note that specifying this parameter here will override the <a href="smb.conf.5.html#loglevel"><strong>log +level</strong></a> parameter in the <a href="smb.conf.5.html"><strong>smb.conf +(5)</strong></a> file. +<p><br><a name="minuss"></a> +<li><strong><strong>-s smb.conf</strong></strong> This parameter specifies the pathname to the +Samba configuration file, smb.conf. This file controls all aspects of +the Samba setup on the machine and smbclient also needs to read this +file. +<p><br><a name="minusi"></a> +<li><strong><strong>-i scope</strong></strong> This specifies a NetBIOS scope that smbclient will use +to communicate with when generating NetBIOS names. For details on the +use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes +are <em>very</em> rarely used, only set this parameter if you are the +system administrator in charge of all the NetBIOS systems you +communicate with. +<p><br><a name="name"></a> +<li><strong><strong>name</strong></strong> This is the NetBIOS name being queried. Depending upon +the previous options this may be a NetBIOS name or IP address. If a +NetBIOS name then the different name types may be specified by +appending <code>#<type></code> to the name. +<p><br></ul> +<p><br><a name="EXAMPLES"></a> +<h2>EXAMPLES</h2> + +<p><br><strong>nmblookup</strong> can be used to query a WINS server (in the same way .B +nslookup is used to query DNS servers). To query a WINS server, +nmblookup must be called like this: +<p><br><code>nmblookup -U server -R 'name'</code> +<p><br>For example, running : +<p><br><code>nmblookup -U samba.anu.edu.au -R IRIX#1B'</code> +<p><br>would query the WINS server samba.anu.edu.au for the domain master +browser (1B name type) for the IRIX workgroup. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><a href="samba.7.html"><strong>samba (7)</strong></a>, <a href="nmbd.8.html"><strong>nmbd (8)</strong></a>, +<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba.anu.edu.au). Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. +<p><br></body> +</html> diff --git a/docs/htmldocs/samba.7.html b/docs/htmldocs/samba.7.html new file mode 100644 index 0000000000..d47070909b --- /dev/null +++ b/docs/htmldocs/samba.7.html @@ -0,0 +1,137 @@ + + + + +<html><head><title>Samba</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>Samba</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + Samba - A Windows SMB/CIFS fileserver for UNIX +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<strong>Samba</strong> +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>The Samba software suite is a collection of programs that implements +the Server Message Block(commenly abbreviated as SMB) protocol for +UNIX systems. This protocol is sometimes also referred to as the +Common Internet File System (CIFS), LanManager or NetBIOS protocol. +<p><br><a name="COMPONENTS"></a> +<h2>COMPONENTS</h2> + +<p><br>The Samba suite is made up of several components. Each component is +described in a separate manual page. It is strongly recommended that +you read the documentation that comes with Samba and the manual pages +of those components that you use. If the manual pages aren't clear +enough then please send a patch to <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br><ul> +<p><br><li><strong><a href="smbd.8.html"><strong>smbd</strong></a></strong> <br> <br> The <a href="smbd.8.html"><strong>smbd</strong> +(8)</a> daemon provides the file and print services to SMB +clients, such as Windows 95/98, Windows NT, Windows for Workgroups or +LanManager. The configuration file for this daemon is described in +<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a>. +<p><br><li><strong><a href="nmbd.8.html"><strong>nmbd</strong></a></strong> <br> <br> The <a href="nmbd.8.html"><strong>nmbd</strong> +(8)</a> daemon provides NetBIOS nameserving and browsing +support. The configuration file for this daemon is described in +<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a>. +<p><br><li><strong><a href="smbclient.1.html"><strong>smbclient</strong></a></strong> <br> <br> The <a href="smbclient.1.html"><strong>smbclient</strong> +(1)</a> program implements a simple ftp-like +client. This is useful for accessing SMB shares on other compatible +servers (such as Windows NT), and can also be used to allow a UNIX box +to print to a printer attached to any SMB server (such as a PC running +Windows NT). +<p><br><li><strong><a href="testparm.1.html"><strong>testparm</strong></a></strong> <br> <br> The <a href="testparm.1.html"><strong>testparm +(1)</strong></a> utility allows you to test your <a href="smb.conf.5.html"><strong>smb.conf +(5)</strong></a> configuration file. +<p><br><li><strong><a href="testprns.1.html"><strong>testprns</strong></a></strong> <br> <br> the <a href="testprns.1.html"><strong>testprns +(1)</strong></a> utility allows you to test the printers defined +in your printcap file. +<p><br><li><strong><a href="smbstatus.1.html"><strong>smbstatus</strong></a></strong> <br> <br> The <a href="smbstatus.1.html"><strong>smbstatus</strong> +(1)</a> utility allows you to tell who is currently +using the <a href="smbd.8.html"><strong>smbd (8)</strong></a> server. +<p><br><li><strong><a href="nmblookup.1.html"><strong>nmblookup</strong></a></strong> <br> <br> the +<a href="nmblookup.1.html"><strong>nmblookup (1)</strong></a> utility allows NetBIOS name +queries to be made from the UNIX machine. +<p><br><li><strong><a href="make_smbcodepage.1.html"><strong>make_smbcodepage</strong></a></strong> <br> <br> The +<a href="make_smbcodepage.1.html"><strong>make_smbcodepage (1)</strong></a> utility allows +you to create SMB code page definition files for your <a href="smbd.8.html"><strong>smbd +(8)</strong></a> server. +<p><br><li><strong><a href="smbpasswd.8.html"><strong>smbpasswd</strong></a></strong> <br> <br> The <a href="smbpasswd.8.html"><strong>smbpasswd +(8)</strong></a> utility allows you to change SMB encrypted +passwords on Samba and Windows NT(tm) servers. +<p><br></ul> +<p><br><a name="AVAILABILITY"></a> +<h2>AVAILABILITY</h2> + +<p><br>The Samba software suite is licensed under the GNU Public License +(GPL). A copy of that license should have come with the package in the +file COPYING. You are encouraged to distribute copies of the Samba +suite, but please keep obey the terms of this license. +<p><br>The latest version of the Samba suite can be obtained via anonymous +ftp from samba.anu.edu.au in the directory pub/samba/. It is +also available on several mirror sites worldwide. +<p><br>You may also find useful information about Samba on the newsgroup +comp.protocols.smb and the Samba mailing list. Details on how to join +the mailing list are given in the README file that comes with Samba. +<p><br>If you have access to a WWW viewer (such as Netscape or Mosaic) then +you will also find lots of useful information, including back issues +of the Samba mailing list, at +<a href="http://samba.anu.edu.au/samba/">http://samba.anu.edu.au/samba/</a>. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="CONTRIBUTIONS"></a> +<h2>CONTRIBUTIONS</h2> + +<p><br>If you wish to contribute to the Samba project, then I suggest you +join the Samba mailing list at <a href="mailto:samba@samba.anu.edu.au"><em>samba@samba.anu.edu.au</em></a>. See the +Web page at +<a href="http://samba.anu.edu.au/listproc">http://samba.anu.edu.au/listproc</a> +for details on how to do this. +<p><br>If you have patches to submit or bugs to report then you may mail them +directly to <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. Note, however, that due to +the enormous popularity of this package the Samba Team may take some +time to repond to mail. We prefer patches in <em>diff -u</em> format. +<p><br><a name="CREDITS"></a> +<h2>CREDITS</h2> + +<p><br>Contributors to the project are now too numerous to mention here but +all deserve the thanks of all Samba users. To see a full list, look at +<a href="ftp://samba.anu.edu.au/pub/samba/alpha/change-log">ftp://samba.anu.edu.au/pub/samba/alpha/change-log</a> +for the pre-CVS changes and at +<a href="ftp://samba.anu.edu.au/pub/samba/alpha/cvs.log">ftp://samba.anu.edu.au/pub/samba/alpha/cvs.log</a> +for the contributors to Samba post-CVS. CVS is the Open Source source +code control system used by the Samba Team to develop Samba. The +project would have been unmanageable without it. +<p><br>In addition, several commercial organisations now help fund the Samba +Team with money and equipment. For details see the Samba Web pages at +<a href="http://samba.anu.edu.au/samba/samba-thanks.html">http://samba.anu.edu.au/samba/samba-thanks.html</a>. +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +</body> +</html> diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html new file mode 100644 index 0000000000..7f35b75969 --- /dev/null +++ b/docs/htmldocs/smb.conf.5.html @@ -0,0 +1,4451 @@ + + + + + +<html><head><title>smb.conf</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>smb.conf</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + smb.conf - The configuration file for the Samba suite +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>smb.conf</strong> The <strong>smb.conf</strong> file is a configuration file for the +Samba suite. <strong>smb.conf</strong> contains runtime configuration information +for the Samba programs. The <strong>smb.conf</strong> file is designed to be +configured and administered by the <a href="swat.8.html"><strong>swat (8)</strong></a> +program. The complete description of the file format and possible +parameters held within are here for reference purposes. +<p><br><a name="FILEFORMAT"></a> +<h2>FILE FORMAT</h2> + +<p><br>The file consists of sections and parameters. A section begins with +the name of the section in square brackets and continues until the +next section begins. Sections contain parameters of the form +<p><br><code>'name = value'</code> +<p><br>The file is line-based - that is, each newline-terminated line +represents either a comment, a section name or a parameter. +<p><br>Section and parameter names are not case sensitive. +<p><br>Only the first equals sign in a parameter is significant. Whitespace +before or after the first equals sign is discarded. Leading, trailing +and internal whitespace in section and parameter names is +irrelevant. Leading and trailing whitespace in a parameter value is +discarded. Internal whitespace within a parameter value is retained +verbatim. +<p><br>Any line beginning with a semicolon (';') or a hash ('#') character is +ignored, as are lines containing only whitespace. +<p><br>Any line ending in a <code>'\'</code> is "continued" on the next line in the +customary UNIX fashion. +<p><br>The values following the equals sign in parameters are all either a +string (no quotes needed) or a boolean, which may be given as yes/no, +0/1 or true/false. Case is not significant in boolean values, but is +preserved in string values. Some items such as create modes are +numeric. +<p><br><a name="SECTIONDESCRIPTIONS"></a> +<h2>SECTION DESCRIPTIONS</h2> + +<p><br>Each section in the configuration file (except for the +<a href="smb.conf.5.html#global"><strong>[global]</strong></a> section) describes a shared resource (known +as a <em>"share"</em>). The section name is the name of the shared resource +and the parameters within the section define the shares attributes. +<p><br>There are three special sections, <a href="smb.conf.5.html#global"><strong>[global]</strong></a>, +<a href="smb.conf.5.html#homes"><strong>[homes]</strong></a> and <a href="smb.conf.5.html#printers"><strong>[printers]</strong></a>, which are +described under <a href="smb.conf.5.html#SPECIALSECTIONS"><strong>'special sections'</strong></a>. The +following notes apply to ordinary section descriptions. +<p><br>A share consists of a directory to which access is being given plus +a description of the access rights which are granted to the user of +the service. Some housekeeping options are also specifiable. +<p><br>Sections are either filespace services (used by the client as an +extension of their native file systems) or printable services (used by +the client to access print services on the host running the server). +<p><br>Sections may be designated <a href="smb.conf.5.html#guestok"><strong>guest</strong></a> services, in which +case no password is required to access them. A specified UNIX +<a href="smb.conf.5.html#guestaccount"><strong>guest account</strong></a> is used to define access +privileges in this case. +<p><br>Sections other than guest services will require a password to access +them. The client provides the username. As older clients only provide +passwords and not usernames, you may specify a list of usernames to +check against the password using the <a href="smb.conf.5.html#user"><strong>"user="</strong></a> option in +the share definition. For modern clients such as Windows 95/98 and +Windows NT, this should not be neccessary. +<p><br>Note that the access rights granted by the server are masked by the +access rights granted to the specified or guest UNIX user by the host +system. The server does not grant more access than the host system +grants. +<p><br>The following sample section defines a file space share. The user has +write access to the path <code>/home/bar</code>. The share is accessed via +the share name "foo": +<p><br><pre> + + + [foo] + path = /home/bar + writable = true + + +</pre> + +<p><br>The following sample section defines a printable share. The share +is readonly, but printable. That is, the only write access permitted +is via calls to open, write to and close a spool file. The +<a href="smb.conf.5.html#guestok"><strong>'guest ok'</strong></a> parameter means access will be permitted +as the default guest user (specified elsewhere): +<p><br><pre> + + [aprinter] + path = /usr/spool/public + read only = true + printable = true + guest ok = true + +</pre> + +<p><br><a name="SPECIALSECTIONS"></a> +<h2>SPECIAL SECTIONS</h2> + +<p><br><ul> +<p><br><a name="global"></a> +<li><strong><strong>The [global] section</strong></strong> +<p><br>Parameters in this section apply to the server as a whole, or are +defaults for sections which do not specifically define certain +items. See the notes under <a href="smb.conf.5.html#PARAMETERS"><strong>'PARAMETERS'</strong></a> for more +information. +<p><br><a name="homes"></a> +<li><strong><strong>The [homes] section</strong></strong> +<p><br>If a section called <code>'homes'</code> is included in the configuration file, +services connecting clients to their home directories can be created +on the fly by the server. +<p><br>When the connection request is made, the existing sections are +scanned. If a match is found, it is used. If no match is found, the +requested section name is treated as a user name and looked up in the +local password file. If the name exists and the correct password has +been given, a share is created by cloning the [homes] section. +<p><br>Some modifications are then made to the newly created share: +<p><br><ul> +<p><br><li > The share name is changed from <code>'homes'</code> to the located +username +<p><br><li > If no path was given, the path is set to the user's home +directory. +<p><br></ul> +<p><br>If you decide to use a <a href="smb.conf.5.html#path"><strong>path=</strong></a> line in your [homes] +section then you may find it useful to use the <a href="smb.conf.5.html#percentS"><strong>%S</strong></a> +macro. For example : +<p><br><code>path=/data/pchome/%S</code> +<p><br>would be useful if you have different home directories for your PCs +than for UNIX access. +<p><br>This is a fast and simple way to give a large number of clients access +to their home directories with a minimum of fuss. +<p><br>A similar process occurs if the requested section name is <code>"homes"</code>, +except that the share name is not changed to that of the requesting +user. This method of using the [homes] section works well if different +users share a client PC. +<p><br>The [homes] section can specify all the parameters a normal service +section can specify, though some make more sense than others. The +following is a typical and suitable [homes] section: +<p><br><pre> + + [homes] + writable = yes + +</pre> + +<p><br>An important point is that if guest access is specified in the [homes] +section, all home directories will be visible to all clients +<strong>without a password</strong>. In the very unlikely event that this is +actually desirable, it would be wise to also specify <a href="smb.conf.5.html#readonly"><strong>read only +access</strong></a>. +<p><br>Note that the <a href="smb.conf.5.html#browseable"><strong>browseable</strong></a> flag for auto home +directories will be inherited from the global browseable flag, not the +[homes] browseable flag. This is useful as it means setting +browseable=no in the [homes] section will hide the [homes] share but +make any auto home directories visible. +<p><br><a name="printers"></a> +<li><strong><strong>The [printers] section</strong></strong> +<p><br>This section works like <a href="smb.conf.5.html#homes"><strong>[homes]</strong></a>, but for printers. +<p><br>If a [printers] section occurs in the configuration file, users are +able to connect to any printer specified in the local host's printcap +file. +<p><br>When a connection request is made, the existing sections are +scanned. If a match is found, it is used. If no match is found, but a +<a href="smb.conf.5.html#homes"><strong>[homes]</strong></a> section exists, it is used as described +above. Otherwise, the requested section name is treated as a printer +name and the appropriate printcap file is scanned to see if the +requested section name is a valid printer share name. If a match is +found, a new printer share is created by cloning the [printers] +section. +<p><br>A few modifications are then made to the newly created share: +<p><br><ul> +<p><br><li > The share name is set to the located printer name +<p><br><li > If no printer name was given, the printer name is set to the +located printer name +<p><br><li > If the share does not permit guest access and no username was +given, the username is set to the located printer name. +<p><br></ul> +<p><br>Note that the [printers] service MUST be printable - if you specify +otherwise, the server will refuse to load the configuration file. +<p><br>Typically the path specified would be that of a world-writable spool +directory with the sticky bit set on it. A typical [printers] entry +would look like this: +<p><br><pre> + + [printers] + path = /usr/spool/public + writable = no + guest ok = yes + printable = yes + +</pre> + +<p><br>All aliases given for a printer in the printcap file are legitimate +printer names as far as the server is concerned. If your printing +subsystem doesn't work like that, you will have to set up a +pseudo-printcap. This is a file consisting of one or more lines like +this: +<p><br><pre> + alias|alias|alias|alias... +</pre> + +<p><br>Each alias should be an acceptable printer name for your printing +subsystem. In the <a href="smb.conf.5.html#global"><strong>[global]</strong></a> section, specify the new +file as your printcap. The server will then only recognise names +found in your pseudo-printcap, which of course can contain whatever +aliases you like. The same technique could be used simply to limit +access to a subset of your local printers. +<p><br>An alias, by the way, is defined as any component of the first entry +of a printcap record. Records are separated by newlines, components +(if there are more than one) are separated by vertical bar symbols +("|"). +<p><br>NOTE: On SYSV systems which use lpstat to determine what printers are +defined on the system you may be able to use <a href="smb.conf.5.html#printcapname"><strong>"printcap name = +lpstat"</strong></a> to automatically obtain a list of +printers. See the <a href="smb.conf.5.html#printcapname"><strong>"printcap name"</strong></a> option for +more detils. +<p><br></ul> +<p><br><a name="PARAMETERS"></a> +<h2>PARAMETERS</h2> + +<p><br>Parameters define the specific attributes of sections. +<p><br>Some parameters are specific to the <a href="smb.conf.5.html#global"><strong>[global]</strong></a> section +(eg., <a href="smb.conf.5.html#security"><strong>security</strong></a>). Some parameters are usable in +all sections (eg., <a href="smb.conf.5.html#createmode"><strong>create mode</strong></a>). All others are +permissible only in normal sections. For the purposes of the following +descriptions the <a href="smb.conf.5.html#homes"><strong>[homes]</strong></a> and +<a href="smb.conf.5.html#printers"><strong>[printers]</strong></a> sections will be considered normal. +The letter <code>'G'</code> in parentheses indicates that a parameter is +specific to the <a href="smb.conf.5.html#global"><strong>[global]</strong></a> section. The letter <code>'S'</code> +indicates that a parameter can be specified in a service specific +section. Note that all <code>'S'</code> parameters can also be specified in the +<a href="smb.conf.5.html#global"><strong>[global]</strong></a> section - in which case they will define +the default behaviour for all services. +<p><br>Parameters are arranged here in alphabetical order - this may not +create best bedfellows, but at least you can find them! Where there +are synonyms, the preferred synonym is described, others refer to the +preferred synonym. +<p><br><a name="VARIABLESUBSTITUTIONS"></a> +<h2>VARIABLE SUBSTITUTIONS</h2> + +<p><br>Many of the strings that are settable in the config file can take +substitutions. For example the option <a href="smb.conf.5.html#path"><strong><code>"path = +/tmp/%u"</code></strong></a> would be interpreted as <code>"path = /tmp/john"</code> if +the user connected with the username john. +<p><br>These substitutions are mostly noted in the descriptions below, but +there are some general substitutions which apply whenever they might +be relevant. These are: +<p><br><ul> +<p><br><a name="percentS"></a> +<li > <strong>%S</strong> = the name of the current service, if any. +<p><br><a name="percentP"></a> +<li > <strong>%P</strong> = the root directory of the current service, if any. +<p><br><a name="percentu"></a> +<li > <strong>%u</strong> = user name of the current service, if any. +<p><br><a name="percentg"></a> +<li > <strong>%g</strong> = primary group name of <a href="smb.conf.5.html#percentu"><strong>%u</strong></a>. +<p><br><a name="percentU"></a> +<li > <strong>%U</strong> = session user name (the user name that +the client wanted, not necessarily the same as the one they got). +<p><br><a name="percentG"></a> +<li > <strong>%G</strong> = primary group name of <a href="smb.conf.5.html#percentU"><strong>%U</strong></a>. +<p><br><a name="percentH"></a> +<li > <strong>%H</strong> = the home directory of the user given by <a href="smb.conf.5.html#percentu"><strong>%u</strong></a>. +<p><br><a name="percentv"></a> +<li > <strong>%v</strong> = the Samba version. +<p><br><a name="percenth"></a> +<li > <strong>%h</strong> = the internet hostname that Samba is running on. +<p><br><a name="percentm"></a> +<li > <strong>%m</strong> = the NetBIOS name of the client machine (very useful). +<p><br><a name="percentL"></a> +<li > <strong>%L</strong> = the NetBIOS name of the server. This allows you to change your +config based on what the client calls you. Your server can have a "dual +personality". +<p><br><a name="percentM"></a> +<li > <strong>%M</strong> = the internet name of the client machine. +<p><br><a name="percentN"></a> +<li > <strong>%N</strong> = the name of your NIS home directory server. This is +obtained from your NIS auto.map entry. If you have not compiled Samba +with the <strong>--with-automount</strong> option then this value will be the same +as <a href="smb.conf.5.html#percentL"><strong>%L</strong></a>. +<p><br><a name="percentp"></a> +<li > <strong>%p</strong> = the path of the service's home directory, obtained from your NIS +auto.map entry. The NIS auto.map entry is split up as "%N:%p". +<p><br><a name="percentR"></a> +<li > <strong>%R</strong> = the selected protocol level after protocol +negotiation. It can be one of CORE, COREPLUS, LANMAN1, LANMAN2 or NT1. +<p><br><a name="percentd"></a> +<li > <strong>%d</strong> = The process id of the current server process. +<p><br><a name="percenta"></a> +<li > <strong>%a</strong> = the architecture of the remote +machine. Only some are recognised, and those may not be 100% +reliable. It currently recognises Samba, WfWg, WinNT and +Win95. Anything else will be known as "UNKNOWN". If it gets it wrong +then sending a level 3 log to <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a> +should allow it to be fixed. +<p><br><a name="percentI"></a> +<li > <strong>%I</strong> = The IP address of the client machine. +<p><br><a name="percentT"></a> +<li > <strong>%T</strong> = the current date and time. +<p><br></ul> +<p><br>There are some quite creative things that can be done with these +substitutions and other smb.conf options. +<p><br><a name="NAMEMANGLING"></a> +<h2>NAME MANGLING</h2> + +<p><br>Samba supports <em>"name mangling"</em> so that DOS and Windows clients can +use files that don't conform to the 8.3 format. It can also be set to +adjust the case of 8.3 format filenames. +<p><br>There are several options that control the way mangling is performed, +and they are grouped here rather than listed separately. For the +defaults look at the output of the testparm program. +<p><br>All of these options can be set separately for each service (or +globally, of course). +<p><br>The options are: +<p><br><a name="manglecaseoption"></a> +<strong>"mangle case = yes/no"</strong> controls if names that have characters that +aren't of the "default" case are mangled. For example, if this is yes +then a name like <code>"Mail"</code> would be mangled. Default <em>no</em>. +<p><br><a name="casesensitiveoption"></a> +<strong>"case sensitive = yes/no"</strong> controls whether filenames are case +sensitive. If they aren't then Samba must do a filename search and +match on passed names. Default <em>no</em>. +<p><br><a name="defaultcaseoption"></a> +<strong>"default case = upper/lower"</strong> controls what the default case is for new +filenames. Default <em>lower</em>. +<p><br><a name="preservecaseoption"></a> +<strong>"preserve case = yes/no"</strong> controls if new files are created with the +case that the client passes, or if they are forced to be the <code>"default"</code> +case. Default <em>Yes</em>. +<p><br><a name="shortpreservecaseoption"></a> +<p><br><strong>"short preserve case = yes/no"</strong> controls if new files which conform +to 8.3 syntax, that is all in upper case and of suitable length, are +created upper case, or if they are forced to be the <code>"default"</code> +case. This option can be use with <a href="smb.conf.5.html#preservecaseoption"><strong>"preserve case = +yes"</strong></a> to permit long filenames to retain their +case, while short names are lowered. Default <em>Yes</em>. +<p><br>By default, Samba 2.0 has the same semantics as a Windows NT +server, in that it is case insensitive but case preserving. +<p><br><a name="NOTEABOUTUSERNAMEPASSWORDVALIDATION"></a> +<h2>NOTE ABOUT USERNAME/PASSWORD VALIDATION</h2> + +<p><br>There are a number of ways in which a user can connect to a +service. The server follows the following steps in determining if it +will allow a connection to a specified service. If all the steps fail +then the connection request is rejected. If one of the steps pass then +the following steps are not checked. +<p><br>If the service is marked <a href="smb.conf.5.html#guestonly"><strong>"guest only = yes"</strong></a> then +steps 1 to 5 are skipped. +<p><br><ol> +<p><br><li> Step 1: If the client has passed a username/password pair and +that username/password pair is validated by the UNIX system's password +programs then the connection is made as that username. Note that this +includes the <code>\\server\service%username</code> method of passing a +username. +<p><br><li> Step 2: If the client has previously registered a username with +the system and now supplies a correct password for that username then +the connection is allowed. +<p><br><li> Step 3: The client's netbios name and any previously used user +names are checked against the supplied password, if they match then +the connection is allowed as the corresponding user. +<p><br><li> Step 4: If the client has previously validated a +username/password pair with the server and the client has passed the +validation token then that username is used. This step is skipped if +<a href="smb.conf.5.html#revalidate"><strong>"revalidate = yes"</strong></a> for this service. +<p><br><li> Step 5: If a <a href="smb.conf.5.html#user"><strong>"user = "</strong></a> field is given in the +smb.conf file for the service and the client has supplied a password, +and that password matches (according to the UNIX system's password +checking) with one of the usernames from the <a href="smb.conf.5.html#user"><strong>user=</strong></a> +field then the connection is made as the username in the +<a href="smb.conf.5.html#user"><strong>"user="</strong></a> line. If one of the username in the +<a href="smb.conf.5.html#user"><strong>user=</strong></a> list begins with a <code>'@'</code> then that name +expands to a list of names in the group of the same name. +<p><br><li> Step 6: If the service is a guest service then a connection is +made as the username given in the <a href="smb.conf.5.html#guestaccount"><strong>"guest account +="</strong></a> for the service, irrespective of the supplied +password. +<p><br></ol> +<p><br><a name="COMPLETELISTOFGLOBALPARAMETERS"></a> +<h2>COMPLETE LIST OF GLOBAL PARAMETERS</h2> + +<p><br>Here is a list of all global parameters. See the section of each +parameter for details. Note that some are synonyms. +<p><br><ul> +<p><br><li > <a href="smb.conf.5.html#announceas"><strong>announce as</strong></a> +<p><br><li > <a href="smb.conf.5.html#announceversion"><strong>announce version</strong></a> +<p><br><li > <a href="smb.conf.5.html#autoservices"><strong>auto services</strong></a> +<p><br><li > <a href="smb.conf.5.html#bindinterfacesonly"><strong>bind interfaces only</strong></a> +<p><br><li > <a href="smb.conf.5.html#browselist"><strong>browse list</strong></a> +<p><br><li > <a href="smb.conf.5.html#changenotifytimeout"><strong>change notify timeout</strong></a> +<p><br><li > <a href="smb.conf.5.html#characterset"><strong>character set</strong></a> +<p><br><li > <a href="smb.conf.5.html#clientcodepage"><strong>client code page</strong></a> +<p><br><li > <a href="smb.conf.5.html#codingsystem"><strong>coding system</strong></a> +<p><br><li > <a href="smb.conf.5.html#configfile"><strong>config file</strong></a> +<p><br><li > <a href="smb.conf.5.html#deadtime"><strong>deadtime</strong></a> +<p><br><li > <a href="smb.conf.5.html#debugtimestamp"><strong>debug timestamp</strong></a> +<p><br><li > <a href="smb.conf.5.html#debuglevel"><strong>debuglevel</strong></a> +<p><br><li > <a href="smb.conf.5.html#default"><strong>default</strong></a> +<p><br><li > <a href="smb.conf.5.html#defaultservice"><strong>default service</strong></a> +<p><br><li > <a href="smb.conf.5.html#dfreecommand"><strong>dfree command</strong></a> +<p><br><li > <a href="smb.conf.5.html#dnsproxy"><strong>dns proxy</strong></a> +<p><br><li > <a href="smb.conf.5.html#domainadmingroup"><strong>domain admin group</strong></a> +<p><br><li > <a href="smb.conf.5.html#domainadminusers"><strong>domain admin users</strong></a> +<p><br><li > <a href="smb.conf.5.html#domaincontroller"><strong>domain controller</strong></a> +<p><br><li > <a href="smb.conf.5.html#domaingroups"><strong>domain groups</strong></a> +<p><br><li > <a href="smb.conf.5.html#domainguestgroup"><strong>domain guest group</strong></a> +<p><br><li > <a href="smb.conf.5.html#domainguestusers"><strong>domain guest users</strong></a> +<p><br><li > <a href="smb.conf.5.html#domainlogons"><strong>domain logons</strong></a> +<p><br><li > <a href="smb.conf.5.html#domainmaster"><strong>domain master</strong></a> +<p><br><li > <a href="smb.conf.5.html#encryptpasswords"><strong>encrypt passwords</strong></a> +<p><br><li > <a href="smb.conf.5.html#getwdcache"><strong>getwd cache</strong></a> +<p><br><li > <a href="smb.conf.5.html#homedirmap"><strong>homedir map</strong></a> +<p><br><li > <a href="smb.conf.5.html#hostsequiv"><strong>hosts equiv</strong></a> +<p><br><li > <a href="smb.conf.5.html#interfaces"><strong>interfaces</strong></a> +<p><br><li > <a href="smb.conf.5.html#keepalive"><strong>keepalive</strong></a> +<p><br><li > <a href="smb.conf.5.html#kerneloplocks"><strong>kernel oplocks</strong></a> +<p><br><li > <a href="smb.conf.5.html#ldapfilter"><strong>ldap filter</strong></a> +<p><br><li > <a href="smb.conf.5.html#ldapport"><strong>ldap port</strong></a> +<p><br><li > <a href="smb.conf.5.html#ldaproot"><strong>ldap root</strong></a> +<p><br><li > <a href="smb.conf.5.html#ldaprootpasswd"><strong>ldap root passwd</strong></a> +<p><br><li > <a href="smb.conf.5.html#ldapserver"><strong>ldap server</strong></a> +<p><br><li > <a href="smb.conf.5.html#ldapsuffix"><strong>ldap suffix</strong></a> +<p><br><li > <a href="smb.conf.5.html#lmannounce"><strong>lm announce</strong></a> +<p><br><li > <a href="smb.conf.5.html#lminterval"><strong>lm interval</strong></a> +<p><br><li > <a href="smb.conf.5.html#loadprinters"><strong>load printers</strong></a> +<p><br><li > <a href="smb.conf.5.html#localmaster"><strong>local master</strong></a> +<p><br><li > <a href="smb.conf.5.html#lockdir"><strong>lock dir</strong></a> +<p><br><li > <a href="smb.conf.5.html#lockdirectory"><strong>lock directory</strong></a> +<p><br><li > <a href="smb.conf.5.html#logfile"><strong>log file</strong></a> +<p><br><li > <a href="smb.conf.5.html#loglevel"><strong>log level</strong></a> +<p><br><li > <a href="smb.conf.5.html#logondrive"><strong>logon drive</strong></a> +<p><br><li > <a href="smb.conf.5.html#logonhome"><strong>logon home</strong></a> +<p><br><li > <a href="smb.conf.5.html#logonpath"><strong>logon path</strong></a> +<p><br><li > <a href="smb.conf.5.html#logonscript"><strong>logon script</strong></a> +<p><br><li > <a href="smb.conf.5.html#lpqcachetime"><strong>lpq cache time</strong></a> +<p><br><li > <a href="smb.conf.5.html#machinepasswordtimeout"><strong>machine password timeout</strong></a> +<p><br><li > <a href="smb.conf.5.html#mangledstack"><strong>mangled stack</strong></a> +<p><br><li > <a href="smb.conf.5.html#maxdisksize"><strong>max disk size</strong></a> +<p><br><li > <a href="smb.conf.5.html#maxlogsize"><strong>max log size</strong></a> +<p><br><li > <a href="smb.conf.5.html#maxmux"><strong>max mux</strong></a> +<p><br><li > <a href="smb.conf.5.html#maxopenfiles"><strong>max open files</strong></a> +<p><br><li > <a href="smb.conf.5.html#maxpacket"><strong>max packet</strong></a> +<p><br><li > <a href="smb.conf.5.html#maxttl"><strong>max ttl</strong></a> +<p><br><li > <a href="smb.conf.5.html#maxwinsttl"><strong>max wins ttl</strong></a> +<p><br><li > <a href="smb.conf.5.html#maxxmit"><strong>max xmit</strong></a> +<p><br><li > <a href="smb.conf.5.html#messagecommand"><strong>message command</strong></a> +<p><br><li > <a href="smb.conf.5.html#minwinsttl"><strong>min wins ttl</strong></a> +<p><br><li > <a href="smb.conf.5.html#nameresolveorder"><strong>name resolve order</strong></a> +<p><br><li > <a href="smb.conf.5.html#netbiosaliases"><strong>netbios aliases</strong></a> +<p><br><li > <a href="smb.conf.5.html#netbiosname"><strong>netbios name</strong></a> +<p><br><li > <a href="smb.conf.5.html#nishomedir"><strong>nis homedir</strong></a> +<p><br><li > <a href="smb.conf.5.html#ntpipesupport"><strong>nt pipe support</strong></a> +<p><br><li > <a href="smb.conf.5.html#ntsmbsupport"><strong>nt smb support</strong></a> +<p><br><li > <a href="smb.conf.5.html#nullpasswords"><strong>null passwords</strong></a> +<p><br><li > <a href="smb.conf.5.html#olelockingcompatibility"><strong>ole locking compatibility</strong></a> +<p><br><li > <a href="smb.conf.5.html#oslevel"><strong>os level</strong></a> +<p><br><li > <a href="smb.conf.5.html#packetsize"><strong>packet size</strong></a> +<p><br><li > <a href="smb.conf.5.html#panicaction"><strong>panic action</strong></a> +<p><br><li > <a href="smb.conf.5.html#passwdchat"><strong>passwd chat</strong></a> +<p><br><li > <a href="smb.conf.5.html#passwdchatdebug"><strong>passwd chat debug</strong></a> +<p><br><li > <a href="smb.conf.5.html#passwdprogram"><strong>passwd program</strong></a> +<p><br><li > <a href="smb.conf.5.html#passwordlevel"><strong>password level</strong></a> +<p><br><li > <a href="smb.conf.5.html#passwordserver"><strong>password server</strong></a> +<p><br><li > <a href="smb.conf.5.html#preferedmaster"><strong>prefered master</strong></a> +<p><br><li > <a href="smb.conf.5.html#preferredmaster"><strong>preferred master</strong></a> +<p><br><li > <a href="smb.conf.5.html#preload"><strong>preload</strong></a> +<p><br><li > <a href="smb.conf.5.html#printcap"><strong>printcap</strong></a> +<p><br><li > <a href="smb.conf.5.html#printcapname"><strong>printcap name</strong></a> +<p><br><li > <a href="smb.conf.5.html#printerdriverfile"><strong>printer driver file</strong></a> +<p><br><li > <a href="smb.conf.5.html#protocol"><strong>protocol</strong></a> +<p><br><li > <a href="smb.conf.5.html#readbmpx"><strong>read bmpx</strong></a> +<p><br><li > <a href="smb.conf.5.html#readprediction"><strong>read prediction</strong></a> +<p><br><li > <a href="smb.conf.5.html#readraw"><strong>read raw</strong></a> +<p><br><li > <a href="smb.conf.5.html#readsize"><strong>read size</strong></a> +<p><br><li > <a href="smb.conf.5.html#remoteannounce"><strong>remote announce</strong></a> +<p><br><li > <a href="smb.conf.5.html#remotebrowsesync"><strong>remote browse sync</strong></a> +<p><br><li > <a href="smb.conf.5.html#root"><strong>root</strong></a> +<p><br><li > <a href="smb.conf.5.html#rootdir"><strong>root dir</strong></a> +<p><br><li > <a href="smb.conf.5.html#rootdirectory"><strong>root directory</strong></a> +<p><br><li > <a href="smb.conf.5.html#security"><strong>security</strong></a> +<p><br><li > <a href="smb.conf.5.html#serverstring"><strong>server string</strong></a> +<p><br><li > <a href="smb.conf.5.html#sharedmemsize"><strong>shared mem size</strong></a> +<p><br><li > <a href="smb.conf.5.html#smbpasswdfile"><strong>smb passwd file</strong></a> +<p><br><li > <a href="smb.conf.5.html#smbrun"><strong>smbrun</strong></a> +<p><br><li > <a href="smb.conf.5.html#socketaddress"><strong>socket address</strong></a> +<p><br><li > <a href="smb.conf.5.html#socketoptions"><strong>socket options</strong></a> +<p><br><li > <a href="smb.conf.5.html#ssl"><strong>ssl</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslCAcertDir"><strong>ssl CA certDir</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslCAcertFile"><strong>ssl CA certFile</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslciphers"><strong>ssl ciphers</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslclientcert"><strong>ssl client cert</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslclientkey"><strong>ssl client key</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslcompatibility"><strong>ssl compatibility</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslhosts"><strong>ssl hosts</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslhostsresign"><strong>ssl hosts resign</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslrequireclientcert"><strong>ssl require clientcert</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslrequireservercert"><strong>ssl require servercert</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslservercert"><strong>ssl server cert</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslserverkey"><strong>ssl server key</strong></a> +<p><br><li > <a href="smb.conf.5.html#sslversion"><strong>ssl version</strong></a> +<p><br><li > <a href="smb.conf.5.html#statcache"><strong>stat cache</strong></a> +<p><br><li > <a href="smb.conf.5.html#statcachesize"><strong>stat cache size</strong></a> +<p><br><li > <a href="smb.conf.5.html#stripdot"><strong>strip dot</strong></a> +<p><br><li > <a href="smb.conf.5.html#syslog"><strong>syslog</strong></a> +<p><br><li > <a href="smb.conf.5.html#syslogonly"><strong>syslog only</strong></a> +<p><br><li > <a href="smb.conf.5.html#timeoffset"><strong>time offset</strong></a> +<p><br><li > <a href="smb.conf.5.html#timeserver"><strong>time server</strong></a> +<p><br><li > <a href="smb.conf.5.html#timestamplogs"><strong>timestamp logs</strong></a> +<p><br><li > <a href="smb.conf.5.html#unixpasswordsync"><strong>unix password sync</strong></a> +<p><br><li > <a href="smb.conf.5.html#unixrealname"><strong>unix realname</strong></a> +<p><br><li > <a href="smb.conf.5.html#updateencrypted"><strong>update encrypted</strong></a> +<p><br><li > <a href="smb.conf.5.html#userhosts"><strong>use rhosts</strong></a> +<p><br><li > <a href="smb.conf.5.html#usernamelevel"><strong>username level</strong></a> +<p><br><li > <a href="smb.conf.5.html#usernamemap"><strong>username map</strong></a> +<p><br><li > <a href="smb.conf.5.html#validchars"><strong>valid chars</strong></a> +<p><br><li > <a href="smb.conf.5.html#winsproxy"><strong>wins proxy</strong></a> +<p><br><li > <a href="smb.conf.5.html#winsserver"><strong>wins server</strong></a> +<p><br><li > <a href="smb.conf.5.html#winssupport"><strong>wins support</strong></a> +<p><br><li > <a href="smb.conf.5.html#workgroup"><strong>workgroup</strong></a> +<p><br><li > <a href="smb.conf.5.html#writeraw"><strong>write raw</strong></a> +<p><br></ul> +<p><br><a name="COMPLETELISTOFSERVICEPARAMETERS"></a> +<h2>COMPLETE LIST OF SERVICE PARAMETERS</h2> + +<p><br>Here is a list of all service parameters. See the section of each +parameter for details. Note that some are synonyms. +<p><br><ul> +<p><br><li > <a href="smb.conf.5.html#adminusers"><strong>admin users</strong></a> +<p><br><li > <a href="smb.conf.5.html#allowhosts"><strong>allow hosts</strong></a> +<p><br><li > <a href="smb.conf.5.html#alternatepermissions"><strong>alternate permissions</strong></a> +<p><br><li > <a href="smb.conf.5.html#available"><strong>available</strong></a> +<p><br><li > <a href="smb.conf.5.html#blockinglocks"><strong>blocking locks</strong></a> +<p><br><li > <a href="smb.conf.5.html#browsable"><strong>browsable</strong></a> +<p><br><li > <a href="smb.conf.5.html#browseable"><strong>browseable</strong></a> +<p><br><li > <a href="smb.conf.5.html#casesensitive"><strong>case sensitive</strong></a> +<p><br><li > <a href="smb.conf.5.html#casesignames"><strong>casesignames</strong></a> +<p><br><li > <a href="smb.conf.5.html#comment"><strong>comment</strong></a> +<p><br><li > <a href="smb.conf.5.html#copy"><strong>copy</strong></a> +<p><br><li > <a href="smb.conf.5.html#createmask"><strong>create mask</strong></a> +<p><br><li > <a href="smb.conf.5.html#createmode"><strong>create mode</strong></a> +<p><br><li > <a href="smb.conf.5.html#defaultcase"><strong>default case</strong></a> +<p><br><li > <a href="smb.conf.5.html#deletereadonly"><strong>delete readonly</strong></a> +<p><br><li > <a href="smb.conf.5.html#deletevetofiles"><strong>delete veto files</strong></a> +<p><br><li > <a href="smb.conf.5.html#denyhosts"><strong>deny hosts</strong></a> +<p><br><li > <a href="smb.conf.5.html#directory"><strong>directory</strong></a> +<p><br><li > <a href="smb.conf.5.html#directorymask"><strong>directory mask</strong></a> +<p><br><li > <a href="smb.conf.5.html#directorymode"><strong>directory mode</strong></a> +<p><br><li > <a href="smb.conf.5.html#dontdescend"><strong>dont descend</strong></a> +<p><br><li > <a href="smb.conf.5.html#dosfiletimeresolution"><strong>dos filetime resolution</strong></a> +<p><br><li > <a href="smb.conf.5.html#dosfiletimes"><strong>dos filetimes</strong></a> +<p><br><li > <a href="smb.conf.5.html#exec"><strong>exec</strong></a> +<p><br><li > <a href="smb.conf.5.html#fakedirectorycreatetimes"><strong>fake directory create times</strong></a> +<p><br><li > <a href="smb.conf.5.html#fakeoplocks"><strong>fake oplocks</strong></a> +<p><br><li > <a href="smb.conf.5.html#followsymlinks"><strong>follow symlinks</strong></a> +<p><br><li > <a href="smb.conf.5.html#forcecreatemode"><strong>force create mode</strong></a> +<p><br><li > <a href="smb.conf.5.html#forcedirectorymode"><strong>force directory mode</strong></a> +<p><br><li > <a href="smb.conf.5.html#forcegroup"><strong>force group</strong></a> +<p><br><li > <a href="smb.conf.5.html#forceuser"><strong>force user</strong></a> +<p><br><li > <a href="smb.conf.5.html#fstype"><strong>fstype</strong></a> +<p><br><li > <a href="smb.conf.5.html#group"><strong>group</strong></a> +<p><br><li > <a href="smb.conf.5.html#guestaccount"><strong>guest account</strong></a> +<p><br><li > <a href="smb.conf.5.html#guestok"><strong>guest ok</strong></a> +<p><br><li > <a href="smb.conf.5.html#guestonly"><strong>guest only</strong></a> +<p><br><li > <a href="smb.conf.5.html#hidedotfiles"><strong>hide dot files</strong></a> +<p><br><li > <a href="smb.conf.5.html#hidefiles"><strong>hide files</strong></a> +<p><br><li > <a href="smb.conf.5.html#hostsallow"><strong>hosts allow</strong></a> +<p><br><li > <a href="smb.conf.5.html#hostsdeny"><strong>hosts deny</strong></a> +<p><br><li > <a href="smb.conf.5.html#include"><strong>include</strong></a> +<p><br><li > <a href="smb.conf.5.html#invalidusers"><strong>invalid users</strong></a> +<p><br><li > <a href="smb.conf.5.html#locking"><strong>locking</strong></a> +<p><br><li > <a href="smb.conf.5.html#lppausecommand"><strong>lppause command</strong></a> +<p><br><li > <a href="smb.conf.5.html#lpqcommand"><strong>lpq command</strong></a> +<p><br><li > <a href="smb.conf.5.html#lpresumecommand"><strong>lpresume command</strong></a> +<p><br><li > <a href="smb.conf.5.html#lprmcommand"><strong>lprm command</strong></a> +<p><br><li > <a href="smb.conf.5.html#magicoutput"><strong>magic output</strong></a> +<p><br><li > <a href="smb.conf.5.html#magicscript"><strong>magic script</strong></a> +<p><br><li > <a href="smb.conf.5.html#manglecase"><strong>mangle case</strong></a> +<p><br><li > <a href="smb.conf.5.html#mangledmap"><strong>mangled map</strong></a> +<p><br><li > <a href="smb.conf.5.html#manglednames"><strong>mangled names</strong></a> +<p><br><li > <a href="smb.conf.5.html#manglingchar"><strong>mangling char</strong></a> +<p><br><li > <a href="smb.conf.5.html#maparchive"><strong>map archive</strong></a> +<p><br><li > <a href="smb.conf.5.html#maphidden"><strong>map hidden</strong></a> +<p><br><li > <a href="smb.conf.5.html#mapsystem"><strong>map system</strong></a> +<p><br><li > <a href="smb.conf.5.html#maptoguest"><strong>map to guest</strong></a> +<p><br><li > <a href="smb.conf.5.html#maxconnections"><strong>max connections</strong></a> +<p><br><li > <a href="smb.conf.5.html#minprintspace"><strong>min print space</strong></a> +<p><br><li > <a href="smb.conf.5.html#onlyguest"><strong>only guest</strong></a> +<p><br><li > <a href="smb.conf.5.html#onlyuser"><strong>only user</strong></a> +<p><br><li > <a href="smb.conf.5.html#oplocks"><strong>oplocks</strong></a> +<p><br><li > <a href="smb.conf.5.html#path"><strong>path</strong></a> +<p><br><li > <a href="smb.conf.5.html#postexec"><strong>postexec</strong></a> +<p><br><li > <a href="smb.conf.5.html#postscript"><strong>postscript</strong></a> +<p><br><li > <a href="smb.conf.5.html#preexec"><strong>preexec</strong></a> +<p><br><li > <a href="smb.conf.5.html#preservecase"><strong>preserve case</strong></a> +<p><br><li > <a href="smb.conf.5.html#printcommand"><strong>print command</strong></a> +<p><br><li > <a href="smb.conf.5.html#printok"><strong>print ok</strong></a> +<p><br><li > <a href="smb.conf.5.html#printable"><strong>printable</strong></a> +<p><br><li > <a href="smb.conf.5.html#printer"><strong>printer</strong></a> +<p><br><li > <a href="smb.conf.5.html#printerdriver"><strong>printer driver</strong></a> +<p><br><li > <a href="smb.conf.5.html#printerdriverlocation"><strong>printer driver location</strong></a> +<p><br><li > <a href="smb.conf.5.html#printername"><strong>printer name</strong></a> +<p><br><li > <a href="smb.conf.5.html#printing"><strong>printing</strong></a> +<p><br><li > <a href="smb.conf.5.html#public"><strong>public</strong></a> +<p><br><li > <a href="smb.conf.5.html#queuepausecommand"><strong>queuepause command</strong></a> +<p><br><li > <a href="smb.conf.5.html#queueresumecommand"><strong>queueresume command</strong></a> +<p><br><li > <a href="smb.conf.5.html#readlist"><strong>read list</strong></a> +<p><br><li > <a href="smb.conf.5.html#readonly"><strong>read only</strong></a> +<p><br><li > <a href="smb.conf.5.html#revalidate"><strong>revalidate</strong></a> +<p><br><li > <a href="smb.conf.5.html#rootpostexec"><strong>root postexec</strong></a> +<p><br><li > <a href="smb.conf.5.html#rootpreexec"><strong>root preexec</strong></a> +<p><br><li > <a href="smb.conf.5.html#setdirectory"><strong>set directory</strong></a> +<p><br><li > <a href="smb.conf.5.html#sharemodes"><strong>share modes</strong></a> +<p><br><li > <a href="smb.conf.5.html#shortpreservecase"><strong>short preserve case</strong></a> +<p><br><li > <a href="smb.conf.5.html#status"><strong>status</strong></a> +<p><br><li > <a href="smb.conf.5.html#strictlocking"><strong>strict locking</strong></a> +<p><br><li > <a href="smb.conf.5.html#strictsync"><strong>strict sync</strong></a> +<p><br><li > <a href="smb.conf.5.html#syncalways"><strong>sync always</strong></a> +<p><br><li > <a href="smb.conf.5.html#user"><strong>user</strong></a> +<p><br><li > <a href="smb.conf.5.html#username"><strong>username</strong></a> +<p><br><li > <a href="smb.conf.5.html#users"><strong>users</strong></a> +<p><br><li > <a href="smb.conf.5.html#validusers"><strong>valid users</strong></a> +<p><br><li > <a href="smb.conf.5.html#vetofiles"><strong>veto files</strong></a> +<p><br><li > <a href="smb.conf.5.html#vetooplockfiles"><strong>veto oplock files</strong></a> +<p><br><li > <a href="smb.conf.5.html#volume"><strong>volume</strong></a> +<p><br><li > <a href="smb.conf.5.html#widelinks"><strong>wide links</strong></a> +<p><br><li > <a href="smb.conf.5.html#writable"><strong>writable</strong></a> +<p><br><li > <a href="smb.conf.5.html#writelist"><strong>write list</strong></a> +<p><br><li > <a href="smb.conf.5.html#writeok"><strong>write ok</strong></a> +<p><br><li > <a href="smb.conf.5.html#writeable"><strong>writeable</strong></a> +<p><br></ul> +<p><br><a name="EXPLANATIONOFEACHPARAMETER"></a> +<h2>EXPLANATION OF EACH PARAMETER</h2> + +<p><br><ul> +<p><br><a name="adminusers"></a> +<li><strong><strong>admin users (S)</strong></strong> +<p><br>This is a list of users who will be granted administrative privileges +on the share. This means that they will do all file operations as the +super-user (root). +<p><br>You should use this option very carefully, as any user in this list +will be able to do anything they like on the share, irrespective of +file permissions. +<p><br><strong>Default:</strong> <br> +<code> no admin users</code> +<p><br><strong>Example:</strong> <br> +<code> admin users = jason</code> +<p><br><a name="allowhosts"></a> +<li><strong><strong>allow hosts (S)</strong></strong> +<p><br>A synonym for this parameter is <a href="smb.conf.5.html#hostsallow"><strong>'hosts allow'</strong></a> +<p><br>This parameter is a comma, space, or tab delimited set of hosts which +are permitted to access a service. +<p><br>If specified in the <a href="smb.conf.5.html#global"><strong>[global]</strong></a> section then it will +apply to all services, regardless of whether the individual service +has a different setting. +<p><br>You can specify the hosts by name or IP number. For example, you could +restrict access to only the hosts on a Class C subnet with something +like <code>"allow hosts = 150.203.5."</code>. The full syntax of the list is +described in the man page <strong>hosts_access (5)</strong>. Note that this man +page may not be present on your system, so a brief description will +be given here also. +<p><br><em>NOTE:</em> IF you wish to allow the <a href="smbpasswd.html.8"><strong>smbpasswd +(8)</strong></a> program to be run by local users to change +their Samba passwords using the local <a href="smbd.8.html"><strong>smbd (8)</strong></a> +daemon, then you <em>MUST</em> ensure that the localhost is listed in your +<strong>allow hosts</strong> list, as <a href="smbpasswd.html.8"><strong>smbpasswd (8)</strong></a> runs +in client-server mode and is seen by the local +<a href="smbd.8.html"><strong>smbd</strong></a> process as just another client. +<p><br>You can also specify hosts by network/netmask pairs and by netgroup +names if your system supports netgroups. The <em>EXCEPT</em> keyword can also +be used to limit a wildcard list. The following examples may provide +some help: +<p><br><strong>Example 1</strong>: allow localhost and all IPs in 150.203.*.* except one +<p><br><code> hosts allow = localhost, 150.203. EXCEPT 150.203.6.66</code> +<p><br><strong>Example 2</strong>: allow localhost and hosts that match the given network/netmask +<p><br><code> hosts allow = localhost, 150.203.15.0/255.255.255.0</code> +<p><br><strong>Example 3</strong>: allow a localhost plus a couple of hosts +<p><br><code> hosts allow = localhost, lapland, arvidsjaur</code> +<p><br><strong>Example 4</strong>: allow only hosts in NIS netgroup "foonet" or localhost, but +deny access from one particular host +<p><br><code> hosts allow = @foonet, localhost</code> +<code> hosts deny = pirate</code> +<p><br>Note that access still requires suitable user-level passwords. +<p><br>See <a href="testparm.1.html"><strong>testparm (1)</strong></a> for a way of testing your +host access to see if it does what you expect. +<p><br><strong>Default:</strong> +<code> none (i.e., all hosts permitted access)</code> +<p><br><strong>Example:</strong> +<code> allow hosts = 150.203.5. localhost myhost.mynet.edu.au</code> +<p><br><a name="alternatepermissions"></a> +<li><strong><strong>alternate permissions (S)</strong></strong> +<p><br>This is a deprecated parameter. It no longer has any effect in Samba2.0. +In previous versions of Samba it affected the way the DOS "read only" +attribute was mapped for a file. In Samba2.0 a file is marked "read only" +if the UNIX file does not have the 'w' bit set for the owner of the file, +regardless if the owner of the file is the currently logged on user or not. +<p><br><a name="announceas"></a> +<li><strong><strong>announce as (G)</strong></strong> +<p><br>This specifies what type of server <a href="nmbd.8.html"><strong>nmbd</strong></a> will +announce itself as, to a network neighborhood browse list. By default +this is set to Windows NT. The valid options are : "NT", "Win95" or +"WfW" meaining Windows NT, Windows 95 and Windows for Workgroups +respectively. Do not change this parameter unless you have a specific +need to stop Samba appearing as an NT server as this may prevent Samba +servers from participating as browser servers correctly. +<p><br><strong>Default:</strong> +<code> announce as = NT</code> +<p><br><strong>Example</strong> +<code> announce as = Win95</code> +<p><br><a name="announceversion"></a> +<li><strong><strong>announce version (G)</strong></strong> +<p><br>This specifies the major and minor version numbers that nmbd will use +when announcing itself as a server. The default is 4.2. Do not change +this parameter unless you have a specific need to set a Samba server +to be a downlevel server. +<p><br><strong>Default:</strong> +<code> announce version = 4.2</code> +<p><br><strong>Example:</strong> +<code> announce version = 2.0</code> +<p><br><a name="autoservices"></a> +<li><strong><strong>auto services (G)</strong></strong> +<p><br>This is a list of services that you want to be automatically added to +the browse lists. This is most useful for homes and printers services +that would otherwise not be visible. +<p><br>Note that if you just want all printers in your printcap file loaded +then the <a href="smb.conf.5.html#loadprinters"><strong>"load printers"</strong></a> option is easier. +<p><br><strong>Default:</strong> +<code> no auto services</code> +<p><br><strong>Example:</strong> +<code> auto services = fred lp colorlp</code> +<p><br><a name="available"></a> +<li><strong><strong>available (S)</strong></strong> +<p><br>This parameter lets you <em>'turn off'</em> a service. If <code>'available = no'</code>, +then <em>ALL</em> attempts to connect to the service will fail. Such failures +are logged. +<p><br><strong>Default:</strong> +<code> available = yes</code> +<p><br><strong>Example:</strong> +<code> available = no</code> +<p><br><a name="bindinterfacesonly"></a> +<li><strong><strong>bind interfaces only (G)</strong></strong> +<p><br>This global parameter allows the Samba admin to limit what interfaces +on a machine will serve smb requests. If affects file service +<a href="smbd.8.html"><strong>smbd</strong></a> and name service <a href="nmbd.8.html"><strong>nmbd</strong></a> +in slightly different ways. +<p><br>For name service it causes <a href="nmbd.8.html"><strong>nmbd</strong></a> to bind to ports +137 and 138 on the interfaces listed in the +<a href="smb.conf.5.html#interfaces"><strong>'interfaces'</strong></a> +parameter. <a href="nmbd.8.html"><strong>nmbd</strong></a> also binds to the 'all +addresses' interface (0.0.0.0) on ports 137 and 138 for the purposes +of reading broadcast messages. If this option is not set then +<a href="nmbd.8.html"><strong>nmbd</strong></a> will service name requests on all of these +sockets. If <strong>"bind interfaces only"</strong> is set then +<a href="nmbd.8.html"><strong>nmbd</strong></a> will check the source address of any +packets coming in on the broadcast sockets and discard any that don't +match the broadcast addresses of the interfaces in the +<a href="smb.conf.5.html#interfaces"><strong>'interfaces'</strong></a> parameter list. As unicast packets +are received on the other sockets it allows <a href="nmbd.8.html"><strong>nmbd</strong></a> +to refuse to serve names to machines that send packets that arrive +through any interfaces not listed in the +<a href="smb.conf.5.html#interfaces"><strong>"interfaces"</strong></a> list. IP Source address spoofing +does defeat this simple check, however so it must not be used +seriously as a security feature for <a href="nmbd.8.html"><strong>nmbd</strong></a>. +<p><br>For file service it causes <a href="smbd.8.html"><strong>smbd</strong></a> to bind only to +the interface list given in the <a href="smb.conf.5.html#interfaces"><strong>'interfaces'</strong></a> +parameter. This restricts the networks that <a href="smbd.8.html"><strong>smbd</strong></a> +will serve to packets coming in those interfaces. Note that you +should not use this parameter for machines that are serving PPP or +other intermittant or non-broadcast network interfaces as it will not +cope with non-permanent interfaces. +<p><br>In addition, to change a users SMB password, the +<a href="smbpasswd.8.html"><strong>smbpasswd</strong></a> by default connects to the +<em>"localhost" - 127.0.0.1</em> address as an SMB client to issue the +password change request. If <strong>"bind interfaces only"</strong> is set then +unless the network address <em>127.0.0.1</em> is added to the +<a href="smb.conf.5.html#interfaces"><strong>'interfaces'</strong></a> parameter list then +<a href="smbpasswd.8.html"><strong>smbpasswd</strong></a> will fail to connect in it's +default mode. <a href="smbpasswd.8.html"><strong>smbpasswd</strong></a> can be forced to +use the primary IP interface of the local host by using its +<a href="smbpasswd.8.html#minusr"><strong>"-r remote machine"</strong></a> parameter, with +<strong>"remote machine"</strong> set to the IP name of the primary interface +of the local host. +<p><br><strong>Default:</strong> +<code> bind interfaces only = False</code> +<p><br><strong>Example:</strong> +<code> bind interfaces only = True</code> +<p><br><a name="blockinglocks"></a> +<li><strong><strong>blocking locks (S)</strong></strong> +<p><br>This parameter controls the behavior of <a href="smbd.8.html"><strong>smbd</strong></a> when +given a request by a client to obtain a byte range lock on a region +of an open file, and the request has a time limit associated with it. +<p><br>If this parameter is set and the lock range requested cannot be +immediately satisfied, Samba 2.0 will internally queue the lock +request, and periodically attempt to obtain the lock until the +timeout period expires. +<p><br>If this parameter is set to "False", then Samba 2.0 will behave +as previous versions of Samba would and will fail the lock +request immediately if the lock range cannot be obtained. +<p><br>This parameter can be set per share. +<p><br><strong>Default:</strong> +<code> blocking locks = True</code> +<p><br><strong>Example:</strong> +<code> blocking locks = False</code> +<p><br><a name="browsable"></a> +<li><strong><strong>broweable (S)</strong></strong> +<p><br>This controls whether this share is seen in the list of available +shares in a net view and in the browse list. +<p><br><strong>Default:</strong> +<code> browsable = Yes</code> +<p><br><strong>Example:</strong> +<code> browsable = No</code> +<p><br><a name="browselist"></a> +<li><strong><strong>browse list(G)</strong></strong> +<p><br>This controls whether <a href="smbd.8.html"><strong>smbd</strong></a> will serve a browse +list to a client doing a NetServerEnum call. Normally set to true. You +should never need to change this. +<p><br><strong>Default:</strong> +<code> browse list = Yes</code> +<p><br><a name="browseable"></a> +<li><strong><strong>browseable</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#browsable"><strong>browsable</strong></a>. +<p><br><a name="casesensitive"></a> +<li><strong><strong>case sensitive (G)</strong></strong> +<p><br>See the discussion in the section <a href="smb.conf.5.html#NAMEMANGLING"><strong>NAME MANGLING</strong></a>. +<p><br><a name="casesignames"></a> +<li><strong><strong>casesignames (G)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#casesensitive"><strong>"case sensitive"</strong></a>. +<p><br><a name="changenotifytimeout"></a> +<li><strong><strong>change notify timeout (G)</strong></strong> +<p><br>One of the new NT SMB requests that Samba 2.0 supports is the +"ChangeNotify" requests. This SMB allows a client to tell a server to +<em>"watch"</em> a particular directory for any changes and only reply to +the SMB request when a change has occurred. Such constant scanning of +a directory is expensive under UNIX, hence an +<a href="smbd.8.html"><strong>smbd</strong></a> daemon only performs such a scan on each +requested directory once every <strong>change notify timeout</strong> seconds. +<p><br><strong>change notify timeout</strong> is specified in units of seconds. +<p><br><strong>Default:</strong> +<code> change notify timeout = 60</code> +<p><br><strong>Example:</strong> +<code> change notify timeout = 300</code> +<p><br>Would change the scan time to every 5 minutes. +<p><br><a name="characterset"></a> +<li><strong><strong>character set (G)</strong></strong> +<p><br>This allows a smbd to map incoming filenames from a DOS Code page (see +the <a href="smb.conf.5.html#clientcodepage"><strong>client code page</strong></a> parameter) to several +built in UNIX character sets. The built in code page translations are: +<p><br><ul> +<p><br><li > <strong>ISO8859-1</strong> Western European UNIX character set. The parameter +<a href="smb.conf.5.html#clientcodepage"><strong>client code page</strong></a> <em>MUST</em> be set to code +page 850 if the <strong>character set</strong> parameter is set to iso8859-1 +in order for the conversion to the UNIX character set to be done +correctly. +<p><br><li > <strong>ISO8859-2</strong> Eastern European UNIX character set. The parameter +<a href="smb.conf.5.html#clientcodepage"><strong>client code page</strong></a> <em>MUST</em> be set to code +page 852 if the <strong>character set</strong> parameter is set to ISO8859-2 +in order for the conversion to the UNIX character set to be done +correctly. +<p><br><li > <strong>ISO8859-5</strong> Russian Cyrillic UNIX character set. The parameter +<a href="smb.conf.5.html#clientcodepage"><strong>client code page</strong></a> <em>MUST</em> be set to code +page 866 if the <strong>character set</strong> parameter is set to ISO8859-2 +in order for the conversion to the UNIX character set to be done +correctly. +<p><br><li > <strong>KOI8-R</strong> Alternate mapping for Russian Cyrillic UNIX +character set. The parameter <a href="smb.conf.5.html#clientcodepage"><strong>client code +page</strong></a> <em>MUST</em> be set to code page 866 if the +<strong>character set</strong> parameter is set to KOI8-R in order for the +conversion to the UNIX character set to be done correctly. +<p><br></ul> +<p><br><em>BUG</em>. These MSDOS code page to UNIX character set mappings should +be dynamic, like the loading of MS DOS code pages, not static. +<p><br>See also <a href="smb.conf.5.html#clientcodepage"><strong>client code page</strong></a>. Normally this +parameter is not set, meaning no filename translation is done. +<p><br><strong>Default:</strong> +<code> character set = <empty string></code> +<p><br><strong>Example:</strong> +<code> character set = ISO8859-1</code> +<p><br><a name="clientcodepage"></a> +<li><strong><strong>client code page (G)</strong></strong> +<p><br>This parameter specifies the DOS code page that the clients accessing +Samba are using. To determine what code page a Windows or DOS client +is using, open a DOS command prompt and type the command "chcp". This +will output the code page. The default for USA MS-DOS, Windows 95, and +Windows NT releases is code page 437. The default for western european +releases of the above operating systems is code page 850. +<p><br>This parameter tells <a href="smbd.8.html"><strong>smbd</strong></a> which of the +<code>codepage.XXX</code> files to dynamically load on startup. These files, +described more fully in the manual page <a href="make_smbcodepage.1.html"><strong>make_smbcodepage +(1)</strong></a>, tell <a href="smbd.8.html"><strong>smbd</strong></a> how +to map lower to upper case characters to provide the case insensitivity +of filenames that Windows clients expect. +<p><br>Samba currenly ships with the following code page files : +<p><br><ul> +<p><br><li > <strong>Code Page 437 - MS-DOS Latin US</strong> +<p><br><li > <strong>Code Page 737 - Windows '95 Greek</strong> +<p><br><li > <strong>Code Page 850 - MS-DOS Latin 1</strong> +<p><br><li > <strong>Code Page 852 - MS-DOS Latin 2</strong> +<p><br><li > <strong>Code Page 861 - MS-DOS Icelandic</strong> +<p><br><li > <strong>Code Page 866 - MS-DOS Cyrillic</strong> +<p><br><li > <strong>Code Page 932 - MS-DOS Japanese SJIS</strong> +<p><br><li > <strong>Code Page 936 - MS-DOS Simplified Chinese</strong> +<p><br><li > <strong>Code Page 949 - MS-DOS Korean Hangul</strong> +<p><br><li > <strong>Code Page 950 - MS-DOS Traditional Chinese</strong> +<p><br></ul> +<p><br>Thus this parameter may have any of the values 437, 737, 850, 852, +861, 932, 936, 949, or 950. If you don't find the codepage you need, +read the comments in one of the other codepage files and the +<a href="make_smbcodepage.1.html"><strong>make_smbcodepage (1)</strong></a> man page and +write one. Please remember to donate it back to the Samba user +community. +<p><br>This parameter co-operates with the <a href="smb.conf.5.html#validchars"><strong>"valid +chars"</strong></a> parameter in determining what characters are +valid in filenames and how capitalization is done. If you set both +this parameter and the <a href="smb.conf.5.html#validchars"><strong>"valid chars"</strong></a> parameter +the <strong>"client code page"</strong> parameter <em>MUST</em> be set before the +<a href="smb.conf.5.html#validchars"><strong>"valid chars"</strong></a> parameter in the <strong>smb.conf</strong> +file. The <a href="smb.conf.5.html#validchars"><strong>"valid chars"</strong></a> string will then augment +the character settings in the "client code page" parameter. +<p><br>If not set, <strong>"client code page"</strong> defaults to 850. +<p><br>See also : <a href="smb.conf.5.html#validchars"><strong>"valid chars"</strong></a> +<p><br><strong>Default:</strong> +<code> client code page = 850</code> +<p><br><strong>Example:</strong> +<code> client code page = 936</code> +<p><br><a name="codingsystem"></a> +<li><strong><strong>codingsystem (G)</strong></strong> +<p><br>This parameter is used to determine how incoming Shift-JIS Japanese +characters are mapped from the incoming <a href="smb.conf.5.html#clientcodepage"><strong>"client code +page"</strong></a> used by the client, into file names in the +UNIX filesystem. Only useful if <a href="smb.conf.5.html#clientcodepage"><strong>"client code +page"</strong></a> is set to 932 (Japanese Shift-JIS). +<p><br>The options are : +<p><br><ul> +<p><br><li > <strong>SJIS</strong> Shift-JIS. Does no conversion of the incoming filename. +<p><br><li > <strong>JIS8, J8BB, J8BH, J8@B, J8@J, J8@H </strong> Convert from incoming +Shift-JIS to eight bit JIS code with different shift-in, shift out +codes. +<p><br><li > <strong>JIS7, J7BB, J7BH, J7@B, J7@J, J7@H </strong> Convert from incoming +Shift-JIS to seven bit JIS code with different shift-in, shift out +codes. +<p><br><li > <strong>JUNET, JUBB, JUBH, JU@B, JU@J, JU@H </strong> Convert from incoming +Shift-JIS to JUNET code with different shift-in, shift out codes. +<p><br><li > <strong>EUC</strong> Convert an incoming Shift-JIS character to EUC code. +<p><br><li > <strong>HEX</strong> Convert an incoming Shift-JIS character to a 3 byte hex +representation, ie. <code>:AB</code>. +<p><br><li > <strong>CAP</strong> Convert an incoming Shift-JIS character to the 3 byte hex +representation used by the Columbia Appletalk Program (CAP), +ie. <code>:AB</code>. This is used for compatibility between Samba and CAP. +<p><br></ul> +<p><br><a name="comment"></a> +<li><strong><strong>comment (S)</strong></strong> +<p><br>This is a text field that is seen next to a share when a client does a +queries the server, either via the network neighborhood or via "net +view" to list what shares are available. +<p><br>If you want to set the string that is displayed next to the machine +name then see the server string command. +<p><br><strong>Default:</strong> +<code> No comment string</code> +<p><br><strong>Example:</strong> +<code> comment = Fred's Files</code> +<p><br><a name="configfile"></a> +<li><strong><strong>config file (G)</strong></strong> +<p><br>This allows you to override the config file to use, instead of the +default (usually <strong>smb.conf</strong>). There is a chicken and egg problem +here as this option is set in the config file! +<p><br>For this reason, if the name of the config file has changed when the +parameters are loaded then it will reload them from the new config +file. +<p><br>This option takes the usual substitutions, which can be very useful. +<p><br>If the config file doesn't exist then it won't be loaded (allowing you +to special case the config files of just a few clients). +<p><br><strong>Example:</strong> +<code> config file = /usr/local/samba/lib/smb.conf.%m</code> +<p><br><a name="copy"></a> +<li><strong><strong>copy (S)</strong></strong> +<p><br>This parameter allows you to <em>'clone'</em> service entries. The specified +service is simply duplicated under the current service's name. Any +parameters specified in the current section will override those in the +section being copied. +<p><br>This feature lets you set up a 'template' service and create similar +services easily. Note that the service being copied must occur earlier +in the configuration file than the service doing the copying. +<p><br><strong>Default:</strong> +<code> none</code> +<p><br><strong>Example:</strong> +<code> copy = otherservice</code> +<p><br><a name="createmask"></a> +<li><strong><strong>create mask (S)</strong></strong> +<p><br>A synonym for this parameter is <a href="smb.conf.5.html#createmode"><strong>'create mode'</strong></a>. +<p><br>When a file is created, the neccessary permissions are calculated +according to the mapping from DOS modes to UNIX permissions, and the +resulting UNIX mode is then bit-wise 'AND'ed with this parameter. +This parameter may be thought of as a bit-wise MASK for the UNIX modes +of a file. Any bit <em>*not*</em> set here will be removed from the modes set +on a file when it is created. +<p><br>The default value of this parameter removes the 'group' and 'other' +write and execute bits from the UNIX modes. +<p><br>Following this Samba will bit-wise 'OR' the UNIX mode created from +this parameter with the value of the "force create mode" parameter +which is set to 000 by default. +<p><br>This parameter does not affect directory modes. See the parameter +<a href="smb.conf.5.html#directorymode"><strong>'directory mode'</strong></a> for details. +<p><br>See also the <a href="smb.conf.5.html#forcecreatemode"><strong>"force create mode"</strong></a> parameter +for forcing particular mode bits to be set on created files. See also +the <a href="smb.conf.5.html#directorymode"><strong>"directory mode"</strong></a> parameter for masking +mode bits on created directories. +<p><br><strong>Default:</strong> +<code> create mask = 0744</code> +<p><br><strong>Example:</strong> +<code> create mask = 0775</code> +<p><br><a name="createmode"></a> +<li><strong><strong>create mode (S)</strong></strong> +<p><br>This is a synonym for <a href="smb.conf.5.html#createmask"><strong>create mask</strong></a>. +<p><br><a name="deadtime"></a> +<li><strong><strong>deadtime (G)</strong></strong> +<p><br>The value of the parameter (a decimal integer) represents the number +of minutes of inactivity before a connection is considered dead, and +it is disconnected. The deadtime only takes effect if the number of +open files is zero. +<p><br>This is useful to stop a server's resources being exhausted by a large +number of inactive connections. +<p><br>Most clients have an auto-reconnect feature when a connection is +broken so in most cases this parameter should be transparent to users. +<p><br>Using this parameter with a timeout of a few minutes is recommended +for most systems. +<p><br>A deadtime of zero indicates that no auto-disconnection should be +performed. +<p><br><strong>Default:</strong> +<code> deadtime = 0</code> +<p><br><strong>Example:</strong> +<code> deadtime = 15</code> +<p><br><a name="debugtimestamp"></a> +<li><strong><strong>debug timestamp (G)</strong></strong> +<p><br>Samba2.0 debug log messages are timestamped by default. If you are +running at a high <a href="smb.conf.5.html#debuglevel"><strong>"debug level"</strong></a> these timestamps +can be distracting. This boolean parameter allows them to be turned +off. +<p><br><strong>Default:</strong> +<code> debug timestamp = Yes</code> +<p><br><strong>Example:</strong> +<code> debug timestamp = No</code> +<p><br><a name="debuglevel"></a> +<li><strong><strong>debug level (G)</strong></strong> +<p><br>The value of the parameter (an integer) allows the debug level +(logging level) to be specified in the <strong>smb.conf</strong> file. This is to +give greater flexibility in the configuration of the system. +<p><br>The default will be the debug level specified on the command line +or level zero if none was specified. +<p><br><strong>Example:</strong> +<code> debug level = 3</code> +<p><br><a name="default"></a> +<li><strong><strong>default (G)</strong></strong> +<p><br>A synonym for <a href="smb.conf.5.html#defaultservice"><strong>default service</strong></a>. +<p><br><a name="defaultcase"></a> +<li><strong><strong>default case (S)</strong></strong> +<p><br>See the section on <a href="smb.conf.5.html#NAMEMANGLING"><strong>"NAME MANGLING"</strong></a>. Also note +the <a href="smb.conf.5.html#shortpreservecase"><strong>"short preserve case"</strong></a> parameter. +<p><br><a name="defaultservice"></a> +<li><strong><strong>default service (G)</strong></strong> +<p><br>This parameter specifies the name of a service which will be connected +to if the service actually requested cannot be found. Note that the +square brackets are <em>NOT</em> given in the parameter value (see example +below). +<p><br>There is no default value for this parameter. If this parameter is not +given, attempting to connect to a nonexistent service results in an +error. +<p><br>Typically the default service would be a <a href="smb.conf.5.html#guestok"><strong>guest ok</strong></a>, +<a href="smb.conf.5.html#readonly"><strong>read-only</strong></a> service. +<p><br>Also note that the apparent service name will be changed to equal that +of the requested service, this is very useful as it allows you to use +macros like <a href="smb.conf.5.html#percentS"><strong>%S</strong></a> to make a wildcard service. +<p><br>Note also that any <code>'_'</code> characters in the name of the service used +in the default service will get mapped to a <code>'/'</code>. This allows for +interesting things. +<p><br><strong>Example:</strong> +<pre> + + default service = pub + + [pub] + path = /%S + +</pre> + +<p><br><a name="deletereadonly"></a> +<li><strong><strong>delete readonly (S)</strong></strong> +<p><br>This parameter allows readonly files to be deleted. This is not +normal DOS semantics, but is allowed by UNIX. +<p><br>This option may be useful for running applications such as rcs, where +UNIX file ownership prevents changing file permissions, and DOS +semantics prevent deletion of a read only file. +<p><br><strong>Default:</strong> +<code> delete readonly = No</code> +<p><br><strong>Example:</strong> +<code> delete readonly = Yes</code> +<p><br><a name="deletevetofiles"></a> +<li><strong><strong>delete veto files (S)</strong></strong> +<p><br>This option is used when Samba is attempting to delete a directory +that contains one or more vetoed directories (see the <a href="smb.conf.5.html#vetofiles"><strong>'veto +files'</strong></a> option). If this option is set to False (the +default) then if a vetoed directory contains any non-vetoed files or +directories then the directory delete will fail. This is usually what +you want. +<p><br>If this option is set to True, then Samba will attempt to recursively +delete any files and directories within the vetoed directory. This can +be useful for integration with file serving systems such as <strong>NetAtalk</strong>, +which create meta-files within directories you might normally veto +DOS/Windows users from seeing (eg. <code>.AppleDouble</code>) +<p><br>Setting <code>'delete veto files = True'</code> allows these directories to be +transparently deleted when the parent directory is deleted (so long +as the user has permissions to do so). +<p><br>See also the <a href="smb.conf.5.html#vetofiles"><strong>veto files</strong></a> parameter. +<p><br><strong>Default:</strong> +<code> delete veto files = False</code> +<p><br><strong>Example:</strong> +<code> delete veto files = True</code> +<p><br><a name="denyhosts"></a> +<li><strong><strong>deny hosts (S)</strong></strong> +<p><br>The opposite of <a href="smb.conf.5.html#allowhosts"><strong>'allow hosts'</strong></a> - hosts listed +here are <em>NOT</em> permitted access to services unless the specific +services have their own lists to override this one. Where the lists +conflict, the <a href="smb.conf.5.html#allowhosts"><strong>'allow'</strong></a> list takes precedence. +<p><br><strong>Default:</strong> +<code> none (i.e., no hosts specifically excluded)</code> +<p><br><strong>Example:</strong> +<code> deny hosts = 150.203.4. badhost.mynet.edu.au</code> +<p><br><a name="dfreecommand"></a> +<li><strong><strong>dfree command (G)</strong></strong> +<p><br>The dfree command setting should only be used on systems where a +problem occurs with the internal disk space calculations. This has +been known to happen with Ultrix, but may occur with other operating +systems. The symptom that was seen was an error of "Abort Retry +Ignore" at the end of each directory listing. +<p><br>This setting allows the replacement of the internal routines to +calculate the total disk space and amount available with an external +routine. The example below gives a possible script that might fulfill +this function. +<p><br>The external program will be passed a single parameter indicating a +directory in the filesystem being queried. This will typically consist +of the string <code>"./"</code>. The script should return two integers in +ascii. The first should be the total disk space in blocks, and the +second should be the number of available blocks. An optional third +return value can give the block size in bytes. The default blocksize +is 1024 bytes. +<p><br>Note: Your script should <em>NOT</em> be setuid or setgid and should be +owned by (and writable only by) root! +<p><br><strong>Default:</strong> +<code> By default internal routines for determining the disk capacity +and remaining space will be used.</code> +<p><br><strong>Example:</strong> +<code> dfree command = /usr/local/samba/bin/dfree</code> +<p><br>Where the script dfree (which must be made executable) could be: +<p><br><pre> + + #!/bin/sh + df $1 | tail -1 | awk '{print $2" "$4}' + +</pre> + +<p><br>or perhaps (on Sys V based systems): +<p><br><pre> + + #!/bin/sh + /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' + +</pre> + +<p><br>Note that you may have to replace the command names with full +path names on some systems. +<p><br><a name="directory"></a> +<li><strong><strong>directory (S)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#path"><strong>path</strong></a>. +<p><br><a name="directorymask"></a> +<li><strong><strong>directory mask (S)</strong></strong> +<p><br>This parameter is the octal modes which are used when converting DOS +modes to UNIX modes when creating UNIX directories. +<p><br>When a directory is created, the neccessary permissions are calculated +according to the mapping from DOS modes to UNIX permissions, and the +resulting UNIX mode is then bit-wise 'AND'ed with this parameter. +This parameter may be thought of as a bit-wise MASK for the UNIX modes +of a directory. Any bit <em>*not*</em> set here will be removed from the +modes set on a directory when it is created. +<p><br>The default value of this parameter removes the 'group' and 'other' +write bits from the UNIX mode, allowing only the user who owns the +directory to modify it. +<p><br>Following this Samba will bit-wise 'OR' the UNIX mode created from +this parameter with the value of the "force directory mode" +parameter. This parameter is set to 000 by default (ie. no extra mode +bits are added). +<p><br>See the <a href="smb.conf.5.html#forcedirectorymode"><strong>"force directory mode"</strong></a> parameter +to cause particular mode bits to always be set on created directories. +<p><br>See also the <a href="smb.conf.5.html#createmode"><strong>"create mode"</strong></a> parameter for masking +mode bits on created files. +<p><br><strong>Default:</strong> +<code> directory mask = 0755</code> +<p><br><strong>Example:</strong> +<code> directory mask = 0775</code> +<p><br><a name="directorymode"></a> +<li><strong><strong>directory mode (S)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#directorymask"><strong>directory mask</strong></a>. +<p><br><a name="dnsproxy"></a> +<li><strong><strong>dns proxy (G)</strong></strong> +<p><br>Specifies that <a href="nmbd.8.html"><strong>nmbd</strong></a> when acting as a WINS +server and finding that a NetBIOS name has not been registered, should +treat the NetBIOS name word-for-word as a DNS name and do a lookup +with the DNS server for that name on behalf of the name-querying +client. +<p><br>Note that the maximum length for a NetBIOS name is 15 characters, so +the DNS name (or DNS alias) can likewise only be 15 characters, +maximum. +<p><br><a href="nmbd.8.html"><strong>nmbd</strong></a> spawns a second copy of itself to do the +DNS name lookup requests, as doing a name lookup is a blocking action. +<p><br>See also the parameter <a href="smb.conf.5.html#winssupport"><strong>wins support</strong></a>. +<p><br><strong>Default:</strong> +<code> dns proxy = yes</code> +<p><br><a name="domainadmingroup"></a> +<strong>domain admin group (G)</strong> +<p><br>This is an <strong>EXPERIMENTAL</strong> parameter that is part of the unfinished +Samba NT Domain Controller Code. It may be removed in a later release. +To work with the latest code builds that may have more support for +Samba NT Domain Controller functionality please subscibe to the +mailing list <strong>Samba-ntdom</strong> available by sending email to +<a href="mailto:listproc@samba.anu.edu.au"><em>listproc@samba.anu.edu.au</em></a> +<p><br><a name="domainadminusers"></a> +<li><strong><strong>domain admin users (G)</strong></strong> +<p><br>This is an <strong>EXPERIMENTAL</strong> parameter that is part of the unfinished +Samba NT Domain Controller Code. It may be removed in a later release. +To work with the latest code builds that may have more support for +Samba NT Domain Controller functionality please subscibe to the +mailing list <strong>Samba-ntdom</strong> available by sending email to +<a href="mailto:listproc@samba.anu.edu.au"><em>listproc@samba.anu.edu.au</em></a> +<p><br><a name="domaincontroller"></a> +<li><strong><strong>domain controller (G)</strong></strong> +<p><br>This is a <strong>DEPRECATED</strong> parameter. It is currently not used within +the Samba source and should be removed from all current smb.conf +files. It is left behind for compatibility reasons. +<p><br><a name="domaingroups"></a> +<li><strong><strong>domain groups (G)</strong></strong> +<p><br>This is an <strong>EXPERIMENTAL</strong> parameter that is part of the unfinished +Samba NT Domain Controller Code. It may be removed in a later release. +To work with the latest code builds that may have more support for +Samba NT Domain Controller functionality please subscibe to the +mailing list <strong>Samba-ntdom</strong> available by sending email to +<a href="mailto:listproc@samba.anu.edu.au"><em>listproc@samba.anu.edu.au</em></a> +<p><br><a name="domainguestgroup"></a> +<li><strong><strong>domain guest group (G)</strong></strong> +<p><br>This is an <strong>EXPERIMENTAL</strong> parameter that is part of the unfinished +Samba NT Domain Controller Code. It may be removed in a later release. +To work with the latest code builds that may have more support for +Samba NT Domain Controller functionality please subscibe to the +mailing list <strong>Samba-ntdom</strong> available by sending email to +<a href="mailto:listproc@samba.anu.edu.au"><em>listproc@samba.anu.edu.au</em></a> +<p><br><a name="domainguestusers"></a> +<li><strong><strong>domain guest users (G)</strong></strong> +<p><br>This is an <strong>EXPERIMENTAL</strong> parameter that is part of the unfinished +Samba NT Domain Controller Code. It may be removed in a later release. +To work with the latest code builds that may have more support for +Samba NT Domain Controller functionality please subscibe to the +mailing list <strong>Samba-ntdom</strong> available by sending email to +<a href="mailto:listproc@samba.anu.edu.au"><em>listproc@samba.anu.edu.au</em></a> +<p><br><a name="domainlogons"></a> +<li><strong><strong>domain logons (G)</strong></strong> +<p><br>If set to true, the Samba server will serve Windows 95/98 Domain +logons for the <a href="smb.conf.5.html#workgroup"><strong>workgroup</strong></a> it is in. For more +details on setting up this feature see the file DOMAINS.txt in the +Samba documentation directory <code>docs/</code> shipped with the source code. +<p><br>Note that Win95/98 Domain logons are <em>NOT</em> the same as Windows +NT Domain logons. NT Domain logons require a Primary Domain Controller +(PDC) for the Domain. It is inteded that in a future release Samba +will be able to provide this functionality for Windows NT clients +also. +<p><br><strong>Default:</strong> +<code> domain logons = no</code> +<p><br><a name="domainmaster"></a> +<li><strong><strong>domain master (G)</strong></strong> +<p><br>Tell <a href="nmbd.8.html"><strong>nmbd</strong></a> to enable WAN-wide browse list +collation.Setting this option causes <a href="nmbd.8.html"><strong>nmbd</strong></a> to +claim a special domain specific NetBIOS name that identifies it as a +domain master browser for its given +<a href="smb.conf.5.html#workgroup"><strong>workgroup</strong></a>. Local master browsers in the same +<a href="smb.conf.5.html#workgroup"><strong>workgroup</strong></a> on broadcast-isolated subnets will give +this <a href="nmbd.8.html"><strong>nmbd</strong></a> their local browse lists, and then +ask <a href="smbd.8.html"><strong>smbd</strong></a> for a complete copy of the browse list +for the whole wide area network. Browser clients will then contact +their local master browser, and will receive the domain-wide browse +list, instead of just the list for their broadcast-isolated subnet. +<p><br>Note that Windows NT Primary Domain Controllers expect to be able to +claim this <a href="smb.conf.5.html#workgroup"><strong>workgroup</strong></a> specific special NetBIOS +name that identifies them as domain master browsers for that +<a href="smb.conf.5.html#workgroup"><strong>workgroup</strong></a> by default (ie. there is no way to +prevent a Windows NT PDC from attempting to do this). This means that +if this parameter is set and <a href="nmbd.8.html"><strong>nmbd</strong></a> claims the +special name for a <a href="smb.conf.5.html#workgroup"><strong>workgroup</strong></a> before a Windows NT +PDC is able to do so then cross subnet browsing will behave strangely +and may fail. +<p><br><strong>Default:</strong> +<code> domain master = no</code> +<p><br><a name="dontdescend"></a> +<li><strong><strong>dont descend (S)</strong></strong> +<p><br>There are certain directories on some systems (eg., the <code>/proc</code> tree +under Linux) that are either not of interest to clients or are +infinitely deep (recursive). This parameter allows you to specify a +comma-delimited list of directories that the server should always show +as empty. +<p><br>Note that Samba can be very fussy about the exact format of the "dont +descend" entries. For example you may need <code>"./proc"</code> instead of +just <code>"/proc"</code>. Experimentation is the best policy :-) +<p><br><strong>Default:</strong> +<code> none (i.e., all directories are OK to descend)</code> +<p><br><strong>Example:</strong> +<code> dont descend = /proc,/dev</code> +<p><br><a name="dosfiletimeresolution"></a> +<li><strong><strong>dos filetime resolution (S)</strong></strong> +<p><br>Under the DOS and Windows FAT filesystem, the finest granulatity on +time resolution is two seconds. Setting this parameter for a share +causes Samba to round the reported time down to the nearest two second +boundary when a query call that requires one second resolution is made +to <a href="smbd.8.html"><strong>smbd</strong></a>. +<p><br>This option is mainly used as a compatibility option for Visual C++ +when used against Samba shares. If oplocks are enabled on a share, +Visual C++ uses two different time reading calls to check if a file +has changed since it was last read. One of these calls uses a +one-second granularity, the other uses a two second granularity. As +the two second call rounds any odd second down, then if the file has a +timestamp of an odd number of seconds then the two timestamps will not +match and Visual C++ will keep reporting the file has changed. Setting +this option causes the two timestamps to match, and Visual C++ is +happy. +<p><br><strong>Default:</strong> +<code> dos filetime resolution = False</code> +<p><br><strong>Example:</strong> +<code> dos filetime resolution = True</code> +<p><br><a name="dosfiletimes"></a> +<li><strong><strong>dos filetimes (S)</strong></strong> +<p><br>Under DOS and Windows, if a user can write to a file they can change +the timestamp on it. Under POSIX semantics, only the owner of the file +or root may change the timestamp. By default, Samba runs with POSIX +semantics and refuses to change the timestamp on a file if the user +smbd is acting on behalf of is not the file owner. Setting this option +to True allows DOS semantics and smbd will change the file timstamp as +DOS requires. +<p><br><strong>Default:</strong> +<code> dos filetimes = False</code> +<p><br><strong>Example:</strong> +<code> dos filetimes = True</code> +<p><br><a name="encryptpasswords"></a> +<li><strong><strong>encrypt passwords (G)</strong></strong> +<p><br>This boolean controls whether encrypted passwords will be negotiated +with the client. Note that Windows NT 4.0 SP3 and above and also +Windows 98 will by default expect encrypted passwords unless a +registry entry is changed. To use encrypted passwords in Samba see the +file ENCRYPTION.txt in the Samba documentation directory <code>docs/</code> +shipped with the source code. +<p><br>In order for encrypted passwords to work correctly +<a href="smbd.8.html"><strong>smbd</strong></a> must either have access to a local +<a href="smbpasswd.5.html"><strong>smbpasswd (5)</strong></a> file (see the +<a href="smbpasswd.8.html"><strong>smbpasswd (8)</strong></a> program for information on +how to set up and maintain this file), or set the +<a href="smb.conf.5.html#security"><strong>security=</strong></a> parameter to either +<a href="smb.conf.5.html#securityequalserver"><strong>"server"</strong></a> or +<a href="smb.conf.5.html#securityequaldomain"><strong>"domain"</strong></a> which causes +<a href="smbd.8.html"><strong>smbd</strong></a> to authenticate against another server. +<p><br><a name="exec"></a> +<li><strong><strong>exec (S)</strong></strong> +<p><br>This is a synonym for <a href="smb.conf.5.html#preexec"><strong>preexec</strong></a>. +<p><br><a name="fakedirectorycreatetimes"></a> +<li><strong><strong>fake directory create times (S)</strong></strong> +<p><br>NTFS and Windows VFAT file systems keep a create time for all files +and directories. This is not the same as the ctime - status change +time - that Unix keeps, so Samba by default reports the earliest of +the various times Unix does keep. Setting this parameter for a share +causes Samba to always report midnight 1-1-1980 as the create time for +directories. +<p><br>This option is mainly used as a compatibility option for Visual C++ +when used against Samba shares. Visual C++ generated makefiles have +the object directory as a dependency for each object file, and a make +rule to create the directory. Also, when NMAKE compares timestamps it +uses the creation time when examining a directory. Thus the object +directory will be created if it does not exist, but once it does exist +it will always have an earlier timestamp than the object files it +contains. +<p><br>However, Unix time semantics mean that the create time reported by +Samba will be updated whenever a file is created or deleted in the +directory. NMAKE therefore finds all object files in the object +directory bar the last one built are out of date compared to the +directory and rebuilds them. Enabling this option ensures directories +always predate their contents and an NMAKE build will proceed as +expected. +<p><br><strong>Default:</strong> +<code> fake directory create times = False</code> +<p><br><strong>Example:</strong> +<code> fake directory create times = True</code> +<p><br><a name="fakeoplocks"></a> +<li><strong><strong>fake oplocks (S)</strong></strong> +<p><br>Oplocks are the way that SMB clients get permission from a server to +locally cache file operations. If a server grants an oplock +(opportunistic lock) then the client is free to assume that it is the +only one accessing the file and it will aggressively cache file +data. With some oplock types the client may even cache file open/close +operations. This can give enormous performance benefits. +<p><br>When you set <code>"fake oplocks = yes"</code> <a href="smbd.8.html"><strong>smbd</strong></a> will +always grant oplock requests no matter how many clients are using the +file. +<p><br>It is generally much better to use the real <a href="smb.conf.5.html#oplocks"><strong>oplocks</strong></a> +support rather than this parameter. +<p><br>If you enable this option on all read-only shares or shares that you +know will only be accessed from one client at a time such as +physically read-only media like CDROMs, you will see a big performance +improvement on many operations. If you enable this option on shares +where multiple clients may be accessing the files read-write at the +same time you can get data corruption. Use this option carefully! +<p><br>This option is disabled by default. +<p><br><a name="followsymlinks"></a> +<li><strong><strong>follow symlinks (S)</strong></strong> +<p><br>This parameter allows the Samba administrator to stop +<a href="smbd.8.html"><strong>smbd</strong></a> from following symbolic links in a +particular share. Setting this parameter to <em>"No"</em> prevents any file +or directory that is a symbolic link from being followed (the user +will get an error). This option is very useful to stop users from +adding a symbolic link to <code>/etc/pasword</code> in their home directory for +instance. However it will slow filename lookups down slightly. +<p><br>This option is enabled (ie. <a href="smbd.8.html"><strong>smbd</strong></a> will follow +symbolic links) by default. +<p><br><a name="forcecreatemode"></a> +<li><strong><strong>force create mode (S)</strong></strong> +<p><br>This parameter specifies a set of UNIX mode bit permissions that will +<em>*always*</em> be set on a file created by Samba. This is done by +bitwise 'OR'ing these bits onto the mode bits of a file that is being +created. The default for this parameter is (in octel) 000. The modes +in this parameter are bitwise 'OR'ed onto the file mode after the mask +set in the <a href="smb.conf.5.html#createmask"><strong>"create mask"</strong></a> parameter is applied. +<p><br>See also the parameter <a href="smb.conf.5.html#createmask"><strong>"create mask"</strong></a> for details +on masking mode bits on created files. +<p><br><strong>Default:</strong> +<code> force create mode = 000</code> +<p><br><strong>Example:</strong> +<code> force create mode = 0755</code> +<p><br>would force all created files to have read and execute permissions set +for 'group' and 'other' as well as the read/write/execute bits set for +the 'user'. +<p><br><a name="forcedirectorymode"></a> +<li><strong><strong>force directory mode (S)</strong></strong> +<p><br>This parameter specifies a set of UNIX mode bit permissions that will +<em>*always*</em> be set on a directory created by Samba. This is done by +bitwise 'OR'ing these bits onto the mode bits of a directory that is +being created. The default for this parameter is (in octel) 0000 which +will not add any extra permission bits to a created directory. This +operation is done after the mode mask in the parameter +<a href="smb.conf.5.html#directorymask"><strong>"directory mask"</strong></a> is applied. +<p><br>See also the parameter <a href="smb.conf.5.html#directorymask"><strong>"directory mask"</strong></a> for +details on masking mode bits on created directories. +<p><br><strong>Default:</strong> +<code> force directory mode = 000</code> +<p><br><strong>Example:</strong> +<code> force directory mode = 0755</code> +<p><br>would force all created directories to have read and execute +permissions set for 'group' and 'other' as well as the +read/write/execute bits set for the 'user'. +<p><br><a name="forcegroup"></a> +<li><strong><strong>force group (S)</strong></strong> +<p><br>This specifies a UNIX group name that will be assigned as the default +primary group for all users connecting to this service. This is useful +for sharing files by ensuring that all access to files on service will +use the named group for their permissions checking. Thus, by assigning +permissions for this group to the files and directories within this +service the Samba administrator can restrict or allow sharing of these +files. +<p><br><strong>Default:</strong> +<code> no forced group</code> +<p><br><strong>Example:</strong> +<code> force group = agroup</code> +<p><br><a name="forceuser"></a> +<li><strong><strong>force user (S)</strong></strong> +<p><br>This specifies a UNIX user name that will be assigned as the default +user for all users connecting to this service. This is useful for +sharing files. You should also use it carefully as using it +incorrectly can cause security problems. +<p><br>This user name only gets used once a connection is established. Thus +clients still need to connect as a valid user and supply a valid +password. Once connected, all file operations will be performed as the +<code>"forced user"</code>, no matter what username the client connected as. +<p><br>This can be very useful. +<p><br><strong>Default:</strong> +<code> no forced user</code> +<p><br><strong>Example:</strong> +<code> force user = auser</code> +<p><br><a name="fstype"></a> +<li><strong><strong>fstype (S)</strong></strong> +<p><br>This parameter allows the administrator to configure the string that +specifies the type of filesystem a share is using that is reported by +<a href="smbd.8.html"><strong>smbd</strong></a> when a client queries the filesystem type +for a share. The default type is <strong>"NTFS"</strong> for compatibility with +Windows NT but this can be changed to other strings such as "Samba" or +"FAT" if required. +<p><br><strong>Default:</strong> +<code> fstype = NTFS</code> +<p><br><strong>Example:</strong> +<code> fstype = Samba</code> +<p><br><a name="getwdcache"></a> +<li><strong><strong>getwd cache (G)</strong></strong> +<p><br>This is a tuning option. When this is enabled a cacheing algorithm +will be used to reduce the time taken for getwd() calls. This can have +a significant impact on performance, especially when the +<a href="smb.conf.5.html#widelinks"><strong>widelinks</strong></a> parameter is set to False. +<p><br><strong>Default:</strong> +<code> getwd cache = No</code> +<p><br><strong>Example:</strong> +<code> getwd cache = Yes</code> +<p><br><a name="group"></a> +<li><strong><strong>group (S)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#forcegroup"><strong>"force group"</strong></a>. +<p><br><a name="guestaccount"></a> +<li><strong><strong>guest account (S)</strong></strong> +<p><br>This is a username which will be used for access to services which are +specified as <a href="smb.conf.5.html#guestok"><strong>'guest ok'</strong></a> (see below). Whatever +privileges this user has will be available to any client connecting to +the guest service. Typically this user will exist in the password +file, but will not have a valid login. The user account <strong>"ftp"</strong> is +often a good choice for this parameter. If a username is specified in +a given service, the specified username overrides this one. +<p><br>One some systems the default guest account "nobody" may not be able to +print. Use another account in this case. You should test this by +trying to log in as your guest user (perhaps by using the <code>"su -"</code> +command) and trying to print using the system print command such as +<strong>lpr (1)</strong> or <strong>lp (1)</strong>. +<p><br><strong>Default:</strong> +<code> specified at compile time, usually "nobody"</code> +<p><br><strong>Example:</strong> +<code> guest account = ftp</code> +<p><br><a name="guestok"></a> +<li><strong><strong>guest ok (S)</strong></strong> +<p><br>If this parameter is <em>'yes'</em> for a service, then no password is +required to connect to the service. Privileges will be those of the +<a href="smb.conf.5.html#guestaccount"><strong>guest account</strong></a>. +<p><br>See the section below on <a href="smb.conf.5.html#security"><strong>security</strong></a> for more +information about this option. +<p><br><strong>Default:</strong> +<code> guest ok = no</code> +<p><br><strong>Example:</strong> +<code> guest ok = yes</code> +<p><br><a name="guestonly"></a> +<li><strong><strong>guest only (S)</strong></strong> +<p><br>If this parameter is <em>'yes'</em> for a service, then only guest +connections to the service are permitted. This parameter will have no +affect if <a href="smb.conf.5.html#guestok"><strong>"guest ok"</strong></a> or <a href="smb.conf.5.html#public"><strong>"public"</strong></a> +is not set for the service. +<p><br>See the section below on <a href="smb.conf.5.html#security"><strong>security</strong></a> for more +information about this option. +<p><br><strong>Default:</strong> +<code> guest only = no</code> +<p><br><strong>Example:</strong> +<code> guest only = yes</code> +<p><br><a name="hidedotfiles"></a> +<li><strong><strong>hide dot files (S)</strong></strong> +<p><br>This is a boolean parameter that controls whether files starting with +a dot appear as hidden files. +<p><br><strong>Default:</strong> +<code> hide dot files = yes</code> +<p><br><strong>Example:</strong> +<code> hide dot files = no</code> +<p><br><a name="hidefiles"></a> +<li><strong><strong>hide files(S)</strong></strong> +<p><br>This is a list of files or directories that are not visible but are +accessible. The DOS 'hidden' attribute is applied to any files or +directories that match. +<p><br>Each entry in the list must be separated by a <code>'/'</code>, which allows +spaces to be included in the entry. <code>'*'</code> and <code>'?'</code> can be used +to specify multiple files or directories as in DOS wildcards. +<p><br>Each entry must be a unix path, not a DOS path and must not include the +unix directory separator <code>'/'</code>. +<p><br>Note that the case sensitivity option is applicable in hiding files. +<p><br>Setting this parameter will affect the performance of Samba, as it +will be forced to check all files and directories for a match as they +are scanned. +<p><br>See also <a href="smb.conf.5.html#hidedotfiles"><strong>"hide dot files"</strong></a>, <a href="smb.conf.5.html#vetofiles"><strong>"veto +files"</strong></a> and <a href="smb.conf.5.html#casesensitive"><strong>"case sensitive"</strong></a>. +<p><br><strong>Default</strong> +<pre> + + No files or directories are hidden by this option (dot files are + hidden by default because of the "hide dot files" option). + +</pre> + +<p><br><strong>Example</strong> +<code> hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/</code> +<p><br>The above example is based on files that the Macintosh SMB client +(DAVE) available from <a href="www.thursby.com"><strong>Thursby</strong></a> creates for +internal use, and also still hides all files beginning with a dot. +<p><br><a name="homedirmap"></a> +<li><strong><strong>homedir map (G)</strong></strong> +<p><br>If <a href="smb.conf.5.html#nishomedir"><strong>"nis homedir"</strong></a> is true, and +<a href="smbd.8.html"><strong>smbd</strong></a> is also acting as a Win95/98 <a href="smb.conf.5.html#domainlogons"><strong>logon +server</strong></a> then this parameter specifies the NIS (or YP) +map from which the server for the user's home directory should be +extracted. At present, only the Sun auto.home map format is +understood. The form of the map is: +<p><br><code>username server:/some/file/system</code> +<p><br>and the program will extract the servername from before the first +<code>':'</code>. There should probably be a better parsing system that copes +with different map formats and also Amd (another automounter) maps. +<p><br>NB: A working NIS is required on the system for this option to work. +<p><br>See also <a href="smb.conf.5.html#nishomedir"><strong>"nis homedir"</strong></a>, <a href="smb.conf.5.html#domainlogons"><strong>domain +logons</strong></a>. +<p><br><strong>Default:</strong> +<code> homedir map = auto.home</code> +<p><br><strong>Example:</strong> +<code> homedir map = amd.homedir</code> +<p><br><a name="hostsallow"></a> +<li><strong><strong>hosts allow (S)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#allowhosts"><strong>allow hosts</strong></a>. +<p><br><a name="hostsdeny"></a> +<li><strong><strong>hosts deny (S)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#denyhosts"><strong>denyhosts</strong></a>. +<p><br><a name="hostsequiv"></a> +<li><strong><strong>hosts equiv (G)</strong></strong> +<p><br>If this global parameter is a non-null string, it specifies the name +of a file to read for the names of hosts and users who will be allowed +access without specifying a password. +<p><br>This is not be confused with <a href="smb.conf.5.html#allowhosts"><strong>allow hosts</strong></a> which +is about hosts access to services and is more useful for guest +services. <strong>hosts equiv</strong> may be useful for NT clients which will not +supply passwords to samba. +<p><br>NOTE: The use of <strong>hosts equiv</strong> can be a major security hole. This is +because you are trusting the PC to supply the correct username. It is +very easy to get a PC to supply a false username. I recommend that the +<strong>hosts equiv</strong> option be only used if you really know what you are +doing, or perhaps on a home network where you trust your spouse and +kids. And only if you <em>really</em> trust them :-). +<p><br><strong>Default</strong> +<code> No host equivalences</code> +<p><br><strong>Example</strong> +<code> hosts equiv = /etc/hosts.equiv</code> +<p><br><a name="include"></a> +<li><strong><strong>include (G)</strong></strong> +<p><br>This allows you to include one config file inside another. The file +is included literally, as though typed in place. +<p><br>It takes the standard substitutions, except <a href="smb.conf.5.html#percentu"><strong>%u</strong></a>, +<a href="smb.conf.5.html#percentP"><strong>%P</strong></a> and <a href="smb.conf.5.html#percentS"><strong>%S</strong></a>. +<p><br><a name="interfaces"></a> +<li><strong><strong>interfaces (G)</strong></strong> +<p><br>This option allows you to setup multiple network interfaces, so that +Samba can properly handle browsing on all interfaces. +<p><br>The option takes a list of ip/netmask pairs. The netmask may either be +a bitmask, or a bitlength. +<p><br>For example, the following line: +<p><br><code>interfaces = 192.168.2.10/24 192.168.3.10/24</code> +<p><br>would configure two network interfaces with IP addresses 192.168.2.10 +and 192.168.3.10. The netmasks of both interfaces would be set to +255.255.255.0. +<p><br>You could produce an equivalent result by using: +<p><br><code>interfaces = 192.168.2.10/255.255.255.0 192.168.3.10/255.255.255.0</code> +<p><br>if you prefer that format. +<p><br>If this option is not set then Samba will attempt to find a primary +interface, but won't attempt to configure more than one interface. +<p><br>See also <a href="smb.conf.5.html#bindinterfacesonly"><strong>"bind interfaces only"</strong></a>. +<p><br><a name="invalidusers"></a> +<li><strong><strong>invalid users (S)</strong></strong> +<p><br>This is a list of users that should not be allowed to login to this +service. This is really a <em>"paranoid"</em> check to absolutely ensure an +improper setting does not breach your security. +<p><br>A name starting with a <code>'@'</code> is interpreted as an NIS netgroup first +(if your system supports NIS), and then as a UNIX group if the name +was not found in the NIS netgroup database. +<p><br>A name starting with <code>'+'</code> is interpreted only by looking in the +UNIX group database. A name starting with <code>'&'</code> is interpreted only +by looking in the NIS netgroup database (this requires NIS to be +working on your system). The characters <code>'+'</code> and <code>'&'</code> may be +used at the start of the name in either order so the value +<code>"+&group"</code> means check the UNIX group database, followed by the NIS +netgroup database, and the value <code>"&+group"</code> means check the NIS +netgroup database, followed by the UNIX group database (the same as +the <code>'@'</code> prefix). +<p><br>The current servicename is substituted for +<a href="smb.conf.5.html#percentS"><strong>%S</strong></a>. This is useful in the <a href="smb.conf.5.html#homes"><strong>[homes]</strong></a> +section. +<p><br>See also <a href="smb.conf.5.html#validusers"><strong>"valid users"</strong></a>. +<p><br><strong>Default:</strong> +<code> No invalid users</code> +<p><br><strong>Example:</strong> +<code> invalid users = root fred admin @wheel</code> +<p><br><a name="keepalive"></a> +<li><strong><strong>keepalive (G)</strong></strong> +<p><br>The value of the parameter (an integer) represents the number of +seconds between <strong>'keepalive'</strong> packets. If this parameter is zero, no +keepalive packets will be sent. Keepalive packets, if sent, allow the +server to tell whether a client is still present and responding. +<p><br>Keepalives should, in general, not be needed if the socket being used +has the SO_KEEPALIVE attribute set on it (see <a href="smb.conf.5.html#socketoptions"><strong>"socket +options"</strong></a>). Basically you should only use this option +if you strike difficulties. +<p><br><strong>Default:</strong> +<code> keep alive = 0</code> +<p><br><strong>Example:</strong> +<code> keep alive = 60</code> +<p><br><a name="kerneloplocks"></a> +<li><strong><strong>kernel oplocks (G)</strong></strong> +<p><br>For UNIXs that support kernel based <a href="smb.conf.5.html#oplocks"><strong>oplocks</strong></a> +(currently only IRIX but hopefully also Linux and FreeBSD soon) this +parameter allows the use of them to be turned on or off. +<p><br>Kernel oplocks support allows Samba <a href="smb.conf.5.html#oplocks"><strong>oplocks</strong></a> to be +broken whenever a local UNIX process or NFS operation accesses a file +that <a href="smbd.8.html"><strong>smbd</strong></a> has oplocked. This allows complete +data consistancy between SMB/CIFS, NFS and local file access (and is a +<em>very</em> cool feature :-). +<p><br>This parameter defaults to <em>"On"</em> on systems that have the support, +and <em>"off"</em> on systems that don't. You should never need to touch +this parameter. +<p><br><a name="ldapfilter"></a> +<li><strong><strong>ldap filter (G)</strong></strong> +<p><br>This parameter is part of the <em>EXPERIMENTAL</em> Samba support for a +password database stored on an LDAP server back-end. These options +are only available if your version of Samba was configured with +the <strong>--with-ldap</strong> option. +<p><br>This parameter specifies an LDAP search filter used to search for a +user name in the LDAP database. It must contain the string +<a href="smb.conf.5.html#percentU"><strong>%u</strong></a> which will be replaced with the user being +searched for. +<p><br><strong>Default:</strong> +<code> empty string.</code> +<p><br><a name="ldapport"></a> +<li><strong><strong>ldap port (G)</strong></strong> +<p><br>This parameter is part of the <em>EXPERIMENTAL</em> Samba support for a +password database stored on an LDAP server back-end. These options +are only available if your version of Samba was configured with +the <strong>--with-ldap</strong> option. +<p><br>This parameter specifies the TCP port number to use to contact +the LDAP server on. +<p><br><strong>Default:</strong> +<code> ldap port = 389.</code> +<p><br><a name="ldaproot"></a> +<li><strong><strong>ldap root (G)</strong></strong> +<p><br>This parameter is part of the <em>EXPERIMENTAL</em> Samba support for a +password database stored on an LDAP server back-end. These options +are only available if your version of Samba was configured with +the <strong>--with-ldap</strong> option. +<p><br>This parameter specifies the entity to bind to the LDAP server +as (essentially the LDAP username) in order to be able to perform +queries and modifications on the LDAP database. +<p><br>See also <a href="smb.conf.5.html#ldaprootpasswd"><strong>ldap root passwd</strong></a>. +<p><br><strong>Default:</strong> +<code> empty string (no user defined)</code> +<p><br><a name="ldaprootpasswd"></a> +<li><strong><strong>ldap root passwd (G)</strong></strong> +<p><br>This parameter is part of the <em>EXPERIMENTAL</em> Samba support for a +password database stored on an LDAP server back-end. These options +are only available if your version of Samba was configured with +the <strong>--with-ldap</strong> option. +<p><br>This parameter specifies the password for the entity to bind to the +LDAP server as (the password for this LDAP username) in order to be +able to perform queries and modifications on the LDAP database. +<p><br><em>BUGS:</em> This parameter should <em>NOT</em> be a readable parameter +in the <strong>smb.conf</strong> file and will be removed once a correct +storage place is found. +<p><br>See also <a href="smb.conf.5.html#ldaproot"><strong>ldap root</strong></a>. +<p><br><strong>Default:</strong> +<code> empty string.</code> +<p><br><a name="ldapserver"></a> +<li><strong><strong>ldap server (G)</strong></strong> +<p><br>This parameter is part of the <em>EXPERIMENTAL</em> Samba support for a +password database stored on an LDAP server back-end. These options +are only available if your version of Samba was configured with +the <strong>--with-ldap</strong> option. +<p><br>This parameter specifies the DNS name of the LDAP server to use +for SMB/CIFS authentication purposes. +<p><br><strong>Default:</strong> +<code> ldap server = localhost</code> +<p><br><a name="ldapsuffix"></a> +<li><strong><strong>ldap suffix (G)</strong></strong> +<p><br>This parameter is part of the <em>EXPERIMENTAL</em> Samba support for a +password database stored on an LDAP server back-end. These options +are only available if your version of Samba was configured with +the <strong>--with-ldap</strong> option. +<p><br>This parameter specifies the <code>"dn"</code> or LDAP <em>"distinguished name"</em> +that tells <a href="smbd.8.html"><strong>smbd</strong></a> to start from when searching +for an entry in the LDAP password database. +<p><br><strong>Default:</strong> +<code> empty string.</code> +<p><br><a name="lmannounce"></a> +<li><strong><strong>lm announce (G)</strong></strong> +<p><br>This parameter determines if <a href="nmbd.8.html"><strong>nmbd</strong></a> will produce +Lanman announce broadcasts that are needed by <strong>OS/2</strong> clients in order +for them to see the Samba server in their browse list. This parameter +can have three values, <code>"true"</code>, <code>"false"</code>, or <code>"auto"</code>. The +default is <code>"auto"</code>. If set to <code>"false"</code> Samba will never produce +these broadcasts. If set to <code>"true"</code> Samba will produce Lanman +announce broadcasts at a frequency set by the parameter <a href="smb.conf.5.html#lminterval"><strong>"lm +interval"</strong></a>. If set to <code>"auto"</code> Samba will not send Lanman +announce broadcasts by default but will listen for them. If it hears +such a broadcast on the wire it will then start sending them at a +frequency set by the parameter <a href="smb.conf.5.html#lminterval"><strong>"lm interval"</strong></a>. +<p><br>See also <a href="smb.conf.5.html#lminterval"><strong>"lm interval"</strong></a>. +<p><br><strong>Default:</strong> +<code> lm announce = auto</code> +<p><br><strong>Example:</strong> +<code> lm announce = true</code> +<p><br><a name="lminterval"></a> +<li><strong><strong>lm interval (G)</strong></strong> +<p><br>If Samba is set to produce Lanman announce broadcasts needed by +<strong>OS/2</strong> clients (see the <a href="smb.conf.5.html#lmannounce"><strong>"lm announce"</strong></a> +parameter) then this parameter defines the frequency in seconds with +which they will be made. If this is set to zero then no Lanman +announcements will be made despite the setting of the <a href="smb.conf.5.html#lmannounce"><strong>"lm +announce"</strong></a> parameter. +<p><br>See also <a href="smb.conf.5.html#lmannounce"><strong>"lm announce"</strong></a>. +<p><br><strong>Default:</strong> +<code> lm interval = 60</code> +<p><br><strong>Example:</strong> +<code> lm interval = 120</code> +<p><br><a name="loadprinters"></a> +<li><strong><strong>load printers (G)</strong></strong> +<p><br>A boolean variable that controls whether all printers in the printcap +will be loaded for browsing by default. See the +<a href="smb.conf.5.html#printers"><strong>"printers"</strong></a> section for more details. +<p><br><strong>Default:</strong> +<code> load printers = yes</code> +<p><br>bg(Example:) +<code> load printers = no</code> +<p><br><a name="localmaster"></a> +<li><strong><strong>local master (G)</strong></strong> +<p><br>This option allows <a href="nmbd.8.html"><strong>nmbd</strong></a> to try and become a +local master browser on a subnet. If set to False then +<a href="nmbd.8.html"><strong>nmbd</strong></a> will not attempt to become a local master +browser on a subnet and will also lose in all browsing elections. By +default this value is set to true. Setting this value to true doesn't +mean that Samba will <em>become</em> the local master browser on a subnet, +just that <a href="nmbd.8.html"><strong>nmbd</strong></a> will <em>participate</em> in +elections for local master browser. +<p><br>Setting this value to False will cause <a href="nmbd.8.html"><strong>nmbd</strong></a> +<em>never</em> to become a local master browser. +<p><br><strong>Default:</strong> +<code> local master = yes</code> +<p><br><a name="lockdir"></a> +<li><strong><strong>lock dir (G)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#lockdirectory"><strong>"lock directory"</strong></a>. +<p><br><a name="lockdirectory"></a> +<li><strong><strong>lock directory (G)</strong></strong> +<p><br>This option specifies the directory where lock files will be placed. +The lock files are used to implement the <a href="smb.conf.5.html#maxconnections"><strong>"max +connections"</strong></a> option. +<p><br><strong>Default:</strong> +<code> lock directory = /tmp/samba</code> +<p><br><strong>Example:</strong> +<code> lock directory = /usr/local/samba/var/locks</code> +<p><br><a name="locking"></a> +<li><strong><strong>locking (S)</strong></strong> +<p><br>This controls whether or not locking will be performed by the server +in response to lock requests from the client. +<p><br>If <code>"locking = no"</code>, all lock and unlock requests will appear to +succeed and all lock queries will indicate that the queried lock is +clear. +<p><br>If <code>"locking = yes"</code>, real locking will be performed by the server. +<p><br>This option <em>may</em> be useful for read-only filesystems which <em>may</em> +not need locking (such as cdrom drives), although setting this +parameter of <code>"no"</code> is not really recommended even in this case. +<p><br>Be careful about disabling locking either globally or in a specific +service, as lack of locking may result in data corruption. You should +never need to set this parameter. +<p><br><strong>Default:</strong> +<code> locking = yes</code> +<p><br><strong>Example:</strong> +<code> locking = no</code> +<p><br><a name="logfile"></a> +<li><strong><strong>log file (G)</strong></strong> +<p><br>This options allows you to override the name of the Samba log file +(also known as the debug file). +<p><br>This option takes the standard substitutions, allowing you to have +separate log files for each user or machine. +<p><br><strong>Example:</strong> +<code> log file = /usr/local/samba/var/log.%m</code> +<p><br><a name="loglevel"></a> +<li><strong><strong>log level (G)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#debuglevel"><strong>"debug level"</strong></a>. +<p><br><a name="logondrive"></a> +<li><strong><strong>logon drive (G)</strong></strong> +<p><br>This parameter specifies the local path to which the home directory +will be connected (see <a href="smb.conf.5.html#logonhome"><strong>"logon home"</strong></a>) and is only +used by NT Workstations. +<p><br>Note that this option is only useful if Samba is set up as a +<a href="smb.conf.5.html#domainlogons"><strong>logon server</strong></a>. +<p><br><strong>Example:</strong> +<code> logon drive = h:</code> +<p><br><a name="logonhome"></a> +<li><strong><strong>logon home (G)</strong></strong> +<p><br>This parameter specifies the home directory location when a Win95/98 or +NT Workstation logs into a Samba PDC. It allows you to do +<p><br><code>"NET USE H: /HOME"</code> +<p><br>from a command prompt, for example. +<p><br>This option takes the standard substitutions, allowing you to have +separate logon scripts for each user or machine. +<p><br>Note that this option is only useful if Samba is set up as a +<a href="smb.conf.5.html#domainlogons"><strong>logon server</strong></a>. +<p><br><strong>Example:</strong> +<code> logon home = "\\remote_smb_server\%U"</code> +<p><br><strong>Default:</strong> +<code> logon home = "\\%N\%U"</code> +<p><br><a name="logonpath"></a> +<li><strong><strong>logon path (G)</strong></strong> +<p><br>This parameter specifies the home directory where roaming profiles +(USER.DAT / USER.MAN files for Windows 95/98) are stored. +<p><br>This option takes the standard substitutions, allowing you to have +separate logon scripts for each user or machine. It also specifies +the directory from which the <code>"desktop"</code>, <code>"start menu"</code>, +<code>"network neighborhood"</code> and <code>"programs"</code> folders, and their +contents, are loaded and displayed on your Windows 95/98 client. +<p><br>The share and the path must be readable by the user for the +preferences and directories to be loaded onto the Windows 95/98 +client. The share must be writeable when the logs in for the first +time, in order that the Windows 95/98 client can create the user.dat +and other directories. +<p><br>Thereafter, the directories and any of contents can, if required, be +made read-only. It is not adviseable that the USER.DAT file be made +read-only - rename it to USER.MAN to achieve the desired effect (a +<em>MAN</em>datory profile). +<p><br>Windows clients can sometimes maintain a connection to the [homes] +share, even though there is no user logged in. Therefore, it is vital +that the logon path does not include a reference to the homes share +(i.e setting this parameter to <code>\\%N\HOMES\profile_path</code> will cause +problems). +<p><br>This option takes the standard substitutions, allowing you to have +separate logon scripts for each user or machine. +<p><br>Note that this option is only useful if Samba is set up as a +<a href="smb.conf.5.html#domainlogons"><strong>logon server</strong></a>. +<p><br><strong>Default:</strong> +<code> logon path = \\%N\%U\profile</code> +<p><br><strong>Example:</strong> +<code> logon path = \\PROFILESERVER\HOME_DIR\%U\PROFILE</code> +<p><br><a name="logonscript"></a> +<li><strong><strong>logon script (G)</strong></strong> +<p><br>This parameter specifies the batch file (.bat) or NT command file +(.cmd) to be downloaded and run on a machine when a user successfully +logs in. The file must contain the DOS style cr/lf line endings. +Using a DOS-style editor to create the file is recommended. +<p><br>The script must be a relative path to the <code>[netlogon]</code> service. If +the <code>[netlogon]</code> service specifies a <a href="smb.conf.5.html#path"><strong>path</strong></a> of +/usr/local/samba/netlogon, and logon script = STARTUP.BAT, then the +file that will be downloaded is: +<p><br><code>/usr/local/samba/netlogon/STARTUP.BAT</code> +<p><br>The contents of the batch file is entirely your choice. A suggested +command would be to add <code>NET TIME \\SERVER /SET /YES</code>, to force every +machine to synchronise clocks with the same time server. Another use +would be to add <code>NET USE U: \\SERVER\UTILS</code> for commonly used +utilities, or <code>NET USE Q: \\SERVER\ISO9001_QA</code> for example. +<p><br>Note that it is particularly important not to allow write access to +the <code>[netlogon]</code> share, or to grant users write permission on the +batch files in a secure environment, as this would allow the batch +files to be arbitrarily modified and security to be breached. +<p><br>This option takes the standard substitutions, allowing you to have +separate logon scripts for each user or machine. +<p><br>Note that this option is only useful if Samba is set up as a +<a href="smb.conf.5.html#domainlogons"><strong>logon server</strong></a>. +<p><br><strong>Example:</strong> +<code> logon script = scripts\%U.bat</code> +<p><br><a name="lppausecommand"></a> +<li><strong><strong>lppause command (S)</strong></strong> +<p><br>This parameter specifies the command to be executed on the server host +in order to stop printing or spooling a specific print job. +<p><br>This command should be a program or script which takes a printer name +and job number to pause the print job. One way of implementing this is +by using job priorities, where jobs having a too low priority won't be +sent to the printer. +<p><br>If a <code>"%p"</code> is given then the printername is put in its place. A +<code>"%j"</code> is replaced with the job number (an integer). On HPUX (see +<a href="smb.conf.5.html#printing"><strong>printing=hpux</strong></a>), if the <code>"-p%p"</code> option is added +to the lpq command, the job will show up with the correct status, +i.e. if the job priority is lower than the set fence priority it will +have the PAUSED status, whereas if the priority is equal or higher it +will have the SPOOLED or PRINTING status. +<p><br>Note that it is good practice to include the absolute path in the +lppause command as the PATH may not be available to the server. +<p><br>See also the <a href="smb.conf.5.html#printing"><strong>"printing"</strong></a> parameter. +<p><br><strong>Default:</strong> + Currently no default value is given to this string, unless the +value of the <a href="smb.conf.5.html#printing"><strong>"printing"</strong></a> parameter is <code>SYSV</code>, in +which case the default is : +<p><br><code> lp -i %p-%j -H hold</code> +<p><br>or if the value of the <a href="smb.conf.5.html#printing"><strong>"printing"</strong></a> parameter is <code>softq</code>, +then the default is: +<p><br><code> qstat -s -j%j -h</code> +<p><br><strong>Example for HPUX:</strong> + lppause command = /usr/bin/lpalt %p-%j -p0 +<p><br><a name="lpqcachetime"></a> +<li><strong><strong>lpq cache time (G)</strong></strong> +<p><br>This controls how long lpq info will be cached for to prevent the +<strong>lpq</strong> command being called too often. A separate cache is kept for +each variation of the <strong>lpq</strong> command used by the system, so if you +use different <strong>lpq</strong> commands for different users then they won't +share cache information. +<p><br>The cache files are stored in <code>/tmp/lpq.xxxx</code> where xxxx is a hash of +the <strong>lpq</strong> command in use. +<p><br>The default is 10 seconds, meaning that the cached results of a +previous identical <strong>lpq</strong> command will be used if the cached data is +less than 10 seconds old. A large value may be advisable if your +<strong>lpq</strong> command is very slow. +<p><br>A value of 0 will disable cacheing completely. +<p><br>See also the <a href="smb.conf.5.html#printing"><strong>"printing"</strong></a> parameter. +<p><br><strong>Default:</strong> +<code> lpq cache time = 10</code> +<p><br><strong>Example:</strong> +<code> lpq cache time = 30</code> +<p><br><a name="lpqcommand"></a> +<li><strong><strong>lpq command (S)</strong></strong> +<p><br>This parameter specifies the command to be executed on the server host +in order to obtain <code>"lpq"</code>-style printer status information. +<p><br>This command should be a program or script which takes a printer name +as its only parameter and outputs printer status information. +<p><br>Currently eight styles of printer status information are supported; +BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. This covers most UNIX +systems. You control which type is expected using the +<a href="smb.conf.5.html#printing"><strong>"printing ="</strong></a> option. +<p><br>Some clients (notably Windows for Workgroups) may not correctly send +the connection number for the printer they are requesting status +information about. To get around this, the server reports on the first +printer service connected to by the client. This only happens if the +connection number sent is invalid. +<p><br>If a <code>%p</code> is given then the printername is put in its place. Otherwise +it is placed at the end of the command. +<p><br>Note that it is good practice to include the absolute path in the <strong>lpq +command</strong> as the PATH may not be available to the server. +<p><br>See also the <a href="smb.conf.5.html#printing"><strong>"printing"</strong></a> parameter. +<p><br><strong>Default:</strong> +<code> depends on the setting of printing =</code> +<p><br><strong>Example:</strong> +<code> lpq command = /usr/bin/lpq %p</code> +<p><br><a name="lpresumecommand"></a> +<li><strong><strong>lpresume command (S)</strong></strong> +<p><br>This parameter specifies the command to be executed on the server host +in order to restart or continue printing or spooling a specific print +job. +<p><br>This command should be a program or script which takes a printer name +and job number to resume the print job. See also the <a href="smb.conf.5.html#lppausecommand"><strong>"lppause +command"</strong></a> parameter. +<p><br>If a <code>%p</code> is given then the printername is put in its place. A +<code>%j</code> is replaced with the job number (an integer). +<p><br>Note that it is good practice to include the absolute path in the <strong>lpresume +command</strong> as the PATH may not be available to the server. +<p><br>See also the <a href="smb.conf.5.html#printing"><strong>"printing"</strong></a> parameter. +<p><br><strong>Default:</strong> +<p><br>Currently no default value is given to this string, unless the +value of the <a href="smb.conf.5.html#printing"><strong>"printing"</strong></a> parameter is <code>SYSV</code>, in +which case the default is : +<p><br><code> lp -i %p-%j -H resume</code> +<p><br>or if the value of the <a href="smb.conf.5.html#printing"><strong>"printing"</strong></a> parameter is <code>softq</code>, +then the default is: +<p><br><code> qstat -s -j%j -r</code> +<p><br><strong>Example for HPUX:</strong> +<code> lpresume command = /usr/bin/lpalt %p-%j -p2</code> +<p><br><a name="lprmcommand"></a> +<li><strong><strong>lprm command (S)</strong></strong> +<p><br>This parameter specifies the command to be executed on the server host +in order to delete a print job. +<p><br>This command should be a program or script which takes a printer name +and job number, and deletes the print job. +<p><br>If a <code>%p</code> is given then the printername is put in its place. A +<code>%j</code> is replaced with the job number (an integer). +<p><br>Note that it is good practice to include the absolute path in the +<strong>lprm command</strong> as the PATH may not be available to the server. +<p><br>See also the <a href="smb.conf.5.html#printing"><strong>"printing"</strong></a> parameter. +<p><br><strong>Default:</strong> +<code> depends on the setting of "printing ="</code> +<p><br><strong>Example 1:</strong> +<code> lprm command = /usr/bin/lprm -P%p %j</code> +<p><br><strong>Example 2:</strong> +<code> lprm command = /usr/bin/cancel %p-%j</code> +<p><br><a name="machinepasswordtimeout"></a> +<li><strong><strong>machine password timeout (G)</strong></strong> +<p><br>If a Samba server is a member of an Windows NT Domain (see the +<a href="smb.conf.5.html#securityequaldomain"><strong>"security=domain"</strong></a>) parameter) then +periodically a running <a href="smbd.8.html"><strong>smbd</strong></a> process will try and +change the <strong>MACHINE ACCOUNT PASWORD</strong> stored in the file called +<code><Domain>.<Machine>.mac</code> where <code><Domain></code> is the name of the +Domain we are a member of and tt<Machine> is the primary +<a href="smb.conf.5.html#netbiosname"><strong>"NetBIOS name"</strong></a> of the machine +<a href="smbd.8.html"><strong>smbd</strong></a> is running on. This parameter specifies how +often this password will be changed, in seconds. The default is one +week (expressed in seconds), the same as a Windows NT Domain member +server. +<p><br>See also <a href="smbpasswd.8.html"><strong>smbpasswd (8)</strong></a>, and the +<a href="smb.conf.5.html#securityequaldomain"><strong>"security=domain"</strong></a>) parameter. +<p><br><strong>Default:</strong> +<code> machine password timeout = 604800</code> +<p><br><a name="magicoutput"></a> +<li><strong><strong>magic output (S)</strong></strong> +<p><br>This parameter specifies the name of a file which will contain output +created by a magic script (see the <a href="smb.conf.5.html#magicscript"><strong>"magic +script"</strong></a> parameter below). +<p><br>Warning: If two clients use the same <a href="smb.conf.5.html#magicscript"><strong>"magic +script"</strong></a> in the same directory the output file content +is undefined. +<p><br><strong>Default:</strong> +<code> magic output = <magic script name>.out</code> +<p><br><strong>Example:</strong> +<code> magic output = myfile.txt</code> +<p><br><a name="magicscript"></a> +<li><strong><strong>magic script (S)</strong></strong> +<p><br>This parameter specifies the name of a file which, if opened, will be +executed by the server when the file is closed. This allows a UNIX +script to be sent to the Samba host and executed on behalf of the +connected user. +<p><br>Scripts executed in this way will be deleted upon completion, +permissions permitting. +<p><br>If the script generates output, output will be sent to the file +specified by the <a href="smb.conf.5.html#magicoutput"><strong>"magic output"</strong></a> parameter (see +above). +<p><br>Note that some shells are unable to interpret scripts containing +carriage-return-linefeed instead of linefeed as the end-of-line +marker. Magic scripts must be executable <em>"as is"</em> on the host, +which for some hosts and some shells will require filtering at the DOS +end. +<p><br>Magic scripts are <em>EXPERIMENTAL</em> and should <em>NOT</em> be relied upon. +<p><br><strong>Default:</strong> +<code> None. Magic scripts disabled.</code> +<p><br><strong>Example:</strong> +<code> magic script = user.csh</code> +<p><br><a name="manglecase"></a> +<li><strong><strong>mangle case (S)</strong></strong> +<p><br>See the section on <a href="smb.conf.5.html#NAMEMANGLING"><strong>"NAME MANGLING"</strong></a>. +<p><br><a name="mangledmap"></a> +<li><strong><strong>mangled map (S)</strong></strong> +<p><br>This is for those who want to directly map UNIX file names which are +not representable on Windows/DOS. The mangling of names is not always +what is needed. In particular you may have documents with file +extensions that differ between DOS and UNIX. For example, under UNIX +it is common to use <code>".html"</code> for HTML files, whereas under +Windows/DOS <code>".htm"</code> is more commonly used. +<p><br>So to map <code>"html"</code> to <code>"htm"</code> you would use: +<p><br><code> mangled map = (*.html *.htm)</code> +<p><br>One very useful case is to remove the annoying <code>";1"</code> off the ends +of filenames on some CDROMS (only visible under some UNIXes). To do +this use a map of (*;1 *). +<p><br><strong>default:</strong> +<code> no mangled map</code> +<p><br><strong>Example:</strong> +<code> mangled map = (*;1 *)</code> +<p><br><a name="manglednames"></a> +<li><strong><strong>mangled names (S)</strong></strong> +<p><br>This controls whether non-DOS names under UNIX should be mapped to +DOS-compatible names ("mangled") and made visible, or whether non-DOS +names should simply be ignored. +<p><br>See the section on <a href="smb.conf.5.html#NAMEMANGLING"><strong>"NAME MANGLING"</strong></a> for details +on how to control the mangling process. +<p><br>If mangling is used then the mangling algorithm is as follows: +<p><br><ul> +<p><br><li > The first (up to) five alphanumeric characters before the +rightmost dot of the filename are preserved, forced to upper case, and +appear as the first (up to) five characters of the mangled name. +<p><br><li > A tilde <code>"~"</code> is appended to the first part of the mangled +name, followed by a two-character unique sequence, based on the +original root name (i.e., the original filename minus its final +extension). The final extension is included in the hash calculation +only if it contains any upper case characters or is longer than three +characters. +<p><br>Note that the character to use may be specified using the +<a href="smb.conf.5.html#manglingchar"><strong>"mangling char"</strong></a> option, if you don't like +<code>'~'</code>. +<p><br><li > The first three alphanumeric characters of the final extension +are preserved, forced to upper case and appear as the extension of the +mangled name. The final extension is defined as that part of the +original filename after the rightmost dot. If there are no dots in the +filename, the mangled name will have no extension (except in the case +of <a href="smb.conf.5.html#hidefiles"><strong>"hidden files"</strong></a> - see below). +<p><br><li > Files whose UNIX name begins with a dot will be presented as DOS +hidden files. The mangled name will be created as for other filenames, +but with the leading dot removed and <code>"___"</code> as its extension regardless +of actual original extension (that's three underscores). +<p><br></ul> +<p><br>The two-digit hash value consists of upper case alphanumeric +characters. +<p><br>This algorithm can cause name collisions only if files in a directory +share the same first five alphanumeric characters. The probability of +such a clash is 1/1300. +<p><br>The name mangling (if enabled) allows a file to be copied between UNIX +directories from Windows/DOS while retaining the long UNIX +filename. UNIX files can be renamed to a new extension from +Windows/DOS and will retain the same basename. Mangled names do not +change between sessions. +<p><br><strong>Default:</strong> +<code> mangled names = yes</code> +<p><br><strong>Example:</strong> +<code> mangled names = no</code> +<p><br><a name="manglingchar"></a> +<li><strong><strong>mangling char (S)</strong></strong> +<p><br>This controls what character is used as the <em>"magic"</em> character in +<a href="smb.conf.5.html#manglednames"><strong>name mangling</strong></a>. The default is a <code>'~'</code> but +this may interfere with some software. Use this option to set it to +whatever you prefer. +<p><br><strong>Default:</strong> +<code> mangling char = ~</code> +<p><br><strong>Example:</strong> +<code> mangling char = ^</code> +<p><br><a name="mangledstack"></a> +<li><strong><strong>mangled stack (G)</strong></strong> +<p><br>This parameter controls the number of mangled names that should be +cached in the Samba server <a href="smbd.8.html"><strong>smbd</strong></a>. +<p><br>This stack is a list of recently mangled base names (extensions are +only maintained if they are longer than 3 characters or contains upper +case characters). +<p><br>The larger this value, the more likely it is that mangled names can be +successfully converted to correct long UNIX names. However, large +stack sizes will slow most directory access. Smaller stacks save +memory in the server (each stack element costs 256 bytes). +<p><br>It is not possible to absolutely guarantee correct long file names, so +be prepared for some surprises! +<p><br><strong>Default:</strong> +<code> mangled stack = 50</code> +<p><br><strong>Example:</strong> +<code> mangled stack = 100</code> +<p><br><a name="maparchive"></a> +<li><strong><strong>map archive (S)</strong></strong> +<p><br>This controls whether the DOS archive attribute should be mapped to +the UNIX owner execute bit. The DOS archive bit is set when a file +has been modified since its last backup. One motivation for this +option it to keep Samba/your PC from making any file it touches from +becoming executable under UNIX. This can be quite annoying for shared +source code, documents, etc... +<p><br>Note that this requires the <a href="smb.conf.5.html#createmask"><strong>"create mask"</strong></a> +parameter to be set such that owner execute bit is not masked out +(ie. it must include 100). See the parameter <a href="smb.conf.5.html#createmask"><strong>"create +mask"</strong></a> for details. +<p><br><strong>Default:</strong> +<code> map archive = yes</code> +<p><br><strong>Example:</strong> +<code> map archive = no</code> +<p><br><a name="maphidden"></a> +<li><strong><strong>map hidden (S)</strong></strong> +<p><br>This controls whether DOS style hidden files should be mapped to the +UNIX world execute bit. +<p><br>Note that this requires the <a href="smb.conf.5.html#createmask"><strong>"create mask"</strong></a> to be +set such that the world execute bit is not masked out (ie. it must +include 001). See the parameter <a href="smb.conf.5.html#createmask"><strong>"create mask"</strong></a> +for details. +<p><br><strong>Default:</strong> +<code> map hidden = no</code> +<p><br><strong>Example:</strong> +<code> map hidden = yes</code> +<p><br><a name="mapsystem"></a> +<li><strong><strong>map system (S)</strong></strong> +<p><br>This controls whether DOS style system files should be mapped to the +UNIX group execute bit. +<p><br>Note that this requires the <a href="smb.conf.5.html#createmask"><strong>"create mask"</strong></a> to be +set such that the group execute bit is not masked out (ie. it must +include 010). See the parameter <a href="smb.conf.5.html#createmask"><strong>"create mask"</strong></a> +for details. +<p><br><strong>Default:</strong> +<code> map system = no</code> +<p><br><strong>Example:</strong> +<code> map system = yes</code> +<p><br><a name="maptoguest"></a> +<li><strong><strong>map to guest (G)</strong></strong> +<p><br>This parameter is only useful in <a href="smb.conf.5.html#security"><strong>security</strong></a> modes +other than <a href="smb.conf.5.html#securityequalshare"><strong>"security=share"</strong></a> - ie. user, +server, and domain. +<p><br>This parameter can take three different values, which tell +<a href="smbd.8.html"><strong>smbd</strong></a> what to do with user login requests that +don't match a valid UNIX user in some way. +<p><br>The three settings are : +<p><br><ul> +<p><br><li > <strong>"Never"</strong> - Means user login requests with an invalid password +are rejected. This is the default. +<p><br><li > <strong>"Bad User"</strong> - Means user logins with an invalid password are +rejected, unless the username does not exist, in which case it is +treated as a guest login and mapped into the <a href="smb.conf.5.html#guestaccount"><strong>"guest +account"</strong></a>. +<p><br><li > <strong>"Bad Password"</strong> - Means user logins with an invalid +password are treated as a guest login and mapped into the +<a href="smb.conf.5.html#guestaccount"><strong>"guest account"</strong></a>. Note that this can +cause problems as it means that any user mistyping their +password will be silently logged on a <strong>"guest"</strong> - and +will not know the reason they cannot access files they think +they should - there will have been no message given to them +that they got their password wrong. Helpdesk services will +<em>*hate*</em> you if you set the <strong>"map to guest"</strong> parameter +this way :-). +<p><br></ul> +<p><br>Note that this parameter is needed to set up <strong>"Guest"</strong> share +services when using <a href="smb.conf.5.html#security"><strong>security</strong></a> modes other than +share. This is because in these modes the name of the resource being +requested is <em>*not*</em> sent to the server until after the server has +successfully authenticated the client so the server cannot make +authentication decisions at the correct time (connection to the +share) for <strong>"Guest"</strong> shares. +<p><br>For people familiar with the older Samba releases, this parameter +maps to the old compile-time setting of the GUEST_SESSSETUP value +in local.h. +<p><br><strong>Default:</strong> +<code> map to guest = Never</code> + <strong>Example</strong>: +<code> map to guest = Bad User</code> +<p><br><a name="maxconnections"></a> +<li><strong><strong>max connections (S)</strong></strong> +<p><br>This option allows the number of simultaneous connections to a service +to be limited. If <strong>"max connections"</strong> is greater than 0 then +connections will be refused if this number of connections to the +service are already open. A value of zero mean an unlimited number of +connections may be made. +<p><br>Record lock files are used to implement this feature. The lock files +will be stored in the directory specified by the <a href="smb.conf.5.html#lockdirectory"><strong>"lock +directory"</strong></a> option. +<p><br><strong>Default:</strong> +<code> max connections = 0</code> +<p><br><strong>Example:</strong> +<code> max connections = 10</code> +<p><br><a name="maxdisksize"></a> +<li><strong><strong>max disk size (G)</strong></strong> +<p><br>This option allows you to put an upper limit on the apparent size of +disks. If you set this option to 100 then all shares will appear to be +not larger than 100 MB in size. +<p><br>Note that this option does not limit the amount of data you can put on +the disk. In the above case you could still store much more than 100 +MB on the disk, but if a client ever asks for the amount of free disk +space or the total disk size then the result will be bounded by the +amount specified in <strong>"max disk size"</strong>. +<p><br>This option is primarily useful to work around bugs in some pieces of +software that can't handle very large disks, particularly disks over +1GB in size. +<p><br>A <strong>"max disk size"</strong> of 0 means no limit. +<p><br><strong>Default:</strong> +<code> max disk size = 0</code> +<p><br><strong>Example:</strong> +<code> max disk size = 1000</code> +<p><br><a name="maxlogsize"></a> +<li><strong><strong>max log size (G)</strong></strong> +<p><br>This option (an integer in kilobytes) specifies the max size the log +file should grow to. Samba periodically checks the size and if it is +exceeded it will rename the file, adding a <code>".old"</code> extension. +<p><br>A size of 0 means no limit. +<p><br><strong>Default:</strong> +<code> max log size = 5000</code> +<p><br><strong>Example:</strong> +<code> max log size = 1000</code> +<p><br><a name="maxmux"></a> +<li><strong><strong>max mux (G)</strong></strong> +<p><br>This option controls the maximum number of outstanding simultaneous +SMB operations that samba tells the client it will allow. You should +never need to set this parameter. +<p><br><strong>Default:</strong> +<code> max mux = 50</code> +<p><br><a name="maxopenfiles"></a> +<li><strong><strong>maxopenfiles (G)</strong></strong> +<p><br>This parameter limits the maximum number of open files that one +<a href="smbd.8.html"><strong>smbd</strong></a> file serving process may have open for +a client at any one time. The default for this parameter is set +very high (10,000) as Samba uses only one bit per un-opened file. +<p><br>The limit of the number of open files is usually set by the +UNIX per-process file descriptor limit rather than this parameter +so you should never need to touch this parameter. +<p><br><strong>Default:</strong> +<code> max open files = 10000</code> +<p><br><a name="maxpacket"></a> +<li><strong><strong>max packet (G)</strong></strong> +<p><br>Synonym for <a name="<strong>"packetsize"</strong>"></a>(packetsize). +<p><br><a name="maxttl"></a> +<li><strong><strong>max ttl (G)</strong></strong> +<p><br>This option tells <a href="nmbd.8.html"><strong>nmbd</strong></a> what the default 'time +to live' of NetBIOS names should be (in seconds) when +<a href="nmbd.8.html"><strong>nmbd</strong></a> is requesting a name using either a +broadcast packet or from a WINS server. You should never need to +change this parameter. The default is 3 days. +<p><br><strong>Default:</strong> +<code> max ttl = 259200</code> +<p><br><a name="maxwinsttl"></a> +<li><strong><strong>max wins ttl (G)</strong></strong> +<p><br>This option tells <a href="nmbd.8.html"><strong>nmbd</strong></a> when acting as a WINS +server <a href="smb.conf.5.html#winssupport"><strong>(wins support =true)</strong></a> what the maximum +'time to live' of NetBIOS names that <a href="nmbd.8.html"><strong>nmbd</strong></a> will +grant will be (in seconds). You should never need to change this +parameter. The default is 6 days (518400 seconds). +<p><br>See also the <a href="smb.conf.5.html#minwinsttl"><strong>"min wins ttl"</strong></a> parameter. +<p><br><strong>Default:</strong> +<code> max wins ttl = 518400</code> +<p><br><a name="maxxmit"></a> +<li><strong><strong>max xmit (G)</strong></strong> +<p><br>This option controls the maximum packet size that will be negotiated +by Samba. The default is 65535, which is the maximum. In some cases +you may find you get better performance with a smaller value. A value +below 2048 is likely to cause problems. +<p><br><strong>Default:</strong> +<code> max xmit = 65535</code> +<p><br><strong>Example:</strong> +<code> max xmit = 8192</code> +<p><br><a name="messagecommand"></a> +<li><strong><strong>message command (G)</strong></strong> +<p><br>This specifies what command to run when the server receives a WinPopup +style message. +<p><br>This would normally be a command that would deliver the message +somehow. How this is to be done is up to your imagination. +<p><br>An example is: +<p><br><code> message command = csh -c 'xedit %s;rm %s' &</code> +<p><br>This delivers the message using <strong>xedit</strong>, then removes it +afterwards. <em>NOTE THAT IT IS VERY IMPORTANT THAT THIS COMMAND RETURN +IMMEDIATELY</em>. That's why I have the <code>'&'</code> on the end. If it doesn't +return immediately then your PCs may freeze when sending messages +(they should recover after 30secs, hopefully). +<p><br>All messages are delivered as the global guest user. The command takes +the standard substitutions, although <a href="smb.conf.5.html#percentu"><strong>%u</strong></a> won't work +(<a href="smb.conf.5.html#percentU"><strong>%U</strong></a> may be better in this case). +<p><br>Apart from the standard substitutions, some additional ones apply. In +particular: +<p><br><ul> +<p><br><li > <code>"%s"</code> = the filename containing the message. +<p><br><li > <code>"%t"</code> = the destination that the message was sent to (probably the server +name). +<p><br><li > <code>"%f"</code> = who the message is from. +<p><br></ul> +<p><br>You could make this command send mail, or whatever else takes your +fancy. Please let us know of any really interesting ideas you have. +<p><br>Here's a way of sending the messages as mail to root: +<p><br><code>message command = /bin/mail -s 'message from %f on %m' root < %s; rm %s</code> +<p><br>If you don't have a message command then the message won't be +delivered and Samba will tell the sender there was an +error. Unfortunately WfWg totally ignores the error code and carries +on regardless, saying that the message was delivered. +<p><br>If you want to silently delete it then try: +<p><br><code>"message command = rm %s"</code>. +<p><br>For the really adventurous, try something like this: +<p><br><code>message command = csh -c 'csh < %s |& /usr/local/samba/bin/smbclient -M %m; rm %s' &</code> +<p><br>this would execute the command as a script on the server, then give +them the result in a WinPopup message. Note that this could cause a +loop if you send a message from the server using smbclient! You better +wrap the above in a script that checks for this :-) +<p><br><strong>Default:</strong> +<code> no message command</code> +<p><br><strong>Example:</strong> +<code> message command = csh -c 'xedit %s;rm %s' &</code> +<p><br><a name="minprintspace"></a> +<li><strong><strong>min print space (S)</strong></strong> +<p><br>This sets the minimum amount of free disk space that must be available +before a user will be able to spool a print job. It is specified in +kilobytes. The default is 0, which means a user can always spool a print +job. +<p><br>See also the <a href="smb.conf.5.html#printing"><strong>printing</strong></a> parameter. +<p><br><strong>Default:</strong> +<code> min print space = 0</code> +<p><br><strong>Example:</strong> +<code> min print space = 2000</code> +<p><br><a name="minwinsttl"></a> +<li><strong><strong>min wins ttl (G)</strong></strong> +<p><br>This option tells <a href="nmbd.8.html"><strong>nmbd</strong></a> when acting as a WINS +server <a href="smb.conf.5.html#winssupport"><strong>(wins support = true)</strong></a> what the minimum +'time to live' of NetBIOS names that <a href="nmbd.8.html"><strong>nmbd</strong></a> will +grant will be (in seconds). You should never need to change this +parameter. The default is 6 hours (21600 seconds). +<p><br><strong>Default:</strong> +<code> min wins ttl = 21600</code> +<p><br><a name="nameresolveorder"></a> +<li><strong><strong>name resolve order (G)</strong></strong> +<p><br>This option is used by the programs in the Samba suite to determine +what naming services and in what order to resolve host names to IP +addresses. The option takes a space separated string of different name +resolution options. +<p><br>The options are :"lmhosts", "host", "wins" and "bcast". They cause +names to be resolved as follows : +<p><br><ul> +<p><br><li > <strong>lmhosts</strong> : Lookup an IP address in the Samba lmhosts file. +<p><br><li > <strong>host</strong> : Do a standard host name to IP address resolution, +using the system /etc/hosts, NIS, or DNS lookups. This method of name +resolution is operating system depended for instance on IRIX or +Solaris this may be controlled by the <em>/etc/nsswitch.conf</em> file). +<p><br><li > <strong>wins</strong> : Query a name with the IP address listed in the +<a href="smb.conf.5.html#winsserver"><strong>wins server</strong></a> parameter. If no WINS server has +been specified this method will be ignored. +<p><br><li > <strong>bcast</strong> : Do a broadcast on each of the known local interfaces +listed in the <a href="smb.conf.5.html#interfaces"><strong>interfaces</strong></a> parameter. This is the +least reliable of the name resolution methods as it depends on the +target host being on a locally connected subnet. +<p><br></ul> +<p><br><strong>Default:</strong> +<code> name resolve order = lmhosts host wins bcast</code> +<p><br><strong>Example:</strong> +<code> name resolve order = lmhosts bcast host</code> +<p><br>This will cause the local lmhosts file to be examined first, followed +by a broadcast attempt, followed by a normal system hostname lookup. +<p><br><a name="netbiosaliases"></a> +<li><strong><strong>netbios aliases (G)</strong></strong> +<p><br>This is a list of NetBIOS names that <a href="nmbd.8.html"><strong>nmbd</strong></a> will +advertise as additional names by which the Samba server is known. This +allows one machine to appear in browse lists under multiple names. If +a machine is acting as a <a href="smb.conf.5.html#localmaster"><strong>browse server</strong></a> or +<a href="smb.conf.5.html#domainlogons"><strong>logon server</strong></a> none of these names will be +advertised as either browse server or logon servers, only the primary +name of the machine will be advertised with these capabilities. +<p><br>See also <a href="smb.conf.5.html#netbiosname"><strong>"netbios name"</strong></a>. +<p><br><strong>Default:</strong> +<code> empty string (no additional names)</code> +<p><br><strong>Example:</strong> +<code> netbios aliases = TEST TEST1 TEST2</code> +<p><br><a name="netbiosname"></a> +<li><strong><strong>netbios name (G)</strong></strong> +<p><br>This sets the NetBIOS name by which a Samba server is known. By +default it is the same as the first component of the host's DNS name. +If a machine is a <a href="smb.conf.5.html#localmaster"><strong>browse server</strong></a> or +<a href="smb.conf.5.html#domainlogons"><strong>logon server</strong></a> this name (or the first component +of the hosts DNS name) will be the name that these services are +advertised under. +<p><br>See also <a href="smb.conf.5.html#netbiosaliases"><strong>"netbios aliases"</strong></a>. +<p><br><strong>Default:</strong> +<code> Machine DNS name.</code> +<p><br><strong>Example:</strong> +<code> netbios name = MYNAME</code> +<p><br><a name="nishomedir"></a> +<li><strong><strong>nis homedir (G)</strong></strong> +<p><br>Get the home share server from a NIS map. For UNIX systems that use an +automounter, the user's home directory will often be mounted on a +workstation on demand from a remote server. +<p><br>When the Samba logon server is not the actual home directory server, +but is mounting the home directories via NFS then two network hops +would be required to access the users home directory if the logon +server told the client to use itself as the SMB server for home +directories (one over SMB and one over NFS). This can be very +slow. +<p><br>This option allows Samba to return the home share as being on a +different server to the logon server and as long as a Samba daemon is +running on the home directory server, it will be mounted on the Samba +client directly from the directory server. When Samba is returning the +home share to the client, it will consult the NIS map specified in +<a href="smb.conf.5.html#homedirmap"><strong>"homedir map"</strong></a> and return the server listed +there. +<p><br>Note that for this option to work there must be a working NIS +system and the Samba server with this option must also be a +<a href="smb.conf.5.html#domainlogons"><strong>logon server</strong></a>. +<p><br><strong>Default:</strong> +<code> nis homedir = false</code> +<p><br><strong>Example:</strong> +<code> nis homedir = true</code> +<p><br><a name="ntpipesupport"></a> +<li><strong><strong>nt pipe support (G)</strong></strong> +<p><br>This boolean parameter controlls whether <a href="smbd.8.html"><strong>smbd</strong></a> +will allow Windows NT clients to connect to the NT SMB specific +<code>IPC$</code> pipes. This is a developer debugging option and can be left +alone. +<p><br><strong>Default:</strong> +<code> nt pipe support = yes</code> +<p><br><a name="ntsmbsupport"></a> +<li><strong><strong>nt smb support (G)</strong></strong> +<p><br>This boolean parameter controlls whether <a href="smbd.8.html"><strong>smbd</strong></a> +will negotiate NT specific SMB support with Windows NT +clients. Although this is a developer debugging option and should be +left alone, benchmarking has discovered that Windows NT clients give +faster performance with this option set to <code>"no"</code>. This is still +being investigated. If this option is set to <code>"no"</code> then Samba +offers exactly the same SMB calls that versions prior to Samba2.0 +offered. This information may be of use if any users are having +problems with NT SMB support. +<p><br><strong>Default:</strong> +<code> nt support = yes</code> +<p><br><a name="nullpasswords"></a> +<li><strong><strong>null passwords (G)</strong></strong> +<p><br>Allow or disallow client access to accounts that have null passwords. +<p><br>See also <a href="smbpasswd.5.html"><strong>smbpasswd (5)</strong></a>. +<p><br><strong>Default:</strong> +<code> null passwords = no</code> +<p><br><strong>Example:</strong> +<code> null passwords = yes</code> +<p><br><a name="olelockingcompatibility"></a> +<li><strong><strong>ole locking compatibility (G)</strong></strong> +<p><br>This parameter allows an administrator to turn off the byte range lock +manipulation that is done within Samba to give compatibility for OLE +applications. Windows OLE applications use byte range locking as a +form of inter-process communication, by locking ranges of bytes around +the 2^32 region of a file range. This can cause certain UNIX lock +managers to crash or otherwise cause problems. Setting this parameter +to <code>"no"</code> means you trust your UNIX lock manager to handle such cases +correctly. +<p><br><strong>Default:</strong> +<code> ole locking compatibility = yes</code> +<p><br><strong>Example:</strong> +<code> ole locking compatibility = no</code> +<p><br><a name="onlyguest"></a> +<li><strong><strong>only guest (S)</strong></strong> +<p><br>A synonym for <a href="smb.conf.5.html#guestonly"><strong>"guest only"</strong></a>. +<p><br><a name="onlyuser"></a> +<li><strong><strong>only user (S)</strong></strong> +<p><br>This is a boolean option that controls whether connections with +usernames not in the <a href="smb.conf.5.html#user"><strong>user=</strong></a> list will be allowed. By +default this option is disabled so a client can supply a username to +be used by the server. +<p><br>Note that this also means Samba won't try to deduce usernames from the +service name. This can be annoying for the <a href="smb.conf.5.html#homes"><strong>[homes]</strong></a> +section. To get around this you could use "<a href="smb.conf.5.html#user"><strong>user</strong></a> = +<a href="smb.conf.5.html#percentS"><strong>%S</strong></a>" which means your <a href="smb.conf.5.html#user"><strong>"user"</strong></a> list +will be just the service name, which for home directories is the name +of the user. +<p><br>See also the <a href="smb.conf.5.html#user"><strong>user</strong></a> parameter. +<p><br><strong>Default:</strong> +<code> only user = False</code> +<p><br><strong>Example:</strong> +<code> only user = True</code> +<p><br><a name="oplocks"></a> +<li><strong><strong>oplocks (S)</strong></strong> +<p><br>This boolean option tells smbd whether to issue oplocks (opportunistic +locks) to file open requests on this share. The oplock code can +dramatically (approx 30% or more) improve the speed of access to files +on Samba servers. It allows the clients to agressively cache files +locally and you may want to disable this option for unreliable network +environments (it is turned on by default in Windows NT Servers). For +more information see the file Speed.txt in the Samba docs/ directory. +<p><br>Oplocks may be selectively turned off on certain files on a per share basis. +See the 'veto oplock files' parameter. On some systems oplocks are recognised +by the underlying operating system. This allows data synchronisation between +all access to oplocked files, whether it be via Samba or NFS or a local +UNIX process. See the <a href="smb.conf.5.html#kerneloplocks"><strong>kernel oplocks</strong></a> parameter +for details. +<p><br><strong>Default:</strong> +<code> oplocks = True</code> +<p><br><strong>Example:</strong> +<code> oplocks = False</code> +<p><br><a name="oslevel"></a> +<li><strong><strong>os level (G)</strong></strong> +<p><br>This integer value controls what level Samba advertises itself as for +browse elections. The value of this parameter determines whether +<a href="nmbd.8.html"><strong>nmbd</strong></a> has a chance of becoming a local master +browser for the <a href="smb.conf.5.html#workgroup"><strong>WORKGROUP</strong></a> in the local broadcast +area. The default is zero, which means <a href="nmbd.8.html"><strong>nmbd</strong></a> will +lose elections to Windows machines. See BROWSING.txt in the Samba +docs/ directory for details. +<p><br><strong>Default:</strong> +<code> os level = 0</code> +<p><br><strong>Example:</strong> +<code> os level = 65 ; This will win against any NT Server</code> +<p><br><a name="packetsize"></a> +<li><strong><strong>packet size (G)</strong></strong> +<p><br>This is a deprecated parameter that how no effect on the current +Samba code. It is left in the parameter list to prevent breaking +old <strong>smb.conf</strong> files. +<p><br><a name="panicaction"></a> +<li><strong><strong>panic action (G)</strong></strong> +<p><br>This is a Samba developer option that allows a system command to be +called when either <a href="smbd.8.html"><strong>smbd</strong></a> or +<a href="nmbd.8.html"><strong>nmbd</strong></a> crashes. This is usually used to draw +attention to the fact that a problem occured. +<p><br><strong>Default:</strong> +<code> panic action = <empty string></code> +<p><br><a name="passwdchat"></a> +<li><strong><strong>passwd chat (G)</strong></strong> +<p><br>This string controls the <em>"chat"</em> conversation that takes places +between <a href="smbd.8.html"><strong>smbd</strong></a> and the local password changing +program to change the users password. The string describes a sequence +of response-receive pairs that <a href="smbd.8.html"><strong>smbd</strong></a> uses to +determine what to send to the <a href="smb.conf.5.html#passwdprogram"><strong>passwd</strong></a> program +and what to expect back. If the expected output is not received then +the password is not changed. +<p><br>This chat sequence is often quite site specific, depending on what +local methods are used for password control (such as NIS etc). +<p><br>The string can contain the macros <code>"%o"</code> and <code>"%n"</code> which are +substituted for the old and new passwords respectively. It can also +contain the standard macros <code>"\n"</code>, <code>"\r"</code>, <code>"\t"</code> and <code>"\s"</code> +to give line-feed, carriage-return, tab and space. +<p><br>The string can also contain a <code>'*'</code> which matches any sequence of +characters. +<p><br>Double quotes can be used to collect strings with spaces in them into +a single string. +<p><br>If the send string in any part of the chat sequence is a fullstop +<code>"."</code> then no string is sent. Similarly, is the expect string is a +fullstop then no string is expected. +<p><br>Note that if the <a href="smb.conf.5.html#unixpasswordsync"><strong>"unix password sync"</strong></a> +parameter is set to true, then this sequence is called <em>*AS ROOT*</em> +when the SMB password in the smbpasswd file is being changed, without +access to the old password cleartext. In this case the old password +cleartext is set to <code>""</code> (the empty string). +<p><br>See also <a href="smb.conf.5.html#unixpasswordsync"><strong>"unix password sync"</strong></a>, +<a href="smb.conf.5.html#passwdprogram"><strong>"passwd program"</strong></a> and <a href="smb.conf.5.html#passwdchatdebug"><strong>"passwd chat +debug"</strong></a>. +<p><br><strong>Example:</strong> +<pre> + passwd chat = "*Enter OLD password*" %o\n "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*" + +</pre> + +<p><br><strong>Default:</strong> +<pre> + passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed* +</pre> + +<p><br><a name="passwdchatdebug"></a> +<li><strong><strong>passwd chat debug (G)</strong></strong> +<p><br>This boolean specifies if the passwd chat script parameter is run in +<code>"debug"</code> mode. In this mode the strings passed to and received from +the passwd chat are printed in the <a href="smbd.8.html"><strong>smbd</strong></a> log with +a <a href="smb.conf.5.html#debuglevel"><strong>"debug level"</strong></a> of 100. This is a dangerous +option as it will allow plaintext passwords to be seen in the +<a href="smbd.8.html"><strong>smbd</strong></a> log. It is available to help Samba admins +debug their <a href="smb.conf.5.html#passwdchat"><strong>"passwd chat"</strong></a> scripts when calling +the <a href="smb.conf.5.html#passwdprogram"><strong>"passwd program"</strong></a> and should be turned off +after this has been done. This parameter is off by default. +<p><br>See also <a href="smb.conf.5.html#passwdchat"><strong>"passwd chat"</strong></a>, <a href="smb.conf.5.html#passwdprogram"><strong>"passwd +program"</strong></a>. +<p><br><strong>Example:</strong> +<code> passwd chat debug = True</code> +<p><br><strong>Default:</strong> +<code> passwd chat debug = False</code> +<p><br><a name="passwdprogram"></a> +<li><strong><strong>passwd program (G)</strong></strong> +<p><br>The name of a program that can be used to set UNIX user passwords. +Any occurrences of <a href="smb.conf.5.html#percentu"><strong>%u</strong></a> will be replaced with the +user name. The user name is checked for existance before calling the +password changing program. +<p><br>Also note that many passwd programs insist in <em>"reasonable"</em> +passwords, such as a minimum length, or the inclusion of mixed case +chars and digits. This can pose a problem as some clients (such as +Windows for Workgroups) uppercase the password before sending it. +<p><br><em>Note</em> that if the <a href="smb.conf.5.html#unixpasswordsync"><strong>"unix password sync"</strong></a> +parameter is set to <code>"True"</code> then this program is called <em>*AS +ROOT*</em> before the SMB password in the +<a href="smbpasswd.5.html"><strong>smbpassswd</strong></a> file is changed. If this UNIX +password change fails, then <a href="smbd.8.html"><strong>smbd</strong></a> will fail to +change the SMB password also (this is by design). +<p><br>If the <a href="smb.conf.5.html#unixpasswordsync"><strong>"unix password sync"</strong></a> parameter is +set this parameter <em>MUST USE ABSOLUTE PATHS</em> for <em>ALL</em> programs +called, and must be examined for security implications. Note that by +default <a href="smb.conf.5.html#unixpasswordsync"><strong>"unix password sync"</strong></a> is set to +<code>"False"</code>. +<p><br>See also <a href="smb.conf.5.html#unixpasswordsync"><strong>"unix password sync"</strong></a>. +<p><br><strong>Default:</strong> +<code> passwd program = /bin/passwd</code> +<p><br><strong>Example:</strong> +<code> passwd program = /sbin/passwd %u</code> +<p><br><a name="passwordlevel"></a> +<li><strong><strong>password level (G)</strong></strong> +<p><br>Some client/server combinations have difficulty with mixed-case +passwords. One offending client is Windows for Workgroups, which for +some reason forces passwords to upper case when using the LANMAN1 +protocol, but leaves them alone when using COREPLUS! +<p><br>This parameter defines the maximum number of characters that may be +upper case in passwords. +<p><br>For example, say the password given was <code>"FRED"</code>. If <strong>password +level</strong> is set to 1, the following combinations would be tried if +<code>"FRED"</code> failed: +<p><br><code>"Fred"</code>, <code>"fred"</code>, <code>"fRed"</code>, <code>"frEd"</code>, <code>"freD"</code> +<p><br>If <strong>password level</strong> was set to 2, the following combinations would +also be tried: +<p><br><code>"FRed"</code>, <code>"FrEd"</code>, <code>"FreD"</code>, <code>"fREd"</code>, <code>"fReD"</code>, +<code>"frED"</code>, <code>..</code> +<p><br>And so on. +<p><br>The higher value this parameter is set to the more likely it is that a +mixed case password will be matched against a single case +password. However, you should be aware that use of this parameter +reduces security and increases the time taken to process a new +connection. +<p><br>A value of zero will cause only two attempts to be made - the password +as is and the password in all-lower case. +<p><br><strong>Default:</strong> +<code> password level = 0</code> +<p><br><strong>Example:</strong> +<code> password level = 4</code> +<p><br><a name="passwordserver"></a> +<li><strong><strong>password server (G)</strong></strong> +<p><br>By specifying the name of another SMB server (such as a WinNT box) +with this option, and using <a href="smb.conf.5.html#security"><strong>"security = domain"</strong></a> or +<a href="smb.conf.5.html#security"><strong>"security = server"</strong></a> you can get Samba to do all +its username/password validation via a remote server. +<p><br>This options sets the name of the password server to use. It must be a +NetBIOS name, so if the machine's NetBIOS name is different from its +internet name then you may have to add its NetBIOS name to the lmhosts +file which is stored in the same directory as the <strong>smb.conf</strong> file. +<p><br>The name of the password server is looked up using the parameter +<a href="smb.conf.5.html#nameresolveorder"><strong>"name resolve order="</strong></a> and so may resolved +by any method and order described in that parameter. +<p><br>The password server much be a machine capable of using the "LM1.2X002" +or the "LM NT 0.12" protocol, and it must be in user level security +mode. +<p><br>NOTE: Using a password server means your UNIX box (running Samba) is +only as secure as your password server. <em>DO NOT CHOOSE A PASSWORD +SERVER THAT YOU DON'T COMPLETELY TRUST</em>. +<p><br>Never point a Samba server at itself for password serving. This will +cause a loop and could lock up your Samba server! +<p><br>The name of the password server takes the standard substitutions, but +probably the only useful one is <a href="smb.conf.5.html#percentm"><strong>%m</strong></a>, which means +the Samba server will use the incoming client as the password +server. If you use this then you better trust your clients, and you +better restrict them with hosts allow! +<p><br>If the <a href="smb.conf.5.html#security"><strong>"security"</strong></a> parameter is set to +<strong>"domain"</strong>, then the list of machines in this option must be a list +of Primary or Backup Domain controllers for the +<a href="smb.conf.5.html#workgroup"><strong>Domain</strong></a>, as the Samba server is cryptographically +in that domain, and will use crpytographically authenticated RPC calls +to authenticate the user logging on. The advantage of using +<a href="smb.conf.5.html#securityequaldomain"><strong>"security=domain"</strong></a> is that if you list +several hosts in the <strong>"password server"</strong> option then +<a href="smbd.8.html"><strong>smbd</strong></a> will try each in turn till it finds one +that responds. This is useful in case your primary server goes down. +<p><br>If the <a href="smb.conf.5.html#security"><strong>"security"</strong></a> parameter is set to +<a href="smb.conf.5.html#securityequalserver"><strong>"server"</strong></a>, then there are different +restrictions that <a href="smb.conf.5.html#securityequaldomain"><strong>"security=domain"</strong></a> +doesn't suffer from: +<p><br><ul> +<p><br><li > You may list several password servers in the <strong>"password server" +parameter, however if an <a href="smbd.8.html"><strong>smbd</strong></a> makes a connection +to a password server, and then the password server fails, no more +users will be able to be authenticated from this +<a href="smbd.8.html"><strong>smbd</strong></a>. This is a restriction of the SMB/CIFS +protocol when in <a href="smb.conf.5.html#securityequalserver"><strong>"security=server"</strong></a> mode +and cannot be fixed in Samba. +<p><br><li > If you are using a Windows NT server as your password server then +you will have to ensure that your users are able to login from the +Samba server, as when in +<a href="smb.conf.5.html#securityequalserver"><strong>"security=server"</strong></a> mode the network +logon will appear to come from there rather than from the users +workstation. +<p><br></ul> +<p><br>See also the <a href="smb.conf.5.html#security"><strong>"security"</strong></a> parameter. +<p><br><strong>Default:</strong> +<code> password server = <empty string></code> +<p><br><strong>Example:</strong> +<code> password server = NT-PDC, NT-BDC1, NT-BDC2</code> +<p><br><a name="path"></a> +<li><strong><strong>path (S)</strong></strong> +<p><br>This parameter specifies a directory to which the user of the service +is to be given access. In the case of printable services, this is +where print data will spool prior to being submitted to the host for +printing. +<p><br>For a printable service offering guest access, the service should be +readonly and the path should be world-writable and have the sticky bit +set. This is not mandatory of course, but you probably won't get the +results you expect if you do otherwise. +<p><br>Any occurrences of <a href="smb.conf.5.html#percentu"><strong>%u</strong></a> in the path will be replaced +with the UNIX username that the client is using on this +connection. Any occurrences of <a href="smb.conf.5.html#percentm"><strong>%m</strong></a> will be replaced +by the NetBIOS name of the machine they are connecting from. These +replacements are very useful for setting up pseudo home directories +for users. +<p><br>Note that this path will be based on <a href="smb.conf.5.html#rootdir"><strong>"root dir"</strong></a> if +one was specified. +<p><br><strong>Default:</strong> +<code> none</code> +<p><br><strong>Example:</strong> +<code> path = /home/fred</code> +<p><br><a name="postexec"></a> +<li><strong><strong>postexec (S)</strong></strong> +<p><br>This option specifies a command to be run whenever the service is +disconnected. It takes the usual substitutions. The command may be run +as the root on some systems. +<p><br>An interesting example may be do unmount server resources: +<p><br><code>postexec = /etc/umount /cdrom</code> +<p><br>See also <a href="smb.conf.5.html#preexec"><strong>preexec</strong></a>. +<p><br><strong>Default:</strong> +<code> none (no command executed)</code> +<p><br><strong>Example:</strong> +<code> postexec = echo "%u disconnected from %S from %m (%I)" >> /tmp/log</code> +<p><br><a name="postscript"></a> +<li><strong><strong>postscript (S)</strong></strong> +<p><br>This parameter forces a printer to interpret the print files as +postscript. This is done by adding a <code>%!</code> to the start of print output. +<p><br>This is most useful when you have lots of PCs that persist in putting +a control-D at the start of print jobs, which then confuses your +printer. +<p><br><strong>Default:</strong> +<code> postscript = False</code> +<p><br><strong>Example:</strong> +<code> postscript = True</code> +<p><br><a name="preexec"></a> +<li><strong><strong>preexec (S)</strong></strong> +<p><br>This option specifies a command to be run whenever the service is +connected to. It takes the usual substitutions. +<p><br>An interesting example is to send the users a welcome message every +time they log in. Maybe a message of the day? Here is an example: +<p><br><pre> + + preexec = csh -c 'echo \"Welcome to %S!\" | /usr/local/samba/bin/smbclient -M %m -I %I' & + +</pre> + +<p><br>Of course, this could get annoying after a while :-</strong> +<p><br>See also <a href="smb.conf.5.html#postexec"><strong>postexec</strong></a>. +<p><br><strong>Default:</strong> +<code> none (no command executed)</code> +<p><br><strong>Example:</strong> +<code> preexec = echo \"%u connected to %S from %m (%I)\" >> /tmp/log</code> +<p><br><a name="preferredmaster"></a> +<li><strong><strong>preferred master (G)</strong></strong> +<p><br>This boolean parameter controls if <a href="nmbd.8.html"><strong>nmbd</strong></a> is a +preferred master browser for its workgroup. +<p><br>If this is set to true, on startup, <a href="nmbd.8.html"><strong>nmbd</strong></a> will +force an election, and it will have a slight advantage in winning the +election. It is recommended that this parameter is used in +conjunction with <a href="smb.conf.5.html#domainmaster"><strong>"domain master = yes"</strong></a>, so +that <a href="nmbd.8.html"><strong>nmbd</strong></a> can guarantee becoming a domain +master. +<p><br>Use this option with caution, because if there are several hosts +(whether Samba servers, Windows 95 or NT) that are preferred master +browsers on the same subnet, they will each periodically and +continuously attempt to become the local master browser. This will +result in unnecessary broadcast traffic and reduced browsing +capabilities. +<p><br>See also <a href="smb.conf.5.html#oslevel"><strong>os level</strong></a>. +<p><br><strong>Default:</strong> +<code> preferred master = no</code> +<p><br><strong>Example:</strong> +<code> preferred master = yes</code> +<p><br><a name="preferedmaster"></a> +<li><strong><strong>prefered master (G)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#preferredmaster"><strong>"preferred master"</strong></a> for people +who cannot spell :-). +<p><br><a name="preload"></a> +<li><strong><strong>preload</strong></strong> +Synonym for <a href="smb.conf.5.html#autoservices"><strong>"auto services"</strong></a>. +<p><br><a name="preservecase"></a> +<li><strong><strong>preserve case (S)</strong></strong> +<p><br>This controls if new filenames are created with the case that the +client passes, or if they are forced to be the <code>"default"</code> case. +<p><br><strong>Default:</strong> +<code> preserve case = yes</code> +<p><br>See the section on <a href="smb.conf.5.html#NAMEMANGLING"><strong>"NAME MANGLING"</strong></a> for a +fuller discussion. +<p><br><a name="printcommand"></a> +<li><strong><strong>print command (S)</strong></strong> +<p><br>After a print job has finished spooling to a service, this command +will be used via a <code>system()</code> call to process the spool +file. Typically the command specified will submit the spool file to +the host's printing subsystem, but there is no requirement that this +be the case. The server will not remove the spool file, so whatever +command you specify should remove the spool file when it has been +processed, otherwise you will need to manually remove old spool files. +<p><br>The print command is simply a text string. It will be used verbatim, +with two exceptions: All occurrences of <code>"%s"</code> will be replaced by +the appropriate spool file name, and all occurrences of <code>"%p"</code> will +be replaced by the appropriate printer name. The spool file name is +generated automatically by the server, the printer name is discussed +below. +<p><br>The full path name will be used for the filename if <code>"%s"</code> is not +preceded by a <code>'/'</code>. If you don't like this (it can stuff up some +lpq output) then use <code>"%f"</code> instead. Any occurrences of <code>"%f"</code> get +replaced by the spool filename without the full path at the front. +<p><br>The print command <em>MUST</em> contain at least one occurrence of <code>"%s"</code> +or <code>"%f"</code> - the <code>"%p"</code> is optional. At the time a job is +submitted, if no printer name is supplied the <code>"%p"</code> will be +silently removed from the printer command. +<p><br>If specified in the <a href="smb.conf.5.html#global"><strong>"[global]"</strong></a> section, the print +command given will be used for any printable service that does not +have its own print command specified. +<p><br>If there is neither a specified print command for a printable service +nor a global print command, spool files will be created but not +processed and (most importantly) not removed. +<p><br>Note that printing may fail on some UNIXes from the <code>"nobody"</code> +account. If this happens then create an alternative guest account that +can print and set the <a href="smb.conf.5.html#guestaccount"><strong>"guest account"</strong></a> in the +<a href="smb.conf.5.html#global"><strong>"[global]"</strong></a> section. +<p><br>You can form quite complex print commands by realising that they are +just passed to a shell. For example the following will log a print +job, print the file, then remove it. Note that <code>';'</code> is the usual +separator for command in shell scripts. +<p><br><code>print command = echo Printing %s >> /tmp/print.log; lpr -P %p %s; rm %s</code> +<p><br>You may have to vary this command considerably depending on how you +normally print files on your system. The default for the parameter +varies depending on the setting of the <a href="smb.conf.5.html#printing"><strong>"printing="</strong></a> +parameter. +<p><br><strong>Default:</strong> + For <a href="smb.conf.5.html#printing"><strong>"printing="</strong></a> BSD, AIX, QNX, LPRNG or PLP : +<code> print command = lpr -r -P%p %s</code> +<p><br>For <a href="smb.conf.5.html#printing"><strong>"printing="</strong></a> SYS or HPUX : +<code> print command = lp -c -d%p %s; rm %s</code> +<p><br>For <a href="smb.conf.5.html#printing"><strong>"printing="</strong></a> SOFTQ : +<code> print command = lp -d%p -s %s; rm %s</code> +<p><br><strong>Example:</strong> +<code> print command = /usr/local/samba/bin/myprintscript %p %s</code> +<p><br><a name="printok"></a> +<li><strong><strong>print ok (S)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#printable"><strong>printable</strong></a>. +<p><br><a name="printable"></a> +<li><strong><strong>printable (S)</strong></strong> +<p><br>If this parameter is <code>"yes"</code>, then clients may open, write to and +submit spool files on the directory specified for the service. +<p><br>Note that a printable service will ALWAYS allow writing to the service +path (user privileges permitting) via the spooling of print data. The +<a href="smb.conf.5.html#readonly"><strong>"read only"</strong></a> parameter controls only non-printing +access to the resource. +<p><br><strong>Default:</strong> +<code> printable = no</code> +<p><br><strong>Example:</strong> +<code> printable = yes</code> +<p><br><a name="printcap"></a> +<li><strong><strong>printcap (G)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#printcapname"><strong>printcapname</strong></a>. +<p><br><a name="printcapname"></a> +<li><strong><strong>printcap name (G)</strong></strong> +<p><br>This parameter may be used to override the compiled-in default +printcap name used by the server (usually /etc/printcap). See the +discussion of the <a href="smb.conf.5.html#printers"><strong>[printers]</strong></a> section above for +reasons why you might want to do this. +<p><br>On System V systems that use <strong>lpstat</strong> to list available printers you +can use <code>"printcap name = lpstat"</code> to automatically obtain lists of +available printers. This is the default for systems that define SYSV +at configure time in Samba (this includes most System V based +systems). If <strong>"printcap name"</strong> is set to <strong>lpstat</strong> on these systems +then Samba will launch <code>"lpstat -v"</code> and attempt to parse the output +to obtain a printer list. +<p><br>A minimal printcap file would look something like this: +<p><br><pre> + + print1|My Printer 1 + print2|My Printer 2 + print3|My Printer 3 + print4|My Printer 4 + print5|My Printer 5 + +</pre> + +<p><br>where the <code>'|'</code> separates aliases of a printer. The fact that the +second alias has a space in it gives a hint to Samba that it's a +comment. +<p><br><em>NOTE</em>: Under AIX the default printcap name is +<code>"/etc/qconfig"</code>. Samba will assume the file is in AIX <code>"qconfig"</code> +format if the string <code>"/qconfig"</code> appears in the printcap filename. +<p><br><strong>Default:</strong> +<code> printcap name = /etc/printcap</code> +<p><br><strong>Example:</strong> +<code> printcap name = /etc/myprintcap</code> +<p><br><a name="printer"></a> +<li><strong><strong>printer (S)</strong></strong> +<p><br>This parameter specifies the name of the printer to which print jobs +spooled through a printable service will be sent. +<p><br>If specified in the <a href="smb.conf.5.html#global"><strong>[global]</strong></a> section, the printer +name given will be used for any printable service that does not have +its own printer name specified. +<p><br><strong>Default:</strong> + none (but may be <code>"lp"</code> on many systems) +<p><br><strong>Example:</strong> + printer name = laserwriter +<p><br><a name="printerdriver"></a> +<li><strong><strong>printer driver (S)</strong></strong> +<p><br>This option allows you to control the string that clients receive when +they ask the server for the printer driver associated with a +printer. If you are using Windows95 or WindowsNT then you can use this +to automate the setup of printers on your system. +<p><br>You need to set this parameter to the exact string (case sensitive) +that describes the appropriate printer driver for your system. If you +don't know the exact string to use then you should first try with no +<strong>"printer driver"</strong> option set and the client will give you a list of +printer drivers. The appropriate strings are shown in a scrollbox +after you have chosen the printer manufacturer. +<p><br>See also <a href="smb.conf.5.html#printerdriverfile"><strong>"printer driver file"</strong></a>. +<p><br><strong>Example:</strong> + printer driver = HP LaserJet 4L +<p><br><a name="printerdriverfile"></a> +<li><strong><strong>printer driver file (G)</strong></strong> +<p><br>This parameter tells Samba where the printer driver definition file, +used when serving drivers to Windows 95 clients, is to be found. If +this is not set, the default is : +<p><br><code>SAMBA_INSTALL_DIRECTORY/lib/printers.def</code> +<p><br>This file is created from Windows 95 <code>"msprint.def"</code> files found on +the Windows 95 client system. For more details on setting up serving +of printer drivers to Windows 95 clients, see the documentation file +in the docs/ directory, PRINTER_DRIVER.txt. +<p><br><strong>Default:</strong> +<code> None (set in compile).</code> +<p><br><strong>Example:</strong> +<code> printer driver file = /usr/local/samba/printers/drivers.def</code> +<p><br>See also <a href="smb.conf.5.html#printerdriverlocation"><strong>"printer driver location"</strong></a>. +<p><br><a name="printerdriverlocation"></a> +<li><strong><strong>printer driver location (S)</strong></strong> +<p><br>This parameter tells clients of a particular printer share where to +find the printer driver files for the automatic installation of +drivers for Windows 95 machines. If Samba is set up to serve printer +drivers to Windows 95 machines, this should be set to +<p><br><code>\\MACHINE\aPRINTER$</code> +<p><br>Where MACHINE is the NetBIOS name of your Samba server, and PRINTER$ +is a share you set up for serving printer driver files. For more +details on setting this up see the documentation file in the docs/ +directory, PRINTER_DRIVER.txt. +<p><br><strong>Default:</strong> +<code> None</code> +<p><br><strong>Example:</strong> +<code> printer driver location = \\MACHINE\PRINTER$</code> +<p><br>See also <a href="smb.conf.5.html#printerdriverfile"><strong>"printer driver file"</strong></a>. +<p><br><a name="printername"></a> +<li><strong><strong>printer name (S)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#printer"><strong>printer</strong></a>. +<p><br><a name="printing"></a> +<li><strong><strong>printing (S)</strong></strong> +<p><br>This parameters controls how printer status information is interpreted +on your system, and also affects the default values for the +<a href="smb.conf.5.html#printcommand"><strong>"print command"</strong></a>, <a href="smb.conf.5.html#lpqcommand"><strong>"lpq +command"</strong></a> <a href="smb.conf.5.html#lppausecommand"><strong>"lppause command"</strong></a>, +<a href="smb.conf.5.html#lpresumecommand"><strong>"lpresume command"</strong></a>, and <a href="smb.conf.5.html#lprmcommand"><strong>"lprm +command"</strong></a>. +<p><br>Currently eight printing styles are supported. They are +<strong>"printing=BSD"</strong>, <strong>"printing=AIX"</strong>, <strong>"printing=LPRNG"</strong>, +<strong>"printing=PLP"</strong>, +<strong>"printing=SYSV"</strong>,<strong>"printing="HPUX"</strong>,<strong>"printing=QNX"</strong> and +<strong>"printing=SOFTQ"</strong>. +<p><br>To see what the defaults are for the other print commands when using +these three options use the <a href="testparm"><strong>"testparm"</strong></a> program. +<p><br>This option can be set on a per printer basis +<p><br>See also the discussion in the <a href="smb.conf.5.html#printers"><strong>[printers]</strong></a> section. +<p><br><a name="protocol"></a> +<li><strong><strong>protocol (G)</strong></strong> +<p><br>The value of the parameter (a string) is the highest protocol level +that will be supported by the server. +<p><br>Possible values are : +<p><br><ul> +<p><br><li > CORE: Earliest version. No concept of user names. +<p><br><li > COREPLUS: Slight improvements on CORE for efficiency. +<p><br><li > LANMAN1: First <em>"modern"</em> version of the protocol. Long +filename support. +<p><br><li > LANMAN2: Updates to Lanman1 protocol. +<p><br><li > NT1: Current up to date version of the protocol. Used by Windows +NT. Known as CIFS. +<p><br></ul> +<p><br>Normally this option should not be set as the automatic negotiation +phase in the SMB protocol takes care of choosing the appropriate +protocol. +<p><br><strong>Default:</strong> +<code> protocol = NT1</code> +<p><br><strong>Example:</strong> +<code> protocol = LANMAN1</code> +<p><br><a name="public"></a> +<li><strong><strong>public (S)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#guestok"><strong>"guest ok"</strong></a>. +<p><br><a name="queuepausecommand"></a> +<li><strong><strong>queuepause command (S)</strong></strong> +<p><br>This parameter specifies the command to be executed on the server host +in order to pause the printerqueue. +<p><br>This command should be a program or script which takes a printer name +as its only parameter and stops the printerqueue, such that no longer +jobs are submitted to the printer. +<p><br>This command is not supported by Windows for Workgroups, but can be +issued from the Printer's window under Windows 95 & NT. +<p><br>If a <code>"%p"</code> is given then the printername is put in its +place. Otherwise it is placed at the end of the command. +<p><br>Note that it is good practice to include the absolute path in the +command as the PATH may not be available to the server. +<p><br><strong>Default:</strong> +<code> depends on the setting of "printing ="</code> +<p><br><strong>Example:</strong> +<code> queuepause command = disable %p</code> +<p><br><a name="queueresumecommand"></a> +<li><strong><strong>queueresume command (S)</strong></strong> +<p><br>This parameter specifies the command to be executed on the server host +in order to resume the printerqueue. It is the command to undo the +behaviour that is caused by the previous parameter +(<a href="smb.conf.5.html#queuepausecommand"><strong>"queuepause command</strong></a>). +<p><br>This command should be a program or script which takes a printer name +as its only parameter and resumes the printerqueue, such that queued +jobs are resubmitted to the printer. +<p><br>This command is not supported by Windows for Workgroups, but can be +issued from the Printer's window under Windows 95 & NT. +<p><br>If a <code>"%p"</code> is given then the printername is put in its +place. Otherwise it is placed at the end of the command. +<p><br>Note that it is good practice to include the absolute path in the +command as the PATH may not be available to the server. +<p><br><strong>Default:</strong> +<code> depends on the setting of "printing ="</code> +<p><br><strong>Example:</strong> +<code> queuepause command = enable %p</code> +<p><br><a name="readbmpx"></a> +<li><strong><strong>read bmpx (G)</strong></strong> +<p><br>This boolean parameter controls whether <a href="smbd.8.html"><strong>smbd</strong></a> +will support the "Read Block Multiplex" SMB. This is now rarely used +and defaults to off. You should never need to set this parameter. +<p><br><strong>Default:</strong> + read bmpx = No +<p><br><a name="readlist"></a> +<li><strong><strong>read list (S)</strong></strong> +<p><br>This is a list of users that are given read-only access to a +service. If the connecting user is in this list then they will not be +given write access, no matter what the <a href="smb.conf.5.html#readonly"><strong>"read only"</strong></a> +option is set to. The list can include group names using the syntax +described in the <a href="smb.conf.5.html#invalidusers"><strong>"invalid users"</strong></a> parameter. +<p><br>See also the <a href="smb.conf.5.html#writelist"><strong>"write list"</strong></a> parameter and +the <a href="smb.conf.5.html#invalidusers"><strong>"invalid users"</strong></a> parameter. +<p><br><strong>Default:</strong> +<code> read list = <empty string></code> +<p><br><strong>Example:</strong> +<code> read list = mary, @students</code> +<p><br><a name="readonly"></a> +<li><strong><strong>read only (S)</strong></strong> +<p><br>Note that this is an inverted synonym for +<a href="smb.conf.5.html#writable"><strong>"writable"</strong></a> and <a href="smb.conf.5.html#writeok"><strong>"write ok"</strong></a>. +<p><br>See also <a href="smb.conf.5.html#writable"><strong>"writable"</strong></a> and <a href="smb.conf.5.html#writeok"><strong>"write +ok"</strong></a>. +<p><br><a name="readprediction"></a> +<li><strong><strong>read prediction (G)</strong></strong> +<p><br><em>NOTE</em>: This code is currently disabled in Samba2.0 and +may be removed at a later date. Hence this parameter has +no effect. +<p><br>This options enables or disables the read prediction code used to +speed up reads from the server. When enabled the server will try to +pre-read data from the last accessed file that was opened read-only +while waiting for packets. +<p><br><strong>Default:</strong> +<code> read prediction = False</code> +<p><br><a name="readraw"></a> +<li><strong><strong>read raw (G)</strong></strong> +<p><br>This parameter controls whether or not the server will support the raw +read SMB requests when transferring data to clients. +<p><br>If enabled, raw reads allow reads of 65535 bytes in one packet. This +typically provides a major performance benefit. +<p><br>However, some clients either negotiate the allowable block size +incorrectly or are incapable of supporting larger block sizes, and for +these clients you may need to disable raw reads. +<p><br>In general this parameter should be viewed as a system tuning tool and left +severely alone. See also <a href="smb.conf.5.html#writeraw"><strong>"write raw"</strong></a>. +<p><br><strong>Default:</strong> +<code> read raw = yes</code> +<p><br><a name="readsize"></a> +<li><strong><strong>read size (G)</strong></strong> +<p><br>The option <strong>"read size"</strong> affects the overlap of disk reads/writes +with network reads/writes. If the amount of data being transferred in +several of the SMB commands (currently SMBwrite, SMBwriteX and +SMBreadbraw) is larger than this value then the server begins writing +the data before it has received the whole packet from the network, or +in the case of SMBreadbraw, it begins writing to the network before +all the data has been read from disk. +<p><br>This overlapping works best when the speeds of disk and network access +are similar, having very little effect when the speed of one is much +greater than the other. +<p><br>The default value is 2048, but very little experimentation has been +done yet to determine the optimal value, and it is likely that the +best value will vary greatly between systems anyway. A value over +65536 is pointless and will cause you to allocate memory +unnecessarily. +<p><br><strong>Default:</strong> +<code> read size = 2048</code> +<p><br><strong>Example:</strong> +<code> read size = 8192</code> +<p><br><a name="remoteannounce"></a> +<li><strong><strong>remote announce (G)</strong></strong> +<p><br>This option allows you to setup <a href="nmbd.8.html"><strong>nmbd</strong></a> to +periodically announce itself to arbitrary IP addresses with an +arbitrary workgroup name. +<p><br>This is useful if you want your Samba server to appear in a remote +workgroup for which the normal browse propagation rules don't +work. The remote workgroup can be anywhere that you can send IP +packets to. +<p><br>For example: +<p><br><code> remote announce = 192.168.2.255/SERVERS 192.168.4.255/STAFF</code> +<p><br>the above line would cause nmbd to announce itself to the two given IP +addresses using the given workgroup names. If you leave out the +workgroup name then the one given in the +<a href="smb.conf.5.html#workgroup"><strong>"workgroup"</strong></a> parameter is used instead. +<p><br>The IP addresses you choose would normally be the broadcast addresses +of the remote networks, but can also be the IP addresses of known +browse masters if your network config is that stable. +<p><br>See the documentation file BROWSING.txt in the docs/ directory. +<p><br><strong>Default:</strong> +<code> remote announce = <empty string></code> +<p><br><strong>Example:</strong> +<code> remote announce = 192.168.2.255/SERVERS 192.168.4.255/STAFF</code> +<p><br><a name="remotebrowsesync"></a> +<li><strong><strong>remote browse sync (G)</strong></strong> +<p><br>This option allows you to setup <a href="nmbd.8.html"><strong>nmbd</strong></a> to +periodically request synchronisation of browse lists with the master +browser of a samba server that is on a remote segment. This option +will allow you to gain browse lists for multiple workgroups across +routed networks. This is done in a manner that does not work with any +non-samba servers. +<p><br>This is useful if you want your Samba server and all local clients to +appear in a remote workgroup for which the normal browse propagation +rules don't work. The remote workgroup can be anywhere that you can +send IP packets to. +<p><br>For example: +<p><br><code> remote browse sync = 192.168.2.255 192.168.4.255</code> +<p><br>the above line would cause <a href="nmbd.8.html"><strong>nmbd</strong></a> to request the +master browser on the specified subnets or addresses to synchronise +their browse lists with the local server. +<p><br>The IP addresses you choose would normally be the broadcast addresses +of the remote networks, but can also be the IP addresses of known +browse masters if your network config is that stable. If a machine IP +address is given Samba makes NO attempt to validate that the remote +machine is available, is listening, nor that it is in fact the browse +master on it's segment. +<p><br><strong>Default:</strong> +<code> remote browse sync = <empty string></code> +<p><br><strong>Example:</strong> +<code> remote browse sync = 192.168.2.255 192.168.4.255</code> +<p><br><a name="revalidate"></a> +<li><strong><strong>revalidate (S)</strong></strong> +<p><br>Note that this option only works with +<a href="smb.conf.5.html#securityequalshare"><strong>"security=share"</strong></a> and will be ignored if +this is not the case. +<p><br>This option controls whether Samba will allow a previously validated +username/password pair to be used to attach to a share. Thus if you +connect to <code>\\server\share1</code> then to <code>\\server\share2</code> it won't +automatically allow the client to request connection to the second +share as the same username as the first without a password. +<p><br>If <strong>"revalidate"</strong> is <code>"True"</code> then the client will be denied +automatic access as the same username. +<p><br><strong>Default:</strong> +<code> revalidate = False</code> +<p><br><strong>Example:</strong> +<code> revalidate = True</code> +<p><br><a name="root"></a> +<li><strong><strong>root (G)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#rootdirectory"><strong>"root directory"</strong></a>. +<p><br><a name="rootdir"></a> +<li><strong><strong>root dir (G)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#rootdirectory"><strong>"root directory"</strong></a>. +<p><br><a name="rootdirectory"></a> +<li><strong><strong>root directory (G)</strong></strong> +<p><br>The server will <code>"chroot()"</code> (ie. Change it's root directory) to +this directory on startup. This is not strictly necessary for secure +operation. Even without it the server will deny access to files not in +one of the service entries. It may also check for, and deny access to, +soft links to other parts of the filesystem, or attempts to use +<code>".."</code> in file names to access other directories (depending on the +setting of the <a href="smb.conf.5.html#widelinks"><strong>"wide links"</strong></a> parameter). +<p><br>Adding a <strong>"root directory"</strong> entry other than <code>"/"</code> adds an extra +level of security, but at a price. It absolutely ensures that no +access is given to files not in the sub-tree specified in the <strong>"root +directory"</strong> option, <em>*including*</em> some files needed for complete +operation of the server. To maintain full operability of the server +you will need to mirror some system files into the <strong>"root +directory"</strong> tree. In particular you will need to mirror /etc/passwd +(or a subset of it), and any binaries or configuration files needed +for printing (if required). The set of files that must be mirrored is +operating system dependent. +<p><br><strong>Default:</strong> +<code> root directory = /</code> +<p><br><strong>Example:</strong> +<code> root directory = /homes/smb</code> +<p><br><a name="rootpostexec"></a> +<li><strong><strong>root postexec (S)</strong></strong> +<p><br>This is the same as the <a href="smb.conf.5.html#postexec"><strong>"postexec"</strong></a> parameter +except that the command is run as root. This is useful for unmounting +filesystems (such as cdroms) after a connection is closed. +<p><br>See also <a href="smb.conf.5.html#postexec"><strong>"postexec"</strong></a>. +<p><br><a name="rootpreexec"></a> +<li><strong><strong>root preexec (S)</strong></strong> +<p><br>This is the same as the <a href="smb.conf.5.html#preexec"><strong>"preexec"</strong></a> parameter except +that the command is run as root. This is useful for mounting +filesystems (such as cdroms) before a connection is finalised. +<p><br>See also <a href="smb.conf.5.html#preexec"><strong>"preexec"</strong></a>. +<p><br><a name="security"></a> +<li><strong><strong>security (G)</strong></strong> +<p><br>This option affects how clients respond to Samba and is one of the most +important settings in the <strong>smb.conf</strong> file. +<p><br>The option sets the <code>"security mode bit"</code> in replies to protocol +negotiations with <a href="smbd.8.html"><strong>smbd</strong></a> to turn share level +security on or off. Clients decide based on this bit whether (and how) +to transfer user and password information to the server. +<p><br>The default is <a href="smb.conf.5.html#securityequaluser">"security=user"</a>, as this is +the most common setting needed when talking to Windows 98 and Windows +NT. +<p><br>The alternatives are <a href="smb.conf.5.html#securityequalshare"><strong>"security = share"</strong></a>, +<a href="smb.conf.5.html#securityequalserver"><strong>"security = server"</strong></a> or +<a href="smb.conf.5.html#securityequaldomain"><strong>"security=domain"</strong></a>. +<p><br><em>*****NOTE THAT THIS DEFAULT IS DIFFERENT IN SAMBA2.0 THAN FOR +PREVIOUS VERSIONS OF SAMBA *******</em>. +<p><br>In previous versions of Samba the default was +<a href="smb.conf.5.html#securityequalshare"><strong>"security=share"</strong></a> mainly because that was +the only option at one stage. +<p><br>There is a bug in WfWg that has relevence to this setting. When in +user or server level security a WfWg client will totally ignore the +password you type in the "connect drive" dialog box. This makes it +very difficult (if not impossible) to connect to a Samba service as +anyone except the user that you are logged into WfWg as. +<p><br>If your PCs use usernames that are the same as their usernames on the +UNIX machine then you will want to use <strong>"security = user"</strong>. If you +mostly use usernames that don't exist on the UNIX box then use +<strong>"security = share"</strong>. +<p><br>You should also use <a href="smb.conf.5.html#securityequalshare"><strong>security=share</strong></a> if +you want to mainly setup shares without a password (guest +shares). This is commonly used for a shared printer server. It is more +difficult to setup guest shares with +<a href="smb.conf.5.html#securityequaluser"><strong>security=user</strong></a>, see the <a href="smb.conf.5.html#maptoguest"><strong>"map to +guest"</strong></a>parameter for details. +<p><br>It is possible to use <a href="smbd.8.html"><strong>smbd</strong></a> in a <em>"hybred +mode"</em> where it is offers both user and share level security under +different <a href="smb.conf.5.html#netbiosaliases"><strong>NetBIOS aliases</strong></a>. See the +<a href="smb.conf.5.html#netbiosaliases"><strong>NetBIOS aliases</strong></a> and the +<a href="smb.conf.5.html#include"><strong>include</strong></a> parameters for more information. +<p><br>The different settings will now be explained. +<p><br><ul> +<p><br><a name="securityequalshare"></a> +<li><strong><strong>"security=share"</strong></strong> When clients connect to a share level +security server then need not log onto the server with a valid +username and password before attempting to connect to a shared +resource (although modern clients such as Windows 95/98 and Windows NT +will send a logon request with a username but no password when talking +to a <strong>security=share</strong> server). Instead, the clients send +authentication information (passwords) on a per-share basis, at the +time they attempt to connect to that share. +<p><br>Note that <a href="smbd.8.html"><strong>smbd</strong></a> <em>*ALWAYS*</em> uses a valid UNIX +user to act on behalf of the client, even in <strong>"security=share"</strong> +level security. +<p><br>As clients are not required to send a username to the server +in share level security, <a href="smbd.8.html"><strong>smbd</strong></a> uses several +techniques to determine the correct UNIX user to use on behalf +of the client. +<p><br>A list of possible UNIX usernames to match with the given +client password is constructed using the following methods : +<p><br><ul> +<p><br><li > If the <a href="smb.conf.5.html#guestonly"><strong>"guest only"</strong></a> parameter is set, then +all the other stages are missed and only the <a href="smb.conf.5.html#guestaccount"><strong>"guest +account"</strong></a> username is checked. +<p><br><li > Is a username is sent with the share connection request, then +this username (after mapping - see <a href="smb.conf.5.html#usernamemap"><strong>"username +map"</strong></a>), is added as a potential username. +<p><br><li > If the client did a previous <em>"logon"</em> request (the +SessionSetup SMB call) then the username sent in this SMB +will be added as a potential username. +<p><br><li > The name of the service the client requested is added +as a potential username. +<p><br><li > The NetBIOS name of the client is added to the list as a +potential username. +<p><br><li > Any users on the <a href="smb.conf.5.html#user"><strong>"user"</strong></a> list are added +as potential usernames. +<p><br></ul> +<p><br>If the <a href="smb.conf.5.html#guestonly"><strong>"guest only"</strong></a> parameter is not set, then +this list is then tried with the supplied password. The first user for +whom the password matches will be used as the UNIX user. +<p><br>If the <a href="smb.conf.5.html#guestonly"><strong>"guest only"</strong></a> parameter is set, or no +username can be determined then if the share is marked as available to +the <a href="smb.conf.5.html#guestaccount"><strong>"guest account"</strong></a>, then this guest user will +be used, otherwise access is denied. +<p><br>Note that it can be <em>*very*</em> confusing in share-level security as to +which UNIX username will eventually be used in granting access. +<p><br>See also the section <a href="smb.conf.5.html#NOTEABOUTUSERNAMEPASSWORDVALIDATION"><strong>"NOTE ABOUT USERNAME/PASSWORD +VALIDATION"</strong></a>. +<p><br><a name="securityequaluser"></a> +<li><strong><strong>"security=user"</strong></strong> +<p><br>This is the default security setting in Samba2.0. With user-level +security a client must first <code>"log-on"</code> with a valid username and +password (which can be mapped using the <a href="smb.conf.5.html#usernamemap"><strong>"username +map"</strong></a> parameter). Encrypted passwords (see the +<a href="smb.conf.5.html#encryptpasswords"><strong>"encrypted passwords"</strong></a> parameter) can also +be used in this security mode. Parameters such as +<a href="smb.conf.5.html#user"><strong>"user"</strong></a> and <a href="smb.conf.5.html#guestonly"><strong>"guest only"</strong></a>, if set +are then applied and may change the UNIX user to use on this +connection, but only after the user has been successfully +authenticated. +<p><br><em>Note</em> that the the name of the resource being requested is +<em>*not*</em> sent to the server until after the server has successfully +authenticated the client. This is why guest shares don't work in user +level security without allowing the server to automatically map unknown +users into the <a href="smb.conf.5.html#guestaccount"><strong>"guest account"</strong></a>. See the +<a href="smb.conf.5.html#maptoguest"><strong>"map to guest"</strong></a> parameter for details on +doing this. +<p><br>See also the section <a href="smb.conf.5.html#NOTEABOUTUSERNAMEPASSWORDVALIDATION"><strong>"NOTE ABOUT USERNAME/PASSWORD +VALIDATION"</strong></a>. +<p><br><a name="securityequalserver"></a> +<li><strong><strong>"security=server"</strong></strong> +<p><br>In this mode Samba will try to validate the username/password by +passing it to another SMB server, such as an NT box. If this fails it +will revert to <strong>"security = user"</strong>, but note that if encrypted +passwords have been negotiated then Samba cannot revert back to +checking the UNIX password file, it must have a valid smbpasswd file +to check users against. See the documentation file in the docs/ +directory ENCRYPTION.txt for details on how to set this up. +<p><br><em>Note</em> that from the clients point of view <strong>"security=server"</strong> is +the same as <a href="smb.conf.5.html#securityequaluser"><strong>"security=user"</strong></a>. It only +affects how the server deals with the authentication, it does not in +any way affect what the client sees. +<p><br><em>Note</em> that the the name of the resource being requested is +<em>*not*</em> sent to the server until after the server has successfully +authenticated the client. This is why guest shares don't work in server +level security without allowing the server to automatically map unknown +users into the <a href="smb.conf.5.html#guestaccount"><strong>"guest account"</strong></a>. See the +<a href="smb.conf.5.html#maptoguest"><strong>"map to guest"</strong></a> parameter for details on +doing this. +<p><br>See also the section <a href="smb.conf.5.html#NOTEABOUTUSERNAMEPASSWORDVALIDATION"><strong>"NOTE ABOUT USERNAME/PASSWORD +VALIDATION"</strong></a>. +<p><br>See also the <a href="smb.conf.5.html#passwordserver"><strong>"password server"</strong></a> parameter. +and the <a href="smb.conf.5.html#encryptpasswords"><strong>"encrypted passwords"</strong></a> parameter. +<p><br><a name="securityequaldomain"></a> +<li><strong><strong>"security=domain"</strong></strong> +<p><br>This mode will only work correctly if +<a href="smbpasswd.8.html"><strong>smbpasswd</strong></a> has been used to add this machine +into a Windows NT Domain. It expects the <a href="smb.conf.5.html#encryptpasswords"><strong>"encrypted +passwords"</strong></a> parameter to be set to <code>"true"</code>. In +this mode Samba will try to validate the username/password by passing +it to a Windows NT Primary or Backup Domain Controller, in exactly the +same way that a Windows NT Server would do. +<p><br><em>Note</em> that a valid UNIX user must still exist as well as the +account on the Domain Controller to allow Samba to have a valid +UNIX account to map file access to. +<p><br><em>Note</em> that from the clients point of view <strong>"security=domain"</strong> is +the same as <a href="smb.conf.5.html#securityequaluser"><strong>"security=user"</strong></a>. It only +affects how the server deals with the authentication, it does not in +any way affect what the client sees. +<p><br><em>Note</em> that the the name of the resource being requested is +<em>*not*</em> sent to the server until after the server has successfully +authenticated the client. This is why guest shares don't work in domain +level security without allowing the server to automatically map unknown +users into the <a href="smb.conf.5.html#guestaccount"><strong>"guest account"</strong></a>. See the +<a href="smb.conf.5.html#maptoguest"><strong>"map to guest"</strong></a> parameter for details on +doing this. +<p><br>e,(BUG:) There is currently a bug in the implementation of +<strong>"security=domain</strong> with respect to multi-byte character +set usernames. The communication with a Domain Controller +must be done in UNICODE and Samba currently does not widen +multi-byte user names to UNICODE correctly, thus a multi-byte +username will not be recognised correctly at the Domain Controller. +This issue will be addressed in a future release. +<p><br>See also the section <a href="smb.conf.5.html#NOTEABOUTUSERNAMEPASSWORDVALIDATION"><strong>"NOTE ABOUT USERNAME/PASSWORD +VALIDATION"</strong></a>. +<p><br>See also the <a href="smb.conf.5.html#passwordserver"><strong>"password server"</strong></a> parameter. +and the <a href="smb.conf.5.html#encryptpasswords"><strong>"encrypted passwords"</strong></a> parameter. +<p><br></ul> +<p><br><strong>Default:</strong> +<code> security = USER</code> +<p><br><strong>Example:</strong> +<code> security = DOMAIN</code> +<p><br><a name="serverstring"></a> +<li><strong><strong>server string (G)</strong></strong> +<p><br>This controls what string will show up in the printer comment box in +print manager and next to the IPC connection in <code>"net view"</code>. It can be +any string that you wish to show to your users. +<p><br>It also sets what will appear in browse lists next to the machine +name. +<p><br>A <code>"%v"</code> will be replaced with the Samba version number. +<p><br>A <code>"%h"</code> will be replaced with the hostname. +<p><br><strong>Default:</strong> +<code> server string = Samba %v</code> +<p><br><strong>Example:</strong> +<code> server string = University of GNUs Samba Server</code> +<p><br><a name="setdirectory"></a> +<li><strong><strong>set directory (S)</strong></strong> +<p><br>If <code>"set directory = no"</code>, then users of the service may not use the +setdir command to change directory. +<p><br>The setdir command is only implemented in the Digital Pathworks +client. See the Pathworks documentation for details. +<p><br><strong>Default:</strong> +<code> set directory = no</code> +<p><br><strong>Example:</strong> +<code> set directory = yes</code> +<p><br><a name="sharemodes"></a> +<li><strong><strong>share modes (S)</strong></strong> +<p><br>This enables or disables the honouring of the <code>"share modes"</code> during a +file open. These modes are used by clients to gain exclusive read or +write access to a file. +<p><br>These open modes are not directly supported by UNIX, so they are +simulated using shared memory, or lock files if your UNIX doesn't +support shared memory (almost all do). +<p><br>The share modes that are enabled by this option are DENY_DOS, +DENY_ALL, DENY_READ, DENY_WRITE, DENY_NONE and DENY_FCB. +<p><br>This option gives full share compatibility and enabled by default. +<p><br>You should <em>*NEVER*</em> turn this parameter off as many Windows +applications will break if you do so. +<p><br><strong>Default:</strong> +<code> share modes = yes</code> +<p><br><a name="sharedmemsize"></a> +<li><strong><strong>shared mem size (G)</strong></strong> +<p><br>It specifies the size of the shared memory (in bytes) to use between +<a href="smbd.8.html"><strong>smbd</strong></a> processes. This parameter defaults to one +megabyte of shared memory. It is possible that if you have a large +server with many files open simultaneously that you may need to +increase this parameter. Signs that this parameter is set too low are +users reporting strange problems trying to save files (locking errors) +and error messages in the smbd log looking like <code>"ERROR +smb_shm_alloc : alloc of XX bytes failed"</code>. +<p><br><strong>Default:</strong> +<code> shared mem size = 1048576</code> +<p><br><strong>Example:</strong> +<code> shared mem size = 5242880 ; Set to 5mb for a large number of files.</code> +<p><br><a name="shortpreservecase"></a> +<li><strong><strong>short preserve case (G)</strong></strong> +<p><br>This boolean parameter controls if new files which conform to 8.3 +syntax, that is all in upper case and of suitable length, are created +upper case, or if they are forced to be the <code>"default"</code> case. This +option can be use with <a href="smb.conf.5.html#preservecaseoption"><strong>"preserve case +=yes"</strong></a> to permit long filenames to retain their +case, while short names are lowered. Default <em>Yes</em>. +<p><br>See the section on <a href="smb.conf.5.html#NAMEMANGLING"><strong>NAME MANGLING</strong></a>. +<p><br><strong>Default:</strong> +<code> short preserve case = yes</code> +<p><br><a name="smbpasswdfile"></a> +<li><strong><strong>smb passwd file (G)</strong></strong> +<p><br>This option sets the path to the encrypted smbpasswd file. By default +the path to the smbpasswd file is compiled into Samba. +<p><br><strong>Default:</strong> +<code> smb passwd file= <compiled default></code> +<p><br><strong>Example:</strong> +<code> smb passwd file = /usr/samba/private/smbpasswd</code> +<p><br><a name="smbrun"></a> +<li><strong><strong>smbrun (G)</strong></strong> +<p><br>This sets the full path to the <strong>smbrun</strong> binary. This defaults to the +value in the Makefile. +<p><br>You must get this path right for many services to work correctly. +<p><br>You should not need to change this parameter so long as Samba +is installed correctly. +<p><br><strong>Default:</strong> +<code> smbrun=<compiled default></code> +<p><br><strong>Example:</strong> +<code> smbrun = /usr/local/samba/bin/smbrun</code> +<p><br><a name="socketaddress"></a> +<li><strong><strong>socket address (G)</strong></strong> +<p><br>This option allows you to control what address Samba will listen for +connections on. This is used to support multiple virtual interfaces on +the one server, each with a different configuration. +<p><br>By default samba will accept connections on any address. +<p><br><strong>Example:</strong> +<code> socket address = 192.168.2.20</code> +<p><br><a name="socketoptions"></a> +<li><strong><strong>socket options (G)</strong></strong> +<p><br>This option allows you to set socket options to be used when talking +with the client. +<p><br>Socket options are controls on the networking layer of the operating +systems which allow the connection to be tuned. +<p><br>This option will typically be used to tune your Samba server for +optimal performance for your local network. There is no way that Samba +can know what the optimal parameters are for your net, so you must +experiment and choose them yourself. We strongly suggest you read the +appropriate documentation for your operating system first (perhaps +<strong>"man setsockopt"</strong> will help). +<p><br>You may find that on some systems Samba will say "Unknown socket +option" when you supply an option. This means you either mis-typed it +or you need to add an include file to includes.h for your OS. If the +latter is the case please send the patch to +<a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>Any of the supported socket options may be combined in any way you +like, as long as your OS allows it. +<p><br>This is the list of socket options currently settable using this +option: +<p><br><ul> +<p><br><li > SO_KEEPALIVE +<p><br><li > SO_REUSEADDR +<p><br><li > SO_BROADCAST +<p><br><li > TCP_NODELAY +<p><br><li > IPTOS_LOWDELAY +<p><br><li > IPTOS_THROUGHPUT +<p><br><li > SO_SNDBUF * +<p><br><li > SO_RCVBUF * +<p><br><li > SO_SNDLOWAT * +<p><br><li > SO_RCVLOWAT * +<p><br></ul> +<p><br>Those marked with a <code>*</code> take an integer argument. The others can +optionally take a 1 or 0 argument to enable or disable the option, by +default they will be enabled if you don't specify 1 or 0. +<p><br>To specify an argument use the syntax SOME_OPTION=VALUE for example +<code>SO_SNDBUF=8192</code>. Note that you must not have any spaces before or after +the = sign. +<p><br>If you are on a local network then a sensible option might be +<p><br><code>socket options = IPTOS_LOWDELAY</code> +<p><br>If you have a local network then you could try: +<p><br><code>socket options = IPTOS_LOWDELAY TCP_NODELAY</code> +<p><br>If you are on a wide area network then perhaps try setting +IPTOS_THROUGHPUT. +<p><br>Note that several of the options may cause your Samba server to fail +completely. Use these options with caution! +<p><br><strong>Default:</strong> +<code> socket options = TCP_NODELAY</code> +<p><br><strong>Example:</strong> +<code> socket options = IPTOS_LOWDELAY</code> +<p><br><a name="ssl"></a> +<li><strong><strong>ssl (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>This variable enables or disables the entire SSL mode. If it is set to +"no", the SSL enabled samba behaves exactly like the non-SSL samba. If +set to "yes", it depends on the variables <a href="smb.conf.5.html#sslhosts"><strong>"ssl +hosts"</strong></a> and <a href="smb.conf.5.html#sslhostsresign"><strong>"ssl hosts resign"</strong></a> +whether an SSL connection will be required. +<p><br><strong>Default:</strong> +<code> ssl=no</code> + <strong>Example:</strong> +<code> ssl=yes</code> +<p><br><a name="sslCAcertDir"></a> +<li><strong><strong>ssl CA certDir (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>This variable defines where to look up the Certification +Autorities. The given directory should contain one file for each CA +that samba will trust. The file name must be the hash value over the +"Distinguished Name" of the CA. How this directory is set up is +explained later in this document. All files within the directory that +don't fit into this naming scheme are ignored. You don't need this +variable if you don't verify client certificates. +<p><br><strong>Default:</strong> +<code> ssl CA certDir = /usr/local/ssl/certs</code> +<p><br><a name="sslCAcertFile"></a> +<li><strong><strong>ssl CA certFile (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>This variable is a second way to define the trusted CAs. The +certificates of the trusted CAs are collected in one big file and this +variable points to the file. You will probably only use one of the two +ways to define your CAs. The first choice is preferable if you have +many CAs or want to be flexible, the second is perferable if you only +have one CA and want to keep things simple (you won't need to create +the hashed file names). You don't need this variable if you don't +verify client certificates. +<p><br><strong>Default:</strong> +<code> ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem</code> +<p><br><a name="sslciphers"></a> +<li><strong><strong>ssl ciphers (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>This variable defines the ciphers that should be offered during SSL +negotiation. You should not set this variable unless you know what you +are doing. +<p><br><a name="sslclientcert"></a> +<li><strong><strong>ssl client cert (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>The certificate in this file is used by +<a href="smbclient.1.html"><strong>smbclient</strong></a> if it exists. It's needed if the +server requires a client certificate. +<p><br><strong>Default:</strong> +<code> ssl client cert = /usr/local/ssl/certs/smbclient.pem</code> +<p><br><a name="sslclientkey"></a> +<li><strong><strong>ssl client key (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>This is the private key for <a href="smbclient.1.html"><strong>smbclient</strong></a>. It's +only needed if the client should have a certificate. +<p><br><strong>Default:</strong> +<code> ssl client key = /usr/local/ssl/private/smbclient.pem</code> +<p><br><a name="sslcompatibility"></a> +<li><strong><strong>ssl compatibility (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>This variable defines whether SSLeay should be configured for bug +compatibility with other SSL implementations. This is probably not +desirable because currently no clients with SSL implementations other +than SSLeay exist. +<p><br><strong>Default:</strong> +<code> ssl compatibility = no</code> +<p><br><a name="sslhosts"></a> +<li><strong><strong>ssl hosts (G)</strong></strong> +<p><br>See <a href="smb.conf.5.html#sslhostsresign"><strong>"ssl hosts resign"</strong></a>. +<p><br><a name="sslhostsresign"></a> +<li><strong><strong>ssl hosts resign (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>These two variables define whether samba will go into SSL mode or +not. If none of them is defined, samba will allow only SSL +connections. If the <a href="smb.conf.5.html#sslhosts"><strong>"ssl hosts"</strong></a> variable lists +hosts (by IP-address, IP-address range, net group or name), only these +hosts will be forced into SSL mode. If the <strong>"ssl hosts resign"</strong> +variable lists hosts, only these hosts will NOT be forced into SSL +mode. The syntax for these two variables is the same as for the +<a href="smb.conf.5.html#hostsallow"><strong>"hosts allow"</strong></a> and <a href="smb.conf.5.html#hostsdeny"><strong>"hosts +deny"</strong></a> pair of variables, only that the subject of the +decision is different: It's not the access right but whether SSL is +used or not. See the <a href="smb.conf.5.html#allowhosts"><strong>"allow hosts"</strong></a> parameter for +details. The example below requires SSL connections from all hosts +outside the local net (which is 192.168.*.*). +<p><br><strong>Default:</strong> +<code> ssl hosts = <empty string></code> +<code> ssl hosts resign = <empty string></code> +<p><br><strong>Example:</strong> +<code> ssl hosts resign = 192.168.</code> +<p><br><a name="sslrequireclientcert"></a> +<li><strong><strong>ssl require clientcert (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>If this variable is set to <code>"yes"</code>, the server will not tolerate +connections from clients that don't have a valid certificate. The +directory/file given in <a href="smb.conf.5.html#sslCAcertDir"><strong>"ssl CA certDir"</strong></a> and +<a href="smb.conf.5.html#sslCAcertFile"><strong>"ssl CA certFile"</strong></a> will be used to look up the +CAs that issued the client's certificate. If the certificate can't be +verified positively, the connection will be terminated. If this +variable is set to <code>"no"</code>, clients don't need certificates. Contrary +to web applications you really <em>*should*</em> require client +certificates. In the web environment the client's data is sensitive +(credit card numbers) and the server must prove to be trustworthy. In +a file server environment the server's data will be sensitive and the +clients must prove to be trustworthy. +<p><br><strong>Default:</strong> +<code> ssl require clientcert = no</code> +<p><br><a name="sslrequireservercert"></a> +<li><strong><strong>ssl require servercert (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>If this variable is set to <code>"yes"</code>, the +<a href="smbclient.1.html"><strong>smbclient</strong></a> will request a certificate from +the server. Same as <a href="smb.conf.5.html#sslrequireclientcert"><strong>"ssl require +clientcert"</strong></a> for the server. +<p><br><strong>Default:</strong> +<code> ssl require servercert = no</code> +<p><br><a name="sslservercert"></a> +<li><strong><strong>ssl server cert (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>This is the file containing the server's certificate. The server _must_ +have a certificate. The file may also contain the server's private key. +See later for how certificates and private keys are created. +<p><br><strong>Default:</strong> +<code> ssl server cert = <empty string></code> +<p><br><a name="sslserverkey"></a> +<li><strong><strong>ssl server key (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>This file contains the private key of the server. If this variable is +not defined, the key is looked up in the certificate file (it may be +appended to the certificate). The server <em>*must*</em> have a private key +and the certificate <em>*must*</em> match this private key. +<p><br><strong>Default:</strong> +<code> ssl server key = <empty string></code> +<p><br><a name="sslversion"></a> +<li><strong><strong>ssl version (G)</strong></strong> +<p><br>This variable is part of SSL-enabled Samba. This is only available if +the SSL libraries have been compiled on your system and the configure +option <code>"--with-ssl"</code> was given at configure time. +<p><br><em>Note</em> that for export control reasons this code is <em>**NOT**</em> +enabled by default in any current binary version of Samba. +<p><br>This enumeration variable defines the versions of the SSL protocol +that will be used. <code>"ssl2or3"</code> allows dynamic negotiation of SSL v2 +or v3, <code>"ssl2"</code> results in SSL v2, <code>"ssl3"</code> results in SSL v3 and +"tls1" results in TLS v1. TLS (Transport Layer Security) is the +(proposed?) new standard for SSL. +<p><br><strong>Default:</strong> +<code> ssl version = "ssl2or3"</code> +<p><br><a name="statcache"></a> +<li><strong><strong>stat cache (G)</strong></strong> +<p><br>This parameter determines if <a href="smbd.8.html"><strong>smbd</strong></a> will use a +cache in order to speed up case insensitive name mappings. You should +never need to change this parameter. +<p><br><strong>Default:</strong> +<code> stat cache = yes</code> +<p><br><a name="statcachesize"></a> +<li><strong><strong>stat cache size (G)</strong></strong> +<p><br>This parameter determines the number of entries in the <a href="smb.conf.5.html#statcache"><strong>stat +cache</strong></a>. You should never need to change this parameter. +<p><br><strong>Default:</strong> +<code> stat cache size = 50</code> +<p><br><a name="status"></a> +<li><strong><strong>status (G)</strong></strong> +<p><br>This enables or disables logging of connections to a status file that +<a href="smbstatus.1.html"><strong>smbstatus</strong></a> can read. +<p><br>With this disabled <a href="smbstatus.1.html"><strong>smbstatus</strong></a> won't be able +to tell you what connections are active. You should never need to +change this parameter. +<p><br><strong>Default:</strong> + status = yes +<p><br><a name="strictlocking"></a> +dir(<strong>strict locking (S)</strong>) +<p><br>This is a boolean that controls the handling of file locking in the +server. When this is set to <code>"yes"</code> the server will check every read and +write access for file locks, and deny access if locks exist. This can +be slow on some systems. +<p><br>When strict locking is <code>"no"</code> the server does file lock checks only +when the client explicitly asks for them. +<p><br>Well behaved clients always ask for lock checks when it is important, +so in the vast majority of cases <strong>"strict locking = no"</strong> is +preferable. +<p><br><strong>Default:</strong> +<code> strict locking = no</code> +<p><br><strong>Example:</strong> +<code> strict locking = yes</code> +<p><br><a name="strictsync"></a> +<li><strong><strong>strict sync (S)</strong></strong> +<p><br>Many Windows applications (including the Windows 98 explorer shell) +seem to confuse flushing buffer contents to disk with doing a sync to +disk. Under UNIX, a sync call forces the process to be suspended until +the kernel has ensured that all outstanding data in kernel disk +buffers has been safely stored onto stable storate. This is very slow +and should only be done rarely. Setting this parameter to "no" (the +default) means that smbd ignores the Windows applications requests for +a sync call. There is only a possibility of losing data if the +operating system itself that Samba is running on crashes, so there is +little danger in this default setting. In addition, this fixes many +performance problems that people have reported with the new Windows98 +explorer shell file copies. +<p><br>See also the <a href="smb.conf.5.html#syncalways"><strong>"sync always"</strong></a> parameter. +<p><br><strong>Default:</strong> +<code> strict sync = no</code> +<p><br><strong>Example:</strong> +<code> strict sync = yes</code> +<p><br><a name="stripdot"></a> +<li><strong><strong>strip dot (G)</strong></strong> +<p><br>This is a boolean that controls whether to strip trailing dots off +UNIX filenames. This helps with some CDROMs that have filenames ending +in a single dot. +<p><br><strong>Default:</strong> +<code> strip dot = no</code> +<p><br><strong>Example:</strong> +<code> strip dot = yes</code> +<p><br><a name="syncalways"></a> +<li><strong><strong>sync always (S)</strong></strong> +<p><br>This is a boolean parameter that controls whether writes will always +be written to stable storage before the write call returns. If this is +false then the server will be guided by the client's request in each +write call (clients can set a bit indicating that a particular write +should be synchronous). If this is true then every write will be +followed by a fsync() call to ensure the data is written to disk. +Note that the <a href="smb.conf.5.html#strictsync"><strong>"strict sync"</strong></a> parameter must be +set to <code>"yes"</code> in order for this parameter to have any affect. +<p><br>See also the <a href="smb.conf.5.html#strictsync"><strong>"strict sync"</strong></a> parameter. +<p><br><strong>Default:</strong> +<code> sync always = no</code> +<p><br><strong>xample:</strong> +<code> sync always = yes</code> +<p><br><a name="syslog"></a> +<li><strong><strong>syslog (G)</strong></strong> +<p><br>This parameter maps how Samba debug messages are logged onto the +system syslog logging levels. Samba debug level zero maps onto syslog +LOG_ERR, debug level one maps onto LOG_WARNING, debug level two maps +to LOG_NOTICE, debug level three maps onto LOG_INFO. The paramter +sets the threshold for doing the mapping, all Samba debug messages +above this threashold are mapped to syslog LOG_DEBUG messages. +<p><br><strong>Default:</strong> +<code> syslog = 1</code> +<p><br><a name="syslogonly"></a> +<li><strong><strong>syslog only (G)</strong></strong> +<p><br>If this parameter is set then Samba debug messages are logged into the +system syslog only, and not to the debug log files. +<p><br><strong>Default:</strong> +<code> syslog only = no</code> +<p><br><a name="timeoffset"></a> +<li><strong><strong>time offset (G)</strong></strong> +<p><br>This parameter is a setting in minutes to add to the normal GMT to +local time conversion. This is useful if you are serving a lot of PCs +that have incorrect daylight saving time handling. +<p><br><strong>Default:</strong> +<code> time offset = 0</code> +<p><br><strong>Example:</strong> +<code> time offset = 60</code> +<p><br><a name="timeserver"></a> +<p><br><li><strong><strong>time server (G)</strong></strong> +<p><br>This parameter determines if <a href="nmbd.8.html"><strong>nmbd</strong></a> advertises +itself as a time server to Windows clients. The default is False. +<p><br><strong>Default:</strong> +<code> time server = False</code> +<p><br><strong>Example:</strong> +<code> time server = True</code> +<p><br><a name="timestamplogs"></a> +<li><strong><strong>timestamp logs (G)</strong></strong> +<p><br>Samba2.0 will a timestamps to all log entries by default. This +can be distracting if you are attempting to debug a problem. This +parameter allows the timestamping to be turned off. +<p><br><strong>Default:</strong> +<code> timestamp logs = True</code> +<p><br><strong>Example:</strong> +<code> timestamp logs = False</code> +<p><br><a name="unixpasswordsync"></a> +<li><strong><strong>unix password sync (G)</strong></strong> +<p><br>This boolean parameter controlls whether Samba attempts to synchronise +the UNIX password with the SMB password when the encrypted SMB +password in the smbpasswd file is changed. If this is set to true the +program specified in the <a href="smb.conf.5.html#passwdprogram"><strong>"passwd program"</strong></a> +parameter is called <em>*AS ROOT*</em> - to allow the new UNIX password to be +set without access to the old UNIX password (as the SMB password has +change code has no access to the old password cleartext, only the +new). By default this is set to <code>"false"</code>. +<p><br>See also <a href="smb.conf.5.html#passwdprogram"><strong>"passwd program"</strong></a>, <a href="smb.conf.5.html#passwdchat"><strong>"passwd +chat"</strong></a>. +<p><br><strong>Default:</strong> +<code> unix password sync = False</code> +<p><br><strong>Example:</strong> +<code> unix password sync = True</code> +<p><br><a name="unixrealname"></a> +<li><strong><strong>unix realname (G)</strong></strong> +<p><br>This boolean parameter when set causes samba to supply the real name +field from the unix password file to the client. This is useful for +setting up mail clients and WWW browsers on systems used by more than +one person. +<p><br><strong>Default:</strong> +<code> unix realname = no</code> +<p><br><strong>Example:</strong> +<code> unix realname = yes</code> +<p><br><a name="updateencrypted"></a> +<li><strong><strong>update encrypted (G)</strong></strong> +<p><br>This boolean parameter allows a user logging on with a plaintext +password to have their encrypted (hashed) password in the smbpasswd +file to be updated automatically as they log on. This option allows a +site to migrate from plaintext password authentication (users +authenticate with plaintext password over the wire, and are checked +against a UNIX account database) to encrypted password authentication +(the SMB challenge/response authentication mechanism) without forcing +all users to re-enter their passwords via smbpasswd at the time the +change is made. This is a convenience option to allow the change over +to encrypted passwords to be made over a longer period. Once all users +have encrypted representations of their passwords in the smbpasswd +file this parameter should be set to <code>"off"</code>. +<p><br>In order for this parameter to work correctly the <a href="smb.conf.5.html#encryptpasswords"><strong>"encrypt +passwords"</strong></a> parameter must be set to <code>"no"</code> when +this parameter is set to <code>"yes"</code>. +<p><br>Note that even when this parameter is set a user authenticating to +smbd must still enter a valid password in order to connect correctly, +and to update their hashed (smbpasswd) passwords. +<p><br><strong>Default:</strong> +<code> update encrypted = no</code> +<p><br><strong>Example:</strong> +<code> update encrypted = yes</code> +<p><br><a name="userhosts"></a> +<li><strong><strong>use rhosts (G)</strong></strong> +<p><br>If this global parameter is a true, it specifies that the UNIX users +<code>".rhosts"</code> file in their home directory will be read to find the +names of hosts and users who will be allowed access without specifying +a password. +<p><br>NOTE: The use of <strong>use rhosts</strong> can be a major security hole. This is +because you are trusting the PC to supply the correct username. It is +very easy to get a PC to supply a false username. I recommend that the +<strong>use rhosts</strong> option be only used if you really know what you are +doing. +<p><br><strong>Default:</strong> +<code> use rhosts = no</code> +<p><br><strong>Example:</strong> +<code> use rhosts = yes</code> +<p><br><a name="user"></a> +<li><strong><strong>user (S)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#username"><strong>"username"</strong></a>. +<p><br><a name="users"></a> +<li><strong><strong>users (S)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#username"><strong>"username"</strong></a>. +<p><br><a name="username"></a> +<li><strong><strong>username (S)</strong></strong> +<p><br>Multiple users may be specified in a comma-delimited list, in which +case the supplied password will be tested against each username in +turn (left to right). +<p><br>The <strong>username=</strong> line is needed only when the PC is unable to supply +its own username. This is the case for the COREPLUS protocol or where +your users have different WfWg usernames to UNIX usernames. In both +these cases you may also be better using the <code>\\server\share%user</code> +syntax instead. +<p><br>The <strong>username=</strong> line is not a great solution in many cases as it +means Samba will try to validate the supplied password against each of +the usernames in the username= line in turn. This is slow and a bad +idea for lots of users in case of duplicate passwords. You may get +timeouts or security breaches using this parameter unwisely. +<p><br>Samba relies on the underlying UNIX security. This parameter does not +restrict who can login, it just offers hints to the Samba server as to +what usernames might correspond to the supplied password. Users can +login as whoever they please and they will be able to do no more +damage than if they started a telnet session. The daemon runs as the +user that they log in as, so they cannot do anything that user cannot +do. +<p><br>To restrict a service to a particular set of users you can use the +<a href="smb.conf.5.html#validusers"><strong>"valid users="</strong></a> parameter. +<p><br>If any of the usernames begin with a <code>'@'</code> then the name will be +looked up first in the yp netgroups list (if Samba is compiled with +netgroup support), followed by a lookup in the UNIX groups database +and will expand to a list of all users in the group of that name. +<p><br>If any of the usernames begin with a <code>'+'</code> then the name will be +looked up only in the UNIX groups database and will expand to a list +of all users in the group of that name. +<p><br>If any of the usernames begin with a <code>'&'</code> then the name will be +looked up only in the yp netgroups database (if Samba is compiled with +netgroup support) and will expand to a list of all users in the +netgroup group of that name. +<p><br>Note that searching though a groups database can take quite some time, +and some clients may time out during the search. +<p><br>See the section <a href="smb.conf.5.html#NOTEABOUTUSERNAMEPASSWORDVALIDATION"><strong>"NOTE ABOUT USERNAME/PASSWORD +VALIDATION"</strong></a> for more +information on how this parameter determines access to the services. +<p><br><strong>Default:</strong> +<code> The guest account if a guest service, else the name of the service.</code> +<p><br><strong>Examples:</strong> +<pre> + + username = fred + username = fred, mary, jack, jane, @users, @pcgroup + +</pre> + +<p><br><a name="usernamelevel"></a> +<li><strong><strong>username level (G)</strong></strong> +<p><br>This option helps Samba to try and 'guess' at the real UNIX username, +as many DOS clients send an all-uppercase username. By default Samba +tries all lowercase, followed by the username with the first letter +capitalized, and fails if the username is not found on the UNIX +machine. +<p><br>If this parameter is set to non-zero the behaviour changes. This +parameter is a number that specifies the number of uppercase +combinations to try whilst trying to determine the UNIX user name. The +higher the number the more combinations will be tried, but the slower +the discovery of usernames will be. Use this parameter when you have +strange usernames on your UNIX machine, such as <code>"AstrangeUser"</code>. +<p><br><strong>Default:</strong> +<code> username level = 0</code> +<p><br><strong>Example:</strong> +<code> username level = 5</code> +<p><br><a name="usernamemap"></a> +<li><strong><strong>username map (G)</strong></strong> +<p><br>This option allows you to to specify a file containing a mapping of +usernames from the clients to the server. This can be used for several +purposes. The most common is to map usernames that users use on DOS or +Windows machines to those that the UNIX box uses. The other is to map +multiple users to a single username so that they can more easily share +files. +<p><br>The map file is parsed line by line. Each line should contain a single +UNIX username on the left then a <code>'='</code> followed by a list of +usernames on the right. The list of usernames on the right may contain +names of the form @group in which case they will match any UNIX +username in that group. The special client name <code>'*'</code> is a wildcard +and matches any name. Each line of the map file may be up to 1023 +characters long. +<p><br>The file is processed on each line by taking the supplied username and +comparing it with each username on the right hand side of the <code>'='</code> +signs. If the supplied name matches any of the names on the right hand +side then it is replaced with the name on the left. Processing then +continues with the next line. +<p><br>If any line begins with a <code>'#'</code> or a <code>';'</code> then it is ignored +<p><br>If any line begins with an <code>'!'</code> then the processing will stop after +that line if a mapping was done by the line. Otherwise mapping +continues with every line being processed. Using <code>'!'</code> is most +useful when you have a wildcard mapping line later in the file. +<p><br>For example to map from the name <code>"admin"</code> or <code>"administrator"</code> to +the UNIX name <code>"root"</code> you would use: +<p><br><code> root = admin administrator</code> +<p><br>Or to map anyone in the UNIX group <code>"system"</code> to the UNIX name +<code>"sys"</code> you would use: +<p><br><code> sys = @system</code> +<p><br>You can have as many mappings as you like in a username map file. +<p><br>If your system supports the NIS NETGROUP option then the netgroup +database is checked before the <code>/etc/group</code> database for matching +groups. +<p><br>You can map Windows usernames that have spaces in them by using double +quotes around the name. For example: +<p><br><code> tridge = "Andrew Tridgell"</code> +<p><br>would map the windows username <code>"Andrew Tridgell"</code> to the unix +username tridge. +<p><br>The following example would map mary and fred to the unix user sys, +and map the rest to guest. Note the use of the <code>'!'</code> to tell Samba +to stop processing if it gets a match on that line. +<p><br><pre> + + !sys = mary fred + guest = * + +</pre> + +<p><br>Note that the remapping is applied to all occurrences of +usernames. Thus if you connect to <code>"\\server\fred"</code> and <code>"fred"</code> +is remapped to <code>"mary"</code> then you will actually be connecting to +<code>"\\server\mary"</code> and will need to supply a password suitable for +<code>"mary"</code> not <code>"fred"</code>. The only exception to this is the username +passed to the <a href="smb.conf.5.html#passwordserver"><strong>"password server"</strong></a> (if you have +one). The password server will receive whatever username the client +supplies without modification. +<p><br>Also note that no reverse mapping is done. The main effect this has is +with printing. Users who have been mapped may have trouble deleting +print jobs as PrintManager under WfWg will think they don't own the +print job. +<p><br><strong>Default:</strong> +<code> no username map</code> +<p><br><strong>Example:</strong> +<code> username map = /usr/local/samba/lib/users.map</code> +<p><br><a name="validchars"></a> +<li><strong><strong>valid chars (S)</strong></strong> +<p><br>The option allows you to specify additional characters that should be +considered valid by the server in filenames. This is particularly +useful for national character sets, such as adding u-umlaut or a-ring. +<p><br>The option takes a list of characters in either integer or character +form with spaces between them. If you give two characters with a colon +between them then it will be taken as an lowercase:uppercase pair. +<p><br>If you have an editor capable of entering the characters into the +config file then it is probably easiest to use this method. Otherwise +you can specify the characters in octal, decimal or hexadecimal form +using the usual C notation. +<p><br>For example to add the single character <code>'Z'</code> to the charset (which +is a pointless thing to do as it's already there) you could do one of +the following +<p><br><pre> + + valid chars = Z + valid chars = z:Z + valid chars = 0132:0172 + +</pre> + +<p><br>The last two examples above actually add two characters, and alter the +uppercase and lowercase mappings appropriately. +<p><br>Note that you MUST specify this parameter after the <a href="smb.conf.5.html#clientcodepage"><strong>"client +code page"</strong></a> parameter if you have both set. If +<a href="smb.conf.5.html#clientcodepage"><strong>"client code page"</strong></a> is set after the +<strong>"valid chars"</strong> parameter the <strong>"valid chars"</strong> settings will be +overwritten. +<p><br>See also the <a href="smb.conf.5.html#clientcodepage"><strong>"client code page"</strong></a> parameter. +<p><br><strong>Default:</strong> +<pre> + + Samba defaults to using a reasonable set of valid characters + for english systems + +</pre> + +<p><br><strong>Example</strong> +<code> valid chars = 0345:0305 0366:0326 0344:0304</code> +<p><br>The above example allows filenames to have the swedish characters in +them. +<p><br>NOTE: It is actually quite difficult to correctly produce a <strong>"valid +chars"</strong> line for a particular system. To automate the process +<a href="mailto:tino@augsburg.net"><em>tino@augsburg.net</em></a> has written a package called <strong>"validchars"</strong> +which will automatically produce a complete <strong>"valid chars"</strong> line for +a given client system. Look in the examples/validchars/ subdirectory +of your Samba source code distribution for this package. +<p><br><a name="validusers"></a> +<li><strong><strong>valid users (S)</strong></strong> +<p><br>This is a list of users that should be allowed to login to this +service. Names starting with <code>'@'</code>, <code>'+'</code> and <code>'&'</code> are +interpreted using the same rules as described in the <a href="smb.conf.5.html#invalidusers"><strong>"invalid +users"</strong></a> parameter. +<p><br>If this is empty (the default) then any user can login. If a username +is in both this list and the <a href="smb.conf.5.html#invalidusers"><strong>"invalid users"</strong></a> +list then access is denied for that user. +<p><br>The current servicename is substituted for +<a href="smb.conf.5.html#percentS"><strong>"%S"</strong></a>. This is useful in the +<a href="smb.conf.5.html#homes"><strong>[homes]</strong></a> section. +<p><br>See also <a href="smb.conf.5.html#invalidusers"><strong>"invalid users"</strong></a>. +<p><br><strong>Default:</strong> +<code> No valid users list. (anyone can login)</code> +<p><br><strong>Example:</strong> +<code> valid users = greg, @pcusers</code> +<p><br><a name="vetofiles"></a> +<li><strong><strong>veto files(S)</strong></strong> +<p><br>This is a list of files and directories that are neither visible nor +accessible. Each entry in the list must be separated by a <code>'/'</code>, +which allows spaces to be included in the entry. <code>'*'</code> and <code>'?'</code> +can be used to specify multiple files or directories as in DOS +wildcards. +<p><br>Each entry must be a unix path, not a DOS path and must <em>*not*</em> include the +unix directory separator <code>'/'</code>. +<p><br>Note that the <a href="smb.conf.5.html#casesensitive"><strong>"case sensitive"</strong></a> option is +applicable in vetoing files. +<p><br>One feature of the veto files parameter that it is important to be +aware of, is that if a directory contains nothing but files that match +the veto files parameter (which means that Windows/DOS clients cannot +ever see them) is deleted, the veto files within that directory *are +automatically deleted* along with it, if the user has UNIX permissions +to do so. +<p><br>Setting this parameter will affect the performance of Samba, as it +will be forced to check all files and directories for a match as they +are scanned. +<p><br>See also <a href="smb.conf.5.html#hidefiles"><strong>"hide files"</strong></a> and <a href="smb.conf.5.html#casesensitive"><strong>"case +sensitive"</strong></a>. +<p><br><strong>Default:</strong> +<code> No files or directories are vetoed.</code> +<p><br><strong>Examples:</strong> +<p><br>Example 1. +<p><br><pre> + + + Veto any files containing the word Security, + any ending in .tmp, and any directory containing the + word root. + + veto files = /*Security*/*.tmp/*root*/ + +</pre> + +<p><br>Example 2. +<p><br><pre> + + Veto the Apple specific files that a NetAtalk server + creates. + + veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ + +</pre> + +<p><br><a name="vetooplockfiles"></a> +<li><strong><strong>veto oplock files (S)</strong></strong> +<p><br>This parameter is only valid when the <a href="smb.conf.5.html#oplocks"><strong>"oplocks"</strong></a> +parameter is turned on for a share. It allows the Samba administrator +to selectively turn off the granting of oplocks on selected files that +match a wildcarded list, similar to the wildcarded list used in the +<a href="smb.conf.5.html#vetofiles"><strong>"veto files"</strong></a> parameter. +<p><br><strong>Default:</strong> +<code> No files are vetoed for oplock grants.</code> +<p><br><strong>Examples:</strong> +<p><br>You might want to do this on files that you know will be heavily +contended for by clients. A good example of this is in the NetBench +SMB benchmark program, which causes heavy client contention for files +ending in <code>".SEM"</code>. To cause Samba not to grant oplocks on these +files you would use the line (either in the <a href="smb.conf.5.html#global"><strong>[global]</strong></a> +section or in the section for the particular NetBench share : +<p><br><code> veto oplock files = /*.SEM/</code> +<p><br><a name="volume"></a> +<li><strong><strong>volume (S)</strong></strong> +<p><br>This allows you to override the volume label returned for a +share. Useful for CDROMs with installation programs that insist on a +particular volume label. +<p><br>The default is the name of the share. +<p><br><a name="widelinks"></a> +<li><strong><strong>wide links (S)</strong></strong> +<p><br>This parameter controls whether or not links in the UNIX file system +may be followed by the server. Links that point to areas within the +directory tree exported by the server are always allowed; this +parameter controls access only to areas that are outside the directory +tree being exported. +<p><br><strong>Default:</strong> +<code> wide links = yes</code> +<p><br><strong>Example:</strong> +<code> wide links = no</code> +<p><br><a name="winsproxy"></a> +<li><strong><strong>wins proxy (G)</strong></strong> +<p><br>This is a boolean that controls if <a href="nmbd.8.html"><strong>nmbd</strong></a> will +respond to broadcast name queries on behalf of other hosts. You may +need to set this to <code>"yes"</code> for some older clients. +<p><br><strong>Default:</strong> +<code> wins proxy = no</code> +<p><br><a name="winsserver"></a> +<li><strong><strong>wins server (G)</strong></strong> +<p><br>This specifies the DNS name (or IP address) of the WINS server that +<a href="nmbd.8.html"><strong>nmbd</strong></a> should register with. If you have a WINS +server on your network then you should set this to the WINS servers +name. +<p><br>You should point this at your WINS server if you have a +multi-subnetted network. +<p><br><em>NOTE</em>. You need to set up Samba to point to a WINS server if you +have multiple subnets and wish cross-subnet browsing to work correctly. +<p><br>See the documentation file BROWSING.txt in the docs/ directory of your +Samba source distribution. +<p><br><strong>Default:</strong> +<code> wins server = </code> +<p><br><strong>Example:</strong> +<code> wins server = 192.9.200.1</code> +<p><br><a name="winssupport"></a> +<li><strong><strong>wins support (G)</strong></strong> +<p><br>This boolean controls if the <a href="nmbd.8.html"><strong>nmbd</strong></a> process in +Samba will act as a WINS server. You should not set this to true +unless you have a multi-subnetted network and you wish a particular +<a href="nmbd.8.html"><strong>nmbd</strong></a> to be your WINS server. Note that you +should <em>*NEVER*</em> set this to true on more than one machine in your +network. +<p><br><strong>Default:</strong> +<code> wins support = no</code> +<p><br><a name="workgroup"></a> +<li><strong><strong>workgroup (G)</strong></strong> +<p><br>This controls what workgroup your server will appear to be in when +queried by clients. Note that this parameter also controlls the Domain +name used with the <a href="smb.conf.5.html#securityequaldomain"><strong>"security=domain"</strong></a> +setting. +<p><br><strong>Default:</strong> +<code> set at compile time to WORKGROUP</code> +<p><br>.B Example: + workgroup = MYGROUP +<p><br><a name="writable"></a> +<li><strong><strong>writable (S)</strong></strong> +<p><br>An inverted synonym is <a href="smb.conf.5.html#readonly"><strong>"read only"</strong></a>. +<p><br>If this parameter is <code>"no"</code>, then users of a service may not create +or modify files in the service's directory. +<p><br>Note that a printable service <a href="smb.conf.5.html#printable"><strong>("printable = yes")</strong></a> +will <em>*ALWAYS*</em> allow writing to the directory (user privileges +permitting), but only via spooling operations. +<p><br><strong>Default:</strong> +<code> writable = no</code> +<p><br><strong>Examples:</strong> +<pre> + + read only = no + writable = yes + write ok = yes + +</pre> + +<p><br><a name="writelist"></a> +<li><strong><strong>write list (S)</strong></strong> +<p><br>This is a list of users that are given read-write access to a +service. If the connecting user is in this list then they will be +given write access, no matter what the <a href="smb.conf.5.html#readonly"><strong>"read only"</strong></a> +option is set to. The list can include group names using the @group +syntax. +<p><br>Note that if a user is in both the read list and the write list then +they will be given write access. +<p><br>See also the <a href="smb.conf.5.html#readlist"><strong>"read list"</strong></a> option. +<p><br><strong>Default:</strong> +<code> write list = <empty string></code> +<p><br><strong>Example:</strong> +<code> write list = admin, root, @staff</code> +<p><br><a name="writeok"></a> +<li><strong><strong>write ok (S)</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#writable"><strong>writable</strong></a>. +<p><br><a name="writeraw"></a> +<li><strong><strong>write raw (G)</strong></strong> +<p><br>This parameter controls whether or not the server will support raw +writes SMB's when transferring data from clients. You should never +need to change this parameter. +<p><br><strong>Default:</strong> +<code> write raw = yes</code> +<p><br><a name="writeable"></a> +<li><strong><strong>writeable</strong></strong> +<p><br>Synonym for <a href="smb.conf.5.html#writable"><strong>"writable"</strong></a> for people who can't spell :-). +<p><br><a name="WARNINGS"></a> +<h2>WARNINGS</h2> + +<p><br>Although the configuration file permits service names to contain +spaces, your client software may not. Spaces will be ignored in +comparisons anyway, so it shouldn't be a problem - but be aware of the +possibility. +<p><br>On a similar note, many clients - especially DOS clients - limit +service names to eight characters. <a href="smbd.8.html"><strong>Smbd</strong></a> has no +such limitation, but attempts to connect from such clients will fail +if they truncate the service names. For this reason you should +probably keep your service names down to eight characters in length. +<p><br>Use of the <a href="smb.conf.5.html#homes"><strong>[homes]</strong></a> and <a href="smb.conf.5.html#printers"><strong>[printers]</strong></a> +special sections make life for an administrator easy, but the various +combinations of default attributes can be tricky. Take extreme care +when designing these sections. In particular, ensure that the +permissions on spool directories are correct. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><a href="smbd.8.html"><strong>smbd (8)</strong></a>, <a href="smbclient.1.html"><strong>smbclient (1)</strong></a>, +<a href="nmbd.8.html"><strong>nmbd (8)</strong></a>, <a href="testparm.1.html"><strong>testparm (1)</strong></a>, +<a href="testprns.1.html"><strong>testprns (1)</strong></a>, <a href="samba.7.html"><strong>Samba</strong></a>, +<a href="nmblookup.1.html"><strong>nmblookup (1)</strong></a>, <a href="smbpasswd.5.html"><strong>smbpasswd (5)</strong></a>, +<a href="smbpasswd.8.html"><strong>smbpasswd (8)</strong></a>. +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +</body> +</html> diff --git a/docs/htmldocs/smbclient.1.html b/docs/htmldocs/smbclient.1.html new file mode 100644 index 0000000000..70e87ce18e --- /dev/null +++ b/docs/htmldocs/smbclient.1.html @@ -0,0 +1,581 @@ + + + + + +<html><head><title>smbclient</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>smbclient</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + smbclient - ftp-like client to access SMB/CIFS resources on servers +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>smbclient</strong> <a href="smbclient.1.html#servicename">servicename</a> [<a href="smbclient.1.html#password">password</a>] [<a href="smbclient.1.html#minuss">-s smb.conf</a>] [<a href="smbclient.1.html#minusB">-B IP addr</a>] [<a href="smbclient.1.html#minusO">-O socket options</a>][<a href="smbclient.1.html#minusR">-R name resolve order</a>] [<a href="smbclient.1.html#minusM">-M NetBIOS name</a>] [<a href="smbclient.1.html#minusi">-i scope</a>] [<a href="smbclient.1.html#minusN">-N</a>] [<a href="smbclient.1.html#minusn">-n NetBIOS name</a>] [<a href="smbclient.1.html#minusd">-d debuglevel</a>] [<a href="smbclient.1.html#minusP">-P</a>] [<a href="smbclient.1.html#minusp">-p port</a>] [<a href="smbclient.1.html#minusl">-l log basename</a>] [<a href="smbclient.1.html#minush">-h</a>] [<a href="smbclient.1.html#minusI">-I dest IP</a>] [<a href="smbclient.1.html#minusE">-E</a>] [<a href="smbclient.1.html#minusU">-U username</a>] [<a href="smbclient.1.html#minusL">-L NetBIOS name</a>] [<a href="smbclient.1.html#minust">-t terminal code</a>] [<a href="smbclient.1.html#minusm">-m max protocol</a>] [<a href="smbclient.1.html#minusW">-W workgroup</a>] [<a href="smbclient.1.html#minusT">-T<c|x>IXFqgbNan</a>] [<a href="smbclient.1.html#minusD">-D directory</a>] [<a href="smbclient.1.html#minusc">-c command string</a>] +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br><strong>smbclient</strong> is a client that can 'talk' to an SMB/CIFS server. It +offers an interface similar to that of the ftp program (see <strong>ftp +(1)</strong>). Operations include things like getting files from the server +to the local machine, putting files from the local machine to the +server, retrieving directory information from the server and so on. +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="servicename"></a> +<li><strong><strong>servicename</strong></strong> servicename is the name of the service you want +to use on the server. A service name takes the form +<code>//server/service</code> where <em>server</em> is the NetBIOS name of the SMB/CIFS +server offering the desired service and <em>service</em> is the name +of the service offered. Thus to connect to the service <em>printer</em> on +the SMB/CIFS server <em>smbserver</em>, you would use the servicename +<p><br><code>//smbserver/printer</code> +<p><br>Note that the server name required is NOT necessarily the IP (DNS) +host name of the server ! The name required is a NetBIOS server name, +which may or may not be the same as the IP hostname of the machine +running the server. +<p><br>The server name is looked up according to either the +<a href="smbclient.1.html#minusR"><strong>-R</strong></a> parameter to <strong>smbclient</strong> or using the +<a href="smb.conf.5.html#nameresolveorder"><strong>name resolve order</strong></a> +parameter in the smb.conf file, allowing an administrator to change +the order and methods by which server names are looked up. +<p><br><a name="password"></a> +<li><strong><strong>password</strong></strong> password is the password required to access the +specified service on the specified server. If this parameter is +supplied, the <a href="smbclient.1.html#minusN"><strong>-N</strong></a> option (suppress password prompt) is assumed. +<p><br>There is no default password. If no password is supplied on the +command line (either by using this parameter or adding a password to +the <a href="smbclient.1.html#minusU"><strong>-U</strong></a> option (see below)) and the <a href="smbclient.1.html#minusN"><strong>-N</strong></a> option is not specified, +the client will prompt for a password, even if the desired service +does not require one. (If no password is required, simply press ENTER +to provide a null password.) +<p><br>Note: Some servers (including OS/2 and Windows for Workgroups) insist +on an uppercase password. Lowercase or mixed case passwords may be +rejected by these servers. +<p><br>Be cautious about including passwords in scripts. +<p><br><a name="minuss"></a> +<li><strong><strong>-s smb.conf</strong></strong> This parameter specifies the pathname to the +Samba configuration file, smb.conf. This file controls all aspects of +the Samba setup on the machine and smbclient also needs to read this +file. +<p><br><a name="minusB"></a> +<li><strong><strong>-B IP addr</strong></strong> The IP address to use when sending a broadcast packet. +<p><br><a name="minusO"></a> +<li><strong><strong>-O socket options</strong></strong> TCP socket options to set on the client +socket. See the <a href="smb.conf.5.html#socketoptions">socket options</a> +parameter in the <a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> manpage for +the list of valid options. +<p><br><a name="minusR"></a> +<li><strong><strong>-R name resolve order</strong></strong> This option allows the user of +smbclient to determine what name resolution services to use when +looking up the NetBIOS name of the host being connected to. +<p><br>The options are :"lmhosts", "host", "wins" and "bcast". They cause +names to be resolved as follows : +<p><br><ul> +<p><br><li > <strong>lmhosts</strong> : Lookup an IP address in the Samba lmhosts file. +The lmhosts file is stored in the same directory as the +<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. +<p><br><li > <strong>host</strong> : Do a standard host name to IP address resolution, +using the system /etc/hosts, NIS, or DNS lookups. This method of name +resolution is operating system depended for instance on IRIX or +Solaris this may be controlled by the <em>/etc/nsswitch.conf</em> file). +<p><br><li > <strong>wins</strong> : Query a name with the IP address listed in the <a href="smb.conf.5.html#winsserver"><strong>wins +server</strong></a> parameter in the smb.conf file. If +no WINS server has been specified this method will be ignored. +<p><br><li > <strong>bcast</strong> : Do a broadcast on each of the known local interfaces +listed in the <a href="smb.conf.5.html#interfaces"><strong>interfaces</strong></a> parameter +in the smb.conf file. This is the least reliable of the name resolution +methods as it depends on the target host being on a locally connected +subnet. To specify a particular broadcast address the <a href="smbclient.1.html#minusB"><strong>-B</strong></a> option +may be used. +<p><br></ul> +<p><br>If this parameter is not set then the name resolver order defined +in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file parameter +<a href="smb.conf.5.html#nameresolveorder">(<strong>name resolve order</strong>)</a> +will be used. +<p><br>The default order is lmhosts, host, wins, bcast and without this +parameter or any entry in the <a href="smb.conf.5.html#nameresolveorder"><strong>"name resolve +order"</strong></a> parameter of the +<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file the name resolution methods +will be attempted in this order. +<p><br><a name="minusM"></a> +<li><strong><strong>-M NetBIOS name</strong></strong> This options allows you to send messages, +using the "WinPopup" protocol, to another computer. Once a connection +is established you then type your message, pressing ^D (control-D) to +end. +<p><br>If the receiving computer is running WinPopup the user will receive +the message and probably a beep. If they are not running WinPopup the +message will be lost, and no error message will occur. +<p><br>The message is also automatically truncated if the message is over +1600 bytes, as this is the limit of the protocol. +<p><br>One useful trick is to cat the message through <strong>smbclient</strong>. +For example: +<p><br><code>cat mymessage.txt | smbclient -M FRED</code> +<p><br>will send the message in the file <em>mymessage.txt</em> to the machine FRED. +<p><br>You may also find the <a href="smbclient.1.html#minusU"><strong>-U</strong></a> and <a href="smbclient.1.html#minusI"><strong>-I</strong></a> options useful, as they allow +you to control the FROM and TO parts of the message. +<p><br>See the <a href="smb.conf.5.html#messagecommand"><strong>message command</strong></a> +parameter in the <strong>smb.conf (5)</strong> for a description of how to handle +incoming WinPopup messages in Samba. +<p><br>Note: Copy WinPopup into the startup group on your WfWg PCs if you +want them to always be able to receive messages. +<p><br><a name="minusi"></a> +<li><strong><strong>-i scope</strong></strong> This specifies a NetBIOS scope that smbclient will use +to communicate with when generating NetBIOS names. For details on the +use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes +are <em>very</em> rarely used, only set this parameter if you are the +system administrator in charge of all the NetBIOS systems you +communicate with. +<p><br><a name="minusN"></a> +<li><strong><strong>-N</strong></strong> If specified, this parameter suppresses the normal +password prompt from the client to the user. This is useful when +accessing a service that does not require a password. +<p><br>Unless a password is specified on the command line or this parameter +is specified, the client will request a password. +<p><br><a name="minusn"></a> +<li><strong><strong>-n NetBIOS name</strong></strong> By default, the client will use the local +machine's hostname (in uppercase) as its NetBIOS name. This parameter +allows you to override the host name and use whatever NetBIOS name you +wish. +<p><br><a name="minusd"></a> +<li><strong><strong>-d debuglevel</strong></strong> debuglevel is an integer from 0 to 10, or the +letter 'A'. +<p><br>The default value if this parameter is not specified is zero. +<p><br>The higher this value, the more detail will be logged to the log files +about the activities of the client. At level 0, only critical errors +and serious warnings will be logged. Level 1 is a reasonable level for +day to day running - it generates a small amount of information about +operations carried out. +<p><br>Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem. Levels above 3 are +designed for use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic. If debuglevel is set to the +letter 'A', then <em>all</em> debug messages will be printed. This setting +is for developers only (and people who <em>really</em> want to know how the +code works internally). +<p><br>Note that specifying this parameter here will override the <a href="smb.conf.5.html#loglevel"><strong>log +level</strong></a> parameter in the <a href="smb.conf.5.html"><strong>smb.conf +(5)</strong></a> file. +<p><br><a name="minusP"></a> +<li><strong><strong>-P</strong></strong> This option is no longer used. The code in Samba2.0 +now lets the server decide the device type, so no printer specific +flag is needed. +<p><br><a name="minusp"></a> +<li><strong><strong>-p port</strong></strong> This number is the TCP port number that will be used +when making connections to the server. The standard (well-known) TCP +port number for an SMB/CIFS server is 139, which is the default. +<p><br><a name="minusl"></a> +<li><strong><strong>-l logfilename</strong></strong> If specified, logfilename specifies a base +filename into which operational data from the running client will be +logged. +<p><br>The default base name is specified at compile time. +<p><br>The base name is used to generate actual log file names. For example, +if the name specified was "log", the debug file would be +<code>log.client</code>. +<p><br>The log file generated is never removed by the client. +<p><br><a name="minush"></a> +<li><strong><strong>-h</strong></strong> Print the usage message for the client. +<p><br><a name="minusI"></a> +<li><strong><strong>-I IP address</strong></strong> IP address is the address of the server to +connect to. It should be specified in standard "a.b.c.d" notation. +<p><br>Normally the client would attempt to locate a named SMB/CIFS server by +looking it up via the NetBIOS name resolution mechanism described +above in the <a href="smbclient.1.html#minusR"><strong>name resolve order</strong></a> parameter +above. Using this parameter will force the client to assume that the +server is on the machine with the specified IP address and the NetBIOS +name component of the resource being connected to will be ignored. +<p><br>There is no default for this parameter. If not supplied, it will be +determined automatically by the client as described above. +<p><br><a name="minusE"></a> +<li><strong><strong>-E</strong></strong> This parameter causes the client to write messages to the +standard error stream (stderr) rather than to the standard output +stream. +<p><br>By default, the client writes messages to standard output - typically +the user's tty. +<p><br><a name="minusU"></a> +<li><strong><strong>-U username</strong></strong> This specifies the user name that will be used by +the client to make a connection, assuming your server is not a downlevel +server that is running a protocol level that uses passwords on shares, +not on usernames. +<p><br>Some servers are fussy about the case of this name, and some insist +that it must be a valid NetBIOS name. +<p><br>If no username is supplied, it will default to an uppercase version of +the environment variable <code>USER</code> or <code>LOGNAME</code> in that order. If no +username is supplied and neither environment variable exists the +username "GUEST" will be used. +<p><br>If the <code>USER</code> environment variable containts a '%' character, +everything after that will be treated as a password. This allows you +to set the environment variable to be <code>USER=username%password</code> so +that a password is not passed on the command line (where it may be +seen by the ps command). +<p><br>If the service you are connecting to requires a password, it can be +supplied using the <a href="smbclient.1.html#minusU"><strong>-U</strong></a> option, by appending a percent symbol ("%") +then the password to username. For example, to attach to a service as +user <code>"fred"</code> with password <code>"secret"</code>, you would specify. <br> +<p><br><code>-U fred%secret</code> <br> +<p><br>on the command line. Note that there are no spaces around the percent +symbol. +<p><br>If you specify the password as part of username then the <a href="smbclient.1.html#minusN"><strong>-N</strong></a> option +(suppress password prompt) is assumed. +<p><br>If you specify the password as a parameter <em>AND</em> as part of username +then the password as part of username will take precedence. Putting +nothing before or nothing after the percent symbol will cause an empty +username or an empty password to be used, respectively. +<p><br>The password may also be specified by setting up an environment +variable called <code>PASSWORD</code> that contains the users password. Note +that this may be very insecure on some systems but on others allows +users to script smbclient commands without having a password appear in +the command line of a process listing. +<p><br>Note: Some servers (including OS/2 and Windows for Workgroups) insist +on an uppercase password. Lowercase or mixed case passwords may be +rejected by these servers. +<p><br>Be cautious about including passwords in scripts or in the +<code>PASSWORD</code> environment variable. Also, on many systems the command +line of a running process may be seen via the <code>ps</code> command to be +safe always allow smbclient to prompt for a password and type it in +directly. +<p><br><a name="minusL"></a> +<li><strong><strong>-L</strong></strong> This option allows you to look at what services are +available on a server. You use it as <code>"smbclient -L host"</code> and a +list should appear. The <a href="smbclient.1.html#minusI"><strong>-I</strong></a> option may be useful if your NetBIOS +names don't match your tcp/ip dns host names or if you are trying to +reach a host on another network. +<p><br><a name="minust"></a> +<li><strong><strong>-t terminal code</strong></strong> This option tells smbclient how to interpret +filenames coming from the remote server. Usually Asian language +multibyte UNIX implementations use different character sets than +SMB/CIFS servers (<em>EUC</em> instead of <em>SJIS</em> for example). Setting +this parameter will let smbclient convert between the UNIX filenames +and the SMB filenames correctly. This option has not been seriously +tested and may have some problems. +<p><br>The terminal codes include <code>sjis</code>, <code>euc</code>, <code>jis7</code>, <code>jis8</code>, +<code>junet</code>, <code>hex</code>, <code>cap</code>. This is not a complete list, check the +Samba source code for the complete list. +<p><br><a name="minusm"></a> +<li><strong><strong>-m max protocol level</strong></strong> With the new code in Samba2.0, +<strong>smbclient</strong> allways attempts to connect at the maximum +protocols level the server supports. This parameter is +preserved for backwards compatibility, but any string +following the <strong>-m</strong> will be ignored. +<p><br><a name="minusW"></a> +<li><strong><strong>-W WORKGROUP</strong></strong> Override the default workgroup specified in the +<a href="smb.conf.5.html#workgroup"><strong>workgroup</strong></a> parameter of the +<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file for this connection. This may +be needed to connect to some servers. +<p><br><a name="minusT"></a> <li><strong><strong>-T tar options</strong></strong> smbclient may be used to create +<strong>tar (1)</strong> compatible backups of all the files on an SMB/CIFS +share. The secondary tar flags that can be given to this option are : +<p><br><ul> +<p><br><li><strong><strong>c</strong></strong> Create a tar file on UNIX. Must be followed by the + name of a tar file, tape device or <code>"-"</code> for standard output. If + using standard output you must turn the log level to its lowest value + <code>-d0</code> to avoid corrupting your tar file. This flag is + mutually exclusive with the <strong>x</strong> flag. +<p><br><li><strong><strong>x</strong></strong> Extract (restore) a local tar file back to a + share. Unless the <a href="smbclient.1.html#minusD"><strong>-D</strong></a> option is given, the tar files will be + restored from the top level of the share. Must be followed by the name + of the tar file, device or <code>"-"</code> for standard input. Mutually exclusive + with the <strong>c</strong> flag. Restored files have theuir creation times (mtime) + set to the date saved in the tar file. Directories currently do not + get their creation dates restored properly. +<p><br><li><strong><strong>I</strong></strong> Include files and directories. Is the default + behaviour when filenames are specified above. Causes tar files to + be included in an extract or create (and therefore everything else to + be excluded). See example below. Filename globbing does not work for + included files for extractions (yet). +<p><br><li><strong><strong>X</strong></strong> Exclude files and directories. Causes tar files to + be excluded from an extract or create. See example below. Filename + globbing does not work for excluded files (yet). +<p><br><li><strong><strong>b</strong></strong> Blocksize. Must be followed by a valid (greater than + zero) blocksize. Causes tar file to be written out in + blocksize*TBLOCK (usually 512 byte) blocks. +<p><br><li><strong><strong>g</strong></strong> Incremental. Only back up files that have the + archive bit set. Useful only with the <strong>c</strong> flag. +<p><br><li><strong><strong>q</strong></strong> Quiet. Keeps tar from printing diagnostics as it + works. This is the same as tarmode quiet. +<p><br><li><strong><strong>N</strong></strong> Newer than. Must be followed by the name of a file + whose date is compared against files found on the share during a + create. Only files newer than the file specified are backed up to the + tar file. Useful only with the <strong>c</strong> flag. +<p><br><li><strong><strong>a</strong></strong> Set archive bit. Causes the archive bit to be reset + when a file is backed up. Useful with the <strong>g</strong> and <strong>c</strong> flags. +<p><br></ul> +<p><br><em>Tar Long File Names</em> +<p><br>smbclient's tar option now supports long file names both on backup and +restore. However, the full path name of the file must be less than +1024 bytes. Also, when a tar archive is created, smbclient's tar +option places all files in the archive with relative names, not +absolute names. +<p><br><em>Tar Filenames</em> +<p><br>All file names can be given as DOS path names (with <code>\</code> as the +component separator) or as UNIX path names (with <code>/</code> as the +component separator). +<p><br><em>Examples</em> +<p><br><ul> +<p><br><li > Restore from tar file backup.tar into myshare on mypc (no password on share). +<p><br><code>smbclient //mypc/myshare "" -N -Tx backup.tar</code> +<p><br><li > Restore everything except users/docs +<p><br><code>smbclient //mypc/myshare "" -N -TXx backup.tar users/docs</code> +<p><br><li > Create a tar file of the files beneath users/docs. +<p><br><code>smbclient //mypc/myshare "" -N -Tc backup.tar users/docs</code> +<p><br><li > Create the same tar file as above, but now use a DOS path name. +<p><br><code>smbclient //mypc/myshare "" -N -tc backup.tar users\edocs</code> +<p><br><li > Create a tar file of all the files and directories in the share. +<p><br><code>smbclient //mypc/myshare "" -N -Tc backup.tar *</code> +<p><br></ul> +<p><br><a name="minusD"></a> +<li><strong><strong>-D initial directory</strong></strong> Change to initial directory before +starting. Probably only of any use with the tar <a href="smbclient.1.html#minusT"><strong>-T</strong></a> option. +<p><br><a name="minusc"></a> +<li><strong><strong>-c command string</strong></strong> command string is a semicolon separated +list of commands to be executed instead of prompting from stdin. +<a href="smbclient.1.html#minusN"><strong>-N</strong></a> is implied by <strong>-c</strong>. +<p><br>This is particularly useful in scripts and for printing stdin to the +server, e.g. <code>-c 'print -'</code>. +<p><br></ul> +<p><br><a name="OPERATIONS"></a> +<h2>OPERATIONS</h2> + +<p><br>Once the client is running, the user is presented with a prompt : +<p><br><code>smb:\></code> +<p><br>The backslash ("\") indicates the current working directory on the +server, and will change if the current working directory is changed. +<p><br>The prompt indicates that the client is ready and waiting to carry out +a user command. Each command is a single word, optionally followed by +parameters specific to that command. Command and parameters are +space-delimited unless these notes specifically state otherwise. All +commands are case-insensitive. Parameters to commands may or may not +be case sensitive, depending on the command. +<p><br>You can specify file names which have spaces in them by quoting the +name with double quotes, for example "a long file name". +<p><br>Parameters shown in square brackets (eg., "[parameter]") are +optional. If not given, the command will use suitable +defaults. Parameters shown in angle brackets (eg., "<parameter>") are +required. +<p><br>Note that all commands operating on the server are actually performed +by issuing a request to the server. Thus the behaviour may vary from +server to server, depending on how the server was implemented. +<p><br>The commands available are given here in alphabetical order. +<p><br><ul> +<p><br><a name="questionmark"></a> <li><strong><strong>? [command]</strong></strong> If "command" is specified, +the <strong>?</strong> command will display a brief informative message about the +specified command. If no command is specified, a list of available +commands will be displayed. +<p><br><a name="exclaimationmark"></a> <li><strong><strong>! [shell command]</strong></strong> If "shell command" +is specified, the <strong>!</strong> command will execute a shell locally and run +the specified shell command. If no command is specified, a local shell +will be run. +<p><br><a name="cd"></a> <li><strong><strong>cd [directory name]</strong></strong> If "directory name" is +specified, the current working directory on the server will be changed +to the directory specified. This operation will fail if for any reason +the specified directory is inaccessible. +<p><br>If no directory name is specified, the current working directory on +the server will be reported. +<p><br><a name="del"></a> <li><strong><strong>del <mask></strong></strong> The client will request that the server +attempt to delete all files matching "mask" from the current working +directory on the server. +<p><br><a name="dir"></a> <li><strong><strong>dir <mask></strong></strong> A list of the files matching "mask" in +the current working directory on the server will be retrieved from the +server and displayed. +<p><br><a name="exit"></a> <li><strong><strong>exit</strong></strong> Terminate the connection with the server and +exit from the program. +<p><br><a name="get"></a> <li><strong><strong>get <remote file name> [local file name]</strong></strong> Copy the +file called "remote file name" from the server to the machine running +the client. If specified, name the local copy "local file name". Note +that all transfers in smbclient are binary. See also the +<a href="smbclient.1.html#lowercase"><strong>lowercase</strong></a> command. +<p><br><a name="help"></a> <li><strong><strong>help [command]</strong></strong> See the <a href="smbclient.1.html#questionmark"><strong>?</strong></a> +command above. +<p><br><a name="lcd"></a> <li><strong><strong>lcd [directory name]</strong></strong> If "directory name" is +specified, the current working directory on the local machine will +be changed to the directory specified. This operation will fail if for +any reason the specified directory is inaccessible. +<p><br>If no directory name is specified, the name of the current working +directory on the local machine will be reported. +<p><br><a name="lowercase"></a> <li><strong><strong>lowercase</strong></strong> Toggle lowercasing of filenames +for the <a href="smbclient.1.html#get"><strong>get</strong></a> and <a href="smbclient.1.html#mget"><strong>mget</strong></a> commands. +<p><br>When lowercasing is toggled ON, local filenames are converted to +lowercase when using the <a href="smbclient.1.html#get"><strong>get</strong></a> and <a href="smbclient.1.html#mget"><strong>mget</strong></a> +commands. This is often useful when copying (say) MSDOS files from a +server, because lowercase filenames are the norm on UNIX systems. +<p><br><a name="ls"></a> <li><strong><strong>ls <mask></strong></strong> See the <a href="smbclient.1.html#dir"><strong>dir</strong></a> command above. +<p><br><a name="mask"></a> <li><strong><strong>mask <mask></strong></strong> This command allows the user to set +up a mask which will be used during recursive operation of the +<a href="smbclient.1.html#mget"><strong>mget</strong></a> and <a href="smbclient.1.html#mput"><strong>mput</strong></a> commands. +<p><br>The masks specified to the <a href="smbclient.1.html#mget"><strong>mget</strong></a> and +<a href="smbclient.1.html#mput"><strong>mput</strong></a> commands act as filters for directories rather +than files when recursion is toggled ON. +<p><br>The mask specified with the .B mask command is necessary to filter +files within those directories. For example, if the mask specified in +an <a href="smbclient.1.html#mget"><strong>mget</strong></a> command is "source*" and the mask specified +with the mask command is "*.c" and recursion is toggled ON, the +<a href="smbclient.1.html#mget"><strong>mget</strong></a> command will retrieve all files matching "*.c" in +all directories below and including all directories matching "source*" +in the current working directory. +<p><br>Note that the value for mask defaults to blank (equivalent to "*") and +remains so until the mask command is used to change it. It retains the +most recently specified value indefinitely. To avoid unexpected +results it would be wise to change the value of .I mask back to "*" +after using the <a href="smbclient.1.html#mget"><strong>mget</strong></a> or <a href="smbclient.1.html#mput"><strong>mput</strong></a> commands. +<p><br><a name="md"></a> <li><strong><strong>md <directory name></strong></strong> See the <a href="smbclient.1.html#mkdir"><strong>mkdir</strong></a> +command. +<p><br><a name="mget"></a> <li><strong><strong>mget <mask></strong></strong> Copy all files matching mask from the +server to the machine running the client. +<p><br>Note that mask is interpreted differently during recursive operation +and non-recursive operation - refer to the <a href="smbclient.1.html#recurse"><strong>recurse</strong></a> +and <a href="smbclient.1.html#mask"><strong>mask</strong></a> commands for more information. Note that all +transfers in .B smbclient are binary. See also the +<a href="smbclient.1.html#lowercase"><strong>lowercase</strong></a> command. +<p><br><a name="mkdir"></a> <li><strong><strong>mkdir <directory name></strong></strong> Create a new directory on +the server (user access privileges permitting) with the specified +name. +<p><br><a name="mput"></a> <li><strong><strong>mput <mask></strong></strong> Copy all files matching mask in +the current working directory on the local machine to the current +working directory on the server. +<p><br>Note that mask is interpreted differently during recursive operation +and non-recursive operation - refer to the <a href="smbclient.1.html#recurse"><strong>recurse</strong></a> +and <a href="smbclient.1.html#mask"><strong>mask</strong></a> commands for more information. Note that all +transfers in .B smbclient are binary. +<p><br><a name="print"></a> <li><strong><strong>print <file name></strong></strong> Print the specified file +from the local machine through a printable service on the server. +<p><br>See also the <a href="smbclient.1.html#printmode"><strong>printmode</strong></a> command. +<p><br><a name="printmode"></a> <li><strong><strong>printmode <graphics or text></strong></strong> Set the print +mode to suit either binary data (such as graphical information) or +text. Subsequent print commands will use the currently set print +mode. +<p><br><a name="prompt"></a> dir(<strong>prompt</strong>) Toggle prompting for filenames during +operation of the <a href="smbclient.1.html#mget"><strong>mget</strong></a> and <a href="smbclient.1.html#mput"><strong>mput</strong></a> +commands. +<p><br>When toggled ON, the user will be prompted to confirm the transfer of +each file during these commands. When toggled OFF, all specified files +will be transferred without prompting. +<p><br><a name="put"></a> <li><strong><strong>put <local file name> [remote file name]</strong></strong> Copy the +file called "local file name" from the machine running the client to +the server. If specified, name the remote copy "remote file name". +Note that all transfers in smbclient are binary. See also the +<a href="smbclient.1.html#lowercase"><strong>lowercase</strong></a> command. +<p><br><a name="queue"></a> dir(<strong>queue</strong>) Displays the print queue, showing the job +id, name, size and current status. +<p><br><a name="quit"></a> <li><strong><strong>quit</strong></strong> See the <a href="smbclient.1.html#exit"><strong>exit</strong></a> command. +<p><br><a name="rd"></a> dir(<strong>rd <directory name></strong>) See the <a href="smbclient.1.html#rmdir"><strong>rmdir</strong></a> +command. +<p><br><a name="recurse"></a> dir(<strong>recurse</strong>) Toggle directory recursion for the +commands <a href="smbclient.1.html#mget"><strong>mget</strong></a> and <a href="smbclient.1.html#mput"><strong>mput</strong></a>. +<p><br>When toggled ON, these commands will process all directories in the +source directory (i.e., the directory they are copying .IR from ) and +will recurse into any that match the mask specified to the +command. Only files that match the mask specified using the +<a href="smbclient.1.html#mask"><strong>mask</strong></a> command will be retrieved. See also the +<a href="smbclient.1.html#mask"><strong>mask</strong></a> command. +<p><br>When recursion is toggled OFF, only files from the current working +directory on the source machine that match the mask specified to the +<a href="smbclient.1.html#mget"><strong>mget</strong></a> or <a href="smbclient.1.html#mput"><strong>mput</strong></a> commands will be copied, +and any mask specified using the <a href="smbclient.1.html#mask"><strong>mask</strong></a> command will be +ignored. +<p><br><a name="rm"></a> dir(<strong>rm <mask></strong>) Remove all files matching mask from +the current working directory on the server. +<p><br><a name="rmdir"></a> <li><strong><strong>rmdir <directory name></strong></strong> Remove the specified +directory (user access privileges permitting) from the server. +<p><br><a name="tar"></a> <li><strong><strong>tar <c|x>[IXbgNa]</strong></strong> Performs a tar operation - see +the <a href="smbclient.1.html#minusT"><strong>-T</strong></a> command line option above. Behaviour may be +affected by the <a href="smbclient.1.html#tarmode"><strong>tarmode</strong></a> command (see below). Using +g (incremental) and N (newer) will affect tarmode settings. Note that +using the "-" option with tar x may not work - use the command line +option instead. +<p><br><a name="blocksize"></a> <li><strong><strong>blocksize <blocksize></strong></strong> Blocksize. Must be +followed by a valid (greater than zero) blocksize. Causes tar file to +be written out in blocksize*TBLOCK (usually 512 byte) blocks. +<p><br><a name="tarmode"></a> dir(<strong>tarmode <full|inc|reset|noreset></strong>) Changes tar's +behaviour with regard to archive bits. In full mode, tar will back up +everything regardless of the archive bit setting (this is the default +mode). In incremental mode, tar will only back up files with the +archive bit set. In reset mode, tar will reset the archive bit on all +files it backs up (implies read/write share). +<p><br><a name="setmode"></a> <li><strong><strong>setmode <filename> <perm=[+|\-]rsha></strong></strong> A version +of the DOS attrib command to set file permissions. For example: +<p><br><code>setmode myfile +r</code> +<p><br>would make myfile read only. +<p><br></ul> +<p><br><a name="NOTES"></a> +<h2>NOTES</h2> + +<p><br>Some servers are fussy about the case of supplied usernames, +passwords, share names (aka service names) and machine names. If you +fail to connect try giving all parameters in uppercase. +<p><br>It is often necessary to use the <a href="smbclient.1.html#minusn"><strong>-n</strong></a> option when connecting to some +types of servers. For example OS/2 LanManager insists on a valid +NetBIOS name being used, so you need to supply a valid name that would +be known to the server. +<p><br>smbclient supports long file names where the server supports the +LANMAN2 protocol or above. +<p><br><a name="ENVIRONMENTVARIABLES"></a> +<h2>ENVIRONMENT VARIABLES</h2> + +<p><br>The variable <strong>USER</strong> may contain the username of the person using the +client. This information is used only if the protocol level is high +enough to support session-level passwords. +<p><br>The variable <strong>PASSWORD</strong> may contain the password of the person using +the client. This information is used only if the protocol level is +high enough to support session-level passwords. +<p><br><a name="INSTALLATION"></a> +<h2>INSTALLATION</h2> + +<p><br>The location of the client program is a matter for individual system +administrators. The following are thus suggestions only. +<p><br>It is recommended that the smbclient software be installed in the +/usr/local/samba/bin or /usr/samba/bin directory, this directory +readable by all, writeable only by root. The client program itself +should be executable by all. The client should <em>NOT</em> be setuid or +setgid! +<p><br>The client log files should be put in a directory readable and +writable only by the user. +<p><br>To test the client, you will need to know the name of a running +SMB/CIFS server. It is possible to run <a href="smbd.8.html"><strong>smbd (8)</strong></a> +an ordinary user - running that server as a daemon on a +user-accessible port (typically any port number over 1024) would +provide a suitable test server. +<p><br><a name="DIAGNOSTICS"></a> +<h2>DIAGNOSTICS</h2> + +<p><br>Most diagnostics issued by the client are logged in a specified log +file. The log file name is specified at compile time, but may be +overridden on the command line. +<p><br>The number and nature of diagnostics available depends on the debug +level used by the client. If you have problems, set the debug level to +3 and peruse the log files. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. +</body> +</html> diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html new file mode 100644 index 0000000000..819fc39445 --- /dev/null +++ b/docs/htmldocs/smbd.8.html @@ -0,0 +1,376 @@ + + + + + +<html><head><title>smbd</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>smbd</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + smbd - server to provide SMB/CIFS services to clients +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>smbd</strong> [<a href="smbd.8.html#minusD">-D</a>] [<a href="smbd.8.html#minusa">-a</a>] [<a href="smbd.8.html#minuso">-o</a>] [<a href="smbd.8.html#minusd">-d debuglevel</a>] [<a href="smbd.8.html#minusl">-l log file</a>] [<a href="smbd.8.html#minusp">-p port number</a>] [<a href="smbd.8.html#minusO">-O socket options</a>] [<a href="smbd.8.html#minuss">-s configuration file</a>] [<a href="smbd.8.html#minusi">-i scope</a>] [<a href="smbd.8.html#minusP">-P</a>] [<a href="smbd.8.html#minush">-h</a>] +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br><strong>smbd</strong> is the server daemon that provides filesharing services to +Windows clients. The server provides filespace and printer services to +clients using the SMB (or CIFS) protocol. This is compatible with the +LanManager protocol, and can service LanManager clients. These +include MSCLIENT 3.0 for DOS, Windows for Workgroups, Windows 95, +Windows NT, OS/2, DAVE for Macintosh, and smbfs for Linux. +<p><br>An extensive description of the services that the server can provide +is given in the man page for the configuration file controlling the +attributes of those services (see <strong>smb.conf (5)</strong>). This man page +will not describe the services, but will concentrate on the +administrative aspects of running the server. +<p><br>Please note that there are significant security implications to +running this server, and the <strong>smb.conf (5)</strong> manpage should be +regarded as mandatory reading before proceeding with installation. +<p><br>A session is created whenever a client requests one. Each client gets +a copy of the server for each session. This copy then services all +connections made by the client during that session. When all +connections from its client are are closed, the copy of the server for +that client terminates. +<p><br>The configuration file, and any files that it includes, are +automatically reloaded every minute, if they change. You can force a +reload by sending a SIGHUP to the server. Reloading the configuration +file will not affect connections to any service that is already +established. Either the user will have to disconnect from the +service, or smbd killed and restarted. +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="minusD"></a> +<li><strong><strong>-D</strong></strong> If specified, this parameter causes the server to operate as a +daemon. That is, it detaches itself and runs in the background, +fielding requests on the appropriate port. Operating the server as a +daemon is the recommended way of running smbd for servers that provide +more than casual use file and print services. +<p><br>By default, the server will NOT operate as a daemon. +<p><br><a name="minusa"></a> +<li><strong><strong>-a</strong></strong> If this parameter is specified, each new connection will +append log messages to the log file. This is the default. +<p><br><a name="minuso"></a> +<li><strong><strong>-o</strong></strong> If this parameter is specified, the log files will be +overwritten when opened. By default, the log files will be appended +to. +<p><br><a name="minusd"></a> +<li><strong><strong>-d debuglevel</strong></strong> debuglevel is an integer from 0 to 10. +<p><br>The default value if this parameter is not specified is zero. +<p><br>The higher this value, the more detail will be logged to the log files +about the activities of the server. At level 0, only critical errors +and serious warnings will be logged. Level 1 is a reasonable level for +day to day running - it generates a small amount of information about +operations carried out. +<p><br>Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem. Levels above 3 are +designed for use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic. +<p><br>Note that specifying this parameter here will override the <a href="smb.conf.5.html#loglevel"><strong>log +level</strong></a> parameter in the <a href="smb.conf.5.html"><strong>smb.conf +(5)</strong></a> file. +<p><br><a name="minusl"></a> +<li><strong><strong>-l log file</strong></strong> If specified, <em>log file</em> specifies +a log filename into which informational and debug messages from the +running server will be logged. The log file generated is never removed +by the server although its size may be controlled by the <a href="smb.conf.5.html#maxlogsize"><strong>max +log size</strong></a> option in the <a href="smb.conf.5.html"><strong>smb.conf +(5)</strong></a> file. The default log file name is specified +at compile time. +<p><br><a name="minusO"></a> +<li><strong><strong>-O socket options</strong></strong> See the <a href="smb.conf.5.html#socketoptions"><strong>socket +options</strong></a> parameter in the +<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> file for details. +<p><br><a name="minusp"></a> +<li><strong><strong>-p port number</strong></strong> port number is a positive integer value. The +default value if this parameter is not specified is 139. +<p><br>This number is the port number that will be used when making +connections to the server from client software. The standard +(well-known) port number for the SMB over TCP is 139, hence the +default. If you wish to run the server as an ordinary user rather than +as root, most systems will require you to use a port number greater +than 1024 - ask your system administrator for help if you are in this +situation. +<p><br>In order for the server to be useful by most clients, should you +configure it on a port other than 139, you will require port +redirection services on port 139, details of which are outlined in +rfc1002.txt section 4.3.5. +<p><br>This parameter is not normally specified except in the above +situation. +<p><br><a name="minuss"></a> +<li><strong><strong>-s configuration file</strong></strong> The default configuration file name is +determined at compile time. +<p><br>The file specified contains the configuration details required by the +server. The information in this file includes server-specific +information such as what printcap file to use, as well as descriptions +of all the services that the server is to provide. See <strong>smb.conf +(5)</strong> for more information. +<p><br><a name="minusi"></a> +<li><strong><strong>-i scope</strong></strong> This specifies a NetBIOS scope that the server will use +to communicate with when generating NetBIOS names. For details on the +use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes +are <em>very</em> rarely used, only set this parameter if you are the +system administrator in charge of all the NetBIOS systems you +communicate with. +<p><br><a name="minush"></a> +<li><strong><strong>-h</strong></strong> Prints the help information (usage) for smbd. +<p><br><a name="minusP"></a> +<li><strong><strong>-P</strong></strong> Passive option. Causes smbd not to send any network traffic +out. Used for debugging by the developers only. +<p><br></ul> +<p><br><a name="FILES"></a> +<h2>FILES</h2> + +<p><br><strong>/etc/inetd.conf</strong> +<p><br>If the server is to be run by the inetd meta-daemon, this file must +contain suitable startup information for the meta-daemon. See the +section <em>INSTALLATION</em> below. +<p><br><strong>/etc/rc</strong> +<p><br>(or whatever initialisation script your system uses). +<p><br>If running the server as a daemon at startup, this file will need to +contain an appropriate startup sequence for the server. See the +section <em>INSTALLATION</em> below. +<p><br><strong>/etc/services</strong> +<p><br>If running the server via the meta-daemon inetd, this file must +contain a mapping of service name (eg., netbios-ssn) to service port +(eg., 139) and protocol type (eg., tcp). See the section +<em>INSTALLATION</em> below. +<p><br><strong>/usr/local/samba/lib/smb.conf</strong> +<p><br>This is the default location of the <em>smb.conf</em> server configuration +file. Other common places that systems install this file are +<em>/usr/samba/lib/smb.conf</em> and <em>/etc/smb.conf</em>. +<p><br>This file describes all the services the server is to make available +to clients. See <strong>smb.conf (5)</strong> for more information. +<p><br><a name="LIMITATIONS"></a> +<h2>LIMITATIONS</h2> + +<p><br>On some systems <strong>smbd</strong> cannot change uid back to root after a +setuid() call. Such systems are called "trapdoor" uid systems. If you +have such a system, you will be unable to connect from a client (such +as a PC) as two different users at once. Attempts to connect the +second user will result in "access denied" or similar. +<p><br><a name="ENVIRONMENTVARIABLES"></a> +<h2>ENVIRONMENT VARIABLES</h2> + +<p><br><strong>PRINTER</strong> +<p><br>If no printer name is specified to printable services, most systems +will use the value of this variable (or "lp" if this variable is not +defined) as the name of the printer to use. This is not specific to +the server, however. +<p><br><a name="INSTALLATION"></a> +<h2>INSTALLATION</h2> + +<p><br>The location of the server and its support files is a matter for +individual system administrators. The following are thus suggestions +only. +<p><br>It is recommended that the server software be installed under the +/usr/local/samba hierarchy, in a directory readable by all, writeable +only by root. The server program itself should be executable by all, +as users may wish to run the server themselves (in which case it will +of course run with their privileges). The server should NOT be +setuid. On some systems it may be worthwhile to make smbd setgid to an +empty group. This is because some systems may have a security hole +where daemon processes that become a user can be attached to with a +debugger. Making the smbd file setgid to an empty group may prevent +this hole from being exploited. This security hole and the suggested +fix has only been confirmed on old versions (pre-kernel 2.0) of Linux +at the time this was written. It is possible that this hole only +exists in Linux, as testing on other systems has thus far shown them +to be immune. +<p><br>The server log files should be put in a directory readable and +writable only by root, as the log files may contain sensitive +information. +<p><br>The configuration file should be placed in a directory readable and +writable only by root, as the configuration file controls security for +the services offered by the server. The configuration file can be made +readable by all if desired, but this is not necessary for correct +operation of the server and is not recommended. A sample configuration +file "smb.conf.sample" is supplied with the source to the server - +this may be renamed to "smb.conf" and modified to suit your needs. +<p><br>The remaining notes will assume the following: +<p><br><ul> +<p><br><li > <strong>smbd</strong> (the server program) installed in /usr/local/samba/bin +<p><br><li > <strong>smb.conf</strong> (the configuration file) installed in /usr/local/samba/lib +<p><br><li > log files stored in /var/adm/smblogs +<p><br></ul> +<p><br>The server may be run either as a daemon by users or at startup, or it +may be run from a meta-daemon such as inetd upon request. If run as a +daemon, the server will always be ready, so starting sessions will be +faster. If run from a meta-daemon some memory will be saved and +utilities such as the tcpd TCP-wrapper may be used for extra security. +For serious use as file server it is recommended that <strong>smbd</strong> be run +as a daemon. +<p><br>When you've decided, continue with either <em>RUNNING THE SERVER AS A +DAEMON</em> or <em>RUNNING THE SERVER ON REQUEST</em>. +<p><br><a name="RUNNINGTHESERVERASADAEMON"></a> +<h2>RUNNING THE SERVER AS A DAEMON</h2> + +<p><br>To run the server as a daemon from the command line, simply put the +<a href="smbd.8.html#minusD"><strong>-D</strong></a> option on the command line. There is no need to place an +ampersand at the end of the command line - the <a href="smbd.8.html#minusD"><strong>-D</strong></a> option causes +the server to detach itself from the tty anyway. +<p><br>Any user can run the server as a daemon (execute permissions +permitting, of course). This is useful for testing purposes, and may +even be useful as a temporary substitute for something like ftp. When +run this way, however, the server will only have the privileges of the +user who ran it. +<p><br>To ensure that the server is run as a daemon whenever the machine is +started, and to ensure that it runs as root so that it can serve +multiple clients, you will need to modify the system startup +files. Wherever appropriate (for example, in /etc/rc), insert the +following line, substituting port number, log file location, +configuration file location and debug level as desired: +<p><br><code>/usr/local/samba/bin/smbd -D -l /var/adm/smblogs/log -s /usr/local/samba/lib/smb.conf</code> +<p><br>(The above should appear in your initialisation script as a single line. +Depending on your terminal characteristics, it may not appear that way in +this man page. If the above appears as more than one line, please treat any +newlines or indentation as a single space or TAB character.) +<p><br>If the options used at compile time are appropriate for your system, +all parameters except the desired debug level and <a href="smbd.8.html#minusD"><strong>-D</strong></a> may be +omitted. See the section <em>OPTIONS</em> above. +<p><br><a name="RUNNINGTHESERVERONREQUEST"></a> +<h2>RUNNING THE SERVER ON REQUEST</h2> + +<p><br>If your system uses a meta-daemon such as inetd, you can arrange to +have the smbd server started whenever a process attempts to connect to +it. This requires several changes to the startup files on the host +machine. If you are experimenting as an ordinary user rather than as +root, you will need the assistance of your system administrator to +modify the system files. +<p><br>You will probably want to set up the NetBIOS name server <a href="nmbd.8.html"><strong>nmbd</strong></a> at +the same time as <strong>smbd</strong>. To do this refer to the man page for +<a href="nmbd.8.html"><strong>nmbd (8)</strong></a>. +<p><br>First, ensure that a port is configured in the file /etc/services. The +well-known port 139 should be used if possible, though any port may be +used. +<p><br>Ensure that a line similar to the following is in /etc/services: +<p><br><code>netbios-ssn 139/tcp</code> +<p><br>Note for NIS/YP users - you may need to rebuild the NIS service maps +rather than alter your local /etc/services file. +<p><br>Next, put a suitable line in the file /etc/inetd.conf (in the unlikely +event that you are using a meta-daemon other than inetd, you are on +your own). Note that the first item in this line matches the service +name in /etc/services. Substitute appropriate values for your system +in this line (see <strong>inetd (8)</strong>): +<p><br><code>netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd -d1 -l/var/adm/smblogs/log -s/usr/local/samba/lib/smb.conf</code> +<p><br>(The above should appear in /etc/inetd.conf as a single +line. Depending on your terminal characteristics, it may not appear +that way in this man page. If the above appears as more than one +line, please treat any newlines or indentation as a single space or +TAB character.) +<p><br>Note that there is no need to specify a port number here, even if you +are using a non-standard port number. +<p><br>Lastly, edit the configuration file to provide suitable services. To +start with, the following two services should be all you need: +<p><br><pre> + + +[homes] + writable = yes + +[printers] + writable = no + printable = yes + path = /tmp + public = yes + + +</pre> + +<p><br>This will allow you to connect to your home directory and print to any +printer supported by the host (user privileges permitting). +<p><br><a name="TESTINGTHEINSTALLATION"></a> +<h2>TESTING THE INSTALLATION</h2> + +<p><br>If running the server as a daemon, execute it before proceeding. If +using a meta-daemon, either restart the system or kill and restart the +meta-daemon. Some versions of inetd will reread their configuration +tables if they receive a HUP signal. +<p><br>If your machine's name is "fred" and your name is "mary", you should +now be able to connect to the service <code>\\fred\mary</code>. +<p><br>To properly test and experiment with the server, we recommend using +the smbclient program (see <strong>smbclient (1)</strong>) and also going through +the steps outlined in the file <em>DIAGNOSIS.txt</em> in the <em>docs/</em> +directory of your Samba installation. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="DIAGNOSTICS"></a> +<h2>DIAGNOSTICS</h2> + +<p><br>Most diagnostics issued by the server are logged in a specified log +file. The log file name is specified at compile time, but may be +overridden on the command line. +<p><br>The number and nature of diagnostics available depends on the debug +level used by the server. If you have problems, set the debug level to +3 and peruse the log files. +<p><br>Most messages are reasonably self-explanatory. Unfortunately, at time +of creation of this man page there are too many diagnostics available +in the source code to warrant describing each and every diagnostic. At +this stage your best bet is still to grep the source code and inspect +the conditions that gave rise to the diagnostics you are seeing. +<p><br><a name="SIGNALS"></a> +<h2>SIGNALS</h2> + +<p><br>Sending the smbd a SIGHUP will cause it to re-load its smb.conf +configuration file within a short period of time. +<p><br>To shut down a users smbd process it is recommended that SIGKILL (-9) +<em>NOT</em> be used, except as a last resort, as this may leave the shared +memory area in an inconsistant state. The safe way to terminate an +smbd is to send it a SIGTERM (-15) signal and wait for it to die on +its own. +<p><br>The debug log level of smbd may be raised +by sending it a SIGUSR1 <code>(kill -USR1 <smbd-pid>)</code> and lowered by +sending it a SIGUSR2 <code>(kill -USR2 <smbd-pid>)</code>. This is to allow +transient problems to be diagnosed, whilst still running at a normally +low log level. +<p><br>Note that as the signal handlers send a debug write, they are not +re-entrant in smbd. This you should wait until smbd is in a state of +waiting for an incoming smb before issuing them. It is possible to +make the signal handlers safe by un-blocking the signals before the +select call and re-blocking them after, however this would affect +performance. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><strong>hosts_access (5)</strong>, <strong>inetd (8)</strong>, <a href="nmbd.8.html"><strong>nmbd (8)</strong></a>, +<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a>, <a href="smbclient.1.html"><strong>smbclient +(1)</strong></a>, <a href="testparm.1.html"><strong>testparm (1)</strong></a>, +<a href="testprns.1.html"><strong>testprns (1)</strong></a>, and the Internet RFC's +<strong>rfc1001.txt</strong>, <strong>rfc1002.txt</strong>. In addition the CIFS (formerly SMB) +specification is available as a link from the Web page : +<a href="http://samba.anu.edu.au/cifs/">http://samba.anu.edu.au/cifs/</a>. +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba.anu.edu.au). Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full list of contributors +and details on how to submit bug reports, comments etc. +</body> +</html> diff --git a/docs/htmldocs/smbpasswd.5.html b/docs/htmldocs/smbpasswd.5.html new file mode 100644 index 0000000000..35649e689b --- /dev/null +++ b/docs/htmldocs/smbpasswd.5.html @@ -0,0 +1,191 @@ + + + + + +<html><head><title>smbpasswd</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>smbpasswd</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + smbpasswd - The Samba encrypted password file +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br>smbpasswd is the <strong>Samba</strong> encrypted password file. +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This file is part of the <strong>Samba</strong> suite. +<p><br>smbpasswd is the <strong>Samba</strong> encrypted password file. It contains +the username, unix user id and the SMB hashed passwords of the +user, as well as account flag information and the time the password +was last changed. This file format has been evolving with Samba +and has had several different formats in the past. +<p><br><a name="FILEFORMAT"></a> +<h2>FILE FORMAT</h2> + +<p><br>The format of the smbpasswd file used by Samba 2.0 is very similar to +the familiar unix <strong>passwd (5)</strong> file. It is an ASCII file containing +one line for each user. Each field within each line is separated from +the next by a colon. Any entry beginning with # is ignored. The +smbpasswd file contains the following information for each user: +<p><br><ul> +<p><br><a name="name"></a> +<li><strong><strong>name</strong></strong> <br> <br> +<p><br>This is the user name. It must be a name that already exists + in the standard UNIX passwd file. +<p><br><a name="uid"></a> +<li><strong><strong>uid</strong></strong> <br> <br> +<p><br>This is the UNIX uid. It must match the uid field for the same + user entry in the standard UNIX passwd file. +<p><br><a name="LanmanPasswordHash"></a> +<li><strong><strong>Lanman Password Hash</strong></strong> <br> <br> +<p><br>This is the <em>LANMAN</em> hash of the users password, encoded as 32 hex + digits. The <em>LANMAN</em> hash is created by DES encrypting a well known + string with the users password as the DES key. This is the same + password used by Windows 95/98 machines. Note that this password hash + is regarded as weak as it is vulnerable to dictionary attacks and if + two users choose the same password this entry will be identical (ie. + the password is not <em>"salted"</em> as the UNIX password is). If the + user has a null password this field will contain the characters + <code>"NO PASSWORD"</code> as the start of the hex string. If the hex string + is equal to 32 <code>'X'</code> characters then the users account is marked as + <em>disabled</em> and the user will not be able to log onto the Samba + server. +<p><br><em>WARNING !!</em>. Note that, due to the challenge-response nature of the + SMB/CIFS authentication protocol, anyone with a knowledge of this + password hash will be able to impersonate the user of the network. + For this reason these hashes are known as <em>"plain text equivalent"</em> + and must <em>NOT</em> be made available to anyone but the root user. To + protect these passwords the <strong>smbpasswd</strong> file is placed in a + directory with read and traverse access only to the root user and the + <strong>smbpasswd</strong> file itself must be set to be read/write only by root, + with no other access. +<p><br><a name="NTPasswordHash"></a> +<li><strong><strong>NT Password Hash</strong></strong> <br> <br> +<p><br>This is the <em>Windows NT</em> hash of the users password, encoded as 32 + hex digits. The <em>Windows NT</em> hash is created by taking the users + password as represented in 16-bit, little-endian UNICODE and then + applying the <em>MD4</em> (internet rfc1321) hashing algorithm to it. +<p><br>This password hash is considered more secure than the <a href="smbpasswd.5.html#LanmanPasswordHash"><strong>Lanman + Password Hash</strong></a> as it preserves the case of the + password and uses a much higher quality hashing algorithm. However, it + is still the case that if two users choose the same password this + entry will be identical (ie. the password is not <em>"salted"</em> as the + UNIX password is). +<p><br><em>WARNING !!</em>. Note that, due to the challenge-response nature of the + SMB/CIFS authentication protocol, anyone with a knowledge of this + password hash will be able to impersonate the user of the network. + For this reason these hashes are known as <em>"plain text equivalent"</em> + and must <em>NOT</em> be made available to anyone but the root user. To + protect these passwords the <strong>smbpasswd</strong> file is placed in a + directory with read and traverse access only to the root user and the + <strong>smbpasswd</strong> file itself must be set to be read/write only by root, + with no other access. +<p><br><a name="AccountFlags"></a> +<li><strong><strong>Account Flags</strong></strong> <br> <br> +<p><br>This section contains flags that describe the attributes of the users + account. In the <strong>Samba2.0</strong> release this field is bracketed by <code>'['</code> + and <code>']'</code> characters and is always 13 characters in length (including + the <code>'['</code> and <code>']'</code> characters). The contents of this field may be + any of the characters. +<p><br><ul> +<p><br><a name="capU"></a> + <li > <strong>'U'</strong> This means this is a <em>"User"</em> account, ie. an ordinary + user. Only <strong>User</strong> and <a href="smbpasswd.5.html#capW"><strong>Worskstation Trust</strong></a> accounts are + currently supported in the <strong>smbpasswd</strong> file. +<p><br><a name="capN"></a> + <li > <strong>'N'</strong> This means the account has <em>no</em> password (the passwords + in the fields <a href="smbpasswd.5.html#LanmanPasswordHash"><strong>Lanman Password Hash</strong></a> and + <a href="smbpasswd.5.html#NTPasswordHash"><strong>NT Password Hash</strong></a> are ignored). Note that this + will only allow users to log on with no password if the + <a href="smb.conf.5.html#nullpasswords"><strong>null passwords</strong></a> parameter is set + in the <a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> config file. +<p><br><a name="capD"></a> + <li > <strong>'D'</strong> This means the account is diabled and no SMB/CIFS logins + will be allowed for this user. +<p><br><a name="capW"></a> + <li > <strong>'W'</strong> This means this account is a <em>"Workstation Trust"</em> account. + This kind of account is used in the Samba PDC code stream to allow Windows + NT Workstations and Servers to join a Domain hosted by a Samba PDC. +<p><br></ul> +<p><br>Other flags may be added as the code is extended in future. The rest of + this field space is filled in with spaces. +<p><br><a name="LastChangeTime"></a> +<li><strong><strong>Last Change Time</strong></strong> <br> <br> +<p><br>This field consists of the time the account was last modified. It consists of + the characters <code>LCT-</code> (standing for <em>"Last Change Time"</em>) followed by a numeric + encoding of the UNIX time in seconds since the epoch (1970) that the last change + was made. +<p><br><li><strong><strong>Following fields</strong></strong> <br> <br> +<p><br>All other colon separated fields are ignored at this time. +<p><br></ul> +<p><br><a name="NOTES"></a> +<h2>NOTES</h2> + +<p><br>In previous versions of Samba (notably the 1.9.18 series) this file +did not contain the <a href="smbpasswd.5.html#AccountFlags"><strong>Account Flags</strong></a> or +<a href="smbpasswd.5.html#LastChangeTime"><strong>Last Change Time</strong></a> fields. The Samba 2.0 +code will read and write these older password files but will not be able to +modify the old entries to add the new fields. New entries added with +<a href="smbpasswd.8.html"><strong>smbpasswd (8)</strong></a> will contain the new fields +in the added accounts however. Thus an older <strong>smbpasswd</strong> file used +with Samba 2.0 may end up with some accounts containing the new fields +and some not. +<p><br>In order to convert from an old-style <strong>smbpasswd</strong> file to a new +style, run the script <strong>convert_smbpasswd</strong>, installed in the +Samba <code>bin/</code> directory (the same place that the <a href="smbd.8.html"><strong>smbd</strong></a> +and <a href="nmbd.8.html"><strong>nmbd</strong></a> binaries are installed) as follows: +<p><br><pre> + + + cat old_smbpasswd_file | convert_smbpasswd > new_smbpasswd_file + + +</pre> + +<p><br>The <strong>convert_smbpasswd</strong> script reads from stdin and writes to stdout +so as not to overwrite any files by accident. +<p><br>Once this script has been run, check the contents of the new smbpasswd +file to ensure that it has not been damaged by the conversion script +(which uses <strong>awk</strong>), and then replace the <code><old smbpasswd file></code> +with the <code><new smbpasswd file></code>. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><a href="smbpasswd.8.html"><strong>smbpasswd (8)</strong></a>, <a href="samba.7.html"><strong>samba +(7)</strong></a>, and the Internet RFC1321 for details on the MD4 +algorithm. +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba.anu.edu.au). Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. +</body> +</html> diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html new file mode 100644 index 0000000000..b93fbd595f --- /dev/null +++ b/docs/htmldocs/smbpasswd.8.html @@ -0,0 +1,270 @@ + + + + + +<html><head><title>smbpasswd</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>smbpasswd</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + smbpasswd - change a users SMB password +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>smbpasswd</strong> [<a href="smbpasswd.8.html#minusa">-a</a>] [<a href="smbpasswd.8.html#minusd">-d</a>] [<a href="smbpasswd.8.html#minuse">-e</a>] [<a href="smbpasswd.8.html#minusD">-D debug level</a>] [<a href="smbpasswd.8.html#minusn">-n</a>] [<a href="smbpasswd.8.html#minusr">-r remote_machine</a>] [<a href="smbpasswd.8.html#minusR">-R name resolve order</a>] [<a href="smbpasswd.8.html#minusm">-m</a>] [<a href="smbpasswd.8.html#minusj">-j DOMAIN</a>] [<a href="smbpasswd.8.html#minusU">-U username</a>] [<a href="smbpasswd.8.html#minush">-h</a>] [<a href="smbpasswd.8.html#minuss">-s</a>] <a href="smbpasswd.8.html#username">username</a> +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br>The <strong>smbpasswd</strong> program has several different functions, depending +on whether it is run by the <em>root</em> user or not. When run as a normal +user it allows the user to change the password used for their SMB +sessions on any machines that store SMB passwords. +<p><br>By default (when run with no arguments) it will attempt to change the +current users SMB password on the local machine. This is similar to +the way the <strong>passwd (1)</strong> program works. <strong>smbpasswd</strong> differs from +the <strong>passwd</strong> program works however in that it is not <em>setuid root</em> +but works in a client-server mode and communicates with a locally +running <a href="smbd.8.html"><strong>smbd</strong></a>. As a consequence in order for this +to succeed the <a href="smbd.8.html"><strong>smbd</strong></a> daemon must be running on +the local machine. On a UNIX machine the encrypted SMB passwords are +usually stored in the <a href="smbpasswd.5.html"><strong>smbpasswd (5)</strong></a> file. +<p><br>When run by an ordinary user with no options. <strong>smbpasswd</strong> will +prompt them for their old smb password and then ask them for their new +password twice, to ensure that the new password was typed +correctly. No passwords will be echoed on the screen whilst being +typed. If you have a blank smb password (specified by the string "NO +PASSWORD" in the <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file) then just +press the <Enter> key when asked for your old password. +<p><br><strong>smbpasswd</strong> also can be used by a normal user to change their SMB +password on remote machines, such as Windows NT Primary Domain +Controllers. See the <a href="smbpasswd.8.html#minusr">(<strong>-r</strong>)</a> and +<a href="smbpasswd.8.html#minusU"><strong>-U</strong></a> options below. +<p><br>When run by root, <strong>smbpasswd</strong> allows new users to be added and +deleted in the <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file, as well as +changes to the attributes of the user in this file to be made. When +run by root, <strong>smbpasswd</strong> accesses the local +<a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file directly, thus enabling +changes to be made even if <a href="smbd.8.html"><strong>smbd</strong></a> is not running. +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="minusa"></a> +<li><strong><strong>-a</strong></strong> This option specifies that the username following should +be added to the local <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file, with +the new password typed (type <Enter> for the old password). This +option is ignored if the username following already exists in the +<a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file and it is treated like a +regular change password command. Note that the user to be added .B +must already exist in the system password file (usually /etc/passwd) +else the request to add the user will fail. +<p><br>This option is only available when running <strong>smbpasswd</strong> as +root. +<p><br><a name="minusd"></a> +<li><strong><strong>-d</strong></strong> This option specifies that the username following should be +<em>disabled</em> in the local <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file. +This is done by writing a <em>'D'</em> flag into the account control space +in the <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file. Once this is done +all attempts to authenticate via SMB using this username will fail. +<p><br>If the <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file is in the 'old' +format (pre-Samba 2.0 format) there is no space in the users password +entry to write this information and so the user is disabled by writing +'X' characters into the password space in the +<a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file. See <a href="smbpasswd.5.html"><strong>smbpasswd +(5)</strong></a> for details on the 'old' and new password file +formats. +<p><br>This option is only available when running <strong>smbpasswd</strong> as root. +<p><br><a name="minuse"></a> +<li><strong><strong>-e</strong></strong> This option specifies that the username following should be +<em>enabled</em> in the local <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file, +if the account was previously disabled. If the account was not +disabled this option has no effect. Once the account is enabled +then the user will be able to authenticate via SMB once again. +<p><br>If the smbpasswd file is in the 'old' format then <strong>smbpasswd</strong> will +prompt for a new password for this user, otherwise the account will be +enabled by removing the <em>'D'</em> flag from account control space in the +<a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file. See <a href="smbpasswd.5.html"><strong>smbpasswd +(5)</strong></a> for details on the 'old' and new password file +formats. +<p><br>This option is only available when running <strong>smbpasswd</strong> as root. +<p><br><a name="minusD"></a> +<li><strong><strong>-D debuglevel</strong></strong> debuglevel is an integer from 0 +to 10. The default value if this parameter is not specified is zero. +<p><br>The higher this value, the more detail will be logged to the log files +about the activities of smbpasswd. At level 0, only critical errors +and serious warnings will be logged. +<p><br>Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem. Levels above 3 are +designed for use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic. +<p><br><a name="minusn"></a> +<li><strong><strong>-n</strong></strong> This option specifies that the username following should +have their password set to null (i.e. a blank password) in the local +<a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file. This is done by writing the +string "NO PASSWORD" as the first part of the first password stored in +the <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file. +<p><br>Note that to allow users to logon to a Samba server once the password +has been set to "NO PASSWORD" in the +<a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file the administrator must set +the following parameter in the [global] section of the +<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file : +<p><br><a href="smb.conf.5.html#nullpasswords">null passwords = true</a> +<p><br>This option is only available when running <strong>smbpasswd</strong> as root. +<p><br><a name="minusr"></a> +<li><strong><strong>-r remote machine name</strong></strong> This option allows a +user to specify what machine they wish to change their password +on. Without this parameter <strong>smbpasswd</strong> defaults to the local +host. The <em>"remote machine name"</em> is the NetBIOS name of the +SMB/CIFS server to contact to attempt the password change. This name +is resolved into an IP address using the standard name resolution +mechanism in all programs of the <a href="samba.7.html"><strong>Samba</strong></a> +suite. See the <a href="smbpasswd.8.html#minusR"><strong>-R name resolve order</strong></a> parameter for details on changing this resolving +mechanism. +<p><br>The username whose password is changed is that of the current UNIX +logged on user. See the <a href="smbpasswd.8.html#minusU"><strong>-U username</strong></a> +parameter for details on changing the password for a different +username. +<p><br>Note that if changing a Windows NT Domain password the remote machine +specified must be the Primary Domain Controller for the domain (Backup +Domain Controllers only have a read-only copy of the user account +database and will not allow the password change). +<p><br><a name="minusR"></a> +<li><strong><strong>-R name resolve order</strong></strong> This option allows the user of +smbclient to determine what name resolution services to use when +looking up the NetBIOS name of the host being connected to. +<p><br>The options are :<a href="smbpasswd.8.html#lmhosts">"lmhosts"</a>, <a href="smbpasswd.8.html#host">"host"</a>, +<a href="smbpasswd.8.html#wins">"wins"</a> and <a href="smbpasswd.8.html#bcast">"bcast"</a>. They cause names to be +resolved as follows : +<p><br><ul> +<p><br><a name="lmhosts"></a> +<li > <strong>lmhosts</strong> : Lookup an IP address in the Samba lmhosts file. +<p><br><a name="host"></a> +<li > <strong>host</strong> : Do a standard host name to IP address resolution, +using the system /etc/hosts, NIS, or DNS lookups. This method of name +resolution is operating system depended for instance on IRIX or +Solaris this may be controlled by the <em>/etc/nsswitch.conf</em> file). +<p><br><a name="wins"></a> +<li > <strong>wins</strong> : Query a name with the IP address listed in the <a href="smb.conf.5.html#winsserver"><strong>wins +server</strong></a> parameter in the smb.conf file. If +no WINS server has been specified this method will be ignored. +<p><br><a name="bcast"></a> +<li > <strong>bcast</strong> : Do a broadcast on each of the known local interfaces +listed in the <a href="smb.conf.5.html#interfaces"><strong>interfaces</strong></a> parameter +in the smb.conf file. This is the least reliable of the name resolution +methods as it depends on the target host being on a locally connected +subnet. +<p><br></ul> +<p><br>If this parameter is not set then the name resolver order defined +in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file parameter +<a href="smb.conf.5.html#nameresolveorder"><strong>name resolve order</strong></a> +will be used. +<p><br>The default order is lmhosts, host, wins, bcast and without this +parameter or any entry in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> +file the name resolution methods will be attempted in this order. +<p><br><a name="minusm"></a> +<li><strong><strong>-m</strong></strong> This option tells <strong>smbpasswd</strong> that the account being +changed is a <em>MACHINE</em> account. Currently this is used when Samba is +being used as an NT Primary Domain Controller. PDC support is not a +supported feature in Samba2.0 but will become supported in a later +release. If you wish to know more about using Samba as an NT PDC then +please subscribe to the mailing list +<a href="mailto:samba-ntdom@samba.anu.edu.au"><em>samba-ntdom@samba.anu.edu.au</em></a>. +<p><br>This option is only available when running <strong>smbpasswd</strong> as root. +<p><br><a name="minusj"></a> +<li><strong><strong>-j DOMAIN</strong></strong> This option is used to add a Samba server into a +Windows NT Domain, as a Domain member capable of authenticating user +accounts to any Domain Controller in the same way as a Windows NT +Server. See the <a href="smb.conf.5.html#security"><strong>security=domain</strong></a> +option in the <a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> man page. +<p><br>In order to be used in this way, the Administrator for the Windows +NT Domain must have used the program <em>"Server Manager for Domains"</em> +to add the <a href="smb.conf.5.html#netbiosname">primary NetBIOS name</a> of +the Samba server as a member of the Domain. +<p><br>After this has been done, to join the Domain invoke <strong>smbpasswd</strong> with +this parameter. <strong>smbpasswd</strong> will then look up the Primary Domain +Controller for the Domain (found in the +<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file in the parameter +<a href="smb.conf.5.html#passwordserver"><strong>password server</strong></a> and change +the machine account password used to create the secure Domain +communication. This password is then stored by <strong>smbpasswd</strong> in a +file, read only by root, called <code><Domain>.<Machine>.mac</code> where +<code><Domain></code> is the name of the Domain we are joining and tt<Machine> +is the primary NetBIOS name of the machine we are running on. +<p><br>Once this operation has been performed the +<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file may be updated to set the +<a href="smb.conf.5.html#security"><strong>security=domain</strong></a> option and all +future logins to the Samba server will be authenticated to the Windows +NT PDC. +<p><br>Note that even though the authentication is being done to the PDC all +users accessing the Samba server must still have a valid UNIX account +on that machine. +<p><br>This option is only available when running <strong>smbpasswd</strong> as root. +<p><br><a name="minusU"></a> +<li><strong><strong>-U username</strong></strong> This option may only be used in +conjunction with the <a href="smbpasswd.8.html#minusr"><strong>-r</strong></a> +option. When changing a password on a remote machine it allows the +user to specify the user name on that machine whose password will be +changed. It is present to allow users who have different user names on +different systems to change these passwords. +<p><br><a name="minush"></a> +<li><strong><strong>-h</strong></strong> This option prints the help string for <strong>smbpasswd</strong>, +selecting the correct one for running as root or as an ordinary user. +<p><br><a name="minuss"></a> +<li><strong><strong>-s</strong></strong> This option causes <strong>smbpasswd</strong> to be silent (ie. not +issue prompts) and to read it's old and new passwords from standard +input, rather than from <code>/dev/tty</code> (like the <strong>passwd (1)</strong> program +does). This option is to aid people writing scripts to drive <strong>smbpasswd</strong> +<p><br><a name="username"></a> +dir(<strong>username</strong>) This specifies the username for all of the <em>root +only</em> options to operate on. Only root can specify this parameter as +only root has the permission needed to modify attributes directly +in the local <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file. +<p><br><a name="NOTES"></a> +<h2>NOTES</h2> + +<p><br>As <strong>smbpasswd</strong> works in client-server mode communicating with a +local <a href="smbd.8.html"><strong>smbd</strong></a> for a non-root user then the <strong>smbd</strong> +daemon must be running for this to work. A common problem is to add a +restriction to the hosts that may access the <strong>smbd</strong> running on the +local machine by specifying a <a href="smb.conf.5.html#allowhosts"><strong>"allow +hosts"</strong></a> or <a href="smb.conf.5.html#denyhosts"><strong>"deny +hosts"</strong></a> entry in the +<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file and neglecting to allow +<em>"localhost"</em> access to the <strong>smbd</strong>. +<p><br>In addition, the <strong>smbpasswd</strong> command is only useful if <strong>Samba</strong> has +been set up to use encrypted passwords. See the file <strong>ENCRYPTION.txt</strong> +in the docs directory for details on how to do this. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. +</body> +</html> diff --git a/docs/htmldocs/smbrun.1.html b/docs/htmldocs/smbrun.1.html new file mode 100644 index 0000000000..b33edd4d87 --- /dev/null +++ b/docs/htmldocs/smbrun.1.html @@ -0,0 +1,84 @@ + + + + + +<html><head><title>smbrun</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>smbrun</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + smbrun - interface program between smbd and external programs +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>smbrun</strong> <a href="smbrun.1.html#shellcommand">shell-command</a> +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br><strong>smbrun</strong> is a very small 'glue' program, which runs shell commands +for the <a href="smbd.8.html"><strong>smbd</strong></a> daemon <a href="smbd.8.html"><strong>smbd +(8)</strong></a>. +<p><br>It first changes to the highest effective user and group ID that it +can, then runs the command line provided using the system() call. This +program is necessary to allow some operating systems to run external +programs as non-root. +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="shellcommand"></a> +<li><strong><strong>shell-command</strong></strong> The shell command to execute. The command +should have a fully-qualified path. +<p><br></ul> +<p><br><a name="ENVIRONMENTVARIABLES"></a> +<h2>ENVIRONMENT VARIABLES</h2> + +<p><br>The <em>PATH</em> variable set for the environment in which <strong>smbrun</strong> is +executed will affect what executables are located and executed if a +fully-qualified path is not given in the command. +<p><br><a name="DIAGNOSTICS"></a> +<h2>DIAGNOSTICS</h2> + +<p><br>If <strong>smbrun</strong> cannot be located or cannot be executed by +<a href="smbd.8.html"><strong>smbd</strong></a> then appropriate messages will be found in +the <a href="smbd.8.html"><strong>smbd</strong></a> logs. Other diagnostics are dependent +on the shell-command being run. It is advisable for your shell +commands to issue suitable diagnostics to aid trouble-shooting. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a>, <a href="smbd.8.html"><strong>smbd (8)</strong></a> +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. +</body> +</html> diff --git a/docs/htmldocs/smbstatus.1.html b/docs/htmldocs/smbstatus.1.html new file mode 100644 index 0000000000..102114d2b4 --- /dev/null +++ b/docs/htmldocs/smbstatus.1.html @@ -0,0 +1,81 @@ + + + + + +<html><head><title>smbstatus</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>smbstatus</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + smbstatus - report on current Samba connections +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>smbstatus</strong> [<a href="smbstatus.1.html#minusb">-b</a>] [<a href="smbstatus.1.html#minusd">-d</a>] [<a href="smbstatus.1.html#minusL">-L</a>] [<a href="smbstatus.1.html#minusp">-p</a>] [<a href="smbstatus.1.html#minusS">-S</a>] [<a href="smbstatus.1.html#minuss">-s configuration file</a>] [<a href="smbstatus.1.html#minusu">-u username</a>] +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br><strong>smbstatus</strong> is a very simple program to list the current Samba +connections. +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="minusb"></a> +<li><strong><strong>-b</strong></strong> gives brief output. +<p><br><a name="minusd"></a> +<li><strong><strong>-d</strong></strong> gives verbose output. +<p><br><a name="minusL"></a> +<li><strong><strong>-L</strong></strong> causes smbstatus to only list locks. +<p><br><a name="minusp"></a> +<li><strong><strong>-p</strong></strong> print a list of <a href="smbd.8.html"><strong>smbd</strong></a> +processes and exit. Useful for scripting. +<p><br><a name="minusS"></a> +<li><strong><strong>-S</strong></strong> causes smbstatus to only list shares. +<p><br><a name="minuss"></a> +<li><strong><strong>-s configuration file</strong></strong> The default configuration file name is +determined at compile time. The file specified contains the +configuration details required by the server. See <a href="smb.conf.5.html"><strong>smb.conf +(5)</strong></a> for more information. +<p><br><a name="minusu"></a> +<li><strong><strong>-u username</strong></strong> selects information relevant to <em>username</em> +only. +<p><br></ul> +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a>, <a href="smbd.8.html"><strong>smbd (8)</strong></a> +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. +</body> +</html> diff --git a/docs/htmldocs/smbtar.1.html b/docs/htmldocs/smbtar.1.html new file mode 100644 index 0000000000..72698b96d9 --- /dev/null +++ b/docs/htmldocs/smbtar.1.html @@ -0,0 +1,128 @@ + + + + + +<html><head><title>smbtar</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>smbtar</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + smbtar - shell script for backing up SMB/CIFS shares directly to UNIX tape drives +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>smbtar</strong> <a href="smbtar.1.html#minuss">-s server</a> [<a href="smbtar.1.html#minusp">-p password</a>] [<a href="smbtar.1.html#minusx">-x service</a>] [<a href="smbtar.1.html#minusX">-X</a>] [<a href="smbtar.1.html#minusd">-d directory</a>] [<a href="smbtar.1.html#minusu">-u user</a>] [<a href="smbtar.1.html#minust">-t tape</a>] [<a href="smbtar.1.html#minusb">-b blocksize</a>] [<a href="smbtar.1.html#minusN">-N filename</a>] [<a href="smbtar.1.html#minusi">-i</a>] [<a href="smbtar.1.html#minusr">-r</a>] [<a href="smbtar.1.html#minusl">-l log level</a>] [<a href="smbtar.1.html#minusv">-v</a>] filenames +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br><strong>smbtar</strong> is a very small shell script on top of +<a href="smbclient.1.html"><strong>smbclient</strong></a> which dumps SMB shares directly +to tape. +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="minuss"></a> +<li><strong><strong>-s server</strong></strong> The SMB/CIFS server that the share resides upon. +<p><br><a name="minusx"></a> +<li><strong><strong>-x service</strong></strong> The share name on the server to connect +to. The default is <code>backup</code>. +<p><br><a name="minusX"></a> +<li><strong><strong>-X</strong></strong> Exclude mode. Exclude filenames... from tar create or +restore. +<p><br><a name="minusd"></a> +<li><strong><strong>-d directory</strong></strong> Change to initial <em>directory</em> before restoring +/ backing up files. +<p><br><a name="minusv"></a> +<li><strong><strong>-v</strong></strong> Verbose mode. +<p><br><a name="minusp"></a> +<li><strong><strong>-p password</strong></strong> The password to use to access a share. Default: +none +<p><br><a name="minusu"></a> +<li><strong><strong>-u user</strong></strong> The user id to connect as. Default: UNIX login name. +<p><br><a name="minust"></a> +<li><strong><strong>-t tape</strong></strong> Tape device. May be regular file or tape +device. Default: <em>TAPE</em> environmental variable; if not set, a file +called <code>tar.out</code>. +<p><br><a name="minusb"></a> +<li><strong><strong>-b blocksize</strong></strong> Blocking factor. Defaults to 20. See <strong>tar (1)</strong> +for a fuller explanation. +<p><br><a name="minusN"></a> +<li><strong><strong>-N filename</strong></strong> Backup only files newer than filename. Could be +used (for example) on a log file to implement incremental backups. +<p><br><a name="minusi"></a> +<li><strong><strong>-i</strong></strong> Incremental mode; tar files are only backed up if they +have the archive bit set. The archive bit is reset after each file is +read. +<p><br><a name="minusr"></a> +<li><strong><strong>-r</strong></strong> Restore. Files are restored to the share from the tar +file. +<p><br><a name="minusl"></a> +<li><strong><strong>-l log level</strong></strong> Log (debug) level. Corresponds to the +<a href="smbclient.1.html#minusd"><strong>-d</strong></a> flag of <a href="smbclient.1.html"><strong>smbclient +(1)</strong></a>. +<p><br></ul> +<p><br><a name="ENVIRONMENTVARIABLES"></a> +<h2>ENVIRONMENT VARIABLES</h2> + +<p><br>The TAPE variable specifies the default tape device to write to. May +be overridden with the <a href="smbtar.1.html#minust"><strong>-t</strong></a> option. +<p><br><a name="BUGS"></a> +<h2>BUGS</h2> + +<p><br>The <strong>smbtar</strong> script has different options from ordinary tar and tar +called from <a href="smbclient.1.html"><strong>smbclient</strong></a>. +<p><br><a name="CAVEATS"></a> +<h2>CAVEATS</h2> + +<p><br>Sites that are more careful about security may not like the way the +script handles PC passwords. Backup and restore work on entire shares, +should work on file lists. <strong>smbtar</strong> works best with GNU tar and may +not work well with other versions. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><a href="smbclient.1.html"><strong>smbclient (1)</strong></a>, <a href="smb.conf.5.html"><strong>smb.conf +(5)</strong></a> +<p><br><a name="DIAGNOSTICS"></a> +<h2>DIAGNOSTICS</h2> + +<p><br>See the <a href="smbclient.1.html#DIAGNOSTICS"><strong>DIAGNOSTICS</strong></a> section for +the <a href="smbclient.1.html"><strong>smbclient</strong></a> command. +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>Ricky Poulten <a href="mailto:poultenr@logica.co.uk"><em>poultenr@logica.co.uk</em></a> wrote the tar extension and +this man page. The <strong>smbtar</strong> script was heavily rewritten and +improved by Martin Kraemer <a href="mailto:Martin.Kraemer@mch.sni.de"><em>Martin.Kraemer@mch.sni.de</em></a>. Many +thanks to everyone who suggested extensions, improvements, bug fixes, +etc. The man page sources were converted to YODL format (another +excellent piece of Open Source software) and updated for the Samba2.0 +release by Jeremy Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. +<p><br></body> +</html> diff --git a/docs/htmldocs/testparm.1.html b/docs/htmldocs/testparm.1.html new file mode 100644 index 0000000000..7cf4bb650a --- /dev/null +++ b/docs/htmldocs/testparm.1.html @@ -0,0 +1,99 @@ + + + + + +<html><head><title>testparm</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>testparm</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + testparm - check an smb.conf configuration file for internal correctness +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>testparm</strong> [<a href="testparm.1.html#configfilename">configfilename</a> [<a href="testparm.1.html#hostname">hostname</a> <a href="testparm.1.html#hostIP">hostIP</a>] ] +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br><strong>testparm</strong> is a very simple test program to check an +<a href="smbd.8.html"><strong>smbd</strong></a> configuration file for internal +correctness. If this program reports no problems, you can use the +configuration file with confidence that <a href="smbd.8.html"><strong>smbd</strong></a> +will successfully load the configuration file. +<p><br>Note that this is <em>NOT</em> a guarantee that the services specified in the +configuration file will be available or will operate as expected. +<p><br>If the optional host name and host IP address are specified on the +command line, this test program will run through the service entries +reporting whether the specified host has access to each service. +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="configfilename"></a> +<li><strong><strong>configfilename</strong></strong> This is the name of the configuration file to +check. If this parameter is not present then the default +<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file will be checked. +<p><br><a name="hostname"></a> +<li><strong><strong>hostname</strong></strong> If this parameter and the following are specified, +then testparm will examine the <a href="smb.conf.5.html#hostsallow"><strong>"hosts +allow"</strong></a> and <a href="smb.conf.5.html#hostsdeny"><strong>"hosts +deny"</strong></a> parameters in the +<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file to determine if the hostname +with this IP address would be allowed acces to the +<a href="smbd.8.html"><strong>smbd</strong></a> server. If this parameter is supplied, the +hostIP parameter must also be supplied. +<p><br><a name="hostIP"></a> +<li><strong><strong>hostIP</strong></strong> This is the IP address of the host specified in the +previous parameter. This address must be supplied if the hostname +parameter is supplied. +<p><br></ul> +<p><br><a name="FILES"></a> +<h2>FILES</h2> + +<p><br><a href="smb.conf.5.html"><strong>smb.conf</strong></a>. This is usually the name of the +configuration file used by <a href="smbd.8.html"><strong>smbd</strong></a>. +<p><br><a name="DIAGNOSTICS"></a> +<h2>DIAGNOSTICS</h2> + +<p><br>The program will issue a message saying whether the configuration file +loaded OK or not. This message may be preceded by errors and warnings +if the file did not load. If the file was loaded OK, the program then +dumps all known service details to stdout. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a>, <a href="smbd.8.html"><strong>smbd (8)</strong></a> +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. +</body> +</html> diff --git a/docs/htmldocs/testprns.1.html b/docs/htmldocs/testprns.1.html new file mode 100644 index 0000000000..a457aa55f5 --- /dev/null +++ b/docs/htmldocs/testprns.1.html @@ -0,0 +1,96 @@ + + + + + +<html><head><title>testparm</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>testparm</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + testparm - check printer name for validity with smbd +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>testprns</strong> <a href="testprns.1.html#printername">printername</a> [<a href="testprns.1.html#printcapname">printcapname</a>] +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br><strong>testprns</strong> is a very simple test program to determine whether a +given printer name is valid for use in a service to be provided by +<a href="smbd.8.html"><strong>smbd</strong></a>. +<p><br>"Valid" in this context means "can be found in the printcap +specified". This program is very stupid - so stupid in fact that it +would be wisest to always specify the printcap file to use. +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="printername"></a> +<li><strong><strong>printername</strong></strong> The printer name to validate. +<p><br>Printer names are taken from the first field in each record in the +printcap file, single printer names and sets of aliases separated by +vertical bars ("|") are recognised. Note that no validation or +checking of the printcap syntax is done beyond that required to +extract the printer name. It may be that the print spooling system is +more forgiving or less forgiving than <strong>testprns</strong>. However, if +<strong>testprns</strong> finds the printer then <a href="smbd.8.html"><strong>smbd</strong></a> should +do so as well. +<p><br><a name="printcapname"></a> +<li><strong><strong>printcapname</strong></strong> This is the name of the printcap file within +which to search for the given printer name. +<p><br>If no printcap name is specified <strong>testprns</strong> will attempt to scan the +printcap file name specified at compile time. +<p><br></ul> +<p><br><a name="FILES"></a> +<h2>FILES</h2> + +<p><br><strong>/etc/printcap</strong> This is usually the default printcap file to +scan. See <strong>printcap (5)</strong>. +<p><br><a name="DIAGNOSTICS"></a> +<h2>DIAGNOSTICS</h2> + +<p><br>If a printer is found to be valid, the message "Printer name +<printername> is valid" will be displayed. +<p><br>If a printer is found to be invalid, the message "Printer name +<printername> is not valid" will be displayed. +<p><br>All messages that would normally be logged during operation of the +<a href="samba.7.html"><strong>Samba</strong></a> daemons are logged by this program to the +file <code>test.log</code> in the current directory. The program runs at +debuglevel 3, so quite extensive logging information is written. The +log should be checked carefully for errors and warnings. +<p><br>Other messages are self-explanatory. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><strong>printcap (5)</strong>, <a href="smbd.8.html"><strong>smbd (8)</strong></a>, <a href="smbclient.1.html"><strong>smbclient +(1)</strong></a> +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. +</body> +</html> |