diff options
author | Alexander Bokovoy <ab@samba.org> | 2003-04-30 21:23:00 +0000 |
---|---|---|
committer | Alexander Bokovoy <ab@samba.org> | 2003-04-30 21:23:00 +0000 |
commit | 318acec837279edaf74e331afc8ebdba5c05db71 (patch) | |
tree | 3315f171149b5db056aba654fc74985c6a932e07 | |
parent | 28dd0d9081cac660876a7891c037939b2c264ca8 (diff) | |
download | samba-318acec837279edaf74e331afc8ebdba5c05db71.tar.gz samba-318acec837279edaf74e331afc8ebdba5c05db71.tar.bz2 samba-318acec837279edaf74e331afc8ebdba5c05db71.zip |
Docbook XML conversion: manpages
(This used to be commit b558088b85355e9f22c77b4267a038adc47e9630)
-rw-r--r-- | docs/docbook/manpages/.cvsignore | 1 | ||||
-rw-r--r-- | docs/docbook/manpages/editreg.1.xml (renamed from docs/docbook/manpages/editreg.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/findsmb.1.xml (renamed from docs/docbook/manpages/findsmb.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/lmhosts.5.xml (renamed from docs/docbook/manpages/lmhosts.5.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/net.8.xml (renamed from docs/docbook/manpages/net.8.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/nmbd.8.xml (renamed from docs/docbook/manpages/nmbd.8.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/nmblookup.1.xml (renamed from docs/docbook/manpages/nmblookup.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/ntlm_auth.1.xml (renamed from docs/docbook/manpages/ntlm_auth.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/pdbedit.8.xml (renamed from docs/docbook/manpages/pdbedit.8.sgml) | 11 | ||||
-rw-r--r-- | docs/docbook/manpages/profiles.1.xml (renamed from docs/docbook/manpages/profiles.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/rpcclient.1.xml (renamed from docs/docbook/manpages/rpcclient.1.sgml) | 22 | ||||
-rw-r--r-- | docs/docbook/manpages/samba.7.xml (renamed from docs/docbook/manpages/samba.7.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smb.conf.5.sgml | 8532 | ||||
-rw-r--r-- | docs/docbook/manpages/smbcacls.1.xml (renamed from docs/docbook/manpages/smbcacls.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbclient.1.xml (renamed from docs/docbook/manpages/smbclient.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbcontrol.1.xml (renamed from docs/docbook/manpages/smbcontrol.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbcquotas.1.xml (renamed from docs/docbook/manpages/smbcquotas.1.sgml) | 8 | ||||
-rw-r--r-- | docs/docbook/manpages/smbd.8.xml (renamed from docs/docbook/manpages/smbd.8.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbmnt.8.xml (renamed from docs/docbook/manpages/smbmnt.8.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbmount.8.xml (renamed from docs/docbook/manpages/smbmount.8.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbpasswd.5.xml (renamed from docs/docbook/manpages/smbpasswd.5.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbpasswd.8.xml (renamed from docs/docbook/manpages/smbpasswd.8.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbsh.1.xml (renamed from docs/docbook/manpages/smbsh.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbspool.8.xml (renamed from docs/docbook/manpages/smbspool.8.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbstatus.1.xml (renamed from docs/docbook/manpages/smbstatus.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbtar.1.xml (renamed from docs/docbook/manpages/smbtar.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbtree.1.xml (renamed from docs/docbook/manpages/smbtree.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/smbumount.8.xml (renamed from docs/docbook/manpages/smbumount.8.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/swat.8.xml (renamed from docs/docbook/manpages/swat.8.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/tdbbackup.8.xml (renamed from docs/docbook/manpages/tdbbackup.8.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/testparm.1.xml (renamed from docs/docbook/manpages/testparm.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/testprns.1.xml (renamed from docs/docbook/manpages/testprns.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/vfstest.1.xml (renamed from docs/docbook/manpages/vfstest.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/wbinfo.1.xml (renamed from docs/docbook/manpages/wbinfo.1.sgml) | 7 | ||||
-rw-r--r-- | docs/docbook/manpages/winbindd.8.xml (renamed from docs/docbook/manpages/winbindd.8.sgml) | 7 |
35 files changed, 189 insertions, 8595 deletions
diff --git a/docs/docbook/manpages/.cvsignore b/docs/docbook/manpages/.cvsignore new file mode 100644 index 0000000000..2d6c32d7f2 --- /dev/null +++ b/docs/docbook/manpages/.cvsignore @@ -0,0 +1 @@ +smb.conf.5.xml
\ No newline at end of file diff --git a/docs/docbook/manpages/editreg.1.sgml b/docs/docbook/manpages/editreg.1.xml index 22c3c3e759..3427552356 100644 --- a/docs/docbook/manpages/editreg.1.sgml +++ b/docs/docbook/manpages/editreg.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="editreg.1"> diff --git a/docs/docbook/manpages/findsmb.1.sgml b/docs/docbook/manpages/findsmb.1.xml index 090b1c8388..e5ec26c4df 100644 --- a/docs/docbook/manpages/findsmb.1.sgml +++ b/docs/docbook/manpages/findsmb.1.xml @@ -1,4 +1,9 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; +]> <refentry id="findsmb.1"> <refmeta> diff --git a/docs/docbook/manpages/lmhosts.5.sgml b/docs/docbook/manpages/lmhosts.5.xml index a8a5f2c072..12d69a7e56 100644 --- a/docs/docbook/manpages/lmhosts.5.sgml +++ b/docs/docbook/manpages/lmhosts.5.xml @@ -1,4 +1,9 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; +]> <refentry id="lmhosts.5"> <refmeta> diff --git a/docs/docbook/manpages/net.8.sgml b/docs/docbook/manpages/net.8.xml index ca52ce8ffc..c7874e68fd 100644 --- a/docs/docbook/manpages/net.8.sgml +++ b/docs/docbook/manpages/net.8.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; <!-- This one is only used for adding users using RAP --> <!ENTITY net.arg.flags ' diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.xml index f2b4ac5a05..a98d189839 100644 --- a/docs/docbook/manpages/nmbd.8.sgml +++ b/docs/docbook/manpages/nmbd.8.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="nmbd.8"> diff --git a/docs/docbook/manpages/nmblookup.1.sgml b/docs/docbook/manpages/nmblookup.1.xml index b4a96e96ba..3da0649dd5 100644 --- a/docs/docbook/manpages/nmblookup.1.sgml +++ b/docs/docbook/manpages/nmblookup.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="nmblookup"> diff --git a/docs/docbook/manpages/ntlm_auth.1.sgml b/docs/docbook/manpages/ntlm_auth.1.xml index 42a362cd41..a37b5b3b7d 100644 --- a/docs/docbook/manpages/ntlm_auth.1.sgml +++ b/docs/docbook/manpages/ntlm_auth.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="ntlm-auth.1"> diff --git a/docs/docbook/manpages/pdbedit.8.sgml b/docs/docbook/manpages/pdbedit.8.xml index fc9a212c19..6d5127a855 100644 --- a/docs/docbook/manpages/pdbedit.8.sgml +++ b/docs/docbook/manpages/pdbedit.8.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="pdbedit.8"> @@ -269,7 +272,7 @@ retype new password <term>-g</term> <listitem><para>If you specify <parameter>-g</parameter>, then <parameter>-i in-backend -e out-backend</parameter> - applies to the group mapping instead of the user database. + applies to the group mapping instead of the user database.</para> <para>This option will ease migration from one passdb backend to another and will ease backing up.</para> @@ -281,7 +284,7 @@ retype new password <term>-g</term> <listitem><para>If you specify <parameter>-g</parameter>, then <parameter>-i in-backend -e out-backend</parameter> - applies to the group mapping instead of the user database. + applies to the group mapping instead of the user database.</para> <para>This option will ease migration from one passdb backend to another and will ease backing up.</para> diff --git a/docs/docbook/manpages/profiles.1.sgml b/docs/docbook/manpages/profiles.1.xml index 6fd2b6fd86..1dbff39efa 100644 --- a/docs/docbook/manpages/profiles.1.sgml +++ b/docs/docbook/manpages/profiles.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="profiles.1"> diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.xml index 789ed6b5cf..c6775d9721 100644 --- a/docs/docbook/manpages/rpcclient.1.sgml +++ b/docs/docbook/manpages/rpcclient.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="rpcclient.1"> @@ -270,9 +273,10 @@ Comma Separated list of Files <varlistentry><term>enumjobs <printer></term> <listitem><para>List the jobs and status of a given printer. This command corresponds to the MS Platform SDK EnumJobs() - function </listitem></varlistentry> + function</para></listitem></varlistentry> - <varlistentry><term>enumkey</term><listitem><para>Enumerate printer keys</para></listitem></varlistentry> + <varlistentry><term>enumkey</term><listitem><para>Enumerate + printer keys</para></listitem></varlistentry> <varlistentry><term>enumports [level]</term> <listitem><para> @@ -306,7 +310,9 @@ Comma Separated list of Files This command corresponds to the GetPrinterData() MS Platform SDK function. </para></listitem></varlistentry> - <varlistentry><term>getdataex</term><listitem><para>Get printer driver data with keyname</para></listitem></varlistentry> + <varlistentry><term>getdataex</term><listitem><para>Get + printer driver data with + keyname</para></listitem></varlistentry> <varlistentry><term>getdriver <printername></term> @@ -334,11 +340,13 @@ Comma Separated list of Files corresponds to the GetPrinter() MS Platform SDK function. </para></listitem></varlistentry> - <varlistentry><term>getprintprocdir</term><listitem><para>Get print processor directory</para></listitem></varlistentry> + <varlistentry><term>getprintprocdir</term><listitem><para>Get + print processor + directory</para></listitem></varlistentry> <varlistentry><term>openprinter <printername></term> <listitem><para>Execute an OpenPrinterEx() and ClosePrinter() RPC - against a given printer. </para></listitem> + against a given printer. </para></listitem></varlistentry> <varlistentry><term>setdriver <printername> <drivername></term> diff --git a/docs/docbook/manpages/samba.7.sgml b/docs/docbook/manpages/samba.7.xml index a5d486259f..6abde609b9 100644 --- a/docs/docbook/manpages/samba.7.sgml +++ b/docs/docbook/manpages/samba.7.xml @@ -1,4 +1,9 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; +]> <refentry id="samba.7"> <refmeta> diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml deleted file mode 100644 index 3e98d3f25f..0000000000 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ /dev/null @@ -1,8532 +0,0 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smb.conf.5"> - -<refmeta> - <refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum> -</refmeta> - - -<refnamediv> - <refname>smb.conf</refname> - <refpurpose>The configuration file for the Samba suite</refpurpose> -</refnamediv> - -<refsect1> - <title>SYNOPSIS</title> - - <para>The <filename>smb.conf</filename> file is a configuration - file for the Samba suite. <filename>smb.conf</filename> contains - runtime configuration information for the Samba programs. The <filename>smb.conf</filename> file - is designed to be configured and administered by the <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> program. The complete - description of the file format and possible parameters held within - are here for reference purposes.</para> </refsect1> - -<refsect1> - <title id="FILEFORMATSECT">FILE FORMAT</title> - - <para>The file consists of sections and parameters. A section - begins with the name of the section in square brackets and continues - until the next section begins. Sections contain parameters of the - form</para> - - <para><replaceable>name</replaceable> = <replaceable>value - </replaceable></para> - - <para>The file is line-based - that is, each newline-terminated - line represents either a comment, a section name or a parameter.</para> - - <para>Section and parameter names are not case sensitive.</para> - - <para>Only the first equals sign in a parameter is significant. - Whitespace before or after the first equals sign is discarded. - Leading, trailing and internal whitespace in section and parameter - names is irrelevant. Leading and trailing whitespace in a parameter - value is discarded. Internal whitespace within a parameter value - is retained verbatim.</para> - - <para>Any line beginning with a semicolon (';') or a hash ('#') - character is ignored, as are lines containing only whitespace.</para> - - <para>Any line ending in a '\' is continued - on the next line in the customary UNIX fashion.</para> - - <para>The values following the equals sign in parameters are all - either a string (no quotes needed) or a boolean, which may be given - as yes/no, 0/1 or true/false. Case is not significant in boolean - values, but is preserved in string values. Some items such as - create modes are numeric.</para> -</refsect1> - -<refsect1> - <title>SECTION DESCRIPTIONS</title> - - <para>Each section in the configuration file (except for the - [global] section) describes a shared resource (known - as a "share"). The section name is the name of the - shared resource and the parameters within the section define - the shares attributes.</para> - - <para>There are three special sections, [global], - [homes] and [printers], which are - described under <emphasis>special sections</emphasis>. The - following notes apply to ordinary section descriptions.</para> - - <para>A share consists of a directory to which access is being - given plus a description of the access rights which are granted - to the user of the service. Some housekeeping options are - also specifiable.</para> - - <para>Sections are either file share services (used by the - client as an extension of their native file systems) or - printable services (used by the client to access print services - on the host running the server).</para> - - <para>Sections may be designated <emphasis>guest</emphasis> services, - in which case no password is required to access them. A specified - UNIX <emphasis>guest account</emphasis> is used to define access - privileges in this case.</para> - - <para>Sections other than guest services will require a password - to access them. The client provides the username. As older clients - only provide passwords and not usernames, you may specify a list - of usernames to check against the password using the "user =" - option in the share definition. For modern clients such as - Windows 95/98/ME/NT/2000, this should not be necessary.</para> - - <para>Note that the access rights granted by the server are - masked by the access rights granted to the specified or guest - UNIX user by the host system. The server does not grant more - access than the host system grants.</para> - - <para>The following sample section defines a file space share. - The user has write access to the path <filename>/home/bar</filename>. - The share is accessed via the share name "foo":</para> - -<screen> -<computeroutput> -[foo] - path = /home/bar - read only = no -</computeroutput> -</screen> - - <para>The following sample section defines a printable share. - The share is readonly, but printable. That is, the only write - access permitted is via calls to open, write to and close a - spool file. The <emphasis>guest ok</emphasis> parameter means - access will be permitted as the default guest user (specified - elsewhere):</para> - -<screen> -<computeroutput> -[aprinter] - path = /usr/spool/public - read only = yes - printable = yes - guest ok = yes -</computeroutput> -</screen> -</refsect1> - -<refsect1> - <title>SPECIAL SECTIONS</title> - - <refsect2> - <title>The [global] section</title> - - <para>parameters in this section apply to the server - as a whole, or are defaults for sections which do not - specifically define certain items. See the notes - under PARAMETERS for more information.</para> - </refsect2> - - <refsect2> - <title id="HOMESECT">The [homes] section</title> - - <para>If a section called homes is included in the - configuration file, services connecting clients to their - home directories can be created on the fly by the server.</para> - - <para>When the connection request is made, the existing - sections are scanned. If a match is found, it is used. If no - match is found, the requested section name is treated as a - user name and looked up in the local password file. If the - name exists and the correct password has been given, a share is - created by cloning the [homes] section.</para> - - <para>Some modifications are then made to the newly - created share:</para> - - <itemizedlist> - <listitem><para>The share name is changed from homes to - the located username.</para></listitem> - - <listitem><para>If no path was given, the path is set to - the user's home directory.</para></listitem> - </itemizedlist> - - <para>If you decide to use a <emphasis>path =</emphasis> line - in your [homes] section then you may find it useful - to use the %S macro. For example :</para> - - <para><userinput>path = /data/pchome/%S</userinput></para> - - <para>would be useful if you have different home directories - for your PCs than for UNIX access.</para> - - <para>This is a fast and simple way to give a large number - of clients access to their home directories with a minimum - of fuss.</para> - - <para>A similar process occurs if the requested section - name is "homes", except that the share name is not - changed to that of the requesting user. This method of using - the [homes] section works well if different users share - a client PC.</para> - - <para>The [homes] section can specify all the parameters - a normal service section can specify, though some make more sense - than others. The following is a typical and suitable [homes] - section:</para> - -<screen> -<computeroutput> -[homes] - read only = no -</computeroutput> -</screen> - - <para>An important point is that if guest access is specified - in the [homes] section, all home directories will be - visible to all clients <emphasis>without a password</emphasis>. - In the very unlikely event that this is actually desirable, it - would be wise to also specify <emphasis>read only - access</emphasis>.</para> - - <para>Note that the <emphasis>browseable</emphasis> flag for - auto home directories will be inherited from the global browseable - flag, not the [homes] browseable flag. This is useful as - it means setting <emphasis>browseable = no</emphasis> in - the [homes] section will hide the [homes] share but make - any auto home directories visible.</para> - </refsect2> - - <refsect2> - <title id="PRINTERSSECT">The [printers] section</title> - - <para>This section works like [homes], - but for printers.</para> - - <para>If a [printers] section occurs in the - configuration file, users are able to connect to any printer - specified in the local host's printcap file.</para> - - <para>When a connection request is made, the existing sections - are scanned. If a match is found, it is used. If no match is found, - but a [homes] section exists, it is used as described - above. Otherwise, the requested section name is treated as a - printer name and the appropriate printcap file is scanned to see - if the requested section name is a valid printer share name. If - a match is found, a new printer share is created by cloning - the [printers] section.</para> - - <para>A few modifications are then made to the newly created - share:</para> - - <itemizedlist> - <listitem><para>The share name is set to the located printer - name</para></listitem> - - <listitem><para>If no printer name was given, the printer name - is set to the located printer name</para></listitem> - - <listitem><para>If the share does not permit guest access and - no username was given, the username is set to the located - printer name.</para></listitem> - </itemizedlist> - - <para>Note that the [printers] service MUST be - printable - if you specify otherwise, the server will refuse - to load the configuration file.</para> - - <para>Typically the path specified would be that of a - world-writeable spool directory with the sticky bit set on - it. A typical [printers] entry would look like - this:</para> - -<screen><computeroutput> -[printers] - path = /usr/spool/public - guest ok = yes - printable = yes -</computeroutput></screen> - - <para>All aliases given for a printer in the printcap file - are legitimate printer names as far as the server is concerned. - If your printing subsystem doesn't work like that, you will have - to set up a pseudo-printcap. This is a file consisting of one or - more lines like this:</para> - -<screen> -<computeroutput> -alias|alias|alias|alias... -</computeroutput> -</screen> - - <para>Each alias should be an acceptable printer name for - your printing subsystem. In the [global] section, specify - the new file as your printcap. The server will then only recognize - names found in your pseudo-printcap, which of course can contain - whatever aliases you like. The same technique could be used - simply to limit access to a subset of your local printers.</para> - - <para>An alias, by the way, is defined as any component of the - first entry of a printcap record. Records are separated by newlines, - components (if there are more than one) are separated by vertical - bar symbols ('|').</para> - - <note><para>On SYSV systems which use lpstat to determine what - printers are defined on the system you may be able to use - "printcap name = lpstat" to automatically obtain a list - of printers. See the "printcap name" option - for more details.</para></note> - </refsect2> -</refsect1> - -<refsect1> - <title>PARAMETERS</title> - - <para>parameters define the specific attributes of sections.</para> - - <para>Some parameters are specific to the [global] section - (e.g., <emphasis>security</emphasis>). Some parameters are usable - in all sections (e.g., <emphasis>create mode</emphasis>). All others - are permissible only in normal sections. For the purposes of the - following descriptions the [homes] and [printers] - sections will be considered normal. The letter <emphasis>G</emphasis> - in parentheses indicates that a parameter is specific to the - [global] section. The letter <emphasis>S</emphasis> - indicates that a parameter can be specified in a service specific - section. Note that all <emphasis>S</emphasis> parameters can also be specified in - the [global] section - in which case they will define - the default behavior for all services.</para> - - <para>parameters are arranged here in alphabetical order - this may - not create best bedfellows, but at least you can find them! Where - there are synonyms, the preferred synonym is described, others refer - to the preferred synonym.</para> -</refsect1> - -<refsect1> - <title>VARIABLE SUBSTITUTIONS</title> - - <para>Many of the strings that are settable in the config file - can take substitutions. For example the option "path = - /tmp/%u" would be interpreted as "path = - /tmp/john" if the user connected with the username john.</para> - - <para>These substitutions are mostly noted in the descriptions below, - but there are some general substitutions which apply whenever they - might be relevant. These are:</para> - - <variablelist> - <varlistentry> - <term>%U</term> - <listitem><para>session user name (the user name that the client - wanted, not necessarily the same as the one they got).</para></listitem> - </varlistentry> - - <varlistentry> - <term>%G</term> - <listitem><para>primary group name of %U.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%h</term> - <listitem><para>the Internet hostname that Samba is running - on.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%m</term> - <listitem><para>the NetBIOS name of the client machine - (very useful).</para></listitem> - </varlistentry> - - <varlistentry> - <term>%L</term> - <listitem><para>the NetBIOS name of the server. This allows you - to change your config based on what the client calls you. Your - server can have a "dual personality".</para> - - <para>Note that this parameter is not available when Samba listens - on port 445, as clients no longer send this information </para> - </listitem> - - </varlistentry> - - <varlistentry> - <term>%M</term> - <listitem><para>the Internet name of the client machine. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>%R</term> - <listitem><para>the selected protocol level after - protocol negotiation. It can be one of CORE, COREPLUS, - LANMAN1, LANMAN2 or NT1.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%d</term> - <listitem><para>The process id of the current server - process.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%a</term> - <listitem><para>the architecture of the remote - machine. Only some are recognized, and those may not be - 100% reliable. It currently recognizes Samba, WfWg, Win95, - WinNT and Win2k. Anything else will be known as - "UNKNOWN". If it gets it wrong then sending a level - 3 log to <ulink url="mailto:samba@samba.org">samba@samba.org - </ulink> should allow it to be fixed.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%I</term> - <listitem><para>The IP address of the client machine.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%T</term> - <listitem><para>the current date and time.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%D</term> - <listitem><para>Name of the domain or workgroup of the current user.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%$(<replaceable>envvar</replaceable>)</term> - <listitem><para>The value of the environment variable - <replaceable>envar</replaceable>.</para></listitem> - </varlistentry> - </variablelist> - - <para>The following substitutes apply only to some configuration options(only those - that are used when a connection has been established):</para> - - <variablelist> - <varlistentry> - <term>%S</term> - <listitem><para>the name of the current service, if any.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%P</term> - <listitem><para>the root directory of the current service, - if any.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%u</term> - <listitem><para>user name of the current service, if any.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%g</term> - <listitem><para>primary group name of %u.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%H</term> - <listitem><para>the home directory of the user given - by %u.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%N</term> - <listitem><para>the name of your NIS home directory server. - This is obtained from your NIS auto.map entry. If you have - not compiled Samba with the <emphasis>--with-automount</emphasis> - option then this value will be the same as %L.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%p</term> - <listitem><para>the path of the service's home directory, - obtained from your NIS auto.map entry. The NIS auto.map entry - is split up as "%N:%p".</para></listitem> - </varlistentry> - </variablelist> - - <para>There are some quite creative things that can be done - with these substitutions and other smb.conf options.</para> -</refsect1> - -<refsect1> - <title id="NAMEMANGLINGSECT">NAME MANGLING</title> - - <para>Samba supports "name mangling" so that DOS and - Windows clients can use files that don't conform to the 8.3 format. - It can also be set to adjust the case of 8.3 format filenames.</para> - - <para>There are several options that control the way mangling is - performed, and they are grouped here rather than listed separately. - For the defaults look at the output of the testparm program. </para> - - <para>All of these options can be set separately for each service - (or globally, of course). </para> - - <para>The options are: </para> - - <variablelist> - - <varlistentry> - <term>mangle case = yes/no</term> - <listitem><para> controls if names that have characters that - aren't of the "default" case are mangled. For example, - if this is yes then a name like "Mail" would be mangled. - Default <emphasis>no</emphasis>.</para></listitem> - </varlistentry> - - <varlistentry> - <term>case sensitive = yes/no</term> - <listitem><para>controls whether filenames are case sensitive. If - they aren't then Samba must do a filename search and match on passed - names. Default <emphasis>no</emphasis>.</para></listitem> - </varlistentry> - - <varlistentry> - <term>default case = upper/lower</term> - <listitem><para>controls what the default case is for new - filenames. Default <emphasis>lower</emphasis>.</para></listitem> - </varlistentry> - - <varlistentry> - <term>preserve case = yes/no</term> - <listitem><para>controls if new files are created with the - case that the client passes, or if they are forced to be the - "default" case. Default <emphasis>yes</emphasis>. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>short preserve case = yes/no</term> - <listitem><para>controls if new files which conform to 8.3 syntax, - that is all in upper case and of suitable length, are created - upper case, or if they are forced to be the "default" - case. This option can be use with "preserve case = yes" - to permit long filenames to retain their case, while short names - are lowercased. Default <emphasis>yes</emphasis>.</para></listitem> - </varlistentry> - </variablelist> - - <para>By default, Samba 3.0 has the same semantics as a Windows - NT server, in that it is case insensitive but case preserving.</para> - -</refsect1> - -<refsect1> - <title id="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</title> - - <para>There are a number of ways in which a user can connect - to a service. The server uses the following steps in determining - if it will allow a connection to a specified service. If all the - steps fail, then the connection request is rejected. However, if one of the - steps succeeds, then the following steps are not checked.</para> - - <para>If the service is marked "guest only = yes" and the - server is running with share-level security ("security = share") - then steps 1 to 5 are skipped.</para> - - - <orderedlist numeration="arabic"> - <listitem><para>If the client has passed a username/password - pair and that username/password pair is validated by the UNIX - system's password programs then the connection is made as that - username. Note that this includes the - \\server\service%<replaceable>username</replaceable> method of passing - a username.</para></listitem> - - <listitem><para>If the client has previously registered a username - with the system and now supplies a correct password for that - username then the connection is allowed.</para></listitem> - - <listitem><para>The client's NetBIOS name and any previously - used user names are checked against the supplied password, if - they match then the connection is allowed as the corresponding - user.</para></listitem> - - <listitem><para>If the client has previously validated a - username/password pair with the server and the client has passed - the validation token then that username is used. </para></listitem> - - <listitem><para>If a "user = " field is given in the - <filename>smb.conf</filename> file for the service and the client - has supplied a password, and that password matches (according to - the UNIX system's password checking) with one of the usernames - from the "user =" field then the connection is made as - the username in the "user =" line. If one - of the username in the "user =" list begins with a - '@' then that name expands to a list of names in - the group of the same name.</para></listitem> - - <listitem><para>If the service is a guest service then a - connection is made as the username given in the "guest - account =" for the service, irrespective of the - supplied password.</para></listitem> - </orderedlist> - -</refsect1> - -<refsect1> - <title>COMPLETE LIST OF GLOBAL PARAMETERS</title> - - <para>Here is a list of all global parameters. See the section of - each parameter for details. Note that some are synonyms.</para> - - <itemizedlist> - <listitem><para><link linkend="ABORTSHUTDOWNSCRIPT"><parameter>abort shutdown script</parameter></link></para></listitem> - <listitem><para><link linkend="ADDGROUPSCRIPT"><parameter>add group script</parameter></link></para></listitem> - <listitem><para><link linkend="ADDPRINTERCOMMAND"><parameter>addprinter command</parameter></link></para></listitem> - <listitem><para><link linkend="ADDSHARECOMMAND"><parameter>add share command</parameter></link></para></listitem> - <listitem><para><link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter></link></para></listitem> - <listitem><para><link linkend="ADDUSERTOGROUPSCRIPT"><parameter>add user to group script</parameter></link></para></listitem> - <listitem><para><link linkend="ADDMACHINESCRIPT"><parameter>add machine script</parameter></link></para></listitem> - <listitem><para><link linkend="DELETEGROUPSCRIPT"><parameter>delete group script</parameter></link></para></listitem> - <listitem><para><link linkend="ADSSERVER"><parameter>ads server</parameter></link></para></listitem> - <listitem><para><link linkend="ALGORITHMICRIDBASE"><parameter>algorithmic rid base</parameter></link></para></listitem> - <listitem><para><link linkend="ALLOWTRUSTEDDOMAINS"><parameter>allow trusted domains</parameter></link></para></listitem> - <listitem><para><link linkend="ANNOUNCEAS"><parameter>announce as</parameter></link></para></listitem> - <listitem><para><link linkend="ANNOUNCEVERSION"><parameter>announce version</parameter></link></para></listitem> - <listitem><para><link linkend="AUTHMETHODS"><parameter>auth methods</parameter></link></para></listitem> - <listitem><para><link linkend="AUTOSERVICES"><parameter>auto services</parameter></link></para></listitem> - <listitem><para><link linkend="BINDINTERFACESONLY"><parameter>bind interfaces only</parameter></link></para></listitem> - <listitem><para><link linkend="BROWSELIST"><parameter>browse list</parameter></link></para></listitem> - <listitem><para><link linkend="CHANGENOTIFYTIMEOUT"><parameter>change notify timeout</parameter></link></para></listitem> - <listitem><para><link linkend="CHANGESHARECOMMAND"><parameter>change share command</parameter></link></para></listitem> - <listitem><para><link linkend="CONFIGFILE"><parameter>config file</parameter></link></para></listitem> - <listitem><para><link linkend="DEADTIME"><parameter>deadtime</parameter></link></para></listitem> - <listitem><para><link linkend="DEBUGHIRESTIMESTAMP"><parameter>debug hires timestamp</parameter></link></para></listitem> - <listitem><para><link linkend="DEBUGPID"><parameter>debug pid</parameter></link></para></listitem> - <listitem><para><link linkend="DEBUGTIMESTAMP"><parameter>debug timestamp</parameter></link></para></listitem> - <listitem><para><link linkend="DEBUGUID"><parameter>debug uid</parameter></link></para></listitem> - <listitem><para><link linkend="DEBUGLEVEL"><parameter>debuglevel</parameter></link></para></listitem> - <listitem><para><link linkend="DEFAULT"><parameter>default</parameter></link></para></listitem> - <listitem><para><link linkend="DEFAULTSERVICE"><parameter>default service</parameter></link></para></listitem> - <listitem><para><link linkend="DELETEPRINTERCOMMAND"><parameter>deleteprinter command</parameter></link></para></listitem> - <listitem><para><link linkend="DELETESHARECOMMAND"><parameter>delete share command</parameter></link></para></listitem> - <listitem><para><link linkend="DELETEUSERSCRIPT"><parameter>delete user script</parameter></link></para></listitem> - <listitem><para><link linkend="DELETEUSERFROMGROUPSCRIPT"><parameter>delete user from group script</parameter></link></para></listitem> - <listitem><para><link linkend="DFREECOMMAND"><parameter>dfree command</parameter></link></para></listitem> - <listitem><para><link linkend="DISABLENETBIOS"><parameter>disable netbios</parameter></link></para></listitem> - <listitem><para><link linkend="DISABLESPOOLSS"><parameter>disable spoolss</parameter></link></para></listitem> - <listitem><para><link linkend="DISPLAYCHARSET"><parameter>display charset</parameter></link></para></listitem> - <listitem><para><link linkend="DNSPROXY"><parameter>dns proxy</parameter></link></para></listitem> - <listitem><para><link linkend="DOMAINLOGONS"><parameter>domain logons</parameter></link></para></listitem> - <listitem><para><link linkend="DOMAINMASTER"><parameter>domain master</parameter></link></para></listitem> - <listitem><para><link linkend="DOSCHARSET"><parameter>dos charset</parameter></link></para></listitem> - <listitem><para><link linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords</parameter></link></para></listitem> - <listitem><para><link linkend="ENHANCEDBROWSING"><parameter>enhanced browsing</parameter></link></para></listitem> - <listitem><para><link linkend="ENUMPORTSCOMMAND"><parameter>enumports command</parameter></link></para></listitem> - <listitem><para><link linkend="GETWDCACHE"><parameter>getwd cache</parameter></link></para></listitem> - <listitem><para><link linkend="HIDELOCALUSERS"><parameter>hide local users</parameter></link></para></listitem> - <listitem><para><link linkend="HIDEUNREADABLE"><parameter>hide unreadable</parameter></link></para></listitem> - <listitem><para><link linkend="HIDEUNWRITEABLEFILES"><parameter>hide unwriteable files</parameter></link></para></listitem> - <listitem><para><link linkend="HIDESPECIALFILES"><parameter>hide special files</parameter></link></para></listitem> - <listitem><para><link linkend="HOMEDIRMAP"><parameter>homedir map</parameter></link></para></listitem> - <listitem><para><link linkend="HOSTMSDFS"><parameter>host msdfs</parameter></link></para></listitem> - <listitem><para><link linkend="HOSTNAMELOOKUPS"><parameter>hostname lookups</parameter></link></para></listitem> - <listitem><para><link linkend="HOSTSEQUIV"><parameter>hosts equiv</parameter></link></para></listitem> - <listitem><para><link linkend="INTERFACES"><parameter>interfaces</parameter></link></para></listitem> - <listitem><para><link linkend="KEEPALIVE"><parameter>keepalive</parameter></link></para></listitem> - <listitem><para><link linkend="KERNELOPLOCKS"><parameter>kernel oplocks</parameter></link></para></listitem> - <listitem><para><link linkend="LANMANAUTH"><parameter>lanman auth</parameter></link></para></listitem> - <listitem><para><link linkend="LARGEREADWRITE"><parameter>large readwrite</parameter></link></para></listitem> - - <listitem><para><link linkend="LDAPADMINDN"><parameter>ldap admin dn</parameter></link></para></listitem> - <listitem><para><link linkend="LDAPDELETEDN"><parameter>ldap delete dn</parameter></link></para></listitem> - <listitem><para><link linkend="LDAPFILTER"><parameter>ldap filter</parameter></link></para></listitem> - <listitem><para><link linkend="LDAPPORT"><parameter>ldap port</parameter></link></para></listitem> - <listitem><para><link linkend="LDAPSERVER"><parameter>ldap server</parameter></link></para></listitem> - <listitem><para><link linkend="LDAPSSL"><parameter>ldap ssl</parameter></link></para></listitem> - <listitem><para><link linkend="LDAPSUFFIX"><parameter>ldap suffix</parameter></link></para></listitem> - <listitem><para><link linkend="LDAPUSERSUFFIX"><parameter>ldap user suffix</parameter></link></para></listitem> - <listitem><para><link linkend="LDAPMACHINESUFFIX"><parameter>ldap machine suffix</parameter></link></para></listitem> - <listitem><para><link linkend="LDAPPASSWDSYNC"><parameter>ldap passwd sync</parameter></link></para></listitem> - <listitem><para><link linkend="LDAPTRUSTIDS"><parameter>ldap trust ids</parameter></link></para></listitem> - - <listitem><para><link linkend="LMANNOUNCE"><parameter>lm announce</parameter></link></para></listitem> - <listitem><para><link linkend="LMINTERVAL"><parameter>lm interval</parameter></link></para></listitem> - <listitem><para><link linkend="LOADPRINTERS"><parameter>load printers</parameter></link></para></listitem> - <listitem><para><link linkend="LOCALMASTER"><parameter>local master</parameter></link></para></listitem> - <listitem><para><link linkend="LOCKDIR"><parameter>lock dir</parameter></link></para></listitem> - <listitem><para><link linkend="LOCKDIRECTORY"><parameter>lock directory</parameter></link></para></listitem> - <listitem><para><link linkend="LOCKSPINCOUNT"><parameter>lock spin count</parameter></link></para></listitem> - <listitem><para><link linkend="LOCKSPINTIME"><parameter>lock spin time</parameter></link></para></listitem> - <listitem><para><link linkend="PIDDIRECTORY"><parameter>pid directory</parameter></link></para></listitem> - <listitem><para><link linkend="LOGFILE"><parameter>log file</parameter></link></para></listitem> - <listitem><para><link linkend="LOGLEVEL"><parameter>log level</parameter></link></para></listitem> - <listitem><para><link linkend="LOGONDRIVE"><parameter>logon drive</parameter></link></para></listitem> - <listitem><para><link linkend="LOGONHOME"><parameter>logon home</parameter></link></para></listitem> - <listitem><para><link linkend="LOGONPATH"><parameter>logon path</parameter></link></para></listitem> - <listitem><para><link linkend="LOGONSCRIPT"><parameter>logon script</parameter></link></para></listitem> - <listitem><para><link linkend="LPQCACHETIME"><parameter>lpq cache time</parameter></link></para></listitem> - <listitem><para><link linkend="MACHINEPASSWORDTIMEOUT"><parameter>machine password timeout</parameter></link></para></listitem> - <listitem><para><link linkend="MANGLEPREFIX"><parameter>mangle prefix</parameter></link></para></listitem> - <listitem><para><link linkend="MANGLEDSTACK"><parameter>mangled stack</parameter></link></para></listitem> - <listitem><para><link linkend="MAPTOGUEST"><parameter>map to guest</parameter></link></para></listitem> - <listitem><para><link linkend="MAXDISKSIZE"><parameter>max disk size</parameter></link></para></listitem> - <listitem><para><link linkend="MAXLOGSIZE"><parameter>max log size</parameter></link></para></listitem> - <listitem><para><link linkend="MAXMUX"><parameter>max mux</parameter></link></para></listitem> - <listitem><para><link linkend="MAXOPENFILES"><parameter>max open files</parameter></link></para></listitem> - <listitem><para><link linkend="MAXPROTOCOL"><parameter>max protocol</parameter></link></para></listitem> - <listitem><para><link linkend="MAXSMBDPROCESSES"><parameter>max smbd processes</parameter></link></para></listitem> - <listitem><para><link linkend="MAXTTL"><parameter>max ttl</parameter></link></para></listitem> - <listitem><para><link linkend="MAXWINSTTL"><parameter>max wins ttl</parameter></link></para></listitem> - <listitem><para><link linkend="MAXXMIT"><parameter>max xmit</parameter></link></para></listitem> - <listitem><para><link linkend="MESSAGECOMMAND"><parameter>message command</parameter></link></para></listitem> - <listitem><para><link linkend="MINPASSWDLENGTH"><parameter>min passwd length</parameter></link></para></listitem> - <listitem><para><link linkend="MINPASSWORDLENGTH"><parameter>min password length</parameter></link></para></listitem> - <listitem><para><link linkend="MINPROTOCOL"><parameter>min protocol</parameter></link></para></listitem> - <listitem><para><link linkend="MINWINSTTL"><parameter>min wins ttl</parameter></link></para></listitem> - <listitem><para><link linkend="NAMECACHETIMEOUT"><parameter>name cache timeout</parameter></link></para></listitem> - <listitem><para><link linkend="NAMERESOLVEORDER"><parameter>name resolve order</parameter></link></para></listitem> - <listitem><para><link linkend="NETBIOSALIASES"><parameter>netbios aliases</parameter></link></para></listitem> - <listitem><para><link linkend="NETBIOSNAME"><parameter>netbios name</parameter></link></para></listitem> - <listitem><para><link linkend="NETBIOSSCOPE"><parameter>netbios scope</parameter></link></para></listitem> - <listitem><para><link linkend="NISHOMEDIR"><parameter>nis homedir</parameter></link></para></listitem> - <listitem><para><link linkend="NTLMAUTH"><parameter>ntlm auth</parameter></link></para></listitem> - <listitem><para><link linkend="NONUNIXACCOUNTRANGE"><parameter>non unix account range</parameter></link></para></listitem> - <listitem><para><link linkend="NTPIPESUPPORT"><parameter>nt pipe support</parameter></link></para></listitem> - <listitem><para><link linkend="NTSTATUSSUPPORT"><parameter>nt status support</parameter></link></para></listitem> - <listitem><para><link linkend="NULLPASSWORDS"><parameter>null passwords</parameter></link></para></listitem> - <listitem><para><link linkend="OBEYPAMRESTRICTIONS"><parameter>obey pam restrictions</parameter></link></para></listitem> - <listitem><para><link linkend="OPLOCKBREAKWAITTIME"><parameter>oplock break wait time</parameter></link></para></listitem> - <listitem><para><link linkend="OSLEVEL"><parameter>os level</parameter></link></para></listitem> - <listitem><para><link linkend="OS2DRIVERMAP"><parameter>os2 driver map</parameter></link></para></listitem> - <listitem><para><link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link></para></listitem> - <listitem><para><link linkend="PANICACTION"><parameter>panic action</parameter></link></para></listitem> - <listitem><para><link linkend="PARANOIDSERVERSECURITY"><parameter>paranoid server security</parameter></link></para></listitem> - <listitem><para><link linkend="PASSDBBACKEND"><parameter>passdb backend</parameter></link></para></listitem> - <listitem><para><link linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link></para></listitem> - <listitem><para><link linkend="PASSWDCHATDEBUG"><parameter>passwd chat debug</parameter></link></para></listitem> - <listitem><para><link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter></link></para></listitem> - <listitem><para><link linkend="PASSWORDLEVEL"><parameter>password level</parameter></link></para></listitem> - <listitem><para><link linkend="PASSWORDSERVER"><parameter>password server</parameter></link></para></listitem> - <listitem><para><link linkend="PREFEREDMASTER"><parameter>prefered master</parameter></link></para></listitem> - <listitem><para><link linkend="PREFERREDMASTER"><parameter>preferred master</parameter></link></para></listitem> - <listitem><para><link linkend="PRELOAD"><parameter>preload</parameter></link></para></listitem> - <listitem><para><link linkend="PRELOADMODULES"><parameter>preload modules</parameter></link></para></listitem> - <listitem><para><link linkend="PRINTCAP"><parameter>printcap</parameter></link></para></listitem> - <listitem><para><link linkend="PRINTCAPNAME"><parameter>printcap name</parameter></link></para></listitem> - <listitem><para><link linkend="PRIVATEDIR"><parameter>private dir</parameter></link></para></listitem> - <listitem><para><link linkend="PROTOCOL"><parameter>protocol</parameter></link></para></listitem> - <listitem><para><link linkend="READBMPX"><parameter>read bmpx</parameter></link></para></listitem> - <listitem><para><link linkend="READRAW"><parameter>read raw</parameter></link></para></listitem> - <listitem><para><link linkend="READSIZE"><parameter>read size</parameter></link></para></listitem> - <listitem><para><link linkend="REALM"><parameter>realm</parameter></link></para></listitem> - <listitem><para><link linkend="REMOTEANNOUNCE"><parameter>remote announce</parameter></link></para></listitem> - <listitem><para><link linkend="REMOTEBROWSESYNC"><parameter>remote browse sync</parameter></link></para></listitem> - <listitem><para><link linkend="RESTRICTANONYMOUS"><parameter>restrict anonymous</parameter></link></para></listitem> - <listitem><para><link linkend="ROOT"><parameter>root</parameter></link></para></listitem> - <listitem><para><link linkend="ROOTDIR"><parameter>root dir</parameter></link></para></listitem> - <listitem><para><link linkend="ROOTDIRECTORY"><parameter>root directory</parameter></link></para></listitem> - <listitem><para><link linkend="SECURITY"><parameter>security</parameter></link></para></listitem> - <listitem><para><link linkend="SERVERSCHANNEL"><parameter>server schannel</parameter></link></para></listitem> - <listitem><para><link linkend="SERVERSTRING"><parameter>server string</parameter></link></para></listitem> - <listitem><para><link linkend="SETPRIMARYGROUPSCRIPT"><parameter>set primary group script</parameter></link></para></listitem> - <listitem><para><link linkend="SHOWADDPRINTERWIZARD"><parameter>show add printer wizard</parameter></link></para></listitem> - <listitem><para><link linkend="SHUTDOWNSCRIPT"><parameter>shutdown script</parameter></link></para></listitem> - <listitem><para><link linkend="SMBPASSWDFILE"><parameter>smb passwd file</parameter></link></para></listitem> - <listitem><para><link linkend="SMBPORTS"><parameter>smb ports</parameter></link></para></listitem> - <listitem><para><link linkend="SOCKETADDRESS"><parameter>socket address</parameter></link></para></listitem> - <listitem><para><link linkend="SOCKETOPTIONS"><parameter>socket options</parameter></link></para></listitem> - <listitem><para><link linkend="SOURCEENVIRONMENT"><parameter>source environment</parameter></link></para></listitem> - <listitem><para><link linkend="SPNEGO"><parameter>use spnego</parameter></link></para></listitem> - <listitem><para><link linkend="STATCACHE"><parameter>stat cache</parameter></link></para></listitem> - <listitem><para><link linkend="STATCACHESIZE"><parameter>stat cache size</parameter></link></para></listitem> - <listitem><para><link linkend="STRIPDOT"><parameter>strip dot</parameter></link></para></listitem> - <listitem><para><link linkend="SYSLOG"><parameter>syslog</parameter></link></para></listitem> - <listitem><para><link linkend="SYSLOGONLY"><parameter>syslog only</parameter></link></para></listitem> - <listitem><para><link linkend="TEMPLATEHOMEDIR"><parameter>template homedir</parameter></link></para></listitem> - <listitem><para><link linkend="TEMPLATESHELL"><parameter>template shell</parameter></link></para></listitem> - <listitem><para><link linkend="TIMEOFFSET"><parameter>time offset</parameter></link></para></listitem> - <listitem><para><link linkend="TIMESERVER"><parameter>time server</parameter></link></para></listitem> - <listitem><para><link linkend="TIMESTAMPLOGS"><parameter>timestamp logs</parameter></link></para></listitem> - <listitem><para><link linkend="TOTALPRINTJOBS"><parameter>total print jobs</parameter></link></para></listitem> - <listitem><para><link linkend="UNICODE"><parameter>unicode</parameter></link></para></listitem> - <listitem><para><link linkend="UNIXCHARSET"><parameter>unix charset</parameter></link></para></listitem> - <listitem><para><link linkend="UNIXEXTENSIONS"><parameter>unix extensions</parameter></link></para></listitem> - <listitem><para><link linkend="UNIXPASSWORDSYNC"><parameter>unix password sync</parameter></link></para></listitem> - <listitem><para><link linkend="UPDATEENCRYPTED"><parameter>update encrypted</parameter></link></para></listitem> - <listitem><para><link linkend="USEMMAP"><parameter>use mmap</parameter></link></para></listitem> - <listitem><para><link linkend="USESENDFILE"><parameter>use sendfile</parameter></link></para></listitem> - <listitem><para><link linkend="USERNAMELEVEL"><parameter>username level</parameter></link></para></listitem> - <listitem><para><link linkend="USERNAMEMAP"><parameter>username map</parameter></link></para></listitem> - <listitem><para><link linkend="UTMP"><parameter>utmp</parameter></link></para></listitem> - <listitem><para><link linkend="UTMPDIRECTORY"><parameter>utmp directory</parameter></link></para></listitem> - <listitem><para><link linkend="WTMPDIRECTORY"><parameter>wtmp directory</parameter></link></para></listitem> - <listitem><para><link linkend="WINBINDCACHETIME"><parameter>winbind cache time</parameter></link></para></listitem> - <listitem><para><link linkend="WINBINDENUMUSERS"><parameter>winbind enum users</parameter></link></para></listitem> - <listitem><para><link linkend="WINBINDENUMGROUPS"><parameter>winbind enum groups</parameter></link></para></listitem> - <listitem><para><link linkend="WINBINDGID"><parameter>winbind gid</parameter></link></para></listitem> - <listitem><para><link linkend="WINBINDSEPARATOR"><parameter>winbind separator</parameter></link></para></listitem> - <listitem><para><link linkend="WINBINDUID"><parameter>winbind uid</parameter></link></para></listitem> - <listitem><para><link linkend="WINBINDUSEDEFAULTDOMAIN"><parameter>winbind use default domain</parameter></link></para></listitem> - <listitem><para><link linkend="WINSHOOK"><parameter>wins hook</parameter></link></para></listitem> - <listitem><para><link linkend="WINSPARTNERS"><parameter>wins partners</parameter></link></para></listitem> - <listitem><para><link linkend="WINSPROXY"><parameter>wins proxy</parameter></link></para></listitem> - <listitem><para><link linkend="WINSSERVER"><parameter>wins server</parameter></link></para></listitem> - <listitem><para><link linkend="WINSSUPPORT"><parameter>wins support</parameter></link></para></listitem> - <listitem><para><link linkend="WORKGROUP"><parameter>workgroup</parameter></link></para></listitem> - <listitem><para><link linkend="WRITERAW"><parameter>write raw</parameter></link></para></listitem> - </itemizedlist> - -</refsect1> - -<refsect1> - <title>COMPLETE LIST OF SERVICE PARAMETERS</title> - - <para>Here is a list of all service parameters. See the section on - each parameter for details. Note that some are synonyms.</para> - - <itemizedlist> - <listitem><para><link linkend="ADMINUSERS"><parameter>admin users</parameter></link></para></listitem> - <listitem><para><link linkend="ALLOWHOSTS"><parameter>allow hosts</parameter></link></para></listitem> - <listitem><para><link linkend="AVAILABLE"><parameter>available</parameter></link></para></listitem> - <listitem><para><link linkend="BLOCKINGLOCKS"><parameter>blocking locks</parameter></link></para></listitem> - <listitem><para><link linkend="BLOCKSIZE"><parameter>block size</parameter></link></para></listitem> - <listitem><para><link linkend="BROWSABLE"><parameter>browsable</parameter></link></para></listitem> - <listitem><para><link linkend="BROWSEABLE"><parameter>browseable</parameter></link></para></listitem> - <listitem><para><link linkend="CASESENSITIVE"><parameter>case sensitive</parameter></link></para></listitem> - <listitem><para><link linkend="CASESIGNAMES"><parameter>casesignames</parameter></link></para></listitem> - <listitem><para><link linkend="COMMENT"><parameter>comment</parameter></link></para></listitem> - <listitem><para><link linkend="COPY"><parameter>copy</parameter></link></para></listitem> - <listitem><para><link linkend="CREATEMASK"><parameter>create mask</parameter></link></para></listitem> - <listitem><para><link linkend="CREATEMODE"><parameter>create mode</parameter></link></para></listitem> - <listitem><para><link linkend="CSCPOLICY"><parameter>csc policy</parameter></link></para></listitem> - - <listitem><para><link linkend="DEFAULTCASE"><parameter>default case</parameter></link></para></listitem> - <listitem><para><link linkend="DEFAULTDEVMODE"><parameter>default devmode</parameter></link></para></listitem> - <listitem><para><link linkend="DELETEREADONLY"><parameter>delete readonly</parameter></link></para></listitem> - <listitem><para><link linkend="DELETEVETOFILES"><parameter>delete veto files</parameter></link></para></listitem> - <listitem><para><link linkend="DENYHOSTS"><parameter>deny hosts</parameter></link></para></listitem> - <listitem><para><link linkend="DIRECTORY"><parameter>directory</parameter></link></para></listitem> - <listitem><para><link linkend="DIRECTORYMASK"><parameter>directory mask</parameter></link></para></listitem> - <listitem><para><link linkend="DIRECTORYMODE"><parameter>directory mode</parameter></link></para></listitem> - <listitem><para><link linkend="DIRECTORYSECURITYMASK"><parameter>directory security mask</parameter></link></para></listitem> - <listitem><para><link linkend="DONTDESCEND"><parameter>dont descend</parameter></link></para></listitem> - <listitem><para><link linkend="DOSFILEMODE"><parameter>dos filemode</parameter></link></para></listitem> - <listitem><para><link linkend="DOSFILETIMERESOLUTION"><parameter>dos filetime resolution</parameter></link></para></listitem> - <listitem><para><link linkend="DOSFILETIMES"><parameter>dos filetimes</parameter></link></para></listitem> - <listitem><para><link linkend="EXEC"><parameter>exec</parameter></link></para></listitem> - <listitem><para><link linkend="FAKEDIRECTORYCREATETIMES"><parameter>fake directory create times</parameter></link></para></listitem> - <listitem><para><link linkend="FAKEOPLOCKS"><parameter>fake oplocks</parameter></link></para></listitem> - <listitem><para><link linkend="FOLLOWSYMLINKS"><parameter>follow symlinks</parameter></link></para></listitem> - <listitem><para><link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link></para></listitem> - <listitem><para><link linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter></link></para></listitem> - <listitem><para><link linkend="FORCEDIRECTORYSECURITYMODE"><parameter>force directory security mode</parameter></link></para></listitem> - <listitem><para><link linkend="FORCEGROUP"><parameter>force group</parameter></link></para></listitem> - <listitem><para><link linkend="FORCESECURITYMODE"><parameter>force security mode</parameter></link></para></listitem> - <listitem><para><link linkend="FORCEUSER"><parameter>force user</parameter></link></para></listitem> - <listitem><para><link linkend="FSTYPE"><parameter>fstype</parameter></link></para></listitem> - <listitem><para><link linkend="GROUP"><parameter>group</parameter></link></para></listitem> - <listitem><para><link linkend="GUESTACCOUNT"><parameter>guest account</parameter></link></para></listitem> - <listitem><para><link linkend="GUESTOK"><parameter>guest ok</parameter></link></para></listitem> - <listitem><para><link linkend="GUESTONLY"><parameter>guest only</parameter></link></para></listitem> - <listitem><para><link linkend="HIDEDOTFILES"><parameter>hide dot files</parameter></link></para></listitem> - <listitem><para><link linkend="HIDEFILES"><parameter>hide files</parameter></link></para></listitem> - <listitem><para><link linkend="HOSTSALLOW"><parameter>hosts allow</parameter></link></para></listitem> - <listitem><para><link linkend="HOSTSDENY"><parameter>hosts deny</parameter></link></para></listitem> - <listitem><para><link linkend="INCLUDE"><parameter>include</parameter></link></para></listitem> - <listitem><para><link linkend="INHERITACLS"><parameter>inherit acls</parameter></link></para></listitem> - <listitem><para><link linkend="INHERITPERMISSIONS"><parameter>inherit permissions</parameter></link></para></listitem> - <listitem><para><link linkend="INVALIDUSERS"><parameter>invalid users</parameter></link></para></listitem> - <listitem><para><link linkend="LEVEL2OPLOCKS"><parameter>level2 oplocks</parameter></link></para></listitem> - <listitem><para><link linkend="LOCKING"><parameter>locking</parameter></link></para></listitem> - <listitem><para><link linkend="LPPAUSECOMMAND"><parameter>lppause command</parameter></link></para></listitem> - <listitem><para><link linkend="LPQCOMMAND"><parameter>lpq command</parameter></link></para></listitem> - <listitem><para><link linkend="LPRESUMECOMMAND"><parameter>lpresume command</parameter></link></para></listitem> - <listitem><para><link linkend="LPRMCOMMAND"><parameter>lprm command</parameter></link></para></listitem> - <listitem><para><link linkend="MAGICOUTPUT"><parameter>magic output</parameter></link></para></listitem> - <listitem><para><link linkend="MAGICSCRIPT"><parameter>magic script</parameter></link></para></listitem> - <listitem><para><link linkend="MANGLECASE"><parameter>mangle case</parameter></link></para></listitem> - <listitem><para><link linkend="MANGLEDMAP"><parameter>mangled map</parameter></link></para></listitem> - <listitem><para><link linkend="MANGLEDNAMES"><parameter>mangled names</parameter></link></para></listitem> - <listitem><para><link linkend="MANGLINGCHAR"><parameter>mangling char</parameter></link></para></listitem> - <listitem><para><link linkend="MANGLINGMETHOD"><parameter>mangling method</parameter></link></para></listitem> - <listitem><para><link linkend="MAPARCHIVE"><parameter>map archive</parameter></link></para></listitem> - <listitem><para><link linkend="MAPHIDDEN"><parameter>map hidden</parameter></link></para></listitem> - <listitem><para><link linkend="MAPSYSTEM"><parameter>map system</parameter></link></para></listitem> - <listitem><para><link linkend="MAXCONNECTIONS"><parameter>max connections</parameter></link></para></listitem> - <listitem><para><link linkend="MAXPRINTJOBS"><parameter>max print jobs</parameter></link></para></listitem> - <listitem><para><link linkend="MINPRINTSPACE"><parameter>min print space</parameter></link></para></listitem> - <listitem><para><link linkend="MSDFSPROXY"><parameter>msdfs proxy</parameter></link></para></listitem> - <listitem><para><link linkend="MSDFSROOT"><parameter>msdfs root</parameter></link></para></listitem> - <listitem><para><link linkend="NTACLSUPPORT"><parameter>nt acl support</parameter></link></para></listitem> - <listitem><para><link linkend="ONLYGUEST"><parameter>only guest</parameter></link></para></listitem> - <listitem><para><link linkend="ONLYUSER"><parameter>only user</parameter></link></para></listitem> - <listitem><para><link linkend="OPLOCKCONTENTIONLIMIT"><parameter>oplock contention limit</parameter></link></para></listitem> - <listitem><para><link linkend="OPLOCKS"><parameter>oplocks</parameter></link></para></listitem> - <listitem><para><link linkend="PATH"><parameter>path</parameter></link></para></listitem> - <listitem><para><link linkend="POSIXLOCKING"><parameter>posix locking</parameter></link></para></listitem> - <listitem><para><link linkend="POSTEXEC"><parameter>postexec</parameter></link></para></listitem> - <listitem><para><link linkend="PREEXEC"><parameter>preexec</parameter></link></para></listitem> - <listitem><para><link linkend="PREEXECCLOSE"><parameter>preexec close</parameter></link></para></listitem> - <listitem><para><link linkend="PRESERVECASE"><parameter>preserve case</parameter></link></para></listitem> - <listitem><para><link linkend="PRINTCOMMAND"><parameter>print command</parameter></link></para></listitem> - <listitem><para><link linkend="PRINTOK"><parameter>print ok</parameter></link></para></listitem> - <listitem><para><link linkend="PRINTABLE"><parameter>printable</parameter></link></para></listitem> - <listitem><para><link linkend="PRINTER"><parameter>printer</parameter></link></para></listitem> - <listitem><para><link linkend="PRINTERADMIN"><parameter>printer admin</parameter></link></para></listitem> - <listitem><para><link linkend="PRINTERNAME"><parameter>printer name</parameter></link></para></listitem> - <listitem><para><link linkend="PRINTING"><parameter>printing</parameter></link></para></listitem> - <listitem><para><link linkend="PUBLIC"><parameter>public</parameter></link></para></listitem> - <listitem><para><link linkend="QUEUEPAUSECOMMAND"><parameter>queuepause command</parameter></link></para></listitem> - <listitem><para><link linkend="QUEUERESUMECOMMAND"><parameter>queueresume command</parameter></link></para></listitem> - <listitem><para><link linkend="READLIST"><parameter>read list</parameter></link></para></listitem> - <listitem><para><link linkend="READONLY"><parameter>read only</parameter></link></para></listitem> - <listitem><para><link linkend="ROOTPOSTEXEC"><parameter>root postexec</parameter></link></para></listitem> - <listitem><para><link linkend="ROOTPREEXEC"><parameter>root preexec</parameter></link></para></listitem> - <listitem><para><link linkend="ROOTPREEXECCLOSE"><parameter>root preexec close</parameter></link></para></listitem> - <listitem><para><link linkend="SECURITYMASK"><parameter>security mask</parameter></link></para></listitem> - <listitem><para><link linkend="SETDIRECTORY"><parameter>set directory</parameter></link></para></listitem> - <listitem><para><link linkend="SHAREMODES"><parameter>share modes</parameter></link></para></listitem> - <listitem><para><link linkend="SHORTPRESERVECASE"><parameter>short preserve case</parameter></link></para></listitem> - <listitem><para><link linkend="STRICTALLOCATE"><parameter>strict allocate</parameter></link></para></listitem> - <listitem><para><link linkend="STRICTLOCKING"><parameter>strict locking</parameter></link></para></listitem> - <listitem><para><link linkend="STRICTSYNC"><parameter>strict sync</parameter></link></para></listitem> - <listitem><para><link linkend="SYNCALWAYS"><parameter>sync always</parameter></link></para></listitem> - <listitem><para><link linkend="USECLIENTDRIVER"><parameter>use client driver</parameter></link></para></listitem> - <listitem><para><link linkend="USER"><parameter>user</parameter></link></para></listitem> - <listitem><para><link linkend="USERNAME"><parameter>username</parameter></link></para></listitem> - <listitem><para><link linkend="USERS"><parameter>users</parameter></link></para></listitem> - <listitem><para><link linkend="VALIDUSERS"><parameter>valid users</parameter></link></para></listitem> - <listitem><para><link linkend="VETOFILES"><parameter>veto files</parameter></link></para></listitem> - <listitem><para><link linkend="VETOOPLOCKFILES"><parameter>veto oplock files</parameter></link></para></listitem> - <listitem><para><link linkend="VFSPATH"><parameter>vfs path</parameter></link></para></listitem> - <listitem><para><link linkend="VFSOBJECT"><parameter>vfs object</parameter></link></para></listitem> - <listitem><para><link linkend="VFSOPTIONS"><parameter>vfs options</parameter></link></para></listitem> - <listitem><para><link linkend="VOLUME"><parameter>volume</parameter></link></para></listitem> - <listitem><para><link linkend="WIDELINKS"><parameter>wide links</parameter></link></para></listitem> - <listitem><para><link linkend="WRITABLE"><parameter>writable</parameter></link></para></listitem> - <listitem><para><link linkend="WRITECACHESIZE"><parameter>write cache size</parameter></link></para></listitem> - <listitem><para><link linkend="WRITELIST"><parameter>write list</parameter></link></para></listitem> - <listitem><para><link linkend="WRITEOK"><parameter>write ok</parameter></link></para></listitem> - <listitem><para><link linkend="WRITEABLE"><parameter>writeable</parameter></link></para></listitem> - </itemizedlist> - -</refsect1> - -<refsect1> - <title>EXPLANATION OF EACH PARAMETER</title> - - <variablelist> - - <varlistentry> - <term><anchor id="ABORTSHUTDOWNSCRIPT"/>abort shutdown script (G)</term> - <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> - This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> that - should stop a shutdown procedure issued by the <link - linkend="SHUTDOWNSCRIPT"><parameter>shutdown script</parameter></link>.</para> - - <para>This command will be run as user.</para> - - <para>Default: <emphasis>None</emphasis>.</para> - <para>Example: <command>abort shutdown script = /sbin/shutdown -c</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="ADDPRINTERCOMMAND"/>addprinter command (G)</term> - <listitem><para>With the introduction of MS-RPC based printing - support for Windows NT/2000 clients in Samba 2.2, The MS Add - Printer Wizard (APW) icon is now also available in the - "Printers..." folder displayed a share listing. The APW - allows for printers to be add remotely to a Samba or Windows - NT/2000 print server.</para> - - <para>For a Samba host this means that the printer must be - physically added to the underlying printing system. The <parameter>add - printer command</parameter> defines a script to be run which - will perform the necessary operations for adding the printer - to the print system and to add the appropriate service definition - to the <filename>smb.conf</filename> file in order that it can be - shared by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> - - <para>The <parameter>addprinter command</parameter> is - automatically invoked with the following parameter (in - order):</para> - - <itemizedlist> - <listitem><para><parameter>printer name</parameter></para></listitem> - <listitem><para><parameter>share name</parameter></para></listitem> - <listitem><para><parameter>port name</parameter></para></listitem> - <listitem><para><parameter>driver name</parameter></para></listitem> - <listitem><para><parameter>location</parameter></para></listitem> - <listitem><para><parameter>Windows 9x driver location</parameter> - </para></listitem> - </itemizedlist> - - <para>All parameters are filled in from the PRINTER_INFO_2 structure sent - by the Windows NT/2000 client with one exception. The "Windows 9x - driver location" parameter is included for backwards compatibility - only. The remaining fields in the structure are generated from answers - to the APW questions.</para> - - <para>Once the <parameter>addprinter command</parameter> has - been executed, <command>smbd</command> will reparse the <filename> - smb.conf</filename> to determine if the share defined by the APW - exists. If the sharename is still invalid, then <command>smbd - </command> will return an ACCESS_DENIED error to the client.</para> - - <para> - The "add printer command" program can output a single line of text, - which Samba will set as the port the new printer is connected to. - If this line isn't output, Samba won't reload its printer shares. - </para> - - <para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter> - deleteprinter command</parameter></link>, <link - linkend="PRINTING"><parameter>printing</parameter></link>, - <link linkend="SHOWADDPRINTERWIZARD"><parameter>show add - printer wizard</parameter></link></para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command>addprinter command = /usr/bin/addprinter - </command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="ADDSHARECOMMAND"/>add share command (G)</term> - <listitem><para>Samba 2.2.0 introduced the ability to dynamically - add and delete shares via the Windows NT 4.0 Server Manager. The - <parameter>add share command</parameter> is used to define an - external program or script which will add a new service definition - to <filename>smb.conf</filename>. In order to successfully - execute the <parameter>add share command</parameter>, <command>smbd</command> - requires that the administrator be connected using a root account (i.e. - uid == 0). - </para> - - <para> - When executed, <command>smbd</command> will automatically invoke the - <parameter>add share command</parameter> with four parameters. - </para> - - <itemizedlist> - <listitem><para><parameter>configFile</parameter> - the location - of the global <filename>smb.conf</filename> file. - </para></listitem> - - <listitem><para><parameter>shareName</parameter> - the name of the new - share. - </para></listitem> - - <listitem><para><parameter>pathName</parameter> - path to an **existing** - directory on disk. - </para></listitem> - - <listitem><para><parameter>comment</parameter> - comment string to associate - with the new share. - </para></listitem> - </itemizedlist> - - <para> - This parameter is only used for add file shares. To add printer shares, - see the <link linkend="ADDPRINTERCOMMAND"><parameter>addprinter - command</parameter></link>. - </para> - - <para> - See also <link linkend="CHANGESHARECOMMAND"><parameter>change share - command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter>delete share - command</parameter></link>. - </para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command>add share command = /usr/local/bin/addshare</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="ADDMACHINESCRIPT"/>add machine script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a machine is added - to it's domain using the administrator username and password method. </para> - - <para>This option is only required when using sam back-ends tied to the - Unix uid method of RID calculation such as smbpasswd. This option is only - available in Samba 3.0.</para> - - <para>Default: <command>add machine script = <empty string> - </command></para> - - <para>Example: <command>add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u - </command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="ADSSERVER"/>ads server (G)</term> - <listitem><para>If this option is specified, samba does - not try to figure out what ads server to use itself, but - uses the specified ads server. Either one DNS name or IP - address can be used.</para> - - <para>Default: <command>ads server = </command></para> - - <para>Example: <command>ads server = 192.168.1.2</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="ADDUSERSCRIPT"/>add user script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para> - - <para>Normally, a Samba server requires that UNIX users are - created for all users accessing files on this server. For sites - that use Windows NT account databases as their primary user database - creating these users and keeping the user list in sync with the - Windows NT PDC is an onerous task. This option allows <ulink - url="smbd.8.html">smbd</ulink> to create the required UNIX users - <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para> - - <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter>security = share</parameter> - and <parameter>add user script</parameter> - must be set to a full pathname for a script that will create a UNIX - user given one argument of <parameter>%u</parameter>, which expands into - the UNIX user name to create.</para> - - <para>When the Windows user attempts to access the Samba server, - at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> contacts the <parameter>password server</parameter> and - attempts to authenticate the given user with the given password. If the - authentication succeeds then <command>smbd</command> - attempts to find a UNIX user in the UNIX password database to map the - Windows user into. If this lookup fails, and <parameter>add user script - </parameter> is set then <command>smbd</command> will - call the specified script <emphasis>AS ROOT</emphasis>, expanding - any <parameter>%u</parameter> argument to be the user name to create.</para> - - <para>If this script successfully creates the user then <command>smbd - </command> will continue on as though the UNIX user - already existed. In this way, UNIX users are dynamically created to - match existing Windows NT accounts.</para> - - <para>See also <link linkend="SECURITY"><parameter> - security</parameter></link>, <link linkend="PASSWORDSERVER"> - <parameter>password server</parameter></link>, - <link linkend="DELETEUSERSCRIPT"><parameter>delete user - script</parameter></link>.</para> - - <para>Default: <command>add user script = <empty string> - </command></para> - - <para>Example: <command>add user script = /usr/local/samba/bin/add_user - %u</command></para> - </listitem> - </varlistentry> - - <varlistentry><term><anchor id="ADDGROUPSCRIPT"/>add group script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a new group is - requested. It will expand any - <parameter>%g</parameter> to the group name passed. - This script is only useful for installations using the - Windows NT domain administration tools. The script is - free to create a group with an arbitrary name to - circumvent unix group name restrictions. In that case - the script must print the numeric gid of the created - group on stdout. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="ADMINUSERS"/>admin users (S)</term> - <listitem><para>This is a list of users who will be granted - administrative privileges on the share. This means that they - will do all file operations as the super-user (root).</para> - - <para>You should use this option very carefully, as any user in - this list will be able to do anything they like on the share, - irrespective of file permissions.</para> - - <para>Default: <emphasis>no admin users</emphasis></para> - - <para>Example: <command>admin users = jason</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="ADDUSERTOGROUPSCRIPT"/>add user to group script (G)</term> - <listitem><para>Full path to the script that will be called when - a user is added to a group using the Windows NT domain administration - tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. - Any <parameter>%g</parameter> will be replaced with the group name and - any <parameter>%u</parameter> will be replaced with the user name. - </para> - - <para>Default: <command>add user to group script = </command></para> - - <para>Example: <command>add user to group script = /usr/sbin/adduser %u %g</command></para> - - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="ALLOWHOSTS"/>allow hosts (S)</term> - <listitem><para>Synonym for <link linkend="HOSTSALLOW"> - <parameter>hosts allow</parameter></link>.</para></listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="ALGORITHMICRIDBASE"/>algorithmic rid base (G)</term> - <listitem><para>This determines how Samba will use its - algorithmic mapping from uids/gid to the RIDs needed to construct - NT Security Identifiers.</para> - - <para>Setting this option to a larger value could be useful to sites - transitioning from WinNT and Win2k, as existing user and - group rids would otherwise clash with sytem users etc. - </para> - - <para>All UIDs and GIDs must be able to be resolved into SIDs for - the correct operation of ACLs on the server. As such the algorithmic - mapping can't be 'turned off', but pushing it 'out of the way' should - resolve the issues. Users and groups can then be assigned 'low' RIDs - in arbitary-rid supporting backends. </para> - - <para>Default: <command>algorithmic rid base = 1000</command></para> - - <para>Example: <command>algorithmic rid base = 100000</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="ALLOWTRUSTEDDOMAINS"/>allow trusted domains (G)</term> - <listitem><para>This option only takes effect when the <link - linkend="SECURITY"><parameter>security</parameter></link> option is set to - <constant>server</constant> or <constant>domain</constant>. - If it is set to no, then attempts to connect to a resource from - a domain or workgroup other than the one which <ulink url="smbd.8.html">smbd</ulink> is running - in will fail, even if that domain is trusted by the remote server - doing the authentication.</para> - - <para>This is useful if you only want your Samba server to - serve resources to users in the domain it is a member of. As - an example, suppose that there are two domains DOMA and DOMB. DOMB - is trusted by DOMA, which contains the Samba server. Under normal - circumstances, a user with an account in DOMB can then access the - resources of a UNIX account with the same account name on the - Samba server even if they do not have an account in DOMA. This - can make implementing a security boundary difficult.</para> - - <para>Default: <command>allow trusted domains = yes</command></para> - - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="ANNOUNCEAS"/>announce as (G)</term> - <listitem><para>This specifies what type of server <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will announce itself as, to a network neighborhood browse - list. By default this is set to Windows NT. The valid options - are : "NT Server" (which can also be written as "NT"), - "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, - Windows NT Workstation, Windows 95 and Windows for Workgroups - respectively. Do not change this parameter unless you have a - specific need to stop Samba appearing as an NT server as this - may prevent Samba servers from participating as browser servers - correctly.</para> - - <para>Default: <command>announce as = NT Server</command></para> - - <para>Example: <command>announce as = Win95</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="ANNOUNCEVERSION"/>announce version (G)</term> - <listitem><para>This specifies the major and minor version numbers - that nmbd will use when announcing itself as a server. The default - is 4.9. Do not change this parameter unless you have a specific - need to set a Samba server to be a downlevel server.</para> - - <para>Default: <command>announce version = 4.9</command></para> - - <para>Example: <command>announce version = 2.0</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="AUTOSERVICES"/>auto services (G)</term> - <listitem><para>This is a synonym for the <link linkend="PRELOAD"> - <parameter>preload</parameter></link>.</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="AUTHMETHODS"/>auth methods (G)</term> - <listitem><para>This option allows the administrator to chose what - authentication methods <command>smbd</command> will use when authenticating - a user. This option defaults to sensible values based on <link linkend="SECURITY"><parameter> - security</parameter></link>. - - Each entry in the list attempts to authenticate the user in turn, until - the user authenticates. In practice only one method will ever actually - be able to complete the authentication. - </para> - - <para>Default: <command>auth methods = <empty string></command></para> - <para>Example: <command>auth methods = guest sam ntdomain</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="AVAILABLE"/>available (S)</term> - <listitem><para>This parameter lets you "turn off" a service. If - <parameter>available = no</parameter>, then <emphasis>ALL</emphasis> - attempts to connect to the service will fail. Such failures are - logged.</para> - - <para>Default: <command>available = yes</command></para> - - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="BINDINTERFACESONLY"/>bind interfaces only (G)</term> - <listitem><para>This global parameter allows the Samba admin - to limit what interfaces on a machine will serve SMB requests. It - affects file service <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and name service <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> in a slightly different ways.</para> - - <para>For name service it causes <command>nmbd</command> to bind - to ports 137 and 138 on the interfaces listed in the <link - linkend="INTERFACES">interfaces</link> parameter. <command>nmbd - </command> also binds to the "all addresses" interface (0.0.0.0) - on ports 137 and 138 for the purposes of reading broadcast messages. - If this option is not set then <command>nmbd</command> will service - name requests on all of these sockets. If <parameter>bind interfaces - only</parameter> is set then <command>nmbd</command> will check the - source address of any packets coming in on the broadcast sockets - and discard any that don't match the broadcast addresses of the - interfaces in the <parameter>interfaces</parameter> parameter list. - As unicast packets are received on the other sockets it allows - <command>nmbd</command> to refuse to serve names to machines that - send packets that arrive through any interfaces not listed in the - <parameter>interfaces</parameter> list. IP Source address spoofing - does defeat this simple check, however, so it must not be used - seriously as a security feature for <command>nmbd</command>.</para> - - <para>For file service it causes <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to bind only to the interface list - given in the <link linkend="INTERFACES"> - interfaces</link> parameter. This restricts the networks that - <command>smbd</command> will serve to packets coming in those - interfaces. Note that you should not use this parameter for machines - that are serving PPP or other intermittent or non-broadcast network - interfaces as it will not cope with non-permanent interfaces.</para> - - <para>If <parameter>bind interfaces only</parameter> is set then - unless the network address <emphasis>127.0.0.1</emphasis> is added - to the <parameter>interfaces</parameter> parameter list <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> may not work as expected due to the reasons covered below.</para> - - <para>To change a users SMB password, the <command>smbpasswd</command> - by default connects to the <emphasis>localhost - 127.0.0.1</emphasis> - address as an SMB client to issue the password change request. If - <parameter>bind interfaces only</parameter> is set then unless the - network address <emphasis>127.0.0.1</emphasis> is added to the - <parameter>interfaces</parameter> parameter list then <command> - smbpasswd</command> will fail to connect in it's default mode. - <command>smbpasswd</command> can be forced to use the primary IP interface - of the local host by using its <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <parameter>-r <replaceable>remote machine</replaceable></parameter> - parameter, with <replaceable>remote machine</replaceable> set - to the IP name of the primary interface of the local host.</para> - - <para>The <command>swat</command> status page tries to connect with - <command>smbd</command> and <command>nmbd</command> at the address - <emphasis>127.0.0.1</emphasis> to determine if they are running. - Not adding <emphasis>127.0.0.1</emphasis> will cause <command> - smbd</command> and <command>nmbd</command> to always show - "not running" even if they really are. This can prevent <command> - swat</command> from starting/stopping/restarting <command>smbd</command> - and <command>nmbd</command>.</para> - - <para>Default: <command>bind interfaces only = no</command></para> - - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="BLOCKINGLOCKS"/>blocking locks (S)</term> - <listitem><para>This parameter controls the behavior - of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when given a request by a client - to obtain a byte range lock on a region of an open file, and the - request has a time limit associated with it.</para> - - <para>If this parameter is set and the lock range requested - cannot be immediately satisfied, samba will internally - queue the lock request, and periodically attempt to obtain - the lock until the timeout period expires.</para> - - <para>If this parameter is set to <constant>no</constant>, then - samba will behave as previous versions of Samba would and - will fail the lock request immediately if the lock range - cannot be obtained.</para> - - <para>Default: <command>blocking locks = yes</command></para> - - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="BLOCKSIZE"/>block size (S)</term> - <listitem><para>This parameter controls the behavior of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when reporting disk free - sizes. By default, this reports a disk block size of 1024 bytes. - </para> - - <para>Changing this parameter may have some effect on the - efficiency of client writes, this is not yet confirmed. This - parameter was added to allow advanced administrators to change - it (usually to a higher value) and test the effect it has on - client write performance without re-compiling the code. As this - is an experimental option it may be removed in a future release. - </para> - - <para>Changing this option does not change the disk free reporting - size, just the block size unit reported to the client.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="BROWSABLE"/>browsable (S)</term> - <listitem><para>See the <link linkend="BROWSEABLE"><parameter> - browseable</parameter></link>.</para></listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="BROWSELIST"/>browse list (G)</term> - <listitem><para>This controls whether <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will serve a browse list to - a client doing a <command>NetServerEnum</command> call. Normally - set to <constant>yes</constant>. You should never need to change - this.</para> - - <para>Default: <command>browse list = yes</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="BROWSEABLE"/>browseable (S)</term> - <listitem><para>This controls whether this share is seen in - the list of available shares in a net view and in the browse list.</para> - - <para>Default: <command>browseable = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="CASESENSITIVE"/>case sensitive (S)</term> - <listitem><para>See the discussion in the section <link - linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para> - - <para>Default: <command>case sensitive = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="CASESIGNAMES"/>casesignames (S)</term> - <listitem><para>Synonym for <link linkend="CASESENSITIVE">case - sensitive</link>.</para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="CHANGENOTIFYTIMEOUT"/>change notify timeout (G)</term> - <listitem><para>This SMB allows a client to tell a server to - "watch" a particular directory for any changes and only reply to - the SMB request when a change has occurred. Such constant scanning of - a directory is expensive under UNIX, hence an <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon only performs such a scan - on each requested directory once every <parameter>change notify - timeout</parameter> seconds.</para> - - <para>Default: <command>change notify timeout = 60</command></para> - <para>Example: <command>change notify timeout = 300</command></para> - - <para>Would change the scan time to every 5 minutes.</para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="CHANGESHARECOMMAND"/>change share command (G)</term> - <listitem><para>Samba 2.2.0 introduced the ability to dynamically - add and delete shares via the Windows NT 4.0 Server Manager. The - <parameter>change share command</parameter> is used to define an - external program or script which will modify an existing service definition - in <filename>smb.conf</filename>. In order to successfully - execute the <parameter>change share command</parameter>, <command>smbd</command> - requires that the administrator be connected using a root account (i.e. - uid == 0). - </para> - - <para> - When executed, <command>smbd</command> will automatically invoke the - <parameter>change share command</parameter> with four parameters. - </para> - - <itemizedlist> - <listitem><para><parameter>configFile</parameter> - the location - of the global <filename>smb.conf</filename> file. - </para></listitem> - - <listitem><para><parameter>shareName</parameter> - the name of the new - share. - </para></listitem> - - <listitem><para><parameter>pathName</parameter> - path to an **existing** - directory on disk. - </para></listitem> - - <listitem><para><parameter>comment</parameter> - comment string to associate - with the new share. - </para></listitem> - </itemizedlist> - - <para> - This parameter is only used modify existing file shares definitions. To modify - printer shares, use the "Printers..." folder as seen when browsing the Samba host. - </para> - - <para> - See also <link linkend="ADDSHARECOMMAND"><parameter>add share - command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter>delete - share command</parameter></link>. - </para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command>change share command = /usr/local/bin/addshare</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="COMMENT"/>comment (S)</term> - <listitem><para>This is a text field that is seen next to a share - when a client does a queries the server, either via the network - neighborhood or via <command>net view</command> to list what shares - are available.</para> - - <para>If you want to set the string that is displayed next to the - machine name then see the <link linkend="SERVERSTRING"><parameter> - server string</parameter></link> parameter.</para> - - <para>Default: <emphasis>No comment string</emphasis></para> - <para>Example: <command>comment = Fred's Files</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="CONFIGFILE"/>config file (G)</term> - <listitem><para>This allows you to override the config file - to use, instead of the default (usually <filename>smb.conf</filename>). - There is a chicken and egg problem here as this option is set - in the config file!</para> - - <para>For this reason, if the name of the config file has changed - when the parameters are loaded then it will reload them from - the new config file.</para> - - <para>This option takes the usual substitutions, which can - be very useful.</para> - - <para>If the config file doesn't exist then it won't be loaded - (allowing you to special case the config files of just a few - clients).</para> - - <para>Example: <command>config file = /usr/local/samba/lib/smb.conf.%m - </command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="COPY"/>copy (S)</term> - <listitem><para>This parameter allows you to "clone" service - entries. The specified service is simply duplicated under the - current service's name. Any parameters specified in the current - section will override those in the section being copied.</para> - - <para>This feature lets you set up a 'template' service and - create similar services easily. Note that the service being - copied must occur earlier in the configuration file than the - service doing the copying.</para> - - <para>Default: <emphasis>no value</emphasis></para> - <para>Example: <command>copy = otherservice</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="CREATEMASK"/>create mask (S)</term> - <listitem><para>A synonym for this parameter is - <link linkend="CREATEMODE"><parameter>create mode</parameter> - </link>.</para> - - <para>When a file is created, the necessary permissions are - calculated according to the mapping from DOS modes to UNIX - permissions, and the resulting UNIX mode is then bit-wise 'AND'ed - with this parameter. This parameter may be thought of as a bit-wise - MASK for the UNIX modes of a file. Any bit <emphasis>not</emphasis> - set here will be removed from the modes set on a file when it is - created.</para> - - <para>The default value of this parameter removes the - 'group' and 'other' write and execute bits from the UNIX modes.</para> - - <para>Following this Samba will bit-wise 'OR' the UNIX mode created - from this parameter with the value of the <link - linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link> - parameter which is set to 000 by default.</para> - - <para>This parameter does not affect directory modes. See the - parameter <link linkend="DIRECTORYMODE"><parameter>directory mode - </parameter></link> for details.</para> - - <para>See also the <link linkend="FORCECREATEMODE"><parameter>force - create mode</parameter></link> parameter for forcing particular mode - bits to be set on created files. See also the <link linkend="DIRECTORYMODE"> - <parameter>directory mode</parameter></link> parameter for masking - mode bits on created directories. See also the <link linkend="INHERITPERMISSIONS"> - <parameter>inherit permissions</parameter></link> parameter.</para> - - <para>Note that this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - a mask on access control lists also, they need to set the <link - linkend="SECURITYMASK"><parameter>security mask</parameter></link>.</para> - - <para>Default: <command>create mask = 0744</command></para> - <para>Example: <command>create mask = 0775</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="CREATEMODE"/>create mode (S)</term> - <listitem><para>This is a synonym for <link linkend="CREATEMASK"><parameter> - create mask</parameter></link>.</para></listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="CSCPOLICY"/>csc policy (S)</term> - <listitem><para>This stands for <emphasis>client-side caching - policy</emphasis>, and specifies how clients capable of offline - caching will cache the files in the share. The valid values - are: manual, documents, programs, disable.</para> - - <para>These values correspond to those used on Windows - servers.</para> - - <para>For example, shares containing roaming profiles can have - offline caching disabled using <command>csc policy = disable - </command>.</para> - - <para>Default: <command>csc policy = manual</command></para> - <para>Example: <command>csc policy = programs</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="DEADTIME"/>deadtime (G)</term> - <listitem><para>The value of the parameter (a decimal integer) - represents the number of minutes of inactivity before a connection - is considered dead, and it is disconnected. The deadtime only takes - effect if the number of open files is zero.</para> - - <para>This is useful to stop a server's resources being - exhausted by a large number of inactive connections.</para> - - <para>Most clients have an auto-reconnect feature when a - connection is broken so in most cases this parameter should be - transparent to users.</para> - - <para>Using this parameter with a timeout of a few minutes - is recommended for most systems.</para> - - <para>A deadtime of zero indicates that no auto-disconnection - should be performed.</para> - - <para>Default: <command>deadtime = 0</command></para> - <para>Example: <command>deadtime = 15</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DEBUGHIRESTIMESTAMP"/>debug hires timestamp (G)</term> - <listitem><para>Sometimes the timestamps in the log messages - are needed with a resolution of higher that seconds, this - boolean parameter adds microsecond resolution to the timestamp - message header when turned on.</para> - - <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter> - debug timestamp</parameter></link> must be on for this to have an - effect.</para> - - <para>Default: <command>debug hires timestamp = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DEBUGPID"/>debug pid (G)</term> - <listitem><para>When using only one log file for more then one - forked <ulink url="smbd.8.html">smbd</ulink>-process there may be hard to follow which process - outputs which message. This boolean parameter is adds the process-id - to the timestamp message headers in the logfile when turned on.</para> - - <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter> - debug timestamp</parameter></link> must be on for this to have an - effect.</para> - - <para>Default: <command>debug pid = no</command></para></listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="DEBUGTIMESTAMP"/>debug timestamp (G)</term> - <listitem><para>Samba debug log messages are timestamped - by default. If you are running at a high <link linkend="DEBUGLEVEL"> - <parameter>debug level</parameter></link> these timestamps - can be distracting. This boolean parameter allows timestamping - to be turned off.</para> - - <para>Default: <command>debug timestamp = yes</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DEBUGUID"/>debug uid (G)</term> - <listitem><para>Samba is sometimes run as root and sometime - run as the connected user, this boolean parameter inserts the - current euid, egid, uid and gid to the timestamp message headers - in the log file if turned on.</para> - - <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter> - debug timestamp</parameter></link> must be on for this to have an - effect.</para> - - <para>Default: <command>debug uid = no</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DEBUGLEVEL"/>debuglevel (G)</term> - <listitem><para>Synonym for <link linkend="LOGLEVEL"><parameter> - log level</parameter></link>.</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DEFAULT"/>default (G)</term> - <listitem><para>A synonym for <link linkend="DEFAULTSERVICE"><parameter> - default service</parameter></link>.</para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DEFAULTCASE"/>default case (S)</term> - <listitem><para>See the section on <link linkend="NAMEMANGLINGSECT"> - NAME MANGLING</link>. Also note the <link linkend="SHORTPRESERVECASE"> - <parameter>short preserve case</parameter></link> parameter.</para> - - <para>Default: <command>default case = lower</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DEFAULTDEVMODE"/>default devmode (S)</term> - <listitem><para>This parameter is only applicable to <link - linkend="PRINTOK">printable</link> services. When smbd is serving - Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba - server has a Device Mode which defines things such as paper size and - orientation and duplex settings. The device mode can only correctly be - generated by the printer driver itself (which can only be executed on a - Win32 platform). Because smbd is unable to execute the driver code - to generate the device mode, the default behavior is to set this field - to NULL. - </para> - - <para>Most problems with serving printer drivers to Windows NT/2k/XP clients - can be traced to a problem with the generated device mode. Certain drivers - will do things such as crashing the client's Explorer.exe with a NULL devmode. - However, other printer drivers can cause the client's spooler service - (spoolsv.exe) to die if the devmode was not created by the driver itself - (i.e. smbd generates a default devmode). - </para> - - <para>This parameter should be used with care and tested with the printer - driver in question. It is better to leave the device mode to NULL - and let the Windows client set the correct values. Because drivers do not - do this all the time, setting <command>default devmode = yes</command> - will instruct smbd to generate a default one. - </para> - - <para>For more information on Windows NT/2k printing and Device Modes, - see the <ulink url="http://msdn.microsoft.com/">MSDN documentation</ulink>. - </para> - - <para>Default: <command>default devmode = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DEFAULTSERVICE"/>default service (G)</term> - <listitem><para>This parameter specifies the name of a service - which will be connected to if the service actually requested cannot - be found. Note that the square brackets are <emphasis>NOT</emphasis> - given in the parameter value (see example below).</para> - - <para>There is no default value for this parameter. If this - parameter is not given, attempting to connect to a nonexistent - service results in an error.</para> - - <para>Typically the default service would be a <link linkend="GUESTOK"> - <parameter>guest ok</parameter></link>, <link linkend="READONLY"> - <parameter>read-only</parameter></link> service.</para> - - <para>Also note that the apparent service name will be changed - to equal that of the requested service, this is very useful as it - allows you to use macros like <parameter>%S</parameter> to make - a wildcard service.</para> - - <para>Note also that any "_" characters in the name of the service - used in the default service will get mapped to a "/". This allows for - interesting things.</para> - - - <para>Example:</para> - -<para><programlisting> -[global] - default service = pub - -[pub] - path = /%S -</programlisting></para> - </listitem> - </varlistentry> - - <varlistentry><term><anchor id="DELETEGROUPSCRIPT"/>delete group script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a group is requested to be deleted. - It will expand any <parameter>%g</parameter> to the group name passed. - This script is only useful for installations using the Windows NT domain administration tools. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="DELETEPRINTERCOMMAND"/>deleteprinter command (G)</term> - <listitem><para>With the introduction of MS-RPC based printer - support for Windows NT/2000 clients in Samba 2.2, it is now - possible to delete printer at run time by issuing the - DeletePrinter() RPC call.</para> - - <para>For a Samba host this means that the printer must be - physically deleted from underlying printing system. The <parameter> - deleteprinter command</parameter> defines a script to be run which - will perform the necessary operations for removing the printer - from the print system and from <filename>smb.conf</filename>. - </para> - - <para>The <parameter>deleteprinter command</parameter> is - automatically called with only one parameter: <parameter> - "printer name"</parameter>.</para> - - - <para>Once the <parameter>deleteprinter command</parameter> has - been executed, <command>smbd</command> will reparse the <filename> - smb.conf</filename> to associated printer no longer exists. - If the sharename is still valid, then <command>smbd - </command> will return an ACCESS_DENIED error to the client.</para> - - <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter> - addprinter command</parameter></link>, <link - linkend="PRINTING"><parameter>printing</parameter></link>, - <link linkend="SHOWADDPRINTERWIZARD"><parameter>show add - printer wizard</parameter></link></para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command>deleteprinter command = /usr/bin/removeprinter - </command></para> - </listitem> - </varlistentry> - - - - - - - <varlistentry> - <term><anchor id="DELETEREADONLY"/>delete readonly (S)</term> - <listitem><para>This parameter allows readonly files to be deleted. - This is not normal DOS semantics, but is allowed by UNIX.</para> - - <para>This option may be useful for running applications such - as rcs, where UNIX file ownership prevents changing file - permissions, and DOS semantics prevent deletion of a read only file.</para> - - <para>Default: <command>delete readonly = no</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DELETESHARECOMMAND"/>delete share command (G)</term> - <listitem><para>Samba 2.2.0 introduced the ability to dynamically - add and delete shares via the Windows NT 4.0 Server Manager. The - <parameter>delete share command</parameter> is used to define an - external program or script which will remove an existing service - definition from <filename>smb.conf</filename>. In order to successfully - execute the <parameter>delete share command</parameter>, <command>smbd</command> - requires that the administrator be connected using a root account (i.e. - uid == 0). - </para> - - <para> - When executed, <command>smbd</command> will automatically invoke the - <parameter>delete share command</parameter> with two parameters. - </para> - - <itemizedlist> - <listitem><para><parameter>configFile</parameter> - the location - of the global <filename>smb.conf</filename> file. - </para></listitem> - - <listitem><para><parameter>shareName</parameter> - the name of - the existing service. - </para></listitem> - </itemizedlist> - - <para> - This parameter is only used to remove file shares. To delete printer shares, - see the <link linkend="DELETEPRINTERCOMMAND"><parameter>deleteprinter - command</parameter></link>. - </para> - - <para> - See also <link linkend="ADDSHARECOMMAND"><parameter>add share - command</parameter></link>, <link linkend="CHANGESHARECOMMAND"><parameter>change - share command</parameter></link>. - </para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command>delete share command = /usr/local/bin/delshare</command></para> - - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="DELETEUSERSCRIPT"/>delete user script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when managing users - with remote RPC (NT) tools. - </para> - - <para>This script is called when a remote client removes a user - from the server, normally using 'User Manager for Domains' or - <command>rpcclient</command>. - </para> - - <para>This script should delete the given UNIX username. - </para> - - <para>Default: <command>delete user script = <empty string> - </command></para> - <para>Example: <command>delete user script = /usr/local/samba/bin/del_user - %u</command></para></listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="DELETEUSERFROMGROUPSCRIPT"/>delete user from group script (G)</term> - <listitem><para>Full path to the script that will be called when - a user is removed from a group using the Windows NT domain administration - tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. - Any <parameter>%g</parameter> will be replaced with the group name and - any <parameter>%u</parameter> will be replaced with the user name. - </para> - - <para>Default: <command>delete user from group script = </command></para> - - <para>Example: <command>delete user from group script = /usr/sbin/deluser %u %g</command></para> - - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="DELETEVETOFILES"/>delete veto files (S)</term> - <listitem><para>This option is used when Samba is attempting to - delete a directory that contains one or more vetoed directories - (see the <link linkend="VETOFILES"><parameter>veto files</parameter></link> - option). If this option is set to <constant>no</constant> (the default) then if a vetoed - directory contains any non-vetoed files or directories then the - directory delete will fail. This is usually what you want.</para> - - <para>If this option is set to <constant>yes</constant>, then Samba - will attempt to recursively delete any files and directories within - the vetoed directory. This can be useful for integration with file - serving systems such as NetAtalk which create meta-files within - directories you might normally veto DOS/Windows users from seeing - (e.g. <filename>.AppleDouble</filename>)</para> - - <para>Setting <command>delete veto files = yes</command> allows these - directories to be transparently deleted when the parent directory - is deleted (so long as the user has permissions to do so).</para> - - <para>See also the <link linkend="VETOFILES"><parameter>veto - files</parameter></link> parameter.</para> - - <para>Default: <command>delete veto files = no</command></para></listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="DENYHOSTS"/>deny hosts (S)</term> - <listitem><para>Synonym for <link linkend="HOSTSDENY"><parameter>hosts - deny</parameter></link>.</para></listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="DFREECOMMAND"/>dfree command (G)</term> - <listitem><para>The <parameter>dfree command</parameter> setting should - only be used on systems where a problem occurs with the internal - disk space calculations. This has been known to happen with Ultrix, - but may occur with other operating systems. The symptom that was - seen was an error of "Abort Retry Ignore" at the end of each - directory listing.</para> - - <para>This setting allows the replacement of the internal routines to - calculate the total disk space and amount available with an external - routine. The example below gives a possible script that might fulfill - this function.</para> - - <para>The external program will be passed a single parameter indicating - a directory in the filesystem being queried. This will typically consist - of the string <filename>./</filename>. The script should return two - integers in ASCII. The first should be the total disk space in blocks, - and the second should be the number of available blocks. An optional - third return value can give the block size in bytes. The default - blocksize is 1024 bytes.</para> - - <para>Note: Your script should <emphasis>NOT</emphasis> be setuid or - setgid and should be owned by (and writeable only by) root!</para> - - <para>Default: <emphasis>By default internal routines for - determining the disk capacity and remaining space will be used. - </emphasis></para> - - <para>Example: <command>dfree command = /usr/local/samba/bin/dfree - </command></para> - - <para>Where the script dfree (which must be made executable) could be:</para> - -<para><programlisting> -#!/bin/sh -df $1 | tail -1 | awk '{print $2" "$4}' -</programlisting></para> - - <para>or perhaps (on Sys V based systems):</para> - -<para><programlisting> -#!/bin/sh -/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' -</programlisting></para> - - <para>Note that you may have to replace the command names - with full path names on some systems.</para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="DIRECTORY"/>directory (S)</term> - <listitem><para>Synonym for <link linkend="PATH"><parameter>path - </parameter></link>.</para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DIRECTORYMASK"/>directory mask (S)</term> - <listitem><para>This parameter is the octal modes which are - used when converting DOS modes to UNIX modes when creating UNIX - directories.</para> - - <para>When a directory is created, the necessary permissions are - calculated according to the mapping from DOS modes to UNIX permissions, - and the resulting UNIX mode is then bit-wise 'AND'ed with this - parameter. This parameter may be thought of as a bit-wise MASK for - the UNIX modes of a directory. Any bit <emphasis>not</emphasis> set - here will be removed from the modes set on a directory when it is - created.</para> - - <para>The default value of this parameter removes the 'group' - and 'other' write bits from the UNIX mode, allowing only the - user who owns the directory to modify it.</para> - - <para>Following this Samba will bit-wise 'OR' the UNIX mode - created from this parameter with the value of the <link - linkend="FORCEDIRECTORYMODE"><parameter>force directory mode - </parameter></link> parameter. This parameter is set to 000 by - default (i.e. no extra mode bits are added).</para> - - <para>Note that this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - a mask on access control lists also, they need to set the <link - linkend="DIRECTORYSECURITYMASK"><parameter>directory security mask</parameter></link>.</para> - - <para>See the <link linkend="FORCEDIRECTORYMODE"><parameter>force - directory mode</parameter></link> parameter to cause particular mode - bits to always be set on created directories.</para> - - <para>See also the <link linkend="CREATEMODE"><parameter>create mode - </parameter></link> parameter for masking mode bits on created files, - and the <link linkend="DIRECTORYSECURITYMASK"><parameter>directory - security mask</parameter></link> parameter.</para> - - <para>Also refer to the <link linkend="INHERITPERMISSIONS"><parameter> - inherit permissions</parameter></link> parameter.</para> - - <para>Default: <command>directory mask = 0755</command></para> - <para>Example: <command>directory mask = 0775</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DIRECTORYMODE"/>directory mode (S)</term> - <listitem><para>Synonym for <link linkend="DIRECTORYMASK"><parameter> - directory mask</parameter></link></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DIRECTORYSECURITYMASK"/>directory security mask (S)</term> - <listitem><para>This parameter controls what UNIX permission bits - can be modified when a Windows NT client is manipulating the UNIX - permission on a directory using the native NT security dialog - box.</para> - - <para>This parameter is applied as a mask (AND'ed with) to - the changed permission bits, thus preventing any bits not in - this mask from being modified. Essentially, zero bits in this - mask may be treated as a set of bits the user is not allowed - to change.</para> - - <para>If not set explicitly this parameter is set to 0777 - meaning a user is allowed to modify all the user/group/world - permissions on a directory.</para> - - <para><emphasis>Note</emphasis> that users who can access the - Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to leave - it as the default of <constant>0777</constant>.</para> - - <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter> - force directory security mode</parameter></link>, <link - linkend="SECURITYMASK"><parameter>security mask</parameter></link>, - <link linkend="FORCESECURITYMODE"><parameter>force security mode - </parameter></link> parameters.</para> - - <para>Default: <command>directory security mask = 0777</command></para> - <para>Example: <command>directory security mask = 0700</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="DISABLENETBIOS"/>disable netbios (G)</term> - <listitem><para>Enabling this parameter will disable netbios support - in Samba. Netbios is the only available form of browsing in - all windows versions except for 2000 and XP. </para> - - <para>Note that clients that only support netbios won't be able to - see your samba server when netbios support is disabled. - </para> - - <para>Default: <command>disable netbios = no</command></para> - <para>Example: <command>disable netbios = yes</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="DISABLESPOOLSS"/>disable spoolss (G)</term> - <listitem><para>Enabling this parameter will disable Samba's support - for the SPOOLSS set of MS-RPC's and will yield identical behavior - as Samba 2.0.x. Windows NT/2000 clients will downgrade to using - Lanman style printing commands. Windows 9x/ME will be uneffected by - the parameter. However, this will also disable the ability to upload - printer drivers to a Samba server via the Windows NT Add Printer - Wizard or by using the NT printer properties dialog window. It will - also disable the capability of Windows NT/2000 clients to download - print drivers from the Samba host upon demand. - <emphasis>Be very careful about enabling this parameter.</emphasis> - </para> - - <para>See also <link linkend="USECLIENTDRIVER">use client driver</link> - </para> - - <para>Default : <command>disable spoolss = no</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="DISPLAYCHARSET"/>display charset (G)</term> - <listitem><para>Specifies the charset that samba will use - to print messages to stdout and stderr and SWAT will use. - Should generally be the same as the <command>unix charset</command>. - </para> - - <para>Default: <command>display charset = ASCII</command></para> - - <para>Example: <command>display charset = UTF8</command></para> - - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="DNSPROXY"/>dns proxy (G)</term> - <listitem><para>Specifies that <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server and - finding that a NetBIOS name has not been registered, should treat the - NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server - for that name on behalf of the name-querying client.</para> - - <para>Note that the maximum length for a NetBIOS name is 15 - characters, so the DNS name (or DNS alias) can likewise only be - 15 characters, maximum.</para> - - <para><command>nmbd</command> spawns a second copy of itself to do the - DNS name lookup requests, as doing a name lookup is a blocking - action.</para> - - <para>See also the parameter <link linkend="WINSSUPPORT"><parameter> - wins support</parameter></link>.</para> - - <para>Default: <command>dns proxy = yes</command></para></listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="DOMAINLOGONS"/>domain logons (G)</term> - <listitem><para>If set to <constant>yes</constant>, the Samba server will serve - Windows 95/98 Domain logons for the <link linkend="WORKGROUP"> - <parameter>workgroup</parameter></link> it is in. Samba 2.2 - has limited capability to act as a domain controller for Windows - NT 4 Domains. For more details on setting up this feature see - the Samba-PDC-HOWTO included in the <filename>htmldocs/</filename> - directory shipped with the source code.</para> - - <para>Default: <command>domain logons = no</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DOMAINMASTER"/>domain master (G)</term> - <listitem><para>Tell <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to enable WAN-wide browse list - collation. Setting this option causes <command>nmbd</command> to - claim a special domain specific NetBIOS name that identifies - it as a domain master browser for its given <link linkend="WORKGROUP"> - <parameter>workgroup</parameter></link>. Local master browsers - in the same <parameter>workgroup</parameter> on broadcast-isolated - subnets will give this <command>nmbd</command> their local browse lists, - and then ask <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> for a complete copy of the browse - list for the whole wide area network. Browser clients will then contact - their local master browser, and will receive the domain-wide browse list, - instead of just the list for their broadcast-isolated subnet.</para> - - <para>Note that Windows NT Primary Domain Controllers expect to be - able to claim this <parameter>workgroup</parameter> specific special - NetBIOS name that identifies them as domain master browsers for - that <parameter>workgroup</parameter> by default (i.e. there is no - way to prevent a Windows NT PDC from attempting to do this). This - means that if this parameter is set and <command>nmbd</command> claims - the special name for a <parameter>workgroup</parameter> before a Windows - NT PDC is able to do so then cross subnet browsing will behave - strangely and may fail.</para> - - <para>If <link linkend="DOMAINLOGONS"><command>domain logons = yes</command> - </link>, then the default behavior is to enable the <parameter>domain - master</parameter> parameter. If <parameter>domain logons</parameter> is - not enabled (the default setting), then neither will <parameter>domain - master</parameter> be enabled by default.</para> - - <para>Default: <command>domain master = auto</command></para></listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="DONTDESCEND"/>dont descend (S)</term> - <listitem><para>There are certain directories on some systems - (e.g., the <filename>/proc</filename> tree under Linux) that are either not - of interest to clients or are infinitely deep (recursive). This - parameter allows you to specify a comma-delimited list of directories - that the server should always show as empty.</para> - - <para>Note that Samba can be very fussy about the exact format - of the "dont descend" entries. For example you may need <filename> - ./proc</filename> instead of just <filename>/proc</filename>. - Experimentation is the best policy :-) </para> - - <para>Default: <emphasis>none (i.e., all directories are OK - to descend)</emphasis></para> - <para>Example: <command>dont descend = /proc,/dev</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="DOSCHARSET"/>dos charset (G)</term> - <listitem><para>DOS SMB clients assume the server has - the same charset as they do. This option specifies which - charset Samba should talk to DOS clients. - </para> - - <para>The default depends on which charsets you have installed. - Samba tries to use charset 850 but falls back to ASCII in - case it is not available. Run <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> to check the default on your system. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="DOSFILEMODE"/>dos filemode (S)</term> - <listitem><para> The default behavior in Samba is to provide - UNIX-like behavior where only the owner of a file/directory is - able to change the permissions on it. However, this behavior - is often confusing to DOS/Windows users. Enabling this parameter - allows a user who has write access to the file (by whatever - means) to modify the permissions on it. Note that a user - belonging to the group owning the file will not be allowed to - change permissions if the group is only granted read access. - Ownership of the file/directory is not changed, only the permissions - are modified.</para> - - <para>Default: <command>dos filemode = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DOSFILETIMERESOLUTION"/>dos filetime resolution (S)</term> - <listitem><para>Under the DOS and Windows FAT filesystem, the finest - granularity on time resolution is two seconds. Setting this parameter - for a share causes Samba to round the reported time down to the - nearest two second boundary when a query call that requires one second - resolution is made to <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> - - <para>This option is mainly used as a compatibility option for Visual - C++ when used against Samba shares. If oplocks are enabled on a - share, Visual C++ uses two different time reading calls to check if a - file has changed since it was last read. One of these calls uses a - one-second granularity, the other uses a two second granularity. As - the two second call rounds any odd second down, then if the file has a - timestamp of an odd number of seconds then the two timestamps will not - match and Visual C++ will keep reporting the file has changed. Setting - this option causes the two timestamps to match, and Visual C++ is - happy.</para> - - <para>Default: <command>dos filetime resolution = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="DOSFILETIMES"/>dos filetimes (S)</term> - <listitem><para>Under DOS and Windows, if a user can write to a - file they can change the timestamp on it. Under POSIX semantics, - only the owner of the file or root may change the timestamp. By - default, Samba runs with POSIX semantics and refuses to change the - timestamp on a file if the user <command>smbd</command> is acting - on behalf of is not the file owner. Setting this option to <constant> - yes</constant> allows DOS semantics and <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will change the file - timestamp as DOS requires.</para> - - <para>Default: <command>dos filetimes = no</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="ENCRYPTPASSWORDS"/>encrypt passwords (G)</term> - <listitem><para>This boolean controls whether encrypted passwords - will be negotiated with the client. Note that Windows NT 4.0 SP3 and - above and also Windows 98 will by default expect encrypted passwords - unless a registry entry is changed. To use encrypted passwords in - Samba see the chapter User Database in the Samba HOWTO Collection.</para> - - <para>In order for encrypted passwords to work correctly - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must either - have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> program for information on how to set up - and maintain this file), or set the <link - linkend="SECURITY">security = [server|domain|ads]</link> parameter which - causes <command>smbd</command> to authenticate against another - server.</para> - - <para>Default: <command>encrypt passwords = yes</command></para></listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="ENHANCEDBROWSING"/>enhanced browsing (G)</term> - <listitem><para>This option enables a couple of enhancements to - cross-subnet browse propagation that have been added in Samba - but which are not standard in Microsoft implementations. - </para> - - <para>The first enhancement to browse propagation consists of a regular - wildcard query to a Samba WINS server for all Domain Master Browsers, - followed by a browse synchronization with each of the returned - DMBs. The second enhancement consists of a regular randomised browse - synchronization with all currently known DMBs.</para> - - <para>You may wish to disable this option if you have a problem with empty - workgroups not disappearing from browse lists. Due to the restrictions - of the browse protocols these enhancements can cause a empty workgroup - to stay around forever which can be annoying.</para> - - <para>In general you should leave this option enabled as it makes - cross-subnet browse propagation much more reliable.</para> - - <para>Default: <command>enhanced browsing = yes</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="ENUMPORTSCOMMAND"/>enumports command (G)</term> - <listitem><para>The concept of a "port" is fairly foreign - to UNIX hosts. Under Windows NT/2000 print servers, a port - is associated with a port monitor and generally takes the form of - a local port (i.e. LPT1:, COM1:, FILE:) or a remote port - (i.e. LPD Port Monitor, etc...). By default, Samba has only one - port defined--<constant>"Samba Printer Port"</constant>. Under - Windows NT/2000, all printers must have a valid port name. - If you wish to have a list of ports displayed (<command>smbd - </command> does not use a port name for anything) other than - the default <constant>"Samba Printer Port"</constant>, you - can define <parameter>enumports command</parameter> to point to - a program which should generate a list of ports, one per line, - to standard output. This listing will then be used in response - to the level 1 and 2 EnumPorts() RPC.</para> - - <para>Default: <emphasis>no enumports command</emphasis></para> - <para>Example: <command>enumports command = /usr/bin/listports - </command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="EXEC"/>exec (S)</term> - <listitem><para>This is a synonym for <link linkend="PREEXEC"> - <parameter>preexec</parameter></link>.</para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="FAKEDIRECTORYCREATETIMES"/>fake directory create times (S)</term> - <listitem><para>NTFS and Windows VFAT file systems keep a create - time for all files and directories. This is not the same as the - ctime - status change time - that Unix keeps, so Samba by default - reports the earliest of the various times Unix does keep. Setting - this parameter for a share causes Samba to always report midnight - 1-1-1980 as the create time for directories.</para> - - <para>This option is mainly used as a compatibility option for - Visual C++ when used against Samba shares. Visual C++ generated - makefiles have the object directory as a dependency for each object - file, and a make rule to create the directory. Also, when NMAKE - compares timestamps it uses the creation time when examining a - directory. Thus the object directory will be created if it does not - exist, but once it does exist it will always have an earlier - timestamp than the object files it contains.</para> - - <para>However, Unix time semantics mean that the create time - reported by Samba will be updated whenever a file is created or - or deleted in the directory. NMAKE finds all object files in - the object directory. The timestamp of the last one built is then - compared to the timestamp of the object directory. If the - directory's timestamp if newer, then all object files - will be rebuilt. Enabling this option - ensures directories always predate their contents and an NMAKE build - will proceed as expected.</para> - - <para>Default: <command>fake directory create times = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="FAKEOPLOCKS"/>fake oplocks (S)</term> - <listitem><para>Oplocks are the way that SMB clients get permission - from a server to locally cache file operations. If a server grants - an oplock (opportunistic lock) then the client is free to assume - that it is the only one accessing the file and it will aggressively - cache file data. With some oplock types the client may even cache - file open/close operations. This can give enormous performance benefits. - </para> - - <para>When you set <command>fake oplocks = yes</command>, <ulink - url="smbd.8.html"><command>smbd(8)</command></ulink> will - always grant oplock requests no matter how many clients are using - the file.</para> - - <para>It is generally much better to use the real <link - linkend="OPLOCKS"><parameter>oplocks</parameter></link> support rather - than this parameter.</para> - - <para>If you enable this option on all read-only shares or - shares that you know will only be accessed from one client at a - time such as physically read-only media like CDROMs, you will see - a big performance improvement on many operations. If you enable - this option on shares where multiple clients may be accessing the - files read-write at the same time you can get data corruption. Use - this option carefully!</para> - - <para>Default: <command>fake oplocks = no</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="FOLLOWSYMLINKS"/>follow symlinks (S)</term> - <listitem><para>This parameter allows the Samba administrator - to stop <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> from following symbolic - links in a particular share. Setting this - parameter to <constant>no</constant> prevents any file or directory - that is a symbolic link from being followed (the user will get an - error). This option is very useful to stop users from adding a - symbolic link to <filename>/etc/passwd</filename> in their home - directory for instance. However it will slow filename lookups - down slightly.</para> - - <para>This option is enabled (i.e. <command>smbd</command> will - follow symbolic links) by default.</para> - - <para>Default: <command>follow symlinks = yes</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="FORCECREATEMODE"/>force create mode (S)</term> - <listitem><para>This parameter specifies a set of UNIX mode bit - permissions that will <emphasis>always</emphasis> be set on a - file created by Samba. This is done by bitwise 'OR'ing these bits onto - the mode bits of a file that is being created or having its - permissions changed. The default for this parameter is (in octal) - 000. The modes in this parameter are bitwise 'OR'ed onto the file - mode after the mask set in the <parameter>create mask</parameter> - parameter is applied.</para> - - <para>See also the parameter <link linkend="CREATEMASK"><parameter>create - mask</parameter></link> for details on masking mode bits on files.</para> - - <para>See also the <link linkend="INHERITPERMISSIONS"><parameter>inherit - permissions</parameter></link> parameter.</para> - - <para>Default: <command>force create mode = 000</command></para> - <para>Example: <command>force create mode = 0755</command></para> - - <para>would force all created files to have read and execute - permissions set for 'group' and 'other' as well as the - read/write/execute bits set for the 'user'.</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="FORCEDIRECTORYMODE"/>force directory mode (S)</term> - <listitem><para>This parameter specifies a set of UNIX mode bit - permissions that will <emphasis>always</emphasis> be set on a directory - created by Samba. This is done by bitwise 'OR'ing these bits onto the - mode bits of a directory that is being created. The default for this - parameter is (in octal) 0000 which will not add any extra permission - bits to a created directory. This operation is done after the mode - mask in the parameter <parameter>directory mask</parameter> is - applied.</para> - - <para>See also the parameter <link linkend="DIRECTORYMASK"><parameter> - directory mask</parameter></link> for details on masking mode bits - on created directories.</para> - - <para>See also the <link linkend="INHERITPERMISSIONS"><parameter> - inherit permissions</parameter></link> parameter.</para> - - <para>Default: <command>force directory mode = 000</command></para> - <para>Example: <command>force directory mode = 0755</command></para> - - <para>would force all created directories to have read and execute - permissions set for 'group' and 'other' as well as the - read/write/execute bits set for the 'user'.</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="FORCEDIRECTORYSECURITYMODE"/>force directory security mode (S)</term> - <listitem><para>This parameter controls what UNIX permission bits - can be modified when a Windows NT client is manipulating the UNIX - permission on a directory using the native NT security dialog box.</para> - - <para>This parameter is applied as a mask (OR'ed with) to the - changed permission bits, thus forcing any bits in this mask that - the user may have modified to be on. Essentially, one bits in this - mask may be treated as a set of bits that, when modifying security - on a directory, the user has always set to be 'on'.</para> - - <para>If not set explicitly this parameter is 000, which - allows a user to modify all the user/group/world permissions on a - directory without restrictions.</para> - - <para><emphasis>Note</emphasis> that users who can access the - Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to leave - it set as 0000.</para> - - <para>See also the <link linkend="DIRECTORYSECURITYMASK"><parameter> - directory security mask</parameter></link>, <link linkend="SECURITYMASK"> - <parameter>security mask</parameter></link>, - <link linkend="FORCESECURITYMODE"><parameter>force security mode - </parameter></link> parameters.</para> - - <para>Default: <command>force directory security mode = 0</command></para> - <para>Example: <command>force directory security mode = 700</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="FORCEGROUP"/>force group (S)</term> - <listitem><para>This specifies a UNIX group name that will be - assigned as the default primary group for all users connecting - to this service. This is useful for sharing files by ensuring - that all access to files on service will use the named group for - their permissions checking. Thus, by assigning permissions for this - group to the files and directories within this service the Samba - administrator can restrict or allow sharing of these files.</para> - - <para>In Samba 2.0.5 and above this parameter has extended - functionality in the following way. If the group name listed here - has a '+' character prepended to it then the current user accessing - the share only has the primary group default assigned to this group - if they are already assigned as a member of that group. This allows - an administrator to decide that only users who are already in a - particular group will create files with group ownership set to that - group. This gives a finer granularity of ownership assignment. For - example, the setting <filename>force group = +sys</filename> means - that only users who are already in group sys will have their default - primary group assigned to sys when accessing this Samba share. All - other users will retain their ordinary primary group.</para> - - <para>If the <link linkend="FORCEUSER"><parameter>force user - </parameter></link> parameter is also set the group specified in - <parameter>force group</parameter> will override the primary group - set in <parameter>force user</parameter>.</para> - - <para>See also <link linkend="FORCEUSER"><parameter>force - user</parameter></link>.</para> - - <para>Default: <emphasis>no forced group</emphasis></para> - <para>Example: <command>force group = agroup</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="FORCESECURITYMODE"/>force security mode (S)</term> - <listitem><para>This parameter controls what UNIX permission - bits can be modified when a Windows NT client is manipulating - the UNIX permission on a file using the native NT security dialog - box.</para> - - <para>This parameter is applied as a mask (OR'ed with) to the - changed permission bits, thus forcing any bits in this mask that - the user may have modified to be on. Essentially, one bits in this - mask may be treated as a set of bits that, when modifying security - on a file, the user has always set to be 'on'.</para> - - <para>If not set explicitly this parameter is set to 0, - and allows a user to modify all the user/group/world permissions on a file, - with no restrictions.</para> - - <para><emphasis>Note</emphasis> that users who can access - the Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to leave - this set to 0000.</para> - - <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter> - force directory security mode</parameter></link>, - <link linkend="DIRECTORYSECURITYMASK"><parameter>directory security - mask</parameter></link>, <link linkend="SECURITYMASK"><parameter> - security mask</parameter></link> parameters.</para> - - <para>Default: <command>force security mode = 0</command></para> - <para>Example: <command>force security mode = 700</command></para> - </listitem> - </varlistentry> - - - - - - <varlistentry> - <term><anchor id="FORCEUSER"/>force user (S)</term> - <listitem><para>This specifies a UNIX user name that will be - assigned as the default user for all users connecting to this service. - This is useful for sharing files. You should also use it carefully - as using it incorrectly can cause security problems.</para> - - <para>This user name only gets used once a connection is established. - Thus clients still need to connect as a valid user and supply a - valid password. Once connected, all file operations will be performed - as the "forced user", no matter what username the client connected - as. This can be very useful.</para> - - <para>In Samba 2.0.5 and above this parameter also causes the - primary group of the forced user to be used as the primary group - for all file activity. Prior to 2.0.5 the primary group was left - as the primary group of the connecting user (this was a bug).</para> - - <para>See also <link linkend="FORCEGROUP"><parameter>force group - </parameter></link></para> - - <para>Default: <emphasis>no forced user</emphasis></para> - <para>Example: <command>force user = auser</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="FSTYPE"/>fstype (S)</term> - <listitem><para>This parameter allows the administrator to - configure the string that specifies the type of filesystem a share - is using that is reported by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a client queries the filesystem type - for a share. The default type is <constant>NTFS</constant> for - compatibility with Windows NT but this can be changed to other - strings such as <constant>Samba</constant> or <constant>FAT - </constant> if required.</para> - - <para>Default: <command>fstype = NTFS</command></para> - <para>Example: <command>fstype = Samba</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="GETWDCACHE"/>getwd cache (G)</term> - <listitem><para>This is a tuning option. When this is enabled a - caching algorithm will be used to reduce the time taken for getwd() - calls. This can have a significant impact on performance, especially - when the <link linkend="WIDELINKS"><parameter>wide links</parameter> - </link>parameter is set to <constant>no</constant>.</para> - - <para>Default: <command>getwd cache = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="GROUP"/>group (S)</term> - <listitem><para>Synonym for <link linkend="FORCEGROUP"><parameter>force - group</parameter></link>.</para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="GUESTACCOUNT"/>guest account (S)</term> - <listitem><para>This is a username which will be used for access - to services which are specified as <link linkend="GUESTOK"><parameter> - guest ok</parameter></link> (see below). Whatever privileges this - user has will be available to any client connecting to the guest service. - Typically this user will exist in the password file, but will not - have a valid login. The user account "ftp" is often a good choice - for this parameter. If a username is specified in a given service, - the specified username overrides this one.</para> - - <para>One some systems the default guest account "nobody" may not - be able to print. Use another account in this case. You should test - this by trying to log in as your guest user (perhaps by using the - <command>su -</command> command) and trying to print using the - system print command such as <command>lpr(1)</command> or <command> - lp(1)</command>.</para> - - <para>This parameter does not accept % macros, because - many parts of the system require this value to be - constant for correct operation.</para> - - <para>Default: <emphasis>specified at compile time, usually - "nobody"</emphasis></para> - - <para>Example: <command>guest account = ftp</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="GUESTOK"/>guest ok (S)</term> - <listitem><para>If this parameter is <constant>yes</constant> for - a service, then no password is required to connect to the service. - Privileges will be those of the <link linkend="GUESTACCOUNT"><parameter> - guest account</parameter></link>.</para> - - <para>This paramater nullifies the benifits of setting - <link linkend="RESTRICTANONYMOUS"><parameter>restrict - anonymous</parameter></link> = 2</para> - - <para>See the section below on <link linkend="SECURITY"><parameter> - security</parameter></link> for more information about this option. - </para> - - <para>Default: <command>guest ok = no</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="GUESTONLY"/>guest only (S)</term> - <listitem><para>If this parameter is <constant>yes</constant> for - a service, then only guest connections to the service are permitted. - This parameter will have no effect if <link linkend="GUESTOK"> - <parameter>guest ok</parameter></link> is not set for the service.</para> - - <para>See the section below on <link linkend="SECURITY"><parameter> - security</parameter></link> for more information about this option. - </para> - - <para>Default: <command>guest only = no</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="HIDEDOTFILES"/>hide dot files (S)</term> - <listitem><para>This is a boolean parameter that controls whether - files starting with a dot appear as hidden files.</para> - - <para>Default: <command>hide dot files = yes</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="HIDEFILES"/>hide files(S)</term> - <listitem><para>This is a list of files or directories that are not - visible but are accessible. The DOS 'hidden' attribute is applied - to any files or directories that match.</para> - - <para>Each entry in the list must be separated by a '/', - which allows spaces to be included in the entry. '*' - and '?' can be used to specify multiple files or directories - as in DOS wildcards.</para> - - <para>Each entry must be a Unix path, not a DOS path and must - not include the Unix directory separator '/'.</para> - - <para>Note that the case sensitivity option is applicable - in hiding files.</para> - - <para>Setting this parameter will affect the performance of Samba, - as it will be forced to check all files and directories for a match - as they are scanned.</para> - - <para>See also <link linkend="HIDEDOTFILES"><parameter>hide - dot files</parameter></link>, <link linkend="VETOFILES"><parameter> - veto files</parameter></link> and <link linkend="CASESENSITIVE"> - <parameter>case sensitive</parameter></link>.</para> - - <para>Default: <emphasis>no file are hidden</emphasis></para> - <para>Example: <command>hide files = - /.*/DesktopFolderDB/TrashFor%m/resource.frk/</command></para> - - <para>The above example is based on files that the Macintosh - SMB client (DAVE) available from <ulink url="http://www.thursby.com"> - Thursby</ulink> creates for internal use, and also still hides - all files beginning with a dot.</para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="HIDELOCALUSERS"/>hide local users(G)</term> - <listitem><para>This parameter toggles the hiding of local UNIX - users (root, wheel, floppy, etc) from remote clients.</para> - - <para>Default: <command>hide local users = no</command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="HIDEUNREADABLE"/>hide unreadable (G)</term> - <listitem><para>This parameter prevents clients from seeing the - existance of files that cannot be read. Defaults to off.</para> - - <para>Default: <command>hide unreadable = no</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="HIDEUNWRITEABLEFILES"/>hide unwriteable files (G)</term> - <listitem><para>This parameter prevents clients from seeing - the existance of files that cannot be written to. Defaults to off. - Note that unwriteable directories are shown as usual. - </para> - - <para>Default: <command>hide unwriteable = no</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="HIDESPECIALFILES"/>hide special files (G)</term> - <listitem><para>This parameter prevents clients from seeing - special files such as sockets, devices and fifo's in directory - listings. - </para> - - <para>Default: <command>hide special files = no</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="HOMEDIRMAP"/>homedir map (G)</term> - <listitem><para>If<link linkend="NISHOMEDIR"><parameter>nis homedir - </parameter></link> is <constant>yes</constant>, and <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> is also acting - as a Win95/98 <parameter>logon server</parameter> then this parameter - specifies the NIS (or YP) map from which the server for the user's - home directory should be extracted. At present, only the Sun - auto.home map format is understood. The form of the map is:</para> - - <para><command>username server:/some/file/system</command></para> - - <para>and the program will extract the servername from before - the first ':'. There should probably be a better parsing system - that copes with different map formats and also Amd (another - automounter) maps.</para> - - <note><para>A working NIS client is required on - the system for this option to work.</para></note> - - <para>See also <link linkend="NISHOMEDIR"><parameter>nis homedir</parameter> - </link>, <link linkend="DOMAINLOGONS"><parameter>domain logons</parameter> - </link>.</para> - - <para>Default: <command>homedir map = <empty string></command></para> - <para>Example: <command>homedir map = amd.homedir</command></para> - </listitem> - </varlistentry> - - - - - - <varlistentry> - <term><anchor id="HOSTMSDFS"/>host msdfs (G)</term> - <listitem><para>This boolean parameter is only available - if Samba has been configured and compiled with the <command> - --with-msdfs</command> option. If set to <constant>yes</constant>, - Samba will act as a Dfs server, and allow Dfs-aware clients - to browse Dfs trees hosted on the server.</para> - - <para>See also the <link linkend="MSDFSROOT"><parameter> - msdfs root</parameter></link> share level parameter. For - more information on setting up a Dfs tree on Samba, - refer to <ulink url="msdfs_setup.html">msdfs_setup.html</ulink>. - </para> - - <para>Default: <command>host msdfs = no</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="HOSTNAMELOOKUPS"/>hostname lookups (G)</term> - <listitem><para>Specifies whether samba should use (expensive) - hostname lookups or use the ip addresses instead. An example place - where hostname lookups are currently used is when checking - the <command>hosts deny</command> and <command>hosts allow</command>. - </para> - - <para>Default: <command>hostname lookups = yes</command></para> - - <para>Example: <command>hostname lookups = no</command></para> - - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="HOSTSALLOW"/>hosts allow (S)</term> - <listitem><para>A synonym for this parameter is <parameter>allow - hosts</parameter>.</para> - - <para>This parameter is a comma, space, or tab delimited - set of hosts which are permitted to access a service.</para> - - <para>If specified in the [global] section then it will - apply to all services, regardless of whether the individual - service has a different setting.</para> - - <para>You can specify the hosts by name or IP number. For - example, you could restrict access to only the hosts on a - Class C subnet with something like <command>allow hosts = 150.203.5. - </command>. The full syntax of the list is described in the man - page <filename>hosts_access(5)</filename>. Note that this man - page may not be present on your system, so a brief description will - be given here also.</para> - - <para>Note that the localhost address 127.0.0.1 will always - be allowed access unless specifically denied by a <link - linkend="HOSTSDENY"><parameter>hosts deny</parameter></link> option.</para> - - <para>You can also specify hosts by network/netmask pairs and - by netgroup names if your system supports netgroups. The - <emphasis>EXCEPT</emphasis> keyword can also be used to limit a - wildcard list. The following examples may provide some help:</para> - - <para>Example 1: allow all IPs in 150.203.*.*; except one</para> - - <para><command>hosts allow = 150.203. EXCEPT 150.203.6.66</command></para> - - <para>Example 2: allow hosts that match the given network/netmask</para> - - <para><command>hosts allow = 150.203.15.0/255.255.255.0</command></para> - - <para>Example 3: allow a couple of hosts</para> - - <para><command>hosts allow = lapland, arvidsjaur</command></para> - - <para>Example 4: allow only hosts in NIS netgroup "foonet", but - deny access from one particular host</para> - - <para><command>hosts allow = @foonet</command></para> - - <para><command>hosts deny = pirate</command></para> - - <para>Note that access still requires suitable user-level passwords.</para> - - <para>See <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> for a way of testing your host access - to see if it does what you expect.</para> - - <para>Default: <emphasis>none (i.e., all hosts permitted access) - </emphasis></para> - - <para>Example: <command>allow hosts = 150.203.5. myhost.mynet.edu.au - </command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="HOSTSDENY"/>hosts deny (S)</term> - <listitem><para>The opposite of <parameter>hosts allow</parameter> - - hosts listed here are <emphasis>NOT</emphasis> permitted access to - services unless the specific services have their own lists to override - this one. Where the lists conflict, the <parameter>allow</parameter> - list takes precedence.</para> - - <para>Default: <emphasis>none (i.e., no hosts specifically excluded) - </emphasis></para> - - <para>Example: <command>hosts deny = 150.203.4. badhost.mynet.edu.au - </command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="HOSTSEQUIV"/>hosts equiv (G)</term> - <listitem><para>If this global parameter is a non-null string, - it specifies the name of a file to read for the names of hosts - and users who will be allowed access without specifying a password. - </para> - - <para>This is not be confused with <link linkend="HOSTSALLOW"> - <parameter>hosts allow</parameter></link> which is about hosts - access to services and is more useful for guest services. <parameter> - hosts equiv</parameter> may be useful for NT clients which will - not supply passwords to Samba.</para> - - <note><para>The use of <parameter>hosts equiv - </parameter> can be a major security hole. This is because you are - trusting the PC to supply the correct username. It is very easy to - get a PC to supply a false username. I recommend that the - <parameter>hosts equiv</parameter> option be only used if you really - know what you are doing, or perhaps on a home network where you trust - your spouse and kids. And only if you <emphasis>really</emphasis> trust - them :-).</para></note> - - <para>Default: <emphasis>no host equivalences</emphasis></para> - <para>Example: <command>hosts equiv = /etc/hosts.equiv</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="INCLUDE"/>include (G)</term> - <listitem><para>This allows you to include one config file - inside another. The file is included literally, as though typed - in place.</para> - - <para>It takes the standard substitutions, except <parameter>%u - </parameter>, <parameter>%P</parameter> and <parameter>%S</parameter>. - </para> - - <para>Default: <emphasis>no file included</emphasis></para> - <para>Example: <command>include = /usr/local/samba/lib/admin_smb.conf - </command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="INHERITACLS"/>inherit acls (S)</term> - <listitem><para>This parameter can be used to ensure - that if default acls exist on parent directories, - they are always honored when creating a subdirectory. - The default behavior is to use the mode specified - when creating the directory. Enabling this option - sets the mode to 0777, thus guaranteeing that - default directory acls are propagated. - </para> - - <para>Default: <command>inherit acls = no</command> - </para></listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="INHERITPERMISSIONS"/>inherit permissions (S)</term> - <listitem><para>The permissions on new files and directories - are normally governed by <link linkend="CREATEMASK"><parameter> - create mask</parameter></link>, <link linkend="DIRECTORYMASK"> - <parameter>directory mask</parameter></link>, <link - linkend="FORCECREATEMODE"><parameter>force create mode</parameter> - </link> and <link linkend="FORCEDIRECTORYMODE"><parameter>force - directory mode</parameter></link> but the boolean inherit - permissions parameter overrides this.</para> - - <para>New directories inherit the mode of the parent directory, - including bits such as setgid.</para> - - <para>New files inherit their read/write bits from the parent - directory. Their execute bits continue to be determined by - <link linkend="MAPARCHIVE"><parameter>map archive</parameter> - </link>, <link linkend="MAPHIDDEN"><parameter>map hidden</parameter> - </link> and <link linkend="MAPSYSTEM"><parameter>map system</parameter> - </link> as usual.</para> - - <para>Note that the setuid bit is <emphasis>never</emphasis> set via - inheritance (the code explicitly prohibits this).</para> - - <para>This can be particularly useful on large systems with - many users, perhaps several thousand, to allow a single [homes] - share to be used flexibly by each user.</para> - - <para>See also <link linkend="CREATEMASK"><parameter>create mask - </parameter></link>, <link linkend="DIRECTORYMASK"><parameter> - directory mask</parameter></link>, <link linkend="FORCECREATEMODE"> - <parameter>force create mode</parameter></link> and <link - linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter> - </link>.</para> - - <para>Default: <command>inherit permissions = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="INTERFACES"/>interfaces (G)</term> - <listitem><para>This option allows you to override the default - network interfaces list that Samba will use for browsing, name - registration and other NBT traffic. By default Samba will query - the kernel for the list of all active interfaces and use any - interfaces except 127.0.0.1 that are broadcast capable.</para> - - <para>The option takes a list of interface strings. Each string - can be in any of the following forms:</para> - - <itemizedlist> - <listitem><para>a network interface name (such as eth0). - This may include shell-like wildcards so eth* will match - any interface starting with the substring "eth"</para></listitem> - - <listitem><para>an IP address. In this case the netmask is - determined from the list of interfaces obtained from the - kernel</para></listitem> - - <listitem><para>an IP/mask pair. </para></listitem> - - <listitem><para>a broadcast/mask pair.</para></listitem> - </itemizedlist> - - <para>The "mask" parameters can either be a bit length (such - as 24 for a C class network) or a full netmask in dotted - decimal form.</para> - - <para>The "IP" parameters above can either be a full dotted - decimal IP address or a hostname which will be looked up via - the OS's normal hostname resolution mechanisms.</para> - - <para>For example, the following line:</para> - - <para><command>interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0 - </command></para> - - <para>would configure three network interfaces corresponding - to the eth0 device and IP addresses 192.168.2.10 and 192.168.3.10. - The netmasks of the latter two interfaces would be set to 255.255.255.0.</para> - - <para>See also <link linkend="BINDINTERFACESONLY"><parameter>bind - interfaces only</parameter></link>.</para> - - <para>Default: <emphasis>all active interfaces except 127.0.0.1 - that are broadcast capable</emphasis></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="INVALIDUSERS"/>invalid users (S)</term> - <listitem><para>This is a list of users that should not be allowed - to login to this service. This is really a <emphasis>paranoid</emphasis> - check to absolutely ensure an improper setting does not breach - your security.</para> - - <para>A name starting with a '@' is interpreted as an NIS - netgroup first (if your system supports NIS), and then as a UNIX - group if the name was not found in the NIS netgroup database.</para> - - <para>A name starting with '+' is interpreted only - by looking in the UNIX group database. A name starting with - '&' is interpreted only by looking in the NIS netgroup database - (this requires NIS to be working on your system). The characters - '+' and '&' may be used at the start of the name in either order - so the value <parameter>+&group</parameter> means check the - UNIX group database, followed by the NIS netgroup database, and - the value <parameter>&+group</parameter> means check the NIS - netgroup database, followed by the UNIX group database (the - same as the '@' prefix).</para> - - <para>The current servicename is substituted for <parameter>%S</parameter>. - This is useful in the [homes] section.</para> - - <para>See also <link linkend="VALIDUSERS"><parameter>valid users - </parameter></link>.</para> - - <para>Default: <emphasis>no invalid users</emphasis></para> - <para>Example: <command>invalid users = root fred admin @wheel - </command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="KEEPALIVE"/>keepalive (G)</term> - <listitem><para>The value of the parameter (an integer) represents - the number of seconds between <parameter>keepalive</parameter> - packets. If this parameter is zero, no keepalive packets will be - sent. Keepalive packets, if sent, allow the server to tell whether - a client is still present and responding.</para> - - <para>Keepalives should, in general, not be needed if the socket - being used has the SO_KEEPALIVE attribute set on it (see <link - linkend="SOCKETOPTIONS"><parameter>socket options</parameter></link>). - Basically you should only use this option if you strike difficulties.</para> - - <para>Default: <command>keepalive = 300</command></para> - <para>Example: <command>keepalive = 600</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="KERNELOPLOCKS"/>kernel oplocks (G)</term> - <listitem><para>For UNIXes that support kernel based <link - linkend="OPLOCKS"><parameter>oplocks</parameter></link> - (currently only IRIX and the Linux 2.4 kernel), this parameter - allows the use of them to be turned on or off.</para> - - <para>Kernel oplocks support allows Samba <parameter>oplocks - </parameter> to be broken whenever a local UNIX process or NFS operation - accesses a file that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has oplocked. This allows complete - data consistency between SMB/CIFS, NFS and local file access (and is - a <emphasis>very</emphasis> cool feature :-).</para> - - <para>This parameter defaults to <constant>on</constant>, but is translated - to a no-op on systems that no not have the necessary kernel support. - You should never need to touch this parameter.</para> - - <para>See also the <link linkend="OPLOCKS"><parameter>oplocks</parameter> - </link> and <link linkend="LEVEL2OPLOCKS"><parameter>level2 oplocks - </parameter></link> parameters.</para> - - <para>Default: <command>kernel oplocks = yes</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="LANMANAUTH"/>lanman auth (G)</term> - <listitem><para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will attempt to authenticate users - using the LANMAN password hash. If disabled, only clients which support NT - password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not - Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host.</para> - - <para>Default : <command>lanman auth = yes</command></para> - </listitem> - </varlistentry> - - - - - - <varlistentry> - <term><anchor id="LARGEREADWRITE"/>large readwrite (G)</term> - <listitem><para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> supports the new 64k streaming - read and write varient SMB requests introduced - with Windows 2000. Note that due to Windows 2000 client redirector bugs - this requires Samba to be running on a 64-bit capable operating system such - as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with - Windows 2000 clients. Defaults to on. Not as tested as some other Samba - code paths. - </para> - - <para>Default : <command>large readwrite = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LDAPADMINDN"/>ldap admin dn (G)</term> - <listitem><para> The <parameter>ldap admin dn</parameter> defines the Distinguished - Name (DN) name used by Samba to contact the ldap server when retreiving - user account information. The <parameter>ldap - admin dn</parameter> is used in conjunction with the admin dn password - stored in the <filename>private/secrets.tdb</filename> file. See the - <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> man page for more information on how - to accmplish this.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="LDAPDELETEDN"/>ldap delete dn (G)</term> - <listitem><para> This parameter specifies whether a delete - operation in the ldapsam deletes the complete entry or only the attributes - specific to Samba. - </para> - - <para>Default : <emphasis>ldap delete dn = no</emphasis></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="LDAPFILTER"/>ldap filter (G)</term> - <listitem><para>This parameter specifies the RFC 2254 compliant LDAP search filter. - The default is to match the login name with the <constant>uid</constant> - attribute for all entries matching the <constant>sambaAccount</constant> - objectclass. Note that this filter should only return one entry. - </para> - - - <para>Default : <command>ldap filter = (&(uid=%u)(objectclass=sambaAccount))</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="LDAPPORT"/>ldap port (G)</term> - <listitem><para>This parameter is only available if Samba has been - configure to include the <command>--with-ldapsam</command> option - at compile time. - </para> - - <para> - This option is used to control the tcp port number used to contact - the <link linkend="LDAPSERVER"><parameter>ldap server</parameter></link>. - The default is to use the stand LDAPS port 636. - </para> - - <para>See Also: <link linkend="LDAPSSL">ldap ssl</link> - </para> - - <para>Default : <command>ldap port = 636 ; if ldap ssl = on</command></para> - <para>Default : <command>ldap port = 389 ; if ldap ssl = off</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="LDAPSERVER"/>ldap server (G)</term> - <listitem><para>This parameter is only available if Samba has been - configure to include the <command>--with-ldapsam</command> option - at compile time. - </para> - - <para> - This parameter should contain the FQDN of the ldap directory - server which should be queried to locate user account information. - </para> - - <para>Default : <command>ldap server = localhost</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="LDAPSSL"/>ldap ssl (G)</term> - <listitem><para>This option is used to define whether or not Samba should - use SSL when connecting to the ldap server - This is <emphasis>NOT</emphasis> related to - Samba's previous SSL support which was enabled by specifying the - <command>--with-ssl</command> option to the <filename>configure</filename> - script. - </para> - - <para> - The <parameter>ldap ssl</parameter> can be set to one of three values: - </para> - <itemizedlist> - <listitem><para><parameter>Off</parameter> = Never use SSL when querying the directory.</para></listitem> - - <listitem><para><parameter>Start_tls</parameter> = Use the LDAPv3 StartTLS extended operation - (RFC2830) for communicating with the directory server.</para></listitem> - - <listitem><para><parameter>On</parameter> = - Use SSL on the ldaps port when contacting the - <parameter>ldap server</parameter>. Only - available when the backwards-compatiblity <command> - --with-ldapsam</command> option is specified - to configure. See <link linkend="PASSDBBACKEND"><parameter>passdb backend</parameter></link></para></listitem> - </itemizedlist> - - <para>Default : <command>ldap ssl = start_tls</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="LDAPSUFFIX"/>ldap suffix (G)</term> - <listitem> - <para>Specifies where user and machine accounts are added to the tree. Can be overriden by <command>ldap user suffix</command> and <command>ldap machine suffix</command>. It also used as the base dn for all ldap searches. </para> - - <para>Default : <emphasis>none</emphasis></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LDAPUSERSUFFIX"/>ldap user suffix (G)</term> - <listitem><para>It specifies where users are added to the tree. - </para> - - - - <para>Default : <emphasis>none</emphasis></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LDAPMACHINESUFFIX"/>ldap machine suffix (G)</term> - <listitem><para>It specifies where machines should be - added to the ldap tree. - </para> - - - - <para>Default : <emphasis>none</emphasis></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="LDAPPASSWDSYNC"/>ldap passwd sync (G)</term> - <listitem><para>This option is used to define whether - or not Samba should sync the LDAP password with the NT - and LM hashes for normal accounts (NOT for - workstation, server or domain trusts) on a password - change via SAMBA. - </para> - - <para> - The <parameter>ldap passwd sync</parameter> can be set to one of three values: - </para> - <itemizedlist> - <listitem><para><parameter>Yes</parameter> = Try to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para></listitem> - - <listitem><para><parameter>No</parameter> = Update NT and LM passwords and update the pwdLastSet time.</para></listitem> - - <listitem><para><parameter>Only</parameter> = Only update the LDAP password and let the LDAP server do the rest.</para></listitem> - </itemizedlist> - - <para>Default : <command>ldap passwd sync = no</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="LDAPTRUSTIDS"/>ldap trust ids (G)</term> - <listitem><para>Normally, Samba validates each entry - in the LDAP server against getpwnam(). This allows - LDAP to be used for Samba with the unix system using - NIS (for example) and also ensures that Samba does not - present accounts that do not otherwise exist. </para> - <para>This option is used to disable this functionality, and - instead to rely on the presence of the appropriate - attributes in LDAP directly, which can result in a - significant performance boost in some situations. - Setting this option to yes effectivly assumes - that the local machine is running <command>nss_ldap</command> against the - same LDAP server.</para> - - <para>Default: <command>ldap trust ids = No</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="LEVEL2OPLOCKS"/>level2 oplocks (S)</term> - <listitem><para>This parameter controls whether Samba supports - level2 (read-only) oplocks on a share.</para> - - <para>Level2, or read-only oplocks allow Windows NT clients - that have an oplock on a file to downgrade from a read-write oplock - to a read-only oplock once a second client opens the file (instead - of releasing all oplocks on a second open, as in traditional, - exclusive oplocks). This allows all openers of the file that - support level2 oplocks to cache the file for read-ahead only (ie. - they may not cache writes or lock requests) and increases performance - for many accesses of files that are not commonly written (such as - application .EXE files).</para> - - <para>Once one of the clients which have a read-only oplock - writes to the file all clients are notified (no reply is needed - or waited for) and told to break their oplocks to "none" and - delete any read-ahead caches.</para> - - <para>It is recommended that this parameter be turned on - to speed access to shared executables.</para> - - <para>For more discussions on level2 oplocks see the CIFS spec.</para> - - <para>Currently, if <link linkend="KERNELOPLOCKS"><parameter>kernel - oplocks</parameter></link> are supported then level2 oplocks are - not granted (even if this parameter is set to <constant>yes</constant>). - Note also, the <link linkend="OPLOCKS"><parameter>oplocks</parameter> - </link> parameter must be set to <constant>yes</constant> on this share in order for - this parameter to have any effect.</para> - - <para>See also the <link linkend="OPLOCKS"><parameter>oplocks</parameter> - </link> and <link linkend="OPLOCKS"><parameter>kernel oplocks</parameter> - </link> parameters.</para> - - <para>Default: <command>level2 oplocks = yes</command></para> - </listitem> - </varlistentry> - - - - - - <varlistentry> - <term><anchor id="LMANNOUNCE"/>lm announce (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will produce Lanman announce - broadcasts that are needed by OS/2 clients in order for them to see - the Samba server in their browse list. This parameter can have three - values, <constant>yes</constant>, <constant>no</constant>, or - <constant>auto</constant>. The default is <constant>auto</constant>. - If set to <constant>no</constant> Samba will never produce these - broadcasts. If set to <constant>yes</constant> Samba will produce - Lanman announce broadcasts at a frequency set by the parameter - <parameter>lm interval</parameter>. If set to <constant>auto</constant> - Samba will not send Lanman announce broadcasts by default but will - listen for them. If it hears such a broadcast on the wire it will - then start sending them at a frequency set by the parameter - <parameter>lm interval</parameter>.</para> - - <para>See also <link linkend="LMINTERVAL"><parameter>lm interval - </parameter></link>.</para> - - <para>Default: <command>lm announce = auto</command></para> - <para>Example: <command>lm announce = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LMINTERVAL"/>lm interval (G)</term> - <listitem><para>If Samba is set to produce Lanman announce - broadcasts needed by OS/2 clients (see the <link linkend="LMANNOUNCE"> - <parameter>lm announce</parameter></link> parameter) then this - parameter defines the frequency in seconds with which they will be - made. If this is set to zero then no Lanman announcements will be - made despite the setting of the <parameter>lm announce</parameter> - parameter.</para> - - <para>See also <link linkend="LMANNOUNCE"><parameter>lm - announce</parameter></link>.</para> - - <para>Default: <command>lm interval = 60</command></para> - <para>Example: <command>lm interval = 120</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LOADPRINTERS"/>load printers (G)</term> - <listitem><para>A boolean variable that controls whether all - printers in the printcap will be loaded for browsing by default. - See the <link linkend="PRINTERSSECT">printers</link> section for - more details.</para> - - <para>Default: <command>load printers = yes</command></para></listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="LOCALMASTER"/>local master (G)</term> - <listitem><para>This option allows <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to try and become a local master browser - on a subnet. If set to <constant>no</constant> then <command> - nmbd</command> will not attempt to become a local master browser - on a subnet and will also lose in all browsing elections. By - default this value is set to <constant>yes</constant>. Setting this value to <constant>yes</constant> doesn't - mean that Samba will <emphasis>become</emphasis> the local master - browser on a subnet, just that <command>nmbd</command> will <emphasis> - participate</emphasis> in elections for local master browser.</para> - - <para>Setting this value to <constant>no</constant> will cause <command>nmbd</command> - <emphasis>never</emphasis> to become a local master browser.</para> - - <para>Default: <command>local master = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LOCKDIR"/>lock dir (G)</term> - <listitem><para>Synonym for <link linkend="LOCKDIRECTORY"><parameter> - lock directory</parameter></link>.</para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LOCKDIRECTORY"/>lock directory (G)</term> - <listitem><para>This option specifies the directory where lock - files will be placed. The lock files are used to implement the - <link linkend="MAXCONNECTIONS"><parameter>max connections</parameter> - </link> option.</para> - - <para>Default: <command>lock directory = ${prefix}/var/locks</command></para> - <para>Example: <command>lock directory = /var/run/samba/locks</command> - </para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LOCKSPINCOUNT"/>lock spin count (G)</term> - <listitem><para>This parameter controls the number of times - that smbd should attempt to gain a byte range lock on the - behalf of a client request. Experiments have shown that - Windows 2k servers do not reply with a failure if the lock - could not be immediately granted, but try a few more times - in case the lock could later be aquired. This behavior - is used to support PC database formats such as MS Access - and FoxPro. - </para> - - <para>Default: <command>lock spin count = 2</command> - </para></listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="LOCKSPINTIME"/>lock spin time (G)</term> - <listitem><para>The time in microseconds that smbd should - pause before attempting to gain a failed lock. See - <link linkend="LOCKSPINCOUNT"><parameter>lock spin - count</parameter></link> for more details. - </para> - - <para>Default: <command>lock spin time = 10</command> - </para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LOCKING"/>locking (S)</term> - <listitem><para>This controls whether or not locking will be - performed by the server in response to lock requests from the - client.</para> - - <para>If <command>locking = no</command>, all lock and unlock - requests will appear to succeed and all lock queries will report - that the file in question is available for locking.</para> - - <para>If <command>locking = yes</command>, real locking will be performed - by the server.</para> - - <para>This option <emphasis>may</emphasis> be useful for read-only - filesystems which <emphasis>may</emphasis> not need locking (such as - CDROM drives), although setting this parameter of <constant>no</constant> - is not really recommended even in this case.</para> - - <para>Be careful about disabling locking either globally or in a - specific service, as lack of locking may result in data corruption. - You should never need to set this parameter.</para> - - <para>Default: <command>locking = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LOGFILE"/>log file (G)</term> - <listitem><para>This option allows you to override the name - of the Samba log file (also known as the debug file).</para> - - <para>This option takes the standard substitutions, allowing - you to have separate log files for each user or machine.</para> - - <para>Example: <command>log file = /usr/local/samba/var/log.%m - </command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LOGLEVEL"/>log level (G)</term> - <listitem><para>The value of the parameter (a astring) allows - the debug level (logging level) to be specified in the - <filename>smb.conf</filename> file. This parameter has been - extended since the 2.2.x series, now it allow to specify the debug - level for multiple debug classes. This is to give greater - flexibility in the configuration of the system.</para> - - <para>The default will be the log level specified on - the command line or level zero if none was specified.</para> - - <para>Example: <command>log level = 3 passdb:5 auth:10 winbind:2 - </command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LOGONDRIVE"/>logon drive (G)</term> - <listitem><para>This parameter specifies the local path to - which the home directory will be connected (see <link - linkend="LOGONHOME"><parameter>logon home</parameter></link>) - and is only used by NT Workstations. </para> - - <para>Note that this option is only useful if Samba is set up as a - logon server.</para> - - <para>Default: <command>logon drive = z:</command></para> - <para>Example: <command>logon drive = h:</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LOGONHOME"/>logon home (G)</term> - <listitem><para>This parameter specifies the home directory - location when a Win95/98 or NT Workstation logs into a Samba PDC. - It allows you to do </para> - - <para><prompt>C:\> </prompt><userinput>NET USE H: /HOME</userinput> - </para> - - <para>from a command prompt, for example.</para> - - <para>This option takes the standard substitutions, allowing - you to have separate logon scripts for each user or machine.</para> - - <para>This parameter can be used with Win9X workstations to ensure - that roaming profiles are stored in a subdirectory of the user's - home directory. This is done in the following way:</para> - - <para><command>logon home = \\%N\%U\profile</command></para> - - <para>This tells Samba to return the above string, with - substitutions made when a client requests the info, generally - in a NetUserGetInfo request. Win9X clients truncate the info to - \\server\share when a user does <command>net use /home</command> - but use the whole string when dealing with profiles.</para> - - <para>Note that in prior versions of Samba, the <link linkend="LOGONPATH"> - <parameter>logon path</parameter></link> was returned rather than - <parameter>logon home</parameter>. This broke <command>net use - /home</command> but allowed profiles outside the home directory. - The current implementation is correct, and can be used for - profiles if you use the above trick.</para> - - <para>This option is only useful if Samba is set up as a logon - server.</para> - - <para>Default: <command>logon home = "\\%N\%U"</command></para> - <para>Example: <command>logon home = "\\remote_smb_server\%U"</command> - </para></listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="LOGONPATH"/>logon path (G)</term> - <listitem><para>This parameter specifies the home directory - where roaming profiles (NTuser.dat etc files for Windows NT) are - stored. Contrary to previous versions of these manual pages, it has - nothing to do with Win 9X roaming profiles. To find out how to - handle roaming profiles for Win 9X system, see the <link linkend="LOGONHOME"> - <parameter>logon home</parameter></link> parameter.</para> - - <para>This option takes the standard substitutions, allowing you - to have separate logon scripts for each user or machine. It also - specifies the directory from which the "Application Data", - (<filename>desktop</filename>, <filename>start menu</filename>, - <filename>network neighborhood</filename>, <filename>programs</filename> - and other folders, and their contents, are loaded and displayed on - your Windows NT client.</para> - - <para>The share and the path must be readable by the user for - the preferences and directories to be loaded onto the Windows NT - client. The share must be writeable when the user logs in for the first - time, in order that the Windows NT client can create the NTuser.dat - and other directories.</para> - - <para>Thereafter, the directories and any of the contents can, - if required, be made read-only. It is not advisable that the - NTuser.dat file be made read-only - rename it to NTuser.man to - achieve the desired effect (a <emphasis>MAN</emphasis>datory - profile). </para> - - <para>Windows clients can sometimes maintain a connection to - the [homes] share, even though there is no user logged in. - Therefore, it is vital that the logon path does not include a - reference to the homes share (i.e. setting this parameter to - \%N\%U\profile_path will cause problems).</para> - - <para>This option takes the standard substitutions, allowing - you to have separate logon scripts for each user or machine.</para> - - <para>Note that this option is only useful if Samba is set up - as a logon server.</para> - - <para>Default: <command>logon path = \\%N\%U\profile</command></para> - <para>Example: <command>logon path = \\PROFILESERVER\PROFILE\%U</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LOGONSCRIPT"/>logon script (G)</term> - <listitem><para>This parameter specifies the batch file (.bat) or - NT command file (.cmd) to be downloaded and run on a machine when - a user successfully logs in. The file must contain the DOS - style CR/LF line endings. Using a DOS-style editor to create the - file is recommended.</para> - - <para>The script must be a relative path to the [netlogon] - service. If the [netlogon] service specifies a <link linkend="PATH"> - <parameter>path</parameter></link> of <filename>/usr/local/samba/netlogon - </filename>, and <command>logon script = STARTUP.BAT</command>, then - the file that will be downloaded is:</para> - - <para><filename>/usr/local/samba/netlogon/STARTUP.BAT</filename></para> - - <para>The contents of the batch file are entirely your choice. A - suggested command would be to add <command>NET TIME \\SERVER /SET - /YES</command>, to force every machine to synchronize clocks with - the same time server. Another use would be to add <command>NET USE - U: \\SERVER\UTILS</command> for commonly used utilities, or <command> - NET USE Q: \\SERVER\ISO9001_QA</command> for example.</para> - - <para>Note that it is particularly important not to allow write - access to the [netlogon] share, or to grant users write permission - on the batch files in a secure environment, as this would allow - the batch files to be arbitrarily modified and security to be - breached.</para> - - <para>This option takes the standard substitutions, allowing you - to have separate logon scripts for each user or machine.</para> - - <para>This option is only useful if Samba is set up as a logon - server.</para> - - <para>Default: <emphasis>no logon script defined</emphasis></para> - <para>Example: <command>logon script = scripts\%U.bat</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LPPAUSECOMMAND"/>lppause command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to stop printing or spooling - a specific print job.</para> - - <para>This command should be a program or script which takes - a printer name and job number to pause the print job. One way - of implementing this is by using job priorities, where jobs - having a too low priority won't be sent to the printer.</para> - - <para>If a <parameter>%p</parameter> is given then the printer name - is put in its place. A <parameter>%j</parameter> is replaced with - the job number (an integer). On HPUX (see <parameter>printing=hpux - </parameter>), if the <parameter>-p%p</parameter> option is added - to the lpq command, the job will show up with the correct status, i.e. - if the job priority is lower than the set fence priority it will - have the PAUSED status, whereas if the priority is equal or higher it - will have the SPOOLED or PRINTING status.</para> - - <para>Note that it is good practice to include the absolute path - in the lppause command as the PATH may not be available to the server.</para> - - <para>See also the <link linkend="PRINTING"><parameter>printing - </parameter></link> parameter.</para> - - <para>Default: Currently no default value is given to - this string, unless the value of the <parameter>printing</parameter> - parameter is <constant>SYSV</constant>, in which case the default is :</para> - - <para><command>lp -i %p-%j -H hold</command></para> - - <para>or if the value of the <parameter>printing</parameter> parameter - is <constant>SOFTQ</constant>, then the default is:</para> - - <para><command>qstat -s -j%j -h</command></para> - - <para>Example for HPUX: <command>lppause command = /usr/bin/lpalt - %p-%j -p0</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LPQCACHETIME"/>lpq cache time (G)</term> - <listitem><para>This controls how long lpq info will be cached - for to prevent the <command>lpq</command> command being called too - often. A separate cache is kept for each variation of the <command> - lpq</command> command used by the system, so if you use different - <command>lpq</command> commands for different users then they won't - share cache information.</para> - - <para>The cache files are stored in <filename>/tmp/lpq.xxxx</filename> - where xxxx is a hash of the <command>lpq</command> command in use.</para> - - <para>The default is 10 seconds, meaning that the cached results - of a previous identical <command>lpq</command> command will be used - if the cached data is less than 10 seconds old. A large value may - be advisable if your <command>lpq</command> command is very slow.</para> - - <para>A value of 0 will disable caching completely.</para> - - <para>See also the <link linkend="PRINTING"><parameter>printing - </parameter></link> parameter.</para> - - <para>Default: <command>lpq cache time = 10</command></para> - <para>Example: <command>lpq cache time = 30</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LPQCOMMAND"/>lpq command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to obtain <command>lpq - </command>-style printer status information.</para> - - <para>This command should be a program or script which - takes a printer name as its only parameter and outputs printer - status information.</para> - - <para>Currently nine styles of printer status information - are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. - This covers most UNIX systems. You control which type is expected - using the <parameter>printing =</parameter> option.</para> - - <para>Some clients (notably Windows for Workgroups) may not - correctly send the connection number for the printer they are - requesting status information about. To get around this, the - server reports on the first printer service connected to by the - client. This only happens if the connection number sent is invalid.</para> - - <para>If a <parameter>%p</parameter> is given then the printer name - is put in its place. Otherwise it is placed at the end of the - command.</para> - - <para>Note that it is good practice to include the absolute path - in the <parameter>lpq command</parameter> as the <envar>$PATH - </envar> may not be available to the server. When compiled with - the CUPS libraries, no <parameter>lpq command</parameter> is - needed because smbd will make a library call to obtain the - print queue listing.</para> - - <para>See also the <link linkend="PRINTING"><parameter>printing - </parameter></link> parameter.</para> - - <para>Default: <emphasis>depends on the setting of <parameter> - printing</parameter></emphasis></para> - - <para>Example: <command>lpq command = /usr/bin/lpq -P%p</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LPRESUMECOMMAND"/>lpresume command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to restart or continue - printing or spooling a specific print job.</para> - - <para>This command should be a program or script which takes - a printer name and job number to resume the print job. See - also the <link linkend="LPPAUSECOMMAND"><parameter>lppause command - </parameter></link> parameter.</para> - - <para>If a <parameter>%p</parameter> is given then the printer name - is put in its place. A <parameter>%j</parameter> is replaced with - the job number (an integer).</para> - - <para>Note that it is good practice to include the absolute path - in the <parameter>lpresume command</parameter> as the PATH may not - be available to the server.</para> - - <para>See also the <link linkend="PRINTING"><parameter>printing - </parameter></link> parameter.</para> - - <para>Default: Currently no default value is given - to this string, unless the value of the <parameter>printing</parameter> - parameter is <constant>SYSV</constant>, in which case the default is :</para> - - <para><command>lp -i %p-%j -H resume</command></para> - - <para>or if the value of the <parameter>printing</parameter> parameter - is <constant>SOFTQ</constant>, then the default is:</para> - - <para><command>qstat -s -j%j -r</command></para> - - <para>Example for HPUX: <command>lpresume command = /usr/bin/lpalt - %p-%j -p2</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="LPRMCOMMAND"/>lprm command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to delete a print job.</para> - - <para>This command should be a program or script which takes - a printer name and job number, and deletes the print job.</para> - - <para>If a <parameter>%p</parameter> is given then the printer name - is put in its place. A <parameter>%j</parameter> is replaced with - the job number (an integer).</para> - - <para>Note that it is good practice to include the absolute - path in the <parameter>lprm command</parameter> as the PATH may not be - available to the server.</para> - - <para>See also the <link linkend="PRINTING"><parameter>printing - </parameter></link> parameter.</para> - - <para>Default: <emphasis>depends on the setting of <parameter>printing - </parameter></emphasis></para> - - <para>Example 1: <command>lprm command = /usr/bin/lprm -P%p %j - </command></para> - <para>Example 2: <command>lprm command = /usr/bin/cancel %p-%j - </command></para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MACHINEPASSWORDTIMEOUT"/>machine password timeout (G)</term> - <listitem><para>If a Samba server is a member of a Windows - NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>) - parameter) then periodically a running <ulink url="smbd.8.html"> - smbd(8)</ulink> process will try and change the MACHINE ACCOUNT - PASSWORD stored in the TDB called <filename>private/secrets.tdb - </filename>. This parameter specifies how often this password - will be changed, in seconds. The default is one week (expressed in - seconds), the same as a Windows NT Domain member server.</para> - - <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, and the <link linkend="SECURITYEQUALSDOMAIN"> - security = domain</link>) parameter.</para> - - <para>Default: <command>machine password timeout = 604800</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="MAGICOUTPUT"/>magic output (S)</term> - <listitem><para>This parameter specifies the name of a file - which will contain output created by a magic script (see the - <link linkend="MAGICSCRIPT"><parameter>magic script</parameter></link> - parameter below).</para> - - <para>Warning: If two clients use the same <parameter>magic script - </parameter> in the same directory the output file content - is undefined.</para> - - <para>Default: <command>magic output = <magic script name>.out - </command></para> - - <para>Example: <command>magic output = myfile.txt</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MAGICSCRIPT"/>magic script (S)</term> - <listitem><para>This parameter specifies the name of a file which, - if opened, will be executed by the server when the file is closed. - This allows a UNIX script to be sent to the Samba host and - executed on behalf of the connected user.</para> - - <para>Scripts executed in this way will be deleted upon - completion assuming that the user has the appropriate level - of privilege and the file permissions allow the deletion.</para> - - <para>If the script generates output, output will be sent to - the file specified by the <link linkend="MAGICOUTPUT"><parameter> - magic output</parameter></link> parameter (see above).</para> - - <para>Note that some shells are unable to interpret scripts - containing CR/LF instead of CR as - the end-of-line marker. Magic scripts must be executable - <emphasis>as is</emphasis> on the host, which for some hosts and - some shells will require filtering at the DOS end.</para> - - <para>Magic scripts are <emphasis>EXPERIMENTAL</emphasis> and - should <emphasis>NOT</emphasis> be relied upon.</para> - - <para>Default: <emphasis>None. Magic scripts disabled.</emphasis></para> - <para>Example: <command>magic script = user.csh</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MANGLECASE"/>mangle case (S)</term> - <listitem><para>See the section on <link linkend="NAMEMANGLINGSECT"> - NAME MANGLING</link></para> - - <para>Default: <command>mangle case = no</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="MANGLEDMAP"/>mangled map (S)</term> - <listitem><para>This is for those who want to directly map UNIX - file names which cannot be represented on Windows/DOS. The mangling - of names is not always what is needed. In particular you may have - documents with file extensions that differ between DOS and UNIX. - For example, under UNIX it is common to use <filename>.html</filename> - for HTML files, whereas under Windows/DOS <filename>.htm</filename> - is more commonly used.</para> - - <para>So to map <filename>html</filename> to <filename>htm</filename> - you would use:</para> - - <para><command>mangled map = (*.html *.htm)</command></para> - - <para>One very useful case is to remove the annoying <filename>;1 - </filename> off the ends of filenames on some CDROMs (only visible - under some UNIXes). To do this use a map of (*;1 *;).</para> - - <para>Default: <emphasis>no mangled map</emphasis></para> - <para>Example: <command>mangled map = (*;1 *;)</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="MANGLEDNAMES"/>mangled names (S)</term> - <listitem><para>This controls whether non-DOS names under UNIX - should be mapped to DOS-compatible names ("mangled") and made visible, - or whether non-DOS names should simply be ignored.</para> - - <para>See the section on <link linkend="NAMEMANGLINGSECT"> - NAME MANGLING</link> for details on how to control the mangling process.</para> - - <para>If mangling is used then the mangling algorithm is as follows:</para> - - <itemizedlist> - <listitem><para>The first (up to) five alphanumeric characters - before the rightmost dot of the filename are preserved, forced - to upper case, and appear as the first (up to) five characters - of the mangled name.</para></listitem> - - <listitem><para>A tilde "~" is appended to the first part of the mangled - name, followed by a two-character unique sequence, based on the - original root name (i.e., the original filename minus its final - extension). The final extension is included in the hash calculation - only if it contains any upper case characters or is longer than three - characters.</para> - - <para>Note that the character to use may be specified using - the <link linkend="MANGLINGCHAR"><parameter>mangling char</parameter> - </link> option, if you don't like '~'.</para></listitem> - - <listitem><para>The first three alphanumeric characters of the final - extension are preserved, forced to upper case and appear as the - extension of the mangled name. The final extension is defined as that - part of the original filename after the rightmost dot. If there are no - dots in the filename, the mangled name will have no extension (except - in the case of "hidden files" - see below).</para></listitem> - - <listitem><para>Files whose UNIX name begins with a dot will be - presented as DOS hidden files. The mangled name will be created as - for other filenames, but with the leading dot removed and "___" as - its extension regardless of actual original extension (that's three - underscores).</para></listitem> - </itemizedlist> - - <para>The two-digit hash value consists of upper case - alphanumeric characters.</para> - - <para>This algorithm can cause name collisions only if files - in a directory share the same first five alphanumeric characters. - The probability of such a clash is 1/1300.</para> - - <para>The name mangling (if enabled) allows a file to be - copied between UNIX directories from Windows/DOS while retaining - the long UNIX filename. UNIX files can be renamed to a new extension - from Windows/DOS and will retain the same basename. Mangled names - do not change between sessions.</para> - - <para>Default: <command>mangled names = yes</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="MANGLINGMETHOD"/>mangling method (G)</term> - <listitem><para> controls the algorithm used for the generating - the mangled names. Can take two different values, "hash" and - "hash2". "hash" is the default and is the algorithm that has been - used in Samba for many years. "hash2" is a newer and considered - a better algorithm (generates less collisions) in the names. - However, many Win32 applications store the mangled names and so - changing to the new algorithm must not be done - lightly as these applications may break unless reinstalled.</para> - <para>Default: <command>mangling method = hash2</command></para> - <para>Example: <command>mangling method = hash</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="MANGLEPREFIX"/>mangle prefix (G)</term> - <listitem><para> controls the number of prefix - characters from the original name used when generating - the mangled names. A larger value will give a weaker - hash and therefore more name collisions. The minimum - value is 1 and the maximum value is 6.</para> - <para>Default: <command>mangle prefix = 1</command></para> - <para>Example: <command>mangle prefix = 4</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="MANGLEDSTACK"/>mangled stack (G)</term> - <listitem><para>This parameter controls the number of mangled names - that should be cached in the Samba server <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> - - <para>This stack is a list of recently mangled base names - (extensions are only maintained if they are longer than 3 characters - or contains upper case characters).</para> - - <para>The larger this value, the more likely it is that mangled - names can be successfully converted to correct long UNIX names. - However, large stack sizes will slow most directory accesses. Smaller - stacks save memory in the server (each stack element costs 256 bytes). - </para> - - <para>It is not possible to absolutely guarantee correct long - filenames, so be prepared for some surprises!</para> - - <para>Default: <command>mangled stack = 50</command></para> - <para>Example: <command>mangled stack = 100</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="MANGLINGCHAR"/>mangling char (S)</term> - <listitem><para>This controls what character is used as - the <emphasis>magic</emphasis> character in <link - linkend="NAMEMANGLINGSECT">name mangling</link>. The default is a '~' - but this may interfere with some software. Use this option to set - it to whatever you prefer.</para> - - <para>Default: <command>mangling char = ~</command></para> - <para>Example: <command>mangling char = ^</command></para> - </listitem> - </varlistentry> - - - - - - <varlistentry> - <term><anchor id="MAPARCHIVE"/>map archive (S)</term> - <listitem><para>This controls whether the DOS archive attribute - should be mapped to the UNIX owner execute bit. The DOS archive bit - is set when a file has been modified since its last backup. One - motivation for this option it to keep Samba/your PC from making - any file it touches from becoming executable under UNIX. This can - be quite annoying for shared source code, documents, etc...</para> - - <para>Note that this requires the <parameter>create mask</parameter> - parameter to be set such that owner execute bit is not masked out - (i.e. it must include 100). See the parameter <link linkend="CREATEMASK"> - <parameter>create mask</parameter></link> for details.</para> - - <para>Default: <command>map archive = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MAPHIDDEN"/>map hidden (S)</term> - <listitem><para>This controls whether DOS style hidden files - should be mapped to the UNIX world execute bit.</para> - - <para>Note that this requires the <parameter>create mask</parameter> - to be set such that the world execute bit is not masked out (i.e. - it must include 001). See the parameter <link linkend="CREATEMASK"> - <parameter>create mask</parameter></link> for details.</para> - - <para>Default: <command>map hidden = no</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="MAPSYSTEM"/>map system (S)</term> - <listitem><para>This controls whether DOS style system files - should be mapped to the UNIX group execute bit.</para> - - <para>Note that this requires the <parameter>create mask</parameter> - to be set such that the group execute bit is not masked out (i.e. - it must include 010). See the parameter <link linkend="CREATEMASK"> - <parameter>create mask</parameter></link> for details.</para> - - <para>Default: <command>map system = no</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="MAPTOGUEST"/>map to guest (G)</term> - <listitem><para>This parameter is only useful in <link linkend="SECURITY"> - security</link> modes other than <parameter>security = share</parameter> - - i.e. <constant>user</constant>, <constant>server</constant>, - and <constant>domain</constant>.</para> - - <para>This parameter can take three different values, which tell - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> what to do with user - login requests that don't match a valid UNIX user in some way.</para> - - <para>The three settings are :</para> - - <itemizedlist> - <listitem><para><constant>Never</constant> - Means user login - requests with an invalid password are rejected. This is the - default.</para></listitem> - - <listitem><para><constant>Bad User</constant> - Means user - logins with an invalid password are rejected, unless the username - does not exist, in which case it is treated as a guest login and - mapped into the <link linkend="GUESTACCOUNT"><parameter> - guest account</parameter></link>.</para></listitem> - - <listitem><para><constant>Bad Password</constant> - Means user logins - with an invalid password are treated as a guest login and mapped - into the <link linkend="GUESTACCOUNT">guest account</link>. Note that - this can cause problems as it means that any user incorrectly typing - their password will be silently logged on as "guest" - and - will not know the reason they cannot access files they think - they should - there will have been no message given to them - that they got their password wrong. Helpdesk services will - <emphasis>hate</emphasis> you if you set the <parameter>map to - guest</parameter> parameter this way :-).</para></listitem> - </itemizedlist> - - <para>Note that this parameter is needed to set up "Guest" - share services when using <parameter>security</parameter> modes other than - share. This is because in these modes the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client so the server - cannot make authentication decisions at the correct time (connection - to the share) for "Guest" shares.</para> - - <para>For people familiar with the older Samba releases, this - parameter maps to the old compile-time setting of the <constant> - GUEST_SESSSETUP</constant> value in local.h.</para> - - <para>Default: <command>map to guest = Never</command></para> - <para>Example: <command>map to guest = Bad User</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MAXCONNECTIONS"/>max connections (S)</term> - <listitem><para>This option allows the number of simultaneous - connections to a service to be limited. If <parameter>max connections - </parameter> is greater than 0 then connections will be refused if - this number of connections to the service are already open. A value - of zero mean an unlimited number of connections may be made.</para> - - <para>Record lock files are used to implement this feature. The - lock files will be stored in the directory specified by the <link - linkend="LOCKDIRECTORY"><parameter>lock directory</parameter></link> - option.</para> - - <para>Default: <command>max connections = 0</command></para> - <para>Example: <command>max connections = 10</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MAXDISKSIZE"/>max disk size (G)</term> - <listitem><para>This option allows you to put an upper limit - on the apparent size of disks. If you set this option to 100 - then all shares will appear to be not larger than 100 MB in - size.</para> - - <para>Note that this option does not limit the amount of - data you can put on the disk. In the above case you could still - store much more than 100 MB on the disk, but if a client ever asks - for the amount of free disk space or the total disk size then the - result will be bounded by the amount specified in <parameter>max - disk size</parameter>.</para> - - <para>This option is primarily useful to work around bugs - in some pieces of software that can't handle very large disks, - particularly disks over 1GB in size.</para> - - <para>A <parameter>max disk size</parameter> of 0 means no limit.</para> - - <para>Default: <command>max disk size = 0</command></para> - <para>Example: <command>max disk size = 1000</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MAXLOGSIZE"/>max log size (G)</term> - <listitem><para>This option (an integer in kilobytes) specifies - the max size the log file should grow to. Samba periodically checks - the size and if it is exceeded it will rename the file, adding - a <filename>.old</filename> extension.</para> - - <para>A size of 0 means no limit.</para> - - <para>Default: <command>max log size = 5000</command></para> - <para>Example: <command>max log size = 1000</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MAXMUX"/>max mux (G)</term> - <listitem><para>This option controls the maximum number of - outstanding simultaneous SMB operations that Samba tells the client - it will allow. You should never need to set this parameter.</para> - - <para>Default: <command>max mux = 50</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MAXOPENFILES"/>max open files (G)</term> - <listitem><para>This parameter limits the maximum number of - open files that one <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> file - serving process may have open for a client at any one time. The - default for this parameter is set very high (10,000) as Samba uses - only one bit per unopened file.</para> - - <para>The limit of the number of open files is usually set - by the UNIX per-process file descriptor limit rather than - this parameter so you should never need to touch this parameter.</para> - - <para>Default: <command>max open files = 10000</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MAXPRINTJOBS"/>max print jobs (S)</term> - <listitem><para>This parameter limits the maximum number of - jobs allowable in a Samba printer queue at any given moment. - If this number is exceeded, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will remote "Out of Space" to the client. - See all <link linkend="TOTALPRINTJOBS"><parameter>total - print jobs</parameter></link>. - </para> - - <para>Default: <command>max print jobs = 1000</command></para> - <para>Example: <command>max print jobs = 5000</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="MAXPROTOCOL"/>max protocol (G)</term> - <listitem><para>The value of the parameter (a string) is the highest - protocol level that will be supported by the server.</para> - - <para>Possible values are :</para> - <itemizedlist> - <listitem><para><constant>CORE</constant>: Earliest version. No - concept of user names.</para></listitem> - - <listitem><para><constant>COREPLUS</constant>: Slight improvements on - CORE for efficiency.</para></listitem> - - <listitem><para><constant>LANMAN1</constant>: First <emphasis> - modern</emphasis> version of the protocol. Long filename - support.</para></listitem> - - <listitem><para><constant>LANMAN2</constant>: Updates to Lanman1 protocol. - </para></listitem> - - <listitem><para><constant>NT1</constant>: Current up to date version of - the protocol. Used by Windows NT. Known as CIFS.</para></listitem> - </itemizedlist> - - <para>Normally this option should not be set as the automatic - negotiation phase in the SMB protocol takes care of choosing - the appropriate protocol.</para> - - <para>See also <link linkend="MINPROTOCOL"><parameter>min - protocol</parameter></link></para> - - <para>Default: <command>max protocol = NT1</command></para> - <para>Example: <command>max protocol = LANMAN1</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MAXSMBDPROCESSES"/>max smbd processes (G)</term> - <listitem><para>This parameter limits the maximum number of - <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> - processes concurrently running on a system and is intended - as a stopgap to prevent degrading service to clients in the event - that the server has insufficient resources to handle more than this - number of connections. Remember that under normal operating - conditions, each user will have an <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> associated with him or her - to handle connections to all shares from a given host. - </para> - - <para>Default: <command>max smbd processes = 0</command> ## no limit</para> - <para>Example: <command>max smbd processes = 1000</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="MAXTTL"/>max ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - what the default 'time to live' of NetBIOS names should be (in seconds) - when <command>nmbd</command> is requesting a name using either a - broadcast packet or from a WINS server. You should never need to - change this parameter. The default is 3 days.</para> - - <para>Default: <command>max ttl = 259200</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MAXWINSTTL"/>max wins ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server (<link linkend="WINSSUPPORT"> - <parameter>wins support = yes</parameter></link>) what the maximum - 'time to live' of NetBIOS names that <command>nmbd</command> - will grant will be (in seconds). You should never need to change this - parameter. The default is 6 days (518400 seconds).</para> - - <para>See also the <link linkend="MINWINSTTL"><parameter>min - wins ttl</parameter></link> parameter.</para> - - <para>Default: <command>max wins ttl = 518400</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MAXXMIT"/>max xmit (G)</term> - <listitem><para>This option controls the maximum packet size - that will be negotiated by Samba. The default is 65535, which - is the maximum. In some cases you may find you get better performance - with a smaller value. A value below 2048 is likely to cause problems. - </para> - - <para>Default: <command>max xmit = 65535</command></para> - <para>Example: <command>max xmit = 8192</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MESSAGECOMMAND"/>message command (G)</term> - <listitem><para>This specifies what command to run when the - server receives a WinPopup style message.</para> - - <para>This would normally be a command that would - deliver the message somehow. How this is to be done is - up to your imagination.</para> - - <para>An example is:</para> - - <para><command>message command = csh -c 'xedit %s;rm %s' &</command> - </para> - - <para>This delivers the message using <command>xedit</command>, then - removes it afterwards. <emphasis>NOTE THAT IT IS VERY IMPORTANT - THAT THIS COMMAND RETURN IMMEDIATELY</emphasis>. That's why I - have the '&' on the end. If it doesn't return immediately then - your PCs may freeze when sending messages (they should recover - after 30 seconds, hopefully).</para> - - <para>All messages are delivered as the global guest user. - The command takes the standard substitutions, although <parameter> - %u</parameter> won't work (<parameter>%U</parameter> may be better - in this case).</para> - - <para>Apart from the standard substitutions, some additional - ones apply. In particular:</para> - - <itemizedlist> - <listitem><para><parameter>%s</parameter> = the filename containing - the message.</para></listitem> - - <listitem><para><parameter>%t</parameter> = the destination that - the message was sent to (probably the server name).</para></listitem> - - <listitem><para><parameter>%f</parameter> = who the message - is from.</para></listitem> - </itemizedlist> - - <para>You could make this command send mail, or whatever else - takes your fancy. Please let us know of any really interesting - ideas you have.</para> - - - <para>Here's a way of sending the messages as mail to root:</para> - - <para><command>message command = /bin/mail -s 'message from %f on - %m' root < %s; rm %s</command></para> - - <para>If you don't have a message command then the message - won't be delivered and Samba will tell the sender there was - an error. Unfortunately WfWg totally ignores the error code - and carries on regardless, saying that the message was delivered. - </para> - - <para>If you want to silently delete it then try:</para> - - <para><command>message command = rm %s</command></para> - - <para>Default: <emphasis>no message command</emphasis></para> - <para>Example: <command>message command = csh -c 'xedit %s; - rm %s' &</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="MINPASSWDLENGTH"/>min passwd length (G)</term> - <listitem><para>Synonym for <link linkend="MINPASSWORDLENGTH"> - <parameter>min password length</parameter></link>.</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MINPASSWORDLENGTH"/>min password length (G)</term> - <listitem><para>This option sets the minimum length in characters - of a plaintext password that <command>smbd</command> will accept when performing - UNIX password changing.</para> - - <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix - password sync</parameter></link>, <link linkend="PASSWDPROGRAM"> - <parameter>passwd program</parameter></link> and <link - linkend="PASSWDCHATDEBUG"><parameter>passwd chat debug</parameter> - </link>.</para> - - <para>Default: <command>min password length = 5</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="MINPRINTSPACE"/>min print space (S)</term> - <listitem><para>This sets the minimum amount of free disk - space that must be available before a user will be able to spool - a print job. It is specified in kilobytes. The default is 0, which - means a user can always spool a print job.</para> - - <para>See also the <link linkend="PRINTING"><parameter>printing - </parameter></link> parameter.</para> - - <para>Default: <command>min print space = 0</command></para> - <para>Example: <command>min print space = 2000</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="MINPROTOCOL"/>min protocol (G)</term> - <listitem><para>The value of the parameter (a string) is the - lowest SMB protocol dialect than Samba will support. Please refer - to the <link linkend="MAXPROTOCOL"><parameter>max protocol</parameter></link> - parameter for a list of valid protocol names and a brief description - of each. You may also wish to refer to the C source code in - <filename>source/smbd/negprot.c</filename> for a listing of known protocol - dialects supported by clients.</para> - - <para>If you are viewing this parameter as a security measure, you should - also refer to the <link linkend="LANMANAUTH"><parameter>lanman - auth</parameter></link> parameter. Otherwise, you should never need - to change this parameter.</para> - - <para>Default : <command>min protocol = CORE</command></para> - <para>Example : <command>min protocol = NT1</command> # disable DOS - clients</para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="MINWINSTTL"/>min wins ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - when acting as a WINS server (<link linkend="WINSSUPPORT"><parameter> - wins support = yes</parameter></link>) what the minimum 'time to live' - of NetBIOS names that <command>nmbd</command> will grant will be (in - seconds). You should never need to change this parameter. The default - is 6 hours (21600 seconds).</para> - - <para>Default: <command>min wins ttl = 21600</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="MSDFSPROXY"/>msdfs proxy (S)</term> - <listitem><para>This parameter indicates that the share is a - stand-in for another CIFS share whose location is specified by - the value of the parameter. When clients attempt to connect to - this share, they are redirected to the proxied share using - the SMB-Dfs protocol.</para> - <para>Only Dfs roots can act as proxy shares. Take a look at the - <link linkend="MSDFSROOT"><parameter>msdfs root</parameter></link> - and - <link linkend="HOSTMSDFS"><parameter>host msdfs</parameter></link> - options to find out how to set up a Dfs root share.</para> - <para>Example: <command>msdfs proxy = \\\\otherserver\\someshare</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="MSDFSROOT"/>msdfs root (S)</term> - <listitem><para>This boolean parameter is only available if - Samba is configured and compiled with the <command> - --with-msdfs</command> option. If set to <constant>yes</constant>, - Samba treats the share as a Dfs root and allows clients to browse - the distributed file system tree rooted at the share directory. - Dfs links are specified in the share directory by symbolic - links of the form <filename>msdfs:serverA\\shareA,serverB\\shareB</filename> - and so on. For more information on setting up a Dfs tree - on Samba, refer to <ulink url="msdfs.html">"Hosting a Microsoft - Distributed File System tree on Samba"</ulink> document.</para> - - <para>See also <link linkend="HOSTMSDFS"><parameter>host msdfs - </parameter></link></para> - - <para>Default: <command>msdfs root = no</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="NAMECACHETIMEOUT"/>name cache timeout (G)</term> - <listitem><para>Specifies the number of seconds it takes before - entries in samba's hostname resolve cache time out. If - the timeout is set to 0. the caching is disabled. - </para> - - - <para>Default: <command>name cache timeout = 660</command></para> - <para>Example: <command>name cache timeout = 0</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="NAMERESOLVEORDER"/>name resolve order (G)</term> - <listitem><para>This option is used by the programs in the Samba - suite to determine what naming services to use and in what order - to resolve host names to IP addresses. The option takes a space - separated string of name resolution options.</para> - - <para>The options are :"lmhosts", "host", "wins" and "bcast". They - cause names to be resolved as follows :</para> - - <itemizedlist> - <listitem><para><constant>lmhosts</constant> : Lookup an IP - address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see the <ulink - url="lmhosts.5.html">lmhosts(5)</ulink> for details) then - any name type matches for lookup.</para></listitem> - - <listitem><para><constant>host</constant> : Do a standard host - name to IP address resolution, using the system <filename>/etc/hosts - </filename>, NIS, or DNS lookups. This method of name resolution - is operating system depended for instance on IRIX or Solaris this - may be controlled by the <filename>/etc/nsswitch.conf</filename> - file. Note that this method is only used if the NetBIOS name - type being queried is the 0x20 (server) name type, otherwise - it is ignored.</para></listitem> - - <listitem><para><constant>wins</constant> : Query a name with - the IP address listed in the <link linkend="WINSSERVER"><parameter> - wins server</parameter></link> parameter. If no WINS server has - been specified this method will be ignored.</para></listitem> - - <listitem><para><constant>bcast</constant> : Do a broadcast on - each of the known local interfaces listed in the <link - linkend="INTERFACES"><parameter>interfaces</parameter></link> - parameter. This is the least reliable of the name resolution - methods as it depends on the target host being on a locally - connected subnet.</para></listitem> - </itemizedlist> - - <para>Default: <command>name resolve order = lmhosts host wins bcast - </command></para> - <para>Example: <command>name resolve order = lmhosts bcast host - </command></para> - - <para>This will cause the local lmhosts file to be examined - first, followed by a broadcast attempt, followed by a normal - system hostname lookup.</para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="NETBIOSALIASES"/>netbios aliases (G)</term> - <listitem><para>This is a list of NetBIOS names that <ulink - url="nmbd.8.html">nmbd(8)</ulink> will advertise as additional - names by which the Samba server is known. This allows one machine - to appear in browse lists under multiple names. If a machine is - acting as a browse server or logon server none - of these names will be advertised as either browse server or logon - servers, only the primary name of the machine will be advertised - with these capabilities.</para> - - <para>See also <link linkend="NETBIOSNAME"><parameter>netbios - name</parameter></link>.</para> - - <para>Default: <emphasis>empty string (no additional names)</emphasis></para> - <para>Example: <command>netbios aliases = TEST TEST1 TEST2</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="NETBIOSNAME"/>netbios name (G)</term> - <listitem><para>This sets the NetBIOS name by which a Samba - server is known. By default it is the same as the first component - of the host's DNS name. If a machine is a browse server or - logon server this name (or the first component - of the hosts DNS name) will be the name that these services are - advertised under.</para> - - <para>See also <link linkend="NETBIOSALIASES"><parameter>netbios - aliases</parameter></link>.</para> - - <para>Default: <emphasis>machine DNS name</emphasis></para> - <para>Example: <command>netbios name = MYNAME</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="NETBIOSSCOPE"/>netbios scope (G)</term> - <listitem><para>This sets the NetBIOS scope that Samba will - operate under. This should not be set unless every machine - on your LAN also sets this value.</para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="NISHOMEDIR"/>nis homedir (G)</term> - <listitem><para>Get the home share server from a NIS map. For - UNIX systems that use an automounter, the user's home directory - will often be mounted on a workstation on demand from a remote - server. </para> - - <para>When the Samba logon server is not the actual home directory - server, but is mounting the home directories via NFS then two - network hops would be required to access the users home directory - if the logon server told the client to use itself as the SMB server - for home directories (one over SMB and one over NFS). This can - be very slow.</para> - - <para>This option allows Samba to return the home share as - being on a different server to the logon server and as - long as a Samba daemon is running on the home directory server, - it will be mounted on the Samba client directly from the directory - server. When Samba is returning the home share to the client, it - will consult the NIS map specified in <link linkend="HOMEDIRMAP"> - <parameter>homedir map</parameter></link> and return the server - listed there.</para> - - <para>Note that for this option to work there must be a working - NIS system and the Samba server with this option must also - be a logon server.</para> - - <para>Default: <command>nis homedir = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="NONUNIXACCOUNTRANGE"/>non unix account range (G)</term> - <listitem><para>The non unix account range parameter specifies - the range of 'user ids' that are allocated by the various 'non unix - account' passdb backends. These backends allow - the storage of passwords for users who don't exist in /etc/passwd. - This is most often used for machine account creation. - This range of ids should have no existing local or NIS users within - it as strange conflicts can occur otherwise.</para> - - <note><para>These userids never appear on the system and Samba will never - 'become' these users. They are used only to ensure that the algorithmic - RID mapping does not conflict with normal users. - </para></note> - - <para>Default: <command>non unix account range = <empty string> - </command></para> - - <para>Example: <command>non unix account range = 10000-20000</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="NTACLSUPPORT"/>nt acl support (S)</term> - <listitem><para>This boolean parameter controls whether - <ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map - UNIX permissions into Windows NT access control lists. - This parameter was formally a global parameter in releases - prior to 2.2.2.</para> - - <para>Default: <command>nt acl support = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="NTPIPESUPPORT"/>nt pipe support (G)</term> - <listitem><para>This boolean parameter controls whether - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will allow Windows NT - clients to connect to the NT SMB specific <constant>IPC$</constant> - pipes. This is a developer debugging option and can be left - alone.</para> - - <para>Default: <command>nt pipe support = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="NTSTATUSSUPPORT"/>nt status support (G)</term> - <listitem><para>This boolean parameter controls whether <ulink - url="smbd.8.html">smbd(8)</ulink> will negotiate NT specific status - support with Windows NT/2k/XP clients. This is a developer - debugging option and should be left alone. - If this option is set to <constant>no</constant> then Samba offers - exactly the same DOS error codes that versions prior to Samba 2.2.3 - reported.</para> - - <para>You should not need to ever disable this parameter.</para> - - <para>Default: <command>nt status support = yes</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="NULLPASSWORDS"/>null passwords (G)</term> - <listitem><para>Allow or disallow client access to accounts - that have null passwords. </para> - - <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para> - - <para>Default: <command>null passwords = no</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="OBEYPAMRESTRICTIONS"/>obey pam restrictions (G)</term> - <listitem><para>When Samba 2.2 is configured to enable PAM support - (i.e. --with-pam), this parameter will control whether or not Samba - should obey PAM's account and session management directives. The - default behavior is to use PAM for clear text authentication only - and to ignore any account or session management. Note that Samba - always ignores PAM for authentication in the case of <link - linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords = yes</parameter> - </link>. The reason is that PAM modules cannot support the challenge/response - authentication mechanism needed in the presence of SMB password encryption. - </para> - - <para>Default: <command>obey pam restrictions = no</command></para> - </listitem> - </varlistentry> - - - - - - <varlistentry> - <term><anchor id="ONLYUSER"/>only user (S)</term> - <listitem><para>This is a boolean option that controls whether - connections with usernames not in the <parameter>user</parameter> - list will be allowed. By default this option is disabled so that a - client can supply a username to be used by the server. Enabling - this parameter will force the server to only use the login - names from the <parameter>user</parameter> list and is only really - useful in <link linkend="SECURITYEQUALSSHARE">share level</link> - security.</para> - - <para>Note that this also means Samba won't try to deduce - usernames from the service name. This can be annoying for - the [homes] section. To get around this you could use <command>user = - %S</command> which means your <parameter>user</parameter> list - will be just the service name, which for home directories is the - name of the user.</para> - - <para>See also the <link linkend="USER"><parameter>user</parameter> - </link> parameter.</para> - - <para>Default: <command>only user = no</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="ONLYGUEST"/>only guest (S)</term> - <listitem><para>A synonym for <link linkend="GUESTONLY"><parameter> - guest only</parameter></link>.</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="OPLOCKBREAKWAITTIME"/>oplock break wait time (G)</term> - <listitem><para>This is a tuning parameter added due to bugs in - both Windows 9x and WinNT. If Samba responds to a client too - quickly when that client issues an SMB that can cause an oplock - break request, then the network client can fail and not respond - to the break request. This tuning parameter (which is set in milliseconds) - is the amount of time Samba will wait before sending an oplock break - request to such (broken) clients.</para> - - <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ - AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para> - - <para>Default: <command>oplock break wait time = 0</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="OPLOCKCONTENTIONLIMIT"/>oplock contention limit (S)</term> - <listitem><para>This is a <emphasis>very</emphasis> advanced - <ulink url="smbd.8.html">smbd(8)</ulink> tuning option to - improve the efficiency of the granting of oplocks under multiple - client contention for the same file.</para> - - <para>In brief it specifies a number, which causes <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>not to grant an oplock even when requested - if the approximate number of clients contending for an oplock on the same file goes over this - limit. This causes <command>smbd</command> to behave in a similar - way to Windows NT.</para> - - <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ - AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para> - - <para>Default: <command>oplock contention limit = 2</command></para> - </listitem> - </varlistentry> - - - - - - <varlistentry> - <term><anchor id="OPLOCKS"/>oplocks (S)</term> - <listitem><para>This boolean option tells <command>smbd</command> whether to - issue oplocks (opportunistic locks) to file open requests on this - share. The oplock code can dramatically (approx. 30% or more) improve - the speed of access to files on Samba servers. It allows the clients - to aggressively cache files locally and you may want to disable this - option for unreliable network environments (it is turned on by - default in Windows NT Servers). For more information see the file - <filename>Speed.txt</filename> in the Samba <filename>docs/</filename> - directory.</para> - - <para>Oplocks may be selectively turned off on certain files with a - share. See the <link linkend="VETOOPLOCKFILES"><parameter> - veto oplock files</parameter></link> parameter. On some systems - oplocks are recognized by the underlying operating system. This - allows data synchronization between all access to oplocked files, - whether it be via Samba or NFS or a local UNIX process. See the - <parameter>kernel oplocks</parameter> parameter for details.</para> - - <para>See also the <link linkend="KERNELOPLOCKS"><parameter>kernel - oplocks</parameter></link> and <link linkend="LEVEL2OPLOCKS"><parameter> - level2 oplocks</parameter></link> parameters.</para> - - <para>Default: <command>oplocks = yes</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="NTLMAUTH"/>ntlm auth (G)</term> - <listitem><para>This parameter determines - whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will - attempt to authenticate users using the NTLM password hash. - If disabled, only the lanman password hashes will be used. - </para> - - <para>Please note that at least this option or <command>lanman auth</command> should - be enabled in order to be able to log in. - </para> - - <para>Default : <command>ntlm auth = yes</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="OSLEVEL"/>os level (G)</term> - <listitem><para>This integer value controls what level Samba - advertises itself as for browse elections. The value of this - parameter determines whether <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - has a chance of becoming a local master browser for the <parameter> - WORKGROUP</parameter> in the local broadcast area.</para> - - <para><emphasis>Note :</emphasis>By default, Samba will win - a local master browsing election over all Microsoft operating - systems except a Windows NT 4.0/2000 Domain Controller. This - means that a misconfigured Samba host can effectively isolate - a subnet for browsing purposes. See <filename>BROWSING.txt - </filename> in the Samba <filename>docs/</filename> directory - for details.</para> - - <para>Default: <command>os level = 20</command></para> - <para>Example: <command>os level = 65 </command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="OS2DRIVERMAP"/>os2 driver map (G)</term> - <listitem><para>The parameter is used to define the absolute - path to a file containing a mapping of Windows NT printer driver - names to OS/2 printer driver names. The format is:</para> - - <para><nt driver name> = <os2 driver - name>.<device name></para> - - <para>For example, a valid entry using the HP LaserJet 5 - printer driver would appear as <command>HP LaserJet 5L = LASERJET.HP - LaserJet 5L</command>.</para> - - <para>The need for the file is due to the printer driver namespace - problem described in the <ulink url="printing.html">Samba - Printing HOWTO</ulink>. For more details on OS/2 clients, please - refer to the OS2-Client-HOWTO containing in the Samba documentation.</para> - - <para>Default: <command>os2 driver map = <empty string> - </command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="PAMPASSWORDCHANGE"/>pam password change (G)</term> - <listitem><para>With the addition of better PAM support in Samba 2.2, - this parameter, it is possible to use PAM's password change control - flag for Samba. If enabled, then PAM will be used for password - changes when requested by an SMB client instead of the program listed in - <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter></link>. - It should be possible to enable this without changing your - <link linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link> - parameter for most setups. - </para> - - <para>Default: <command>pam password change = no</command></para> - - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="PANICACTION"/>panic action (G)</term> - <listitem><para>This is a Samba developer option that allows a - system command to be called when either <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> or <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> crashes. This is usually used to - draw attention to the fact that a problem occurred.</para> - - <para>Default: <command>panic action = <empty string></command></para> - <para>Example: <command>panic action = "/bin/sleep 90000"</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="PARANOIDSERVERSECURITY"/>paranoid server security (G)</term> - <listitem><para>Some version of NT 4.x allow non-guest - users with a bad passowrd. When this option is enabled, samba will not - use a broken NT 4.x server as password server, but instead complain - to the logs and exit. - </para> - - <para>Disabling this option prevents Samba from making - this check, which involves deliberatly attempting a - bad logon to the remote server.</para> - - <para>Default: <command>paranoid server security = yes</command></para> - - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="PASSDBBACKEND"/>passdb backend (G)</term> - <listitem><para>This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both - smbpasswd and tdbsam to be used without a recompile. - Multiple backends can be specified, separated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. - </para> - - <para>This parameter is in two parts, the backend's name, and a 'location' - string that has meaning only to that particular backed. These are separated - by a : character.</para> - - <para>Available backends can include: - <itemizedlist> - <listitem><para><command>smbpasswd</command> - The default smbpasswd - backend. Takes a path to the smbpasswd file as an optional argument.</para></listitem> - - <listitem><para><command>smbpasswd_nua</command> - The smbpasswd - backend, but with support for 'not unix accounts'. - Takes a path to the smbpasswd file as an optional argument.</para> - <para>See also <link linkend="NONUNIXACCOUNTRANGE"> - <parameter>non unix account range</parameter></link></para></listitem> - - <listitem><para><command>tdbsam</command> - The TDB based password storage - backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb - in the <link linkend="PRIVATEDIR"> - <parameter>private dir</parameter></link> directory.</para></listitem> - - <listitem><para><command>tdbsam_nua</command> - The TDB based password storage - backend, with non unix account support. Takes a path to the TDB as an optional argument (defaults to passdb.tdb - in the <link linkend="PRIVATEDIR"> - <parameter>private dir</parameter></link> directory.</para> - <para>See also <link linkend="NONUNIXACCOUNTRANGE"> - <parameter>non unix account range</parameter></link></para></listitem> - - <listitem><para><command>ldapsam</command> - The LDAP based passdb - backend. Takes an LDAP URL as an optional argument (defaults to - <command>ldap://localhost</command>)</para></listitem> - - <listitem><para><command>ldapsam_nua</command> - The LDAP based passdb - backend, with non unix account support. Takes an LDAP URL as an optional argument (defaults to - <command>ldap://localhost</command>)</para> - - <para>Note: In this module, any account without a matching POSIX account is regarded - as 'non unix'. </para> - - <para>See also <link linkend="NONUNIXACCOUNTRANGE"> - <parameter>non unix account - range</parameter></link></para> - - <para>LDAP connections should be secured where - possible. This may be done using either - Start-TLS (see <link linkend="LDAPSSL"> - <parameter>ldap ssl</parameter></link>) or by - specifying <parameter>ldaps://</parameter> in - the URL argument. - </para></listitem> - - <listitem><para><command>nisplussam</command> - The NIS+ based passdb backend. Takes name NIS domain as an optional argument. Only works with sun NIS+ servers. </para></listitem> - - </itemizedlist> - </para> - - <para>Default: <command>passdb backend = smbpasswd guest</command></para> - <para>Example: <command>passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd guest</command></para> - <para>Example: <command>passdb backend = ldapsam_nua:ldaps://ldap.example.com guest</command></para> - <para>Example: <command>passdb backend = mysql:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="PASSWDCHAT"/>passwd chat (G)</term> - <listitem><para>This string controls the <emphasis>"chat"</emphasis> - conversation that takes places between <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and the local password changing - program to change the user's password. The string describes a - sequence of response-receive pairs that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> uses to determine what to send to the - <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter> - </link> and what to expect back. If the expected output is not - received then the password is not changed.</para> - - <para>This chat sequence is often quite site specific, depending - on what local methods are used for password control (such as NIS - etc).</para> - <para>Note that this parameter only is only used if the <link - linkend="UNIXPASSWORDSYNC"><parameter>unix - password sync</parameter></link> parameter is set to <constant>yes</constant>. This - sequence is then called <emphasis>AS ROOT</emphasis> when the SMB password - in the smbpasswd file is being changed, without access to the old - password cleartext. This means that root must be able to reset the user's password - without knowing the text of the previous password. In the presence of NIS/YP, - this means that the <link linkend="PASSWDPROGRAM">passwd program</link> must be - executed on the NIS master. - </para> - - - <para>The string can contain the macro <parameter>%n</parameter> which is substituted - for the new password. The chat sequence can also contain the standard - macros <constant>\\n</constant>, <constant>\\r</constant>, <constant> - \\t</constant> and <constant>\\s</constant> to give line-feed, - carriage-return, tab and space. The chat sequence string can also contain - a '*' which matches any sequence of characters. - Double quotes can be used to collect strings with spaces - in them into a single string.</para> - - <para>If the send string in any part of the chat sequence - is a full stop ".", then no string is sent. Similarly, - if the expect string is a full stop then no string is expected.</para> - - <para>If the <link linkend="PAMPASSWORDCHANGE"><parameter>pam - password change</parameter></link> parameter is set to <constant>yes</constant>, the chat pairs - may be matched in any order, and success is determined by the PAM result, - not any particular output. The \n macro is ignored for PAM conversions. - </para> - - <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix password - sync</parameter></link>, <link linkend="PASSWDPROGRAM"><parameter> - passwd program</parameter></link> ,<link linkend="PASSWDCHATDEBUG"> - <parameter>passwd chat debug</parameter></link> and <link linkend="PAMPASSWORDCHANGE"> - <parameter>pam password change</parameter></link>.</para> - - <para>Default: <command>passwd chat = *new*password* %n\\n - *new*password* %n\\n *changed*</command></para> - <para>Example: <command>passwd chat = "*Enter OLD password*" %o\\n - "*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n "*Password - changed*"</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PASSWDCHATDEBUG"/>passwd chat debug (G)</term> - <listitem><para>This boolean specifies if the passwd chat script - parameter is run in <emphasis>debug</emphasis> mode. In this mode the - strings passed to and received from the passwd chat are printed - in the <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> log with a - <link linkend="DEBUGLEVEL"><parameter>debug level</parameter></link> - of 100. This is a dangerous option as it will allow plaintext passwords - to be seen in the <command>smbd</command> log. It is available to help - Samba admins debug their <parameter>passwd chat</parameter> scripts - when calling the <parameter>passwd program</parameter> and should - be turned off after this has been done. This option has no effect if the - <link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link> - paramter is set. This parameter is off by default.</para> - - - <para>See also <link linkend="PASSWDCHAT"><parameter>passwd chat</parameter> - </link>, <link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter> - </link>, <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter> - </link>.</para> - - <para>Default: <command>passwd chat debug = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PASSWDPROGRAM"/>passwd program (G)</term> - <listitem><para>The name of a program that can be used to set - UNIX user passwords. Any occurrences of <parameter>%u</parameter> - will be replaced with the user name. The user name is checked for - existence before calling the password changing program.</para> - - <para>Also note that many passwd programs insist in <emphasis>reasonable - </emphasis> passwords, such as a minimum length, or the inclusion - of mixed case chars and digits. This can pose a problem as some clients - (such as Windows for Workgroups) uppercase the password before sending - it.</para> - - <para><emphasis>Note</emphasis> that if the <parameter>unix - password sync</parameter> parameter is set to <constant>yes - </constant> then this program is called <emphasis>AS ROOT</emphasis> - before the SMB password in the <ulink url="smbpasswd.5.html">smbpasswd(5) - </ulink> file is changed. If this UNIX password change fails, then - <command>smbd</command> will fail to change the SMB password also - (this is by design).</para> - - <para>If the <parameter>unix password sync</parameter> parameter - is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis> - for <emphasis>ALL</emphasis> programs called, and must be examined - for security implications. Note that by default <parameter>unix - password sync</parameter> is set to <constant>no</constant>.</para> - - <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix - password sync</parameter></link>.</para> - - <para>Default: <command>passwd program = /bin/passwd</command></para> - <para>Example: <command>passwd program = /sbin/npasswd %u</command> - </para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PASSWORDLEVEL"/>password level (G)</term> - <listitem><para>Some client/server combinations have difficulty - with mixed-case passwords. One offending client is Windows for - Workgroups, which for some reason forces passwords to upper - case when using the LANMAN1 protocol, but leaves them alone when - using COREPLUS! Another problem child is the Windows 95/98 - family of operating systems. These clients upper case clear - text passwords even when NT LM 0.12 selected by the protocol - negotiation request/response.</para> - - <para>This parameter defines the maximum number of characters - that may be upper case in passwords.</para> - - <para>For example, say the password given was "FRED". If <parameter> - password level</parameter> is set to 1, the following combinations - would be tried if "FRED" failed:</para> - - <para>"Fred", "fred", "fRed", "frEd","freD"</para> - - <para>If <parameter>password level</parameter> was set to 2, - the following combinations would also be tried: </para> - - <para>"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..</para> - - <para>And so on.</para> - - <para>The higher value this parameter is set to the more likely - it is that a mixed case password will be matched against a single - case password. However, you should be aware that use of this - parameter reduces security and increases the time taken to - process a new connection.</para> - - <para>A value of zero will cause only two attempts to be - made - the password as is and the password in all-lower case.</para> - - <para>Default: <command>password level = 0</command></para> - <para>Example: <command>password level = 4</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PASSWORDSERVER"/>password server (G)</term> - <listitem><para>By specifying the name of another SMB server (such - as a WinNT box) with this option, and using <command>security = domain - </command> or <command>security = server</command> you can get Samba - to do all its username/password validation via a remote server.</para> - - <para>This option sets the name of the password server to use. - It must be a NetBIOS name, so if the machine's NetBIOS name is - different from its Internet name then you may have to add its NetBIOS - name to the lmhosts file which is stored in the same directory - as the <filename>smb.conf</filename> file.</para> - - <para>The name of the password server is looked up using the - parameter <link linkend="NAMERESOLVEORDER"><parameter>name - resolve order</parameter></link> and so may resolved - by any method and order described in that parameter.</para> - - <para>The password server must be a machine capable of using - the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in - user level security mode.</para> - - <note><para>Using a password server - means your UNIX box (running Samba) is only as secure as your - password server. <emphasis>DO NOT CHOOSE A PASSWORD SERVER THAT - YOU DON'T COMPLETELY TRUST</emphasis>.</para></note> - - <para>Never point a Samba server at itself for password - serving. This will cause a loop and could lock up your Samba - server!</para> - - <para>The name of the password server takes the standard - substitutions, but probably the only useful one is <parameter>%m - </parameter>, which means the Samba server will use the incoming - client as the password server. If you use this then you better - trust your clients, and you had better restrict them with hosts allow!</para> - - <para>If the <parameter>security</parameter> parameter is set to - <constant>domain</constant>, then the list of machines in this - option must be a list of Primary or Backup Domain controllers for the - Domain or the character '*', as the Samba server is effectively - in that domain, and will use cryptographically authenticated RPC calls - to authenticate the user logging on. The advantage of using <command> - security = domain</command> is that if you list several hosts in the - <parameter>password server</parameter> option then <command>smbd - </command> will try each in turn till it finds one that responds. This - is useful in case your primary server goes down.</para> - - <para>If the <parameter>password server</parameter> option is set - to the character '*', then Samba will attempt to auto-locate the - Primary or Backup Domain controllers to authenticate against by - doing a query for the name <constant>WORKGROUP<1C></constant> - and then contacting each server returned in the list of IP - addresses from the name resolution source. </para> - - <para>If the list of servers contains both names and the '*' - character, the list is treated as a list of preferred - domain controllers, but an auto lookup of all remaining DC's - will be added to the list as well. Samba will not attempt to optimize - this list by locating the closest DC.</para> - - <para>If the <parameter>security</parameter> parameter is - set to <constant>server</constant>, then there are different - restrictions that <command>security = domain</command> doesn't - suffer from:</para> - - <itemizedlist> - <listitem><para>You may list several password servers in - the <parameter>password server</parameter> parameter, however if an - <command>smbd</command> makes a connection to a password server, - and then the password server fails, no more users will be able - to be authenticated from this <command>smbd</command>. This is a - restriction of the SMB/CIFS protocol when in <command>security = server - </command> mode and cannot be fixed in Samba.</para></listitem> - - <listitem><para>If you are using a Windows NT server as your - password server then you will have to ensure that your users - are able to login from the Samba server, as when in <command> - security = server</command> mode the network logon will appear to - come from there rather than from the users workstation.</para></listitem> - </itemizedlist> - - <para>See also the <link linkend="SECURITY"><parameter>security - </parameter></link> parameter.</para> - - <para>Default: <command>password server = <empty string></command> - </para> - <para>Example: <command>password server = NT-PDC, NT-BDC1, NT-BDC2, * - </command></para> - <para>Example: <command>password server = *</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PATH"/>path (S)</term> - <listitem><para>This parameter specifies a directory to which - the user of the service is to be given access. In the case of - printable services, this is where print data will spool prior to - being submitted to the host for printing.</para> - - <para>For a printable service offering guest access, the service - should be readonly and the path should be world-writeable and - have the sticky bit set. This is not mandatory of course, but - you probably won't get the results you expect if you do - otherwise.</para> - - <para>Any occurrences of <parameter>%u</parameter> in the path - will be replaced with the UNIX username that the client is using - on this connection. Any occurrences of <parameter>%m</parameter> - will be replaced by the NetBIOS name of the machine they are - connecting from. These replacements are very useful for setting - up pseudo home directories for users.</para> - - <para>Note that this path will be based on <link linkend="ROOTDIR"> - <parameter>root dir</parameter></link> if one was specified.</para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command>path = /home/fred</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="PIDDIRECTORY"/>pid directory (G)</term> - <listitem><para>This option specifies the directory where pid - files will be placed. </para> - - <para>Default: <command>pid directory = ${prefix}/var/locks</command></para> - <para>Example: <command>pid directory = /var/run/</command> - </para></listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="POSIXLOCKING"/>posix locking (S)</term> - <listitem><para>The <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - daemon maintains an database of file locks obtained by SMB clients. - The default behavior is to map this internal database to POSIX - locks. This means that file locks obtained by SMB clients are - consistent with those seen by POSIX compliant applications accessing - the files via a non-SMB method (e.g. NFS or local file access). - You should never need to disable this parameter.</para> - - <para>Default: <command>posix locking = yes</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="POSTEXEC"/>postexec (S)</term> - <listitem><para>This option specifies a command to be run - whenever the service is disconnected. It takes the usual - substitutions. The command may be run as the root on some - systems.</para> - - <para>An interesting example may be to unmount server - resources:</para> - - <para><command>postexec = /etc/umount /cdrom</command></para> - - <para>See also <link linkend="PREEXEC"><parameter>preexec</parameter> - </link>.</para> - - <para>Default: <emphasis>none (no command executed)</emphasis> - </para> - - <para>Example: <command>postexec = echo \"%u disconnected from %S - from %m (%I)\" >> /tmp/log</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PREEXEC"/>preexec (S)</term> - <listitem><para>This option specifies a command to be run whenever - the service is connected to. It takes the usual substitutions.</para> - - <para>An interesting example is to send the users a welcome - message every time they log in. Maybe a message of the day? Here - is an example:</para> - - <para><command>preexec = csh -c 'echo \"Welcome to %S!\" | - /usr/local/samba/bin/smbclient -M %m -I %I' & </command></para> - - <para>Of course, this could get annoying after a while :-)</para> - - <para>See also <link linkend="PREEXECCLOSE"><parameter>preexec close - </parameter></link> and <link linkend="POSTEXEC"><parameter>postexec - </parameter></link>.</para> - - <para>Default: <emphasis>none (no command executed)</emphasis></para> - <para>Example: <command>preexec = echo \"%u connected to %S from %m - (%I)\" >> /tmp/log</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PREEXECCLOSE"/>preexec close (S)</term> - <listitem><para>This boolean option controls whether a non-zero - return code from <link linkend="PREEXEC"><parameter>preexec - </parameter></link> should close the service being connected to.</para> - - <para>Default: <command>preexec close = no</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="PREFERREDMASTER"/>preferred master (G)</term> - <listitem><para>This boolean parameter controls if <ulink - url="nmbd.8.html">nmbd(8)</ulink> is a preferred master browser - for its workgroup.</para> - - <para>If this is set to <constant>yes</constant>, on startup, <command>nmbd</command> - will force an election, and it will have a slight advantage in - winning the election. It is recommended that this parameter is - used in conjunction with <command><link linkend="DOMAINMASTER"><parameter> - domain master</parameter></link> = yes</command>, so that <command> - nmbd</command> can guarantee becoming a domain master.</para> - - <para>Use this option with caution, because if there are several - hosts (whether Samba servers, Windows 95 or NT) that are preferred - master browsers on the same subnet, they will each periodically - and continuously attempt to become the local master browser. - This will result in unnecessary broadcast traffic and reduced browsing - capabilities.</para> - - <para>See also <link linkend="OSLEVEL"><parameter>os level</parameter> - </link>.</para> - - <para>Default: <command>preferred master = auto</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PREFEREDMASTER"/>prefered master (G)</term> - <listitem><para>Synonym for <link linkend="PREFERREDMASTER"><parameter> - preferred master</parameter></link> for people who cannot spell :-).</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PRELOAD"/>preload (G)</term> - <listitem><para>This is a list of services that you want to be - automatically added to the browse lists. This is most useful - for homes and printers services that would otherwise not be - visible.</para> - - <para>Note that if you just want all printers in your - printcap file loaded then the <link linkend="LOADPRINTERS"> - <parameter>load printers</parameter></link> option is easier.</para> - - <para>Default: <emphasis>no preloaded services</emphasis></para> - - <para>Example: <command>preload = fred lp colorlp</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="PRELOADMODULES"/>preload modules (G)</term> - <listitem><para>This is a list of paths to modules that should - be loaded into smbd before a client connects. This improves - the speed of smbd when reacting to new connections somewhat. </para> - - <para>It is recommended to only use this option on heavy-performance - servers.</para> - - <para>Default: <command>preload modules = </command></para> - - <para>Example: <command>preload modules = /usr/lib/samba/passdb/mysql.so</command></para> - - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="PRESERVECASE"/>preserve case (S)</term> - <listitem><para> This controls if new filenames are created - with the case that the client passes, or if they are forced to - be the <link linkend="DEFAULTCASE"><parameter>default case - </parameter></link>.</para> - - <para>Default: <command>preserve case = yes</command></para> - - <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME - MANGLING</link> for a fuller discussion.</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PRINTCOMMAND"/>print command (S)</term> - <listitem><para>After a print job has finished spooling to - a service, this command will be used via a <command>system()</command> - call to process the spool file. Typically the command specified will - submit the spool file to the host's printing subsystem, but there - is no requirement that this be the case. The server will not remove - the spool file, so whatever command you specify should remove the - spool file when it has been processed, otherwise you will need to - manually remove old spool files.</para> - - <para>The print command is simply a text string. It will be used - verbatim after macro substitutions have been made:</para> - - <para>s, %p - the path to the spool - file name</para> - - <para>%p - the appropriate printer - name</para> - - <para>%J - the job - name as transmitted by the client.</para> - - <para>%c - The number of printed pages - of the spooled job (if known).</para> - - <para>%z - the size of the spooled - print job (in bytes)</para> - - <para>The print command <emphasis>MUST</emphasis> contain at least - one occurrence of <parameter>%s</parameter> or <parameter>%f - </parameter> - the <parameter>%p</parameter> is optional. At the time - a job is submitted, if no printer name is supplied the <parameter>%p - </parameter> will be silently removed from the printer command.</para> - - <para>If specified in the [global] section, the print command given - will be used for any printable service that does not have its own - print command specified.</para> - - <para>If there is neither a specified print command for a - printable service nor a global print command, spool files will - be created but not processed and (most importantly) not removed.</para> - - <para>Note that printing may fail on some UNIXes from the - <constant>nobody</constant> account. If this happens then create - an alternative guest account that can print and set the <link - linkend="GUESTACCOUNT"><parameter>guest account</parameter></link> - in the [global] section.</para> - - <para>You can form quite complex print commands by realizing - that they are just passed to a shell. For example the following - will log a print job, print the file, then remove it. Note that - ';' is the usual separator for command in shell scripts.</para> - - <para><command>print command = echo Printing %s >> - /tmp/print.log; lpr -P %p %s; rm %s</command></para> - - <para>You may have to vary this command considerably depending - on how you normally print files on your system. The default for - the parameter varies depending on the setting of the <link linkend="PRINTING"> - <parameter>printing</parameter></link> parameter.</para> - - <para>Default: For <command>printing = BSD, AIX, QNX, LPRNG - or PLP :</command></para> - <para><command>print command = lpr -r -P%p %s</command></para> - - <para>For <command>printing = SYSV or HPUX :</command></para> - <para><command>print command = lp -c -d%p %s; rm %s</command></para> - - <para>For <command>printing = SOFTQ :</command></para> - <para><command>print command = lp -d%p -s %s; rm %s</command></para> - - <para>For printing = CUPS : If SAMBA is compiled against - libcups, then <link linkend="PRINTING">printcap = cups</link> - uses the CUPS API to - submit jobs, etc. Otherwise it maps to the System V - commands with the -oraw option for printing, i.e. it - uses <command>lp -c -d%p -oraw; rm %s</command>. - With <command>printing = cups</command>, - and if SAMBA is compiled against libcups, any manually - set print command will be ignored.</para> - - - <para>Example: <command>print command = /usr/local/samba/bin/myprintscript - %p %s</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PRINTOK"/>print ok (S)</term> - <listitem><para>Synonym for <link linkend="PRINTABLE"> - <parameter>printable</parameter></link>.</para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="PRINTABLE"/>printable (S)</term> - <listitem><para>If this parameter is <constant>yes</constant>, then - clients may open, write to and submit spool files on the directory - specified for the service. </para> - - <para>Note that a printable service will ALWAYS allow writing - to the service path (user privileges permitting) via the spooling - of print data. The <link linkend="READONLY"><parameter>read only - </parameter></link> parameter controls only non-printing access to - the resource.</para> - - <para>Default: <command>printable = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PRINTCAP"/>printcap (G)</term> - <listitem><para>Synonym for <link linkend="PRINTCAPNAME"><parameter> - printcap name</parameter></link>.</para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="PRINTCAPNAME"/>printcap name (G)</term> - <listitem><para>This parameter may be used to override the - compiled-in default printcap name used by the server (usually <filename> - /etc/printcap</filename>). See the discussion of the <link - linkend="PRINTERSSECT">[printers]</link> section above for reasons - why you might want to do this.</para> - - <para>To use the CUPS printing interface set <command>printcap name = cups - </command>. This should be supplemented by an addtional setting - <link linkend="PRINTING">printing = cups</link> in the [global] - section. <command>printcap name = cups</command> will use the - "dummy" printcap created by CUPS, as specified in your CUPS - configuration file. - </para> - - <para>On System V systems that use <command>lpstat</command> to - list available printers you can use <command>printcap name = lpstat - </command> to automatically obtain lists of available printers. This - is the default for systems that define SYSV at configure time in - Samba (this includes most System V based systems). If <parameter> - printcap name</parameter> is set to <command>lpstat</command> on - these systems then Samba will launch <command>lpstat -v</command> and - attempt to parse the output to obtain a printer list.</para> - - <para>A minimal printcap file would look something like this:</para> - -<para><programlisting> -print1|My Printer 1 -print2|My Printer 2 -print3|My Printer 3 -print4|My Printer 4 -print5|My Printer 5 -</programlisting></para> - - <para>where the '|' separates aliases of a printer. The fact - that the second alias has a space in it gives a hint to Samba - that it's a comment.</para> - - <note><para>Under AIX the default printcap - name is <filename>/etc/qconfig</filename>. Samba will assume the - file is in AIX <filename>qconfig</filename> format if the string - <filename>qconfig</filename> appears in the printcap filename.</para></note> - - <para>Default: <command>printcap name = /etc/printcap</command></para> - <para>Example: <command>printcap name = /etc/myprintcap</command></para> - </listitem> - </varlistentry> - - - - - - <varlistentry> - <term><anchor id="PRINTERADMIN"/>printer admin (S)</term> - <listitem><para>This is a list of users that can do anything to - printers via the remote administration interfaces offered by MS-RPC - (usually using a NT workstation). Note that the root user always - has admin rights.</para> - - <para>Default: <command>printer admin = <empty string></command> - </para> - <para>Example: <command>printer admin = admin, @staff</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PRINTERNAME"/>printer name (S)</term> - <listitem><para>This parameter specifies the name of the printer - to which print jobs spooled through a printable service will be sent.</para> - - <para>If specified in the [global] section, the printer - name given will be used for any printable service that does - not have its own printer name specified.</para> - - <para>Default: <emphasis>none (but may be <constant>lp</constant> - on many systems)</emphasis></para> - - <para>Example: <command>printer name = laserwriter</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="PRINTER"/>printer (S)</term> - <listitem><para>Synonym for <link linkend="PRINTERNAME"><parameter> - printer name</parameter></link>.</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="PRINTING"/>printing (S)</term> - <listitem><para>This parameters controls how printer status - information is interpreted on your system. It also affects the - default values for the <parameter>print command</parameter>, - <parameter>lpq command</parameter>, <parameter>lppause command - </parameter>, <parameter>lpresume command</parameter>, and - <parameter>lprm command</parameter> if specified in the - [global] section.</para> - - <para>Currently nine printing styles are supported. They are - <constant>BSD</constant>, <constant>AIX</constant>, - <constant>LPRNG</constant>, <constant>PLP</constant>, - <constant>SYSV</constant>, <constant>HPUX</constant>, - <constant>QNX</constant>, <constant>SOFTQ</constant>, - and <constant>CUPS</constant>.</para> - - <para>To see what the defaults are for the other print - commands when using the various options use the <ulink - url="testparm.1.html">testparm(1)</ulink> program.</para> - - <para>This option can be set on a per printer basis</para> - - <para>See also the discussion in the <link linkend="PRINTERSSECT"> - [printers]</link> section.</para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="PRIVATEDIR"/>private dir (G)</term> - <listitem><para>This parameters defines the directory - smbd will use for storing such files as <filename>smbpasswd</filename> - and <filename>secrets.tdb</filename>. - </para> - - <para>Default :<command>private dir = ${prefix}/private</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="PROTOCOL"/>protocol (G)</term> - <listitem><para>Synonym for <link linkend="MAXPROTOCOL"> - <parameter>max protocol</parameter></link>.</para></listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="PUBLIC"/>public (S)</term> - <listitem><para>Synonym for <link linkend="GUESTOK"><parameter>guest - ok</parameter></link>.</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="QUEUEPAUSECOMMAND"/>queuepause command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to pause the printer queue.</para> - - <para>This command should be a program or script which takes - a printer name as its only parameter and stops the printer queue, - such that no longer jobs are submitted to the printer.</para> - - <para>This command is not supported by Windows for Workgroups, - but can be issued from the Printers window under Windows 95 - and NT.</para> - - <para>If a <parameter>%p</parameter> is given then the printer name - is put in its place. Otherwise it is placed at the end of the command. - </para> - - <para>Note that it is good practice to include the absolute - path in the command as the PATH may not be available to the - server.</para> - - <para>Default: <emphasis>depends on the setting of <parameter>printing - </parameter></emphasis></para> - <para>Example: <command>queuepause command = disable %p</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="QUEUERESUMECOMMAND"/>queueresume command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to resume the printer queue. It - is the command to undo the behavior that is caused by the - previous parameter (<link linkend="QUEUEPAUSECOMMAND"><parameter> - queuepause command</parameter></link>).</para> - - <para>This command should be a program or script which takes - a printer name as its only parameter and resumes the printer queue, - such that queued jobs are resubmitted to the printer.</para> - - <para>This command is not supported by Windows for Workgroups, - but can be issued from the Printers window under Windows 95 - and NT.</para> - - <para>If a <parameter>%p</parameter> is given then the printer name - is put in its place. Otherwise it is placed at the end of the - command.</para> - - <para>Note that it is good practice to include the absolute - path in the command as the PATH may not be available to the - server.</para> - - <para>Default: <emphasis>depends on the setting of <link - linkend="PRINTING"><parameter>printing</parameter></link></emphasis> - </para> - - <para>Example: <command>queuepause command = enable %p - </command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="READBMPX"/>read bmpx (G)</term> - <listitem><para>This boolean parameter controls whether <ulink - url="smbd.8.html">smbd(8)</ulink> will support the "Read - Block Multiplex" SMB. This is now rarely used and defaults to - <constant>no</constant>. You should never need to set this - parameter.</para> - - <para>Default: <command>read bmpx = no</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="READLIST"/>read list (S)</term> - <listitem><para>This is a list of users that are given read-only - access to a service. If the connecting user is in this list then - they will not be given write access, no matter what the <link - linkend="READONLY"><parameter>read only</parameter></link> - option is set to. The list can include group names using the - syntax described in the <link linkend="INVALIDUSERS"><parameter> - invalid users</parameter></link> parameter.</para> - - <para>See also the <link linkend="WRITELIST"><parameter> - write list</parameter></link> parameter and the <link - linkend="INVALIDUSERS"><parameter>invalid users</parameter> - </link> parameter.</para> - - <para>Default: <command>read list = <empty string></command></para> - <para>Example: <command>read list = mary, @students</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="READONLY"/>read only (S)</term> - <listitem><para>An inverted synonym is <link linkend="WRITEABLE"> - <parameter>writeable</parameter></link>.</para> - - <para>If this parameter is <constant>yes</constant>, then users - of a service may not create or modify files in the service's - directory.</para> - - <para>Note that a printable service (<command>printable = yes</command>) - will <emphasis>ALWAYS</emphasis> allow writing to the directory - (user privileges permitting), but only via spooling operations.</para> - - <para>Default: <command>read only = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="READRAW"/>read raw (G)</term> - <listitem><para>This parameter controls whether or not the server - will support the raw read SMB requests when transferring data - to clients.</para> - - <para>If enabled, raw reads allow reads of 65535 bytes in - one packet. This typically provides a major performance benefit. - </para> - - <para>However, some clients either negotiate the allowable - block size incorrectly or are incapable of supporting larger block - sizes, and for these clients you may need to disable raw reads.</para> - - <para>In general this parameter should be viewed as a system tuning - tool and left severely alone. See also <link linkend="WRITERAW"> - <parameter>write raw</parameter></link>.</para> - - <para>Default: <command>read raw = yes</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="READSIZE"/>read size (G)</term> - <listitem><para>The option <parameter>read size</parameter> - affects the overlap of disk reads/writes with network reads/writes. - If the amount of data being transferred in several of the SMB - commands (currently SMBwrite, SMBwriteX and SMBreadbraw) is larger - than this value then the server begins writing the data before it - has received the whole packet from the network, or in the case of - SMBreadbraw, it begins writing to the network before all the data - has been read from disk.</para> - - <para>This overlapping works best when the speeds of disk and - network access are similar, having very little effect when the - speed of one is much greater than the other.</para> - - <para>The default value is 16384, but very little experimentation - has been done yet to determine the optimal value, and it is likely - that the best value will vary greatly between systems anyway. - A value over 65536 is pointless and will cause you to allocate - memory unnecessarily.</para> - - <para>Default: <command>read size = 16384</command></para> - <para>Example: <command>read size = 8192</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="REALM"/>realm (G)</term> - <listitem><para> - This option specifies the kerberos realm to use. The realm is - used as the ADS equivalent of the NT4<command>domain</command>. It - is usually set to the DNS name of the kerberos server. - </para> - - <para>Default: <command>realm = </command></para> - <para>Example: <command>realm = mysambabox.mycompany.com</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="REMOTEANNOUNCE"/>remote announce (G)</term> - <listitem><para>This option allows you to setup <ulink - url="nmbd.8.html">nmbd(8)</ulink> to periodically announce itself - to arbitrary IP addresses with an arbitrary workgroup name.</para> - - <para>This is useful if you want your Samba server to appear - in a remote workgroup for which the normal browse propagation - rules don't work. The remote workgroup can be anywhere that you - can send IP packets to.</para> - - <para>For example:</para> - - <para><command>remote announce = 192.168.2.255/SERVERS - 192.168.4.255/STAFF</command></para> - - <para>the above line would cause <command>nmbd</command> to announce itself - to the two given IP addresses using the given workgroup names. - If you leave out the workgroup name then the one given in - the <link linkend="WORKGROUP"><parameter>workgroup</parameter></link> - parameter is used instead.</para> - - <para>The IP addresses you choose would normally be the broadcast - addresses of the remote networks, but can also be the IP addresses - of known browse masters if your network config is that stable.</para> - - <para>See the documentation file <ulink url="improved-browsing.html">BROWSING</ulink> - in the <filename>docs/</filename> directory.</para> - - <para>Default: <command>remote announce = <empty string> - </command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="REMOTEBROWSESYNC"/>remote browse sync (G)</term> - <listitem><para>This option allows you to setup <ulink - url="nmbd.8.html">nmbd(8)</ulink> to periodically request - synchronization of browse lists with the master browser of a Samba - server that is on a remote segment. This option will allow you to - gain browse lists for multiple workgroups across routed networks. This - is done in a manner that does not work with any non-Samba servers.</para> - - <para>This is useful if you want your Samba server and all local - clients to appear in a remote workgroup for which the normal browse - propagation rules don't work. The remote workgroup can be anywhere - that you can send IP packets to.</para> - - <para>For example:</para> - - <para><command>remote browse sync = 192.168.2.255 192.168.4.255 - </command></para> - - <para>the above line would cause <command>nmbd</command> to request - the master browser on the specified subnets or addresses to - synchronize their browse lists with the local server.</para> - - <para>The IP addresses you choose would normally be the broadcast - addresses of the remote networks, but can also be the IP addresses - of known browse masters if your network config is that stable. If - a machine IP address is given Samba makes NO attempt to validate - that the remote machine is available, is listening, nor that it - is in fact the browse master on its segment.</para> - - <para>Default: <command>remote browse sync = <empty string> - </command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="RESTRICTANONYMOUS"/>restrict anonymous (G)</term> - <listitem><para>This is a integer parameter, and - mirrors as much as possible the functinality the - <constant>RestrictAnonymous</constant> - registry key does on NT/Win2k. </para> - - <para>Default: <command>restrict anonymous = 0</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="ROOT"/>root (G)</term> - <listitem><para>Synonym for <link linkend="ROOTDIRECTORY"> - <parameter>root directory"</parameter></link>.</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="ROOTDIR"/>root dir (G)</term> - <listitem><para>Synonym for <link linkend="ROOTDIRECTORY"> - <parameter>root directory"</parameter></link>.</para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="ROOTDIRECTORY"/>root directory (G)</term> - <listitem><para>The server will <command>chroot()</command> (i.e. - Change its root directory) to this directory on startup. This is - not strictly necessary for secure operation. Even without it the - server will deny access to files not in one of the service entries. - It may also check for, and deny access to, soft links to other - parts of the filesystem, or attempts to use ".." in file names - to access other directories (depending on the setting of the <link - linkend="WIDELINKS"><parameter>wide links</parameter></link> - parameter).</para> - - <para>Adding a <parameter>root directory</parameter> entry other - than "/" adds an extra level of security, but at a price. It - absolutely ensures that no access is given to files not in the - sub-tree specified in the <parameter>root directory</parameter> - option, <emphasis>including</emphasis> some files needed for - complete operation of the server. To maintain full operability - of the server you will need to mirror some system files - into the <parameter>root directory</parameter> tree. In particular - you will need to mirror <filename>/etc/passwd</filename> (or a - subset of it), and any binaries or configuration files needed for - printing (if required). The set of files that must be mirrored is - operating system dependent.</para> - - <para>Default: <command>root directory = /</command></para> - <para>Example: <command>root directory = /homes/smb</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="ROOTPOSTEXEC"/>root postexec (S)</term> - <listitem><para>This is the same as the <parameter>postexec</parameter> - parameter except that the command is run as root. This - is useful for unmounting filesystems - (such as CDROMs) after a connection is closed.</para> - - <para>See also <link linkend="POSTEXEC"><parameter> - postexec</parameter></link>.</para> - - <para>Default: <command>root postexec = <empty string> - </command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="ROOTPREEXEC"/>root preexec (S)</term> - <listitem><para>This is the same as the <parameter>preexec</parameter> - parameter except that the command is run as root. This - is useful for mounting filesystems (such as CDROMs) when a - connection is opened.</para> - - <para>See also <link linkend="PREEXEC"><parameter> - preexec</parameter></link> and <link linkend="PREEXECCLOSE"> - <parameter>preexec close</parameter></link>.</para> - - <para>Default: <command>root preexec = <empty string> - </command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="ROOTPREEXECCLOSE"/>root preexec close (S)</term> - <listitem><para>This is the same as the <parameter>preexec close - </parameter> parameter except that the command is run as root.</para> - - <para>See also <link linkend="PREEXEC"><parameter> - preexec</parameter></link> and <link linkend="PREEXECCLOSE"> - <parameter>preexec close</parameter></link>.</para> - - <para>Default: <command>root preexec close = no</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="SECURITY"/>security (G)</term> - <listitem><para>This option affects how clients respond to - Samba and is one of the most important settings in the <filename> - smb.conf</filename> file.</para> - - <para>The option sets the "security mode bit" in replies to - protocol negotiations with <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to turn share level security on or off. Clients decide - based on this bit whether (and how) to transfer user and password - information to the server.</para> - - - <para>The default is <command>security = user</command>, as this is - the most common setting needed when talking to Windows 98 and - Windows NT.</para> - - <para>The alternatives are <command>security = share</command>, - <command>security = server</command> or <command>security = domain - </command>.</para> - - <para>In versions of Samba prior to 2.0.0, the default was - <command>security = share</command> mainly because that was - the only option at one stage.</para> - - <para>There is a bug in WfWg that has relevance to this - setting. When in user or server level security a WfWg client - will totally ignore the password you type in the "connect - drive" dialog box. This makes it very difficult (if not impossible) - to connect to a Samba service as anyone except the user that - you are logged into WfWg as.</para> - - <para>If your PCs use usernames that are the same as their - usernames on the UNIX machine then you will want to use - <command>security = user</command>. If you mostly use usernames - that don't exist on the UNIX box then use <command>security = - share</command>.</para> - - <para>You should also use <command>security = share</command> if you - want to mainly setup shares without a password (guest shares). This - is commonly used for a shared printer server. It is more difficult - to setup guest shares with <command>security = user</command>, see - the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter> - </link>parameter for details.</para> - - <para>It is possible to use <command>smbd</command> in a <emphasis> - hybrid mode</emphasis> where it is offers both user and share - level security under different <link linkend="NETBIOSALIASES"> - <parameter>NetBIOS aliases</parameter></link>. </para> - - <para>The different settings will now be explained.</para> - - - <para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE - </emphasis></para> - - <para>When clients connect to a share level security server they - need not log onto the server with a valid username and password before - attempting to connect to a shared resource (although modern clients - such as Windows 95/98 and Windows NT will send a logon request with - a username but no password when talking to a <command>security = share - </command> server). Instead, the clients send authentication information - (passwords) on a per-share basis, at the time they attempt to connect - to that share.</para> - - <para>Note that <command>smbd</command> <emphasis>ALWAYS</emphasis> - uses a valid UNIX user to act on behalf of the client, even in - <command>security = share</command> level security.</para> - - <para>As clients are not required to send a username to the server - in share level security, <command>smbd</command> uses several - techniques to determine the correct UNIX user to use on behalf - of the client.</para> - - <para>A list of possible UNIX usernames to match with the given - client password is constructed using the following methods :</para> - - <itemizedlist> - <listitem><para>If the <link linkend="GUESTONLY"><parameter>guest - only</parameter></link> parameter is set, then all the other - stages are missed and only the <link linkend="GUESTACCOUNT"> - <parameter>guest account</parameter></link> username is checked. - </para></listitem> - - <listitem><para>Is a username is sent with the share connection - request, then this username (after mapping - see <link - linkend="USERNAMEMAP"><parameter>username map</parameter></link>), - is added as a potential username.</para></listitem> - - <listitem><para>If the client did a previous <emphasis>logon - </emphasis> request (the SessionSetup SMB call) then the - username sent in this SMB will be added as a potential username. - </para></listitem> - - <listitem><para>The name of the service the client requested is - added as a potential username.</para></listitem> - - <listitem><para>The NetBIOS name of the client is added to - the list as a potential username.</para></listitem> - - <listitem><para>Any users on the <link linkend="USER"><parameter> - user</parameter></link> list are added as potential usernames. - </para></listitem> - </itemizedlist> - - <para>If the <parameter>guest only</parameter> parameter is - not set, then this list is then tried with the supplied password. - The first user for whom the password matches will be used as the - UNIX user.</para> - - <para>If the <parameter>guest only</parameter> parameter is - set, or no username can be determined then if the share is marked - as available to the <parameter>guest account</parameter>, then this - guest user will be used, otherwise access is denied.</para> - - <para>Note that it can be <emphasis>very</emphasis> confusing - in share-level security as to which UNIX username will eventually - be used in granting access.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER - </emphasis></para> - - <para>This is the default security setting in Samba 3.0. - With user-level security a client must first "log-on" with a - valid username and password (which can be mapped using the <link - linkend="USERNAMEMAP"><parameter>username map</parameter></link> - parameter). Encrypted passwords (see the <link linkend="ENCRYPTPASSWORDS"> - <parameter>encrypted passwords</parameter></link> parameter) can also - be used in this security mode. Parameters such as <link linkend="USER"> - <parameter>user</parameter></link> and <link linkend="GUESTONLY"> - <parameter>guest only</parameter></link> if set are then applied and - may change the UNIX user to use on this connection, but only after - the user has been successfully authenticated.</para> - - <para><emphasis>Note</emphasis> that the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client. This is why - guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <link - linkend="GUESTACCOUNT"><parameter>guest account</parameter></link>. - See the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter> - </link> parameter for details on doing this.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN - - </emphasis></para> - - <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has been used to add this - machine into a Windows NT Domain. It expects the <link - linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> - </link> parameter to be set to <constant>yes</constant>. In this - mode Samba will try to validate the username/password by passing - it to a Windows NT Primary or Backup Domain Controller, in exactly - the same way that a Windows NT Server would do.</para> - - <para><emphasis>Note</emphasis> that a valid UNIX user must still - exist as well as the account on the Domain Controller to allow - Samba to have a valid UNIX account to map file access to.</para> - - <para><emphasis>Note</emphasis> that from the client's point - of view <command>security = domain</command> is the same as <command>security = user - </command>. It only affects how the server deals with the authentication, - it does not in any way affect what the client sees.</para> - - <para><emphasis>Note</emphasis> that the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client. This is why - guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <link - linkend="GUESTACCOUNT"><parameter>guest account</parameter></link>. - See the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter> - </link> parameter for details on doing this.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para>See also the <link linkend="PASSWORDSERVER"><parameter>password - server</parameter></link> parameter and the <link - linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> - </link> parameter.</para> - - <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER - </emphasis></para> - - <para>In this mode Samba will try to validate the username/password - by passing it to another SMB server, such as an NT box. If this - fails it will revert to <command>security = - user</command>. It expects the <link - linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> - </link> parameter to be set to - <constant>yes</constant>, unless the remote server - does not support them. However note - that if encrypted passwords have been negotiated then Samba cannot - revert back to checking the UNIX password file, it must have a valid - <filename>smbpasswd</filename> file to check users against. See the - documentation file in the <filename>docs/</filename> directory - <filename>ENCRYPTION.txt</filename> for details on how to set this - up.</para> - - <para><emphasis>Note</emphasis> this mode of operation - has significant pitfalls, due to the fact that is - activly initiates a man-in-the-middle attack on the - remote SMB server. In particular, this mode of - operation can cause significant resource consuption on - the PDC, as it must maintain an active connection for - the duration of the user's session. Furthermore, if - this connection is lost, there is no way to - reestablish it, and futher authenticaions to the Samba - server may fail. (From a single client, till it - disconnects). </para> - - <para><emphasis>Note</emphasis> that from the client's point of - view <command>security = server</command> is the same as <command> - security = user</command>. It only affects how the server deals - with the authentication, it does not in any way affect what the - client sees.</para> - - <para><emphasis>Note</emphasis> that the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client. This is why - guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <link - linkend="GUESTACCOUNT"><parameter>guest account</parameter></link>. - See the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter> - </link> parameter for details on doing this.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para>See also the <link linkend="PASSWORDSERVER"><parameter>password - server</parameter></link> parameter and the <link - linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> - </link> parameter.</para> - - <para>Default: <command>security = USER</command></para> - <para>Example: <command>security = DOMAIN</command></para> - - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="SECURITYMASK"/>security mask (S)</term> - <listitem><para>This parameter controls what UNIX permission - bits can be modified when a Windows NT client is manipulating - the UNIX permission on a file using the native NT security - dialog box.</para> - - <para>This parameter is applied as a mask (AND'ed with) to - the changed permission bits, thus preventing any bits not in - this mask from being modified. Essentially, zero bits in this - mask may be treated as a set of bits the user is not allowed - to change.</para> - - <para>If not set explicitly this parameter is 0777, allowing - a user to modify all the user/group/world permissions on a file. - </para> - - <para><emphasis>Note</emphasis> that users who can access the - Samba server through other means can easily bypass this - restriction, so it is primarily useful for standalone - "appliance" systems. Administrators of most normal systems will - probably want to leave it set to <constant>0777</constant>.</para> - - <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"> - <parameter>force directory security mode</parameter></link>, - <link linkend="DIRECTORYSECURITYMASK"><parameter>directory - security mask</parameter></link>, <link linkend="FORCESECURITYMODE"> - <parameter>force security mode</parameter></link> parameters.</para> - - <para>Default: <command>security mask = 0777</command></para> - <para>Example: <command>security mask = 0770</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="SERVERSCHANNEL"/>server schannel (G)</term> - <listitem> - - <para>This controls whether the server offers or even - demands the use of the netlogon schannel. - <parameter>server schannel = no</parameter> does not - offer the schannel, <parameter>server schannel = - auto</parameter> offers the schannel but does not - enforce it, and <parameter>server schannel = - yes</parameter> denies access if the client is not - able to speak netlogon schannel. This is only the case - for Windows NT4 before SP4.</para> - - <para>Please note that with this set to - <parameter>no</parameter> you will have to apply the - WindowsXP requireSignOrSeal-Registry patch found in - the docs/Registry subdirectory.</para - - <para>Default: <command>server schannel = auto</command></para> - - <para>Example: <command>server schannel = yes</command>/para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="SERVERSTRING"/>server string (G)</term> - <listitem><para>This controls what string will show up in the - printer comment box in print manager and next to the IPC connection - in <command>net view</command>. It can be any string that you wish - to show to your users.</para> - - <para>It also sets what will appear in browse lists next - to the machine name.</para> - - <para>A <parameter>%v</parameter> will be replaced with the Samba - version number.</para> - - <para>A <parameter>%h</parameter> will be replaced with the - hostname.</para> - - <para>Default: <command>server string = Samba %v</command></para> - - <para>Example: <command>server string = University of GNUs Samba - Server</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="SETPRIMARYGROUPSCRIPT"/>set primary group script (G)</term> - <listitem><para>Thanks to the Posix subsystem in NT a - Windows User has a primary group in addition to the - auxiliary groups. This script sets the primary group - in the unix userdatase when an administrator sets the - primary group from the windows user manager or when - fetching a SAM with <command>net rpc - vampire</command>. <parameter>%u</parameter> will be - replaced with the user whose primary group is to be - set. <parameter>%g</parameter> will be replaced with - the group to set. - - <para>Default: <emphasis>No default value</emphasis></para> - - <para>Example: <command>set primary group script = /usr/sbin/usermod -g '%g' '%u'</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="SETDIRECTORY"/>set directory (S)</term> - <listitem><para>If <command>set directory = no</command>, then - users of the service may not use the setdir command to change - directory.</para> - - <para>The <command>setdir</command> command is only implemented - in the Digital Pathworks client. See the Pathworks documentation - for details.</para> - - <para>Default: <command>set directory = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="SHAREMODES"/>share modes (S)</term> - <listitem><para>This enables or disables the honoring of - the <parameter>share modes</parameter> during a file open. These - modes are used by clients to gain exclusive read or write access - to a file.</para> - - <para>These open modes are not directly supported by UNIX, so - they are simulated using shared memory, or lock files if your - UNIX doesn't support shared memory (almost all do).</para> - - <para>The share modes that are enabled by this option are - <constant>DENY_DOS</constant>, <constant>DENY_ALL</constant>, - <constant>DENY_READ</constant>, <constant>DENY_WRITE</constant>, - <constant>DENY_NONE</constant> and <constant>DENY_FCB</constant>. - </para> - - <para>This option gives full share compatibility and enabled - by default.</para> - - <para>You should <emphasis>NEVER</emphasis> turn this parameter - off as many Windows applications will break if you do so.</para> - - <para>Default: <command>share modes = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="SHORTPRESERVECASE"/>short preserve case (S)</term> - <listitem><para>This boolean parameter controls if new files - which conform to 8.3 syntax, that is all in upper case and of - suitable length, are created upper case, or if they are forced - to be the <link linkend="DEFAULTCASE"><parameter>default case - </parameter></link>. This option can be use with <link - linkend="PRESERVECASE"><command>preserve case = yes</command> - </link> to permit long filenames to retain their case, while short - names are lowered. </para> - - <para>See the section on <link linkend="NAMEMANGLINGSECT"> - NAME MANGLING</link>.</para> - - <para>Default: <command>short preserve case = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="SHOWADDPRINTERWIZARD"/>show add printer wizard (G)</term> - <listitem><para>With the introduction of MS-RPC based printing support - for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will - appear on Samba hosts in the share listing. Normally this folder will - contain an icon for the MS Add Printer Wizard (APW). However, it is - possible to disable this feature regardless of the level of privilege - of the connected user.</para> - - <para>Under normal circumstances, the Windows NT/2000 client will - open a handle on the printer server with OpenPrinterEx() asking for - Administrator privileges. If the user does not have administrative - access on the print server (i.e is not root or a member of the - <parameter>printer admin</parameter> group), the OpenPrinterEx() - call fails and the client makes another open call with a request for - a lower privilege level. This should succeed, however the APW - icon will not be displayed.</para> - - <para>Disabling the <parameter>show add printer wizard</parameter> - parameter will always cause the OpenPrinterEx() on the server - to fail. Thus the APW icon will never be displayed. <emphasis> - Note :</emphasis>This does not prevent the same user from having - administrative privilege on an individual printer.</para> - - <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter>addprinter - command</parameter></link>, <link linkend="DELETEPRINTERCOMMAND"> - <parameter>deleteprinter command</parameter></link>, <link - linkend="PRINTERADMIN"><parameter>printer admin</parameter></link></para> - - <para>Default :<command>show add printer wizard = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="SHUTDOWNSCRIPT"/>shutdown script (G)</term> - <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> - This a full path name to a script called by - <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> that - should start a shutdown procedure.</para> - - <para>This command will be run as the user connected to the - server.</para> - - <para>%m %t %r %f parameters are expanded</para> - <para><parameter>%m</parameter> will be substituted with the - shutdown message sent to the server.</para> - <para><parameter>%t</parameter> will be substituted with the - number of seconds to wait before effectively starting the - shutdown procedure.</para> - <para><parameter>%r</parameter> will be substituted with the - switch <emphasis>-r</emphasis>. It means reboot after shutdown - for NT. - </para> - <para><parameter>%f</parameter> will be substituted with the - switch <emphasis>-f</emphasis>. It means force the shutdown - even if applications do not respond for NT.</para> - - <para>Default: <emphasis>None</emphasis>.</para> - <para>Example: <command>abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</command></para> - <para>Shutdown script example: -<programlisting> -#!/bin/bash - -$time=0 -let "time/60" -let "time++" - -/sbin/shutdown $3 $4 +$time $1 & -</programlisting> - Shutdown does not return so we need to launch it in background. - </para> - - <para>See also <link linkend="ABORTSHUTDOWNSCRIPT"><parameter>abort shutdown script</parameter></link>.</para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="SMBPASSWDFILE"/>smb passwd file (G)</term> - <listitem><para>This option sets the path to the encrypted - smbpasswd file. By default the path to the smbpasswd file - is compiled into Samba.</para> - - <para>Default: <command>smb passwd file = ${prefix}/private/smbpasswd - </command></para> - - <para>Example: <command>smb passwd file = /etc/samba/smbpasswd - </command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="SMBPORTS"/>smb ports (G)</term> - <listitem><para>Specifies which ports the server should listen on - for SMB traffic. - </para> - - <para>Default: <command>smb ports = 445 139</command></para> - - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="SOCKETADDRESS"/>socket address (G)</term> - <listitem><para>This option allows you to control what - address Samba will listen for connections on. This is used to - support multiple virtual interfaces on the one server, each - with a different configuration.</para> - - <para>By default Samba will accept connections on any - address.</para> - - <para>Example: <command>socket address = 192.168.2.20</command> - </para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="SOCKETOPTIONS"/>socket options (G)</term> - <listitem><para>This option allows you to set socket options - to be used when talking with the client.</para> - - <para>Socket options are controls on the networking layer - of the operating systems which allow the connection to be - tuned.</para> - - <para>This option will typically be used to tune your Samba - server for optimal performance for your local network. There is - no way that Samba can know what the optimal parameters are for - your net, so you must experiment and choose them yourself. We - strongly suggest you read the appropriate documentation for your - operating system first (perhaps <command>man setsockopt</command> - will help).</para> - - <para>You may find that on some systems Samba will say - "Unknown socket option" when you supply an option. This means you - either incorrectly typed it or you need to add an include file - to includes.h for your OS. If the latter is the case please - send the patch to <ulink url="mailto:samba@samba.org"> - samba@samba.org</ulink>.</para> - - <para>Any of the supported socket options may be combined - in any way you like, as long as your OS allows it.</para> - - <para>This is the list of socket options currently settable - using this option:</para> - - <itemizedlist> - <listitem><para>SO_KEEPALIVE</para></listitem> - <listitem><para>SO_REUSEADDR</para></listitem> - <listitem><para>SO_BROADCAST</para></listitem> - <listitem><para>TCP_NODELAY</para></listitem> - <listitem><para>IPTOS_LOWDELAY</para></listitem> - <listitem><para>IPTOS_THROUGHPUT</para></listitem> - <listitem><para>SO_SNDBUF *</para></listitem> - <listitem><para>SO_RCVBUF *</para></listitem> - <listitem><para>SO_SNDLOWAT *</para></listitem> - <listitem><para>SO_RCVLOWAT *</para></listitem> - </itemizedlist> - - <para>Those marked with a <emphasis>'*'</emphasis> take an integer - argument. The others can optionally take a 1 or 0 argument to enable - or disable the option, by default they will be enabled if you - don't specify 1 or 0.</para> - - <para>To specify an argument use the syntax SOME_OPTION = VALUE - for example <command>SO_SNDBUF = 8192</command>. Note that you must - not have any spaces before or after the = sign.</para> - - <para>If you are on a local network then a sensible option - might be</para> - <para><command>socket options = IPTOS_LOWDELAY</command></para> - - <para>If you have a local network then you could try:</para> - <para><command>socket options = IPTOS_LOWDELAY TCP_NODELAY</command></para> - - <para>If you are on a wide area network then perhaps try - setting IPTOS_THROUGHPUT. </para> - - <para>Note that several of the options may cause your Samba - server to fail completely. Use these options with caution!</para> - - <para>Default: <command>socket options = TCP_NODELAY</command></para> - <para>Example: <command>socket options = IPTOS_LOWDELAY</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="SOURCEENVIRONMENT"/>source environment (G)</term> - <listitem><para>This parameter causes Samba to set environment - variables as per the content of the file named.</para> - - <para>If the value of this parameter starts with a "|" character - then Samba will treat that value as a pipe command to open and - will set the environment variables from the output of the pipe.</para> - - <para>The contents of the file or the output of the pipe should - be formatted as the output of the standard Unix <command>env(1) - </command> command. This is of the form :</para> - <para>Example environment entry:</para> - <para><command>SAMBA_NETBIOS_NAME = myhostname</command></para> - - <para>Default: <emphasis>No default value</emphasis></para> - <para>Examples: <command>source environment = |/etc/smb.conf.sh - </command></para> - - <para>Example: <command>source environment = - /usr/local/smb_env_vars</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="SPNEGO"/>use spnego (G)</term> - <listitem><para> This variable controls controls whether samba will try - to use Simple and Protected NEGOciation (as specified by rfc2478) with - WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. - Unless further issues are discovered with our SPNEGO - implementation, there is no reason this should ever be - disabled.</para> - <para>Default: <emphasis>use spnego = yes</emphasis></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="STATCACHE"/>stat cache (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will use a cache in order to - speed up case insensitive name mappings. You should never need - to change this parameter.</para> - - <para>Default: <command>stat cache = yes</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="STATCACHESIZE"/>stat cache size (G)</term> - <listitem><para>This parameter determines the number of - entries in the <parameter>stat cache</parameter>. You should - never need to change this parameter.</para> - - <para>Default: <command>stat cache size = 50</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="STRICTALLOCATE"/>strict allocate (S)</term> - <listitem><para>This is a boolean that controls the handling of - disk space allocation in the server. When this is set to <constant>yes</constant> - the server will change from UNIX behaviour of not committing real - disk storage blocks when a file is extended to the Windows behaviour - of actually forcing the disk system to allocate real storage blocks - when a file is created or extended to be a given size. In UNIX - terminology this means that Samba will stop creating sparse files. - This can be slow on some systems.</para> - - <para>When strict allocate is <constant>no</constant> the server does sparse - disk block allocation when a file is extended.</para> - - <para>Setting this to <constant>yes</constant> can help Samba return - out of quota messages on systems that are restricting the disk quota - of users.</para> - - <para>Default: <command>strict allocate = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="STRICTLOCKING"/>strict locking (S)</term> - <listitem><para>This is a boolean that controls the handling of - file locking in the server. When this is set to <constant>yes</constant> - the server will check every read and write access for file locks, and - deny access if locks exist. This can be slow on some systems.</para> - - <para>When strict locking is <constant>no</constant> the server does file - lock checks only when the client explicitly asks for them.</para> - - <para>Well-behaved clients always ask for lock checks when it - is important, so in the vast majority of cases <command>strict - locking = no</command> is preferable.</para> - - <para>Default: <command>strict locking = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="STRICTSYNC"/>strict sync (S)</term> - <listitem><para>Many Windows applications (including the Windows - 98 explorer shell) seem to confuse flushing buffer contents to - disk with doing a sync to disk. Under UNIX, a sync call forces - the process to be suspended until the kernel has ensured that - all outstanding data in kernel disk buffers has been safely stored - onto stable storage. This is very slow and should only be done - rarely. Setting this parameter to <constant>no</constant> (the - default) means that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> ignores the Windows applications requests for - a sync call. There is only a possibility of losing data if the - operating system itself that Samba is running on crashes, so there is - little danger in this default setting. In addition, this fixes many - performance problems that people have reported with the new Windows98 - explorer shell file copies.</para> - - <para>See also the <link linkend="SYNCALWAYS"><parameter>sync - always></parameter></link> parameter.</para> - - <para>Default: <command>strict sync = no</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="STRIPDOT"/>strip dot (G)</term> - <listitem><para>This is a boolean that controls whether to - strip trailing dots off UNIX filenames. This helps with some - CDROMs that have filenames ending in a single dot.</para> - - <para>Default: <command>strip dot = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="SYNCALWAYS"/>sync always (S)</term> - <listitem><para>This is a boolean parameter that controls - whether writes will always be written to stable storage before - the write call returns. If this is <constant>no</constant> then the server will be - guided by the client's request in each write call (clients can - set a bit indicating that a particular write should be synchronous). - If this is <constant>yes</constant> then every write will be followed by a <command>fsync() - </command> call to ensure the data is written to disk. Note that - the <parameter>strict sync</parameter> parameter must be set to - <constant>yes</constant> in order for this parameter to have - any affect.</para> - - <para>See also the <link linkend="STRICTSYNC"><parameter>strict - sync</parameter></link> parameter.</para> - - <para>Default: <command>sync always = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="SYSLOG"/>syslog (G)</term> - <listitem><para>This parameter maps how Samba debug messages - are logged onto the system syslog logging levels. Samba debug - level zero maps onto syslog <constant>LOG_ERR</constant>, debug - level one maps onto <constant>LOG_WARNING</constant>, debug level - two maps onto <constant>LOG_NOTICE</constant>, debug level three - maps onto LOG_INFO. All higher levels are mapped to <constant> - LOG_DEBUG</constant>.</para> - - <para>This parameter sets the threshold for sending messages - to syslog. Only messages with debug level less than this value - will be sent to syslog.</para> - - <para>Default: <command>syslog = 1</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="SYSLOGONLY"/>syslog only (G)</term> - <listitem><para>If this parameter is set then Samba debug - messages are logged into the system syslog only, and not to - the debug log files.</para> - - <para>Default: <command>syslog only = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="TEMPLATEHOMEDIR"/>template homedir (G)</term> - <listitem><para>When filling out the user information for a Windows NT - user, the <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon - uses this parameter to fill in the home directory for that user. - If the string <parameter>%D</parameter> is present it is substituted - with the user's Windows NT domain name. If the string <parameter>%U - </parameter> is present it is substituted with the user's Windows - NT user name.</para> - - <para>Default: <command>template homedir = /home/%D/%U</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="TEMPLATESHELL"/>template shell (G)</term> - <listitem><para>When filling out the user information for a Windows NT - user, the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon - uses this parameter to fill in the login shell for that user.</para> - - <para>Default: <command>template shell = /bin/false</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="TIMEOFFSET"/>time offset (G)</term> - <listitem><para>This parameter is a setting in minutes to add - to the normal GMT to local time conversion. This is useful if - you are serving a lot of PCs that have incorrect daylight - saving time handling.</para> - - <para>Default: <command>time offset = 0</command></para> - <para>Example: <command>time offset = 60</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="TIMESERVER"/>time server (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> advertises itself as a time server to Windows - clients.</para> - - <para>Default: <command>time server = no</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="TIMESTAMPLOGS"/>timestamp logs (G)</term> - <listitem><para>Synonym for <link linkend="DEBUGTIMESTAMP"><parameter> - debug timestamp</parameter></link>.</para> - </listitem> - </varlistentry> - - - - - - <varlistentry> - <term><anchor id="TOTALPRINTJOBS"/>total print jobs (G)</term> - <listitem><para>This parameter accepts an integer value which defines - a limit on the maximum number of print jobs that will be accepted - system wide at any given time. If a print job is submitted - by a client which will exceed this number, then <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will return an - error indicating that no space is available on the server. The - default value of 0 means that no such limit exists. This parameter - can be used to prevent a server from exceeding its capacity and is - designed as a printing throttle. See also - <link linkend="MAXPRINTJOBS"><parameter>max print jobs</parameter></link>. - </para> - - <para>Default: <command>total print jobs = 0</command></para> - <para>Example: <command>total print jobs = 5000</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="UNICODE"/>unicode (G)</term> - <listitem><para>Specifies whether Samba should try - to use unicode on the wire by default. Note: This does NOT - mean that samba will assume that the unix machine uses unicode! - </para> - - <para>Default: <command>unicode = yes</command></para> - - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="UNIXCHARSET"/>unix charset (G)</term> - <listitem><para>Specifies the charset the unix machine - Samba runs on uses. Samba needs to know this in order to be able to - convert text to the charsets other SMB clients use. - </para> - - <para>Default: <command>unix charset = UTF8</command></para> - <para>Example: <command>unix charset = ASCII</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="UNIXEXTENSIONS"/>unix extensions(G)</term> - <listitem><para>This boolean parameter controls whether Samba - implments the CIFS UNIX extensions, as defined by HP. - These extensions enable Samba to better serve UNIX CIFS clients - by supporting features such as symbolic links, hard links, etc... - These extensions require a similarly enabled client, and are of - no current use to Windows clients.</para> - - <para>Default: <command>unix extensions = no</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="UNIXPASSWORDSYNC"/>unix password sync (G)</term> - <listitem><para>This boolean parameter controls whether Samba - attempts to synchronize the UNIX password with the SMB password - when the encrypted SMB password in the smbpasswd file is changed. - If this is set to <constant>yes</constant> the program specified in the <parameter>passwd - program</parameter>parameter is called <emphasis>AS ROOT</emphasis> - - to allow the new UNIX password to be set without access to the - old UNIX password (as the SMB password change code has no - access to the old password cleartext, only the new).</para> - - <para>See also <link linkend="PASSWDPROGRAM"><parameter>passwd - program</parameter></link>, <link linkend="PASSWDCHAT"><parameter> - passwd chat</parameter></link>.</para> - - <para>Default: <command>unix password sync = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="UPDATEENCRYPTED"/>update encrypted (G)</term> - <listitem><para>This boolean parameter allows a user logging - on with a plaintext password to have their encrypted (hashed) - password in the smbpasswd file to be updated automatically as - they log on. This option allows a site to migrate from plaintext - password authentication (users authenticate with plaintext - password over the wire, and are checked against a UNIX account - database) to encrypted password authentication (the SMB - challenge/response authentication mechanism) without forcing - all users to re-enter their passwords via smbpasswd at the time the - change is made. This is a convenience option to allow the change over - to encrypted passwords to be made over a longer period. Once all users - have encrypted representations of their passwords in the smbpasswd - file this parameter should be set to <constant>no</constant>.</para> - - <para>In order for this parameter to work correctly the <link - linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords</parameter> - </link> parameter must be set to <constant>no</constant> when - this parameter is set to <constant>yes</constant>.</para> - - <para>Note that even when this parameter is set a user - authenticating to <command>smbd</command> must still enter a valid - password in order to connect correctly, and to update their hashed - (smbpasswd) passwords.</para> - - <para>Default: <command>update encrypted = no</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="USECLIENTDRIVER"/>use client driver (S)</term> - <listitem><para>This parameter applies only to Windows NT/2000 - clients. It has no affect on Windows 95/98/ME clients. When - serving a printer to Windows NT/2000 clients without first installing - a valid printer driver on the Samba host, the client will be required - to install a local printer driver. From this point on, the client - will treat the print as a local printer and not a network printer - connection. This is much the same behavior that will occur - when <command>disable spoolss = yes</command>. </para> - - <para>The differentiating - factor is that under normal circumstances, the NT/2000 client will - attempt to open the network printer using MS-RPC. The problem is that - because the client considers the printer to be local, it will attempt - to issue the OpenPrinterEx() call requesting access rights associated - with the logged on user. If the user possesses local administator rights - but not root privilegde on the Samba host (often the case), the OpenPrinterEx() - call will fail. The result is that the client will now display an "Access - Denied; Unable to connect" message in the printer queue window (even though - jobs may successfully be printed). </para> - - <para>If this parameter is enabled for a printer, then any attempt - to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped - to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx() - call to succeed. <emphasis>This parameter MUST not be able enabled - on a print share which has valid print driver installed on the Samba - server.</emphasis></para> - - <para>See also <link linkend="DISABLESPOOLSS">disable spoolss</link> - </para> - - <para>Default: <command>use client driver = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="USEMMAP"/>use mmap (G)</term> - <listitem><para>This global parameter determines if the tdb internals of Samba can - depend on mmap working correctly on the running system. Samba requires a coherent - mmap/read-write system memory cache. Currently only HPUX does not have such a - coherent cache, and so this parameter is set to <constant>no</constant> by - default on HPUX. On all other systems this parameter should be left alone. This - parameter is provided to help the Samba developers track down problems with - the tdb internal code. - </para> - - <para>Default: <command>use mmap = yes</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="USER"/>user (S)</term> - <listitem><para>Synonym for <link linkend="USERNAME"><parameter> - username</parameter></link>.</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="USERS"/>users (S)</term> - <listitem><para>Synonym for <link linkend="USERNAME"><parameter> - username</parameter></link>.</para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="USERNAME"/>username (S)</term> - <listitem><para>Multiple users may be specified in a comma-delimited - list, in which case the supplied password will be tested against - each username in turn (left to right).</para> - - <para>The <parameter>username</parameter> line is needed only when - the PC is unable to supply its own username. This is the case - for the COREPLUS protocol or where your users have different WfWg - usernames to UNIX usernames. In both these cases you may also be - better using the \\server\share%user syntax instead.</para> - - <para>The <parameter>username</parameter> line is not a great - solution in many cases as it means Samba will try to validate - the supplied password against each of the usernames in the - <parameter>username</parameter> line in turn. This is slow and - a bad idea for lots of users in case of duplicate passwords. - You may get timeouts or security breaches using this parameter - unwisely.</para> - - <para>Samba relies on the underlying UNIX security. This - parameter does not restrict who can login, it just offers hints - to the Samba server as to what usernames might correspond to the - supplied password. Users can login as whoever they please and - they will be able to do no more damage than if they started a - telnet session. The daemon runs as the user that they log in as, - so they cannot do anything that user cannot do.</para> - - <para>To restrict a service to a particular set of users you - can use the <link linkend="VALIDUSERS"><parameter>valid users - </parameter></link> parameter.</para> - - <para>If any of the usernames begin with a '@' then the name - will be looked up first in the NIS netgroups list (if Samba - is compiled with netgroup support), followed by a lookup in - the UNIX groups database and will expand to a list of all users - in the group of that name.</para> - - <para>If any of the usernames begin with a '+' then the name - will be looked up only in the UNIX groups database and will - expand to a list of all users in the group of that name.</para> - - <para>If any of the usernames begin with a '&' then the name - will be looked up only in the NIS netgroups database (if Samba - is compiled with netgroup support) and will expand to a list - of all users in the netgroup group of that name.</para> - - <para>Note that searching though a groups database can take - quite some time, and some clients may time out during the - search.</para> - - <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT - USERNAME/PASSWORD VALIDATION</link> for more information on how - this parameter determines access to the services.</para> - - <para>Default: <command>The guest account if a guest service, - else <empty string>.</command></para> - - <para>Examples:<command>username = fred, mary, jack, jane, - @users, @pcgroup</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="USERNAMELEVEL"/>username level (G)</term> - <listitem><para>This option helps Samba to try and 'guess' at - the real UNIX username, as many DOS clients send an all-uppercase - username. By default Samba tries all lowercase, followed by the - username with the first letter capitalized, and fails if the - username is not found on the UNIX machine.</para> - - <para>If this parameter is set to non-zero the behavior changes. - This parameter is a number that specifies the number of uppercase - combinations to try while trying to determine the UNIX user name. The - higher the number the more combinations will be tried, but the slower - the discovery of usernames will be. Use this parameter when you have - strange usernames on your UNIX machine, such as <constant>AstrangeUser - </constant>.</para> - - <para>Default: <command>username level = 0</command></para> - <para>Example: <command>username level = 5</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="USERNAMEMAP"/>username map (G)</term> - <listitem><para>This option allows you to specify a file containing - a mapping of usernames from the clients to the server. This can be - used for several purposes. The most common is to map usernames - that users use on DOS or Windows machines to those that the UNIX - box uses. The other is to map multiple users to a single username - so that they can more easily share files.</para> - - <para>The map file is parsed line by line. Each line should - contain a single UNIX username on the left then a '=' followed - by a list of usernames on the right. The list of usernames on the - right may contain names of the form @group in which case they - will match any UNIX username in that group. The special client - name '*' is a wildcard and matches any name. Each line of the - map file may be up to 1023 characters long.</para> - - <para>The file is processed on each line by taking the - supplied username and comparing it with each username on the right - hand side of the '=' signs. If the supplied name matches any of - the names on the right hand side then it is replaced with the name - on the left. Processing then continues with the next line.</para> - - <para>If any line begins with a '#' or a ';' then it is - ignored</para> - - <para>If any line begins with an '!' then the processing - will stop after that line if a mapping was done by the line. - Otherwise mapping continues with every line being processed. - Using '!' is most useful when you have a wildcard mapping line - later in the file.</para> - - <para>For example to map from the name <constant>admin</constant> - or <constant>administrator</constant> to the UNIX name <constant> - root</constant> you would use:</para> - - <para><command>root = admin administrator</command></para> - - <para>Or to map anyone in the UNIX group <constant>system</constant> - to the UNIX name <constant>sys</constant> you would use:</para> - - <para><command>sys = @system</command></para> - - <para>You can have as many mappings as you like in a username - map file.</para> - - - <para>If your system supports the NIS NETGROUP option then - the netgroup database is checked before the <filename>/etc/group - </filename> database for matching groups.</para> - - <para>You can map Windows usernames that have spaces in them - by using double quotes around the name. For example:</para> - - <para><command>tridge = "Andrew Tridgell"</command></para> - - <para>would map the windows username "Andrew Tridgell" to the - unix username "tridge".</para> - - <para>The following example would map mary and fred to the - unix user sys, and map the rest to guest. Note the use of the - '!' to tell Samba to stop processing if it gets a match on - that line.</para> - -<para><programlisting> -!sys = mary fred -guest = * -</programlisting></para> - - <para>Note that the remapping is applied to all occurrences - of usernames. Thus if you connect to \\server\fred and <constant> - fred</constant> is remapped to <constant>mary</constant> then you - will actually be connecting to \\server\mary and will need to - supply a password suitable for <constant>mary</constant> not - <constant>fred</constant>. The only exception to this is the - username passed to the <link linkend="PASSWORDSERVER"><parameter> - password server</parameter></link> (if you have one). The password - server will receive whatever username the client supplies without - modification.</para> - - <para>Also note that no reverse mapping is done. The main effect - this has is with printing. Users who have been mapped may have - trouble deleting print jobs as PrintManager under WfWg will think - they don't own the print job.</para> - - <para>Default: <emphasis>no username map</emphasis></para> - <para>Example: <command>username map = /usr/local/samba/lib/users.map - </command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="USESENDFILE"/>use sendfile (S)</term> - <listitem><para>If this parameter is <constant>yes</constant>, and Samba - was built with the --with-sendfile-support option, and the underlying operating - system supports sendfile system call, then some SMB read calls (mainly ReadAndX - and ReadRaw) will use the more efficient sendfile system call for files that - are exclusively oplocked. This may make more efficient use of the system CPU's - and cause Samba to be faster. This is off by default as it's effects are unknown - as yet. - </para> - - <para>Default: <command>use sendfile = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="UTMP"/>utmp (G)</term> - <listitem><para>This boolean parameter is only available if - Samba has been configured and compiled with the option <command> - --with-utmp</command>. If set to <constant>yes</constant> then Samba will attempt - to add utmp or utmpx records (depending on the UNIX system) whenever a - connection is made to a Samba server. Sites may use this to record the - user connecting to a Samba share.</para> - - <para>Due to the requirements of the utmp record, we - are required to create a unique identifier for the - incoming user. Enabling this option creates an n^2 - algorithm to find this number. This may impede - performance on large installations. </para> - - <para>See also the <link linkend="UTMPDIRECTORY"><parameter> - utmp directory</parameter></link> parameter.</para> - - <para>Default: <command>utmp = no</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="UTMPDIRECTORY"/>utmp directory(G)</term> - <listitem><para>This parameter is only available if Samba has - been configured and compiled with the option <command> - --with-utmp</command>. It specifies a directory pathname that is - used to store the utmp or utmpx files (depending on the UNIX system) that - record user connections to a Samba server. See also the <link linkend="UTMP"> - <parameter>utmp</parameter></link> parameter. By default this is - not set, meaning the system will use whatever utmp file the - native system is set to use (usually - <filename>/var/run/utmp</filename> on Linux).</para> - - <para>Default: <emphasis>no utmp directory</emphasis></para> - <para>Example: <command>utmp directory = /var/run/utmp</command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="WTMPDIRECTORY"/>wtmp directory(G)</term> - <listitem><para>This parameter is only available if Samba has - been configured and compiled with the option <command> - --with-utmp</command>. It specifies a directory pathname that is - used to store the wtmp or wtmpx files (depending on the UNIX system) that - record user connections to a Samba server. The difference with - the utmp directory is the fact that user info is kept after a user - has logged out. - - See also the <link linkend="UTMP"> - <parameter>utmp</parameter></link> parameter. By default this is - not set, meaning the system will use whatever utmp file the - native system is set to use (usually - <filename>/var/run/wtmp</filename> on Linux).</para> - - <para>Default: <emphasis>no wtmp directory</emphasis></para> - <para>Example: <command>wtmp directory = /var/log/wtmp</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="VALIDUSERS"/>valid users (S)</term> - <listitem><para>This is a list of users that should be allowed - to login to this service. Names starting with '@', '+' and '&' - are interpreted using the same rules as described in the - <parameter>invalid users</parameter> parameter.</para> - - <para>If this is empty (the default) then any user can login. - If a username is in both this list and the <parameter>invalid - users</parameter> list then access is denied for that user.</para> - - <para>The current servicename is substituted for <parameter>%S - </parameter>. This is useful in the [homes] section.</para> - - <para>See also <link linkend="INVALIDUSERS"><parameter>invalid users - </parameter></link></para> - - <para>Default: <emphasis>No valid users list (anyone can login) - </emphasis></para> - - <para>Example: <command>valid users = greg, @pcusers</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="VETOFILES"/>veto files(S)</term> - <listitem><para>This is a list of files and directories that - are neither visible nor accessible. Each entry in the list must - be separated by a '/', which allows spaces to be included - in the entry. '*' and '?' can be used to specify multiple files - or directories as in DOS wildcards.</para> - - <para>Each entry must be a unix path, not a DOS path and - must <emphasis>not</emphasis> include the unix directory - separator '/'.</para> - - <para>Note that the <parameter>case sensitive</parameter> option - is applicable in vetoing files.</para> - - <para>One feature of the veto files parameter that it - is important to be aware of is Samba's behaviour when - trying to delete a directory. If a directory that is - to be deleted contains nothing but veto files this - deletion will <emphasis>fail</emphasis> unless you also set - the <parameter>delete veto files</parameter> parameter to - <parameter>yes</parameter>.</para> - - <para>Setting this parameter will affect the performance - of Samba, as it will be forced to check all files and directories - for a match as they are scanned.</para> - - <para>See also <link linkend="HIDEFILES"><parameter>hide files - </parameter></link> and <link linkend="CASESENSITIVE"><parameter> - case sensitive</parameter></link>.</para> - - <para>Default: <emphasis>No files or directories are vetoed. - </emphasis></para> - -<para>Examples:<programlisting> -; Veto any files containing the word Security, -; any ending in .tmp, and any directory containing the -; word root. -veto files = /*Security*/*.tmp/*root*/ - -; Veto the Apple specific files that a NetAtalk server -; creates. -veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ -</programlisting></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="VETOOPLOCKFILES"/>veto oplock files (S)</term> - <listitem><para>This parameter is only valid when the <link - linkend="OPLOCKS"><parameter>oplocks</parameter></link> - parameter is turned on for a share. It allows the Samba administrator - to selectively turn off the granting of oplocks on selected files that - match a wildcarded list, similar to the wildcarded list used in the - <link linkend="VETOFILES"><parameter>veto files</parameter></link> - parameter.</para> - - <para>Default: <emphasis>No files are vetoed for oplock - grants</emphasis></para> - - <para>You might want to do this on files that you know will - be heavily contended for by clients. A good example of this - is in the NetBench SMB benchmark program, which causes heavy - client contention for files ending in <filename>.SEM</filename>. - To cause Samba not to grant oplocks on these files you would use - the line (either in the [global] section or in the section for - the particular NetBench share :</para> - - <para>Example: <command>veto oplock files = /*.SEM/ - </command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="VFSPATH"/>vfs path (S)</term> - <listitem><para>This parameter specifies the directory - to look in for vfs modules. The name of every <command>vfs object - </command> will be prepended by this directory - </para> - - <para>Default: <command>vfs path = </command></para> - <para>Example: <command>vfs path = /usr/lib/samba/vfs</command></para> - - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="VFSOBJECT"/>vfs object (S)</term> - <listitem><para>This parameter specifies a shared object files that - are used for Samba VFS I/O operations. By default, normal - disk I/O operations are used but these can be overloaded - with one or more VFS objects. </para> - - <para>Default : <emphasis>no value</emphasis></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="VFSOPTIONS"/>vfs options (S)</term> - <listitem><para>This parameter allows parameters to be passed - to the vfs layer at initialization time. - See also <link linkend="VFSOBJECT"><parameter> - vfs object</parameter></link>.</para> - - <para>Default : <emphasis>no value</emphasis></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="VOLUME"/>volume (S)</term> - <listitem><para> This allows you to override the volume label - returned for a share. Useful for CDROMs with installation programs - that insist on a particular volume label.</para> - - <para>Default: <emphasis>the name of the share</emphasis></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="WIDELINKS"/>wide links (S)</term> - <listitem><para>This parameter controls whether or not links - in the UNIX file system may be followed by the server. Links - that point to areas within the directory tree exported by the - server are always allowed; this parameter controls access only - to areas that are outside the directory tree being exported.</para> - - <para>Note that setting this parameter can have a negative - effect on your server performance due to the extra system calls - that Samba has to do in order to perform the link checks.</para> - - <para>Default: <command>wide links = yes</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="WINBINDCACHETIME"/>winbind cache time (G)</term> - <listitem><para>This parameter specifies the number of - seconds the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon will cache - user and group information before querying a Windows NT server - again.</para> - - <para>Default: <command>winbind cache type = 15</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="WINBINDENUMUSERS"/>winbind enum users (G)</term> - <listitem><para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> it may be - necessary to suppress the enumeration of users through the <command>setpwent()</command>, - <command>getpwent()</command> and - <command>endpwent()</command> group of system calls. If - the <parameter>winbind enum users</parameter> parameter is - <constant>no</constant>, calls to the <command>getpwent</command> system call - will not return any data. </para> - - <para><emphasis>Warning:</emphasis> Turning off user - enumeration may cause some programs to behave oddly. For - example, the finger program relies on having access to the - full user list when searching for matching - usernames. </para> - - <para>Default: <command>winbind enum users = yes </command></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="WINBINDENUMGROUPS"/>winbind enum groups (G)</term> - <listitem><para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> it may be necessary to suppress - the enumeration of groups through the <command>setgrent()</command>, - <command>getgrent()</command> and - <command>endgrent()</command> group of system calls. If - the <parameter>winbind enum groups</parameter> parameter is - <constant>no</constant>, calls to the <command>getgrent()</command> system - call will not return any data. </para> - - <para><emphasis>Warning:</emphasis> Turning off group - enumeration may cause some programs to behave oddly. - </para> - - <para>Default: <command>winbind enum groups = yes </command> - </para></listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="WINBINDGID"/>winbind gid (G)</term> - <listitem><para>The winbind gid parameter specifies the range of group - ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. This range of group ids should have no - existing local or NIS groups within it as strange conflicts can - occur otherwise.</para> - - <para>Default: <command>winbind gid = <empty string> - </command></para> - - <para>Example: <command>winbind gid = 10000-20000</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="WINBINDSEPARATOR"/>winbind separator (G)</term> - <listitem><para>This parameter allows an admin to define the character - used when listing a username of the form of <replaceable>DOMAIN - </replaceable>\<replaceable>user</replaceable>. This parameter - is only applicable when using the <filename>pam_winbind.so</filename> - and <filename>nss_winbind.so</filename> modules for UNIX services. - </para> - - <para>Please note that setting this parameter to + causes problems - with group membership at least on glibc systems, as the character + - is used as a special character for NIS in /etc/group.</para> - - <para>Default: <command>winbind separator = '\'</command></para> - <para>Example: <command>winbind separator = +</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="WINBINDUID"/>winbind uid (G)</term> - <listitem><para>The winbind gid parameter specifies the range of group - ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. This range of ids should have no - existing local or NIS users within it as strange conflicts can - occur otherwise.</para> - - <para>Default: <command>winbind uid = <empty string> - </command></para> - - <para>Example: <command>winbind uid = 10000-20000</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="WINBINDUSEDEFAULTDOMAIN"/>winbind use default domain (G)</term> - <listitem><para>This parameter specifies whether the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon should operate on users - without domain component in their username. - Users without a domain component are treated as is part of the winbindd server's - own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail - function in a way much closer to the way they would in a native unix system.</para> - - <para>Default: <command>winbind use default domain = <no> - </command></para> - <para>Example: <command>winbind use default domain = yes</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="WINSHOOK"/>wins hook (G)</term> - <listitem><para>When Samba is running as a WINS server this - allows you to call an external program for all changes to the - WINS database. The primary use for this option is to allow the - dynamic update of external name resolution databases such as - dynamic DNS.</para> - - <para>The wins hook parameter specifies the name of a script - or executable that will be called as follows:</para> - - <para><command>wins_hook operation name nametype ttl IP_list - </command></para> - - <itemizedlist> - <listitem><para>The first argument is the operation and is one - of "add", "delete", or "refresh". In most cases the operation can - be ignored as the rest of the parameters provide sufficient - information. Note that "refresh" may sometimes be called when the - name has not previously been added, in that case it should be treated - as an add.</para></listitem> - - <listitem><para>The second argument is the NetBIOS name. If the - name is not a legal name then the wins hook is not called. - Legal names contain only letters, digits, hyphens, underscores - and periods.</para></listitem> - - <listitem><para>The third argument is the NetBIOS name - type as a 2 digit hexadecimal number. </para></listitem> - - <listitem><para>The fourth argument is the TTL (time to live) - for the name in seconds.</para></listitem> - - <listitem><para>The fifth and subsequent arguments are the IP - addresses currently registered for that name. If this list is - empty then the name should be deleted.</para></listitem> - </itemizedlist> - - <para>An example script that calls the BIND dynamic DNS update - program <command>nsupdate</command> is provided in the examples - directory of the Samba source code. </para> - </listitem> - </varlistentry> - - - - - - <varlistentry> - <term><anchor id="WINSPROXY"/>wins proxy (G)</term> - <listitem><para>This is a boolean that controls if <ulink - url="nmbd.8.html">nmbd(8)</ulink> will respond to broadcast name - queries on behalf of other hosts. You may need to set this - to <constant>yes</constant> for some older clients.</para> - - <para>Default: <command>wins proxy = no</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="WINSSERVER"/>wins server (G)</term> - <listitem><para>This specifies the IP address (or DNS name: IP - address for preference) of the WINS server that <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> should register with. If you have a WINS server on - your network then you should set this to the WINS server's IP.</para> - - <para>You should point this at your WINS server if you have a - multi-subnetted network.</para> - - <para>If you want to work in multiple namespaces, you can - give every wins server a 'tag'. For each tag, only one - (working) server will be queried for a name. The tag should be - seperated from the ip address by a colon. - </para> - - <note><para>You need to set up Samba to point - to a WINS server if you have multiple subnets and wish cross-subnet - browsing to work correctly.</para></note> - - - <para>See the documentation file <ulink url="improved-browsing.html">Browsing</ulink> in the samba howto collection.</para> - - <para>Default: <emphasis>not enabled</emphasis></para> - <para>Example: <command>wins server = mary:192.9.200.1 fred:192.168.3.199 mary:192.168.2.61</command></para> - <para>For this example when querying a certain name, 192.19.200.1 will - be asked first and if that doesn't respond 192.168.2.61. If either - of those doesn't know the name 192.168.3.199 will be queried. - </para> - - <para>Example: <command>wins server = 192.9.200.1 192.168.2.61</command></para> - - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="WINSSUPPORT"/>wins support (G)</term> - <listitem><para>This boolean controls if the <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> process in Samba will act as a WINS server. You should - not set this to <constant>yes</constant> unless you have a multi-subnetted network and - you wish a particular <command>nmbd</command> to be your WINS server. - Note that you should <emphasis>NEVER</emphasis> set this to <constant>yes</constant> - on more than one machine in your network.</para> - - <para>Default: <command>wins support = no</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="WORKGROUP"/>workgroup (G)</term> - <listitem><para>This controls what workgroup your server will - appear to be in when queried by clients. Note that this parameter - also controls the Domain name used with the <link - linkend="SECURITYEQUALSDOMAIN"><command>security = domain</command></link> - setting.</para> - - <para>Default: <emphasis>set at compile time to WORKGROUP</emphasis></para> - <para>Example: <command>workgroup = MYGROUP</command></para> - </listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="WRITABLE"/>writable (S)</term> - <listitem><para>Synonym for <link linkend="WRITEABLE"><parameter> - writeable</parameter></link> for people who can't spell :-).</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="WRITECACHESIZE"/>write cache size (S)</term> - <listitem><para>If this integer parameter is set to non-zero value, - Samba will create an in-memory cache for each oplocked file - (it does <emphasis>not</emphasis> do this for - non-oplocked files). All writes that the client does not request - to be flushed directly to disk will be stored in this cache if possible. - The cache is flushed onto disk when a write comes in whose offset - would not fit into the cache or when the file is closed by the client. - Reads for the file are also served from this cache if the data is stored - within it.</para> - - <para>This cache allows Samba to batch client writes into a more - efficient write size for RAID disks (i.e. writes may be tuned to - be the RAID stripe size) and can improve performance on systems - where the disk subsystem is a bottleneck but there is free - memory for userspace programs.</para> - - <para>The integer parameter specifies the size of this cache - (per oplocked file) in bytes.</para> - - <para>Default: <command>write cache size = 0</command></para> - <para>Example: <command>write cache size = 262144</command></para> - - <para>for a 256k cache size per file.</para> - </listitem> - </varlistentry> - - - - - - <varlistentry> - <term><anchor id="WRITELIST"/>write list (S)</term> - <listitem><para>This is a list of users that are given read-write - access to a service. If the connecting user is in this list then - they will be given write access, no matter what the <link - linkend="READONLY"><parameter>read only</parameter></link> - option is set to. The list can include group names using the - @group syntax.</para> - - <para>Note that if a user is in both the read list and the - write list then they will be given write access.</para> - - <para>See also the <link linkend="READLIST"><parameter>read list - </parameter></link> option.</para> - - <para>Default: <command>write list = <empty string> - </command></para> - - <para>Example: <command>write list = admin, root, @staff - </command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="WINSPARTNERS"/>wins partners (G)</term> - <listitem><para>A space separated list of partners' IP addresses for - WINS replication. WINS partners are always defined as push/pull - partners as defining only one way WINS replication is unreliable. - WINS replication is currently experimental and unreliable between - samba servers. - </para> - - <para>Default: <command>wins partners = </command></para> - - <para>Example: <command>wins partners = 192.168.0.1 172.16.1.2</command></para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="WRITEOK"/>write ok (S)</term> - <listitem><para>Inverted synonym for <link linkend="READONLY"><parameter> - read only</parameter></link>.</para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="WRITERAW"/>write raw (G)</term> - <listitem><para>This parameter controls whether or not the server - will support raw write SMB's when transferring data from clients. - You should never need to change this parameter.</para> - - <para>Default: <command>write raw = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> - <term><anchor id="WRITEABLE"/>writeable (S)</term> - <listitem><para>Inverted synonym for <link linkend="READONLY"><parameter> - read only</parameter></link>.</para> - </listitem> - </varlistentry> - - - </variablelist> - -</refsect1> - -<refsect1> - <title>WARNINGS</title> - - <para>Although the configuration file permits service names - to contain spaces, your client software may not. Spaces will - be ignored in comparisons anyway, so it shouldn't be a - problem - but be aware of the possibility.</para> - - <para>On a similar note, many clients - especially DOS clients - - limit service names to eight characters. <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has no such limitation, but attempts to connect from such - clients will fail if they truncate the service names. For this reason - you should probably keep your service names down to eight characters - in length.</para> - - <para>Use of the [homes] and [printers] special sections make life - for an administrator easy, but the various combinations of default - attributes can be tricky. Take extreme care when designing these - sections. In particular, ensure that the permissions on spool - directories are correct.</para> -</refsect1> - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3.0 of the Samba suite.</para> -</refsect1> - -<refsect1> - <title>SEE ALSO</title> - <para> - <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmblookup</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>.</para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - - <para>The original Samba man pages were written by Karl Auer. - The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> - ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 - release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> -</refsect1> - -</refentry> diff --git a/docs/docbook/manpages/smbcacls.1.sgml b/docs/docbook/manpages/smbcacls.1.xml index 445566c5bd..ab4fe517eb 100644 --- a/docs/docbook/manpages/smbcacls.1.sgml +++ b/docs/docbook/manpages/smbcacls.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="smbcacls.1"> diff --git a/docs/docbook/manpages/smbclient.1.sgml b/docs/docbook/manpages/smbclient.1.xml index cd513398b9..8e52e878dd 100644 --- a/docs/docbook/manpages/smbclient.1.sgml +++ b/docs/docbook/manpages/smbclient.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="smbclient.1"> diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.xml index c118a7b194..a0fda2b315 100644 --- a/docs/docbook/manpages/smbcontrol.1.sgml +++ b/docs/docbook/manpages/smbcontrol.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="smbcontrol.1"> diff --git a/docs/docbook/manpages/smbcquotas.1.sgml b/docs/docbook/manpages/smbcquotas.1.xml index a69312f9d7..90166beaf1 100644 --- a/docs/docbook/manpages/smbcquotas.1.sgml +++ b/docs/docbook/manpages/smbcquotas.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="smbcquotas.1"> @@ -144,6 +147,7 @@ <para><userinput> FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT </userinput></para> +</refsect1> <refsect1> <title>EXIT STATUS</title> diff --git a/docs/docbook/manpages/smbd.8.sgml b/docs/docbook/manpages/smbd.8.xml index b31d919a12..0566c67fcb 100644 --- a/docs/docbook/manpages/smbd.8.sgml +++ b/docs/docbook/manpages/smbd.8.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="smbd.8"> diff --git a/docs/docbook/manpages/smbmnt.8.sgml b/docs/docbook/manpages/smbmnt.8.xml index 8c07ed2eb4..86596f3ded 100644 --- a/docs/docbook/manpages/smbmnt.8.sgml +++ b/docs/docbook/manpages/smbmnt.8.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="smbmnt.8"> diff --git a/docs/docbook/manpages/smbmount.8.sgml b/docs/docbook/manpages/smbmount.8.xml index 12f64c7354..356b4f8f61 100644 --- a/docs/docbook/manpages/smbmount.8.sgml +++ b/docs/docbook/manpages/smbmount.8.xml @@ -1,4 +1,9 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; +]> <refentry id="smbmount.8"> <refmeta> diff --git a/docs/docbook/manpages/smbpasswd.5.sgml b/docs/docbook/manpages/smbpasswd.5.xml index f78e986bef..c3bd654564 100644 --- a/docs/docbook/manpages/smbpasswd.5.sgml +++ b/docs/docbook/manpages/smbpasswd.5.xml @@ -1,4 +1,9 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; +]> <refentry id="smbpasswd.5"> <refmeta> diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.xml index 5d475cf08c..37f617e46a 100644 --- a/docs/docbook/manpages/smbpasswd.8.sgml +++ b/docs/docbook/manpages/smbpasswd.8.xml @@ -1,4 +1,9 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; +]> <refentry id="smbpasswd.8"> <refmeta> diff --git a/docs/docbook/manpages/smbsh.1.sgml b/docs/docbook/manpages/smbsh.1.xml index f51b5eb34f..1bd29917b9 100644 --- a/docs/docbook/manpages/smbsh.1.sgml +++ b/docs/docbook/manpages/smbsh.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="smbsh.1"> diff --git a/docs/docbook/manpages/smbspool.8.sgml b/docs/docbook/manpages/smbspool.8.xml index dabdcced01..340c7ffff2 100644 --- a/docs/docbook/manpages/smbspool.8.sgml +++ b/docs/docbook/manpages/smbspool.8.xml @@ -1,4 +1,9 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; +]> <refentry id="smbspool.8"> <refmeta> diff --git a/docs/docbook/manpages/smbstatus.1.sgml b/docs/docbook/manpages/smbstatus.1.xml index 98f7e864f6..657175bf48 100644 --- a/docs/docbook/manpages/smbstatus.1.sgml +++ b/docs/docbook/manpages/smbstatus.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="smbstatus.1"> diff --git a/docs/docbook/manpages/smbtar.1.sgml b/docs/docbook/manpages/smbtar.1.xml index 0492a3a574..40c915f1f6 100644 --- a/docs/docbook/manpages/smbtar.1.sgml +++ b/docs/docbook/manpages/smbtar.1.xml @@ -1,4 +1,9 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; +]> <refentry id="smbtar.1"> <refmeta> diff --git a/docs/docbook/manpages/smbtree.1.sgml b/docs/docbook/manpages/smbtree.1.xml index 3677695d5a..05f0256b87 100644 --- a/docs/docbook/manpages/smbtree.1.sgml +++ b/docs/docbook/manpages/smbtree.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="smbtree.1"> diff --git a/docs/docbook/manpages/smbumount.8.sgml b/docs/docbook/manpages/smbumount.8.xml index 089ede79ea..665ffdceb3 100644 --- a/docs/docbook/manpages/smbumount.8.sgml +++ b/docs/docbook/manpages/smbumount.8.xml @@ -1,4 +1,9 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; +]> <refentry id="smbumount.8"> <refmeta> diff --git a/docs/docbook/manpages/swat.8.sgml b/docs/docbook/manpages/swat.8.xml index 72b3cd65c8..ad6829c3a6 100644 --- a/docs/docbook/manpages/swat.8.sgml +++ b/docs/docbook/manpages/swat.8.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="swat.8"> diff --git a/docs/docbook/manpages/tdbbackup.8.sgml b/docs/docbook/manpages/tdbbackup.8.xml index 9b885e0af7..c8c5b7e33d 100644 --- a/docs/docbook/manpages/tdbbackup.8.sgml +++ b/docs/docbook/manpages/tdbbackup.8.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="tdbbackup.8"> diff --git a/docs/docbook/manpages/testparm.1.sgml b/docs/docbook/manpages/testparm.1.xml index 31a9549416..085a645a88 100644 --- a/docs/docbook/manpages/testparm.1.sgml +++ b/docs/docbook/manpages/testparm.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="testparm.1"> diff --git a/docs/docbook/manpages/testprns.1.sgml b/docs/docbook/manpages/testprns.1.xml index 3ff1d85055..2afeba22d3 100644 --- a/docs/docbook/manpages/testprns.1.sgml +++ b/docs/docbook/manpages/testprns.1.xml @@ -1,4 +1,9 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; +]> <refentry id="testprns.1"> <refmeta> diff --git a/docs/docbook/manpages/vfstest.1.sgml b/docs/docbook/manpages/vfstest.1.xml index 8be9271679..baf45fb0e4 100644 --- a/docs/docbook/manpages/vfstest.1.sgml +++ b/docs/docbook/manpages/vfstest.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="vfstest.1"> diff --git a/docs/docbook/manpages/wbinfo.1.sgml b/docs/docbook/manpages/wbinfo.1.xml index 2e9a811bcb..f9bd247997 100644 --- a/docs/docbook/manpages/wbinfo.1.sgml +++ b/docs/docbook/manpages/wbinfo.1.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="wbinfo.1"> diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.xml index e0489c43c4..f19b7b8242 100644 --- a/docs/docbook/manpages/winbindd.8.sgml +++ b/docs/docbook/manpages/winbindd.8.xml @@ -1,5 +1,8 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; +<?xml version="1.0" encoding="iso8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + +<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; ]> <refentry id="winbindd.8"> |