diff options
author | Jeremy Allison <jra@samba.org> | 1998-11-06 02:48:11 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-11-06 02:48:11 +0000 |
commit | 675e92301c5786ecaea29025598c76c5d7967c8b (patch) | |
tree | 09ffc5868addbaebcd788b9ea3b3308cc4354663 | |
parent | ff63eca1b14f5aa95ee200fe58f88a745666b652 (diff) | |
download | samba-675e92301c5786ecaea29025598c76c5d7967c8b.tar.gz samba-675e92301c5786ecaea29025598c76c5d7967c8b.tar.bz2 samba-675e92301c5786ecaea29025598c76c5d7967c8b.zip |
More updates...
Jeremy.
(This used to be commit 222829885cba9ccb8af0e9df232fd5d614cec1ad)
-rw-r--r-- | docs/yodldocs/smb.conf.5.yo | 837 |
1 files changed, 487 insertions, 350 deletions
diff --git a/docs/yodldocs/smb.conf.5.yo b/docs/yodldocs/smb.conf.5.yo index f920dbe528..f75ae808a1 100644 --- a/docs/yodldocs/smb.conf.5.yo +++ b/docs/yodldocs/smb.conf.5.yo @@ -298,75 +298,75 @@ be relevant. These are: startit() label(percentS) -dit(bf(%S)) = the name of the current service, if any. +it() bf(%S) = the name of the current service, if any. label(percentP) -dit(bf(%P)) = the root directory of the current service, if any. +it() bf(%P) = the root directory of the current service, if any. label(percentu) -dit(bf(%u)) = user name of the current service, if any. +it() bf(%u) = user name of the current service, if any. label(percentg) -dit(bf(%g)) = primary group name of link(bf(%u))(percentu). +it() bf(%g) = primary group name of link(bf(%u))(percentu). label(percentU) -dit(bf(%U)) = session user name (the user name that +it() bf(%U) = session user name (the user name that the client wanted, not necessarily the same as the one they got). label(percentG) -dit(bf(%G)) = primary group name of link(bf(%U))(percentU). +it() bf(%G) = primary group name of link(bf(%U))(percentU). label(percentH) -dit(bf(%H)) = the home directory of the user given by link(bf(%u))(percentu). +it() bf(%H) = the home directory of the user given by link(bf(%u))(percentu). label(percentv) -dit(bf(%v)) = the Samba version. +it() bf(%v) = the Samba version. label(percenth) -dit(bf(%h)) = the internet hostname that Samba is running on. +it() bf(%h) = the internet hostname that Samba is running on. label(percentm) -dit(bf(%m)) = the netbios name of the client machine (very useful). +it() bf(%m) = the netbios name of the client machine (very useful). label(percentL) -%L = the netbios name of the server. This allows you to change your +it() bf(%L) = the netbios name of the server. This allows you to change your config based on what the client calls you. Your server can have a "dual personality". label(percentM) -dit(bf(%M)) = the internet name of the client machine. +it() bf(%M) = the internet name of the client machine. label(percentN) -dit(bf(%N)) = the name of your NIS home directory server. This is +it() bf(%N) = the name of your NIS home directory server. This is obtained from your NIS auto.map entry. If you have not compiled Samba with the bf(--with-automount) option then this value will be the same as link(bf(%L))(percentL). label(percentp) -dit(bf(%p)) = the path of the service's home directory, obtained from your NIS +it() bf(%p) = the path of the service's home directory, obtained from your NIS auto.map entry. The NIS auto.map entry is split up as "%N:%p". label(percentR) -dit(bf(%R)) = the selected protocol level after protocol +it() bf(%R) = the selected protocol level after protocol negotiation. It can be one of CORE, COREPLUS, LANMAN1, LANMAN2 or NT1. label(percentd) -dit(bf(%d) = The process id of the current server process. +it() bf(%d) = The process id of the current server process. label(percenta) -dit(bf(%a)) = the architecture of the remote machine. Only some are recognised, +it() bf(%a) = the architecture of the remote machine. Only some are recognised, and those may not be 100% reliable. It currently recognises Samba, WfWg, WinNT and Win95. Anything else will be known as "UNKNOWN". If it gets it wrong then sending a level 3 log to email(samba-bugs@samba.anu.edu.au) should allow it to be fixed. label(percentI) -dit(bf(%I)) = The IP address of the client machine. +it() bf(%I) = The IP address of the client machine. label(percentT) -dit(bf(%T)) = the current date and time. +it() bf(%T) = the current date and time. -enddit() +endit() There are some quite creative things that can be done with these substitutions and other smb.conf options. @@ -387,610 +387,747 @@ globally, of course). The options are: -"mangle case = yes/no" controls if names that have characters that +label(manglecaseoption) +bf("mangle case = yes/no") controls if names that have characters that aren't of the "default" case are mangled. For example, if this is yes -then a name like "Mail" would be mangled. Default no. +then a name like tt("Mail") would be mangled. Default em(no). -"case sensitive = yes/no" controls whether filenames are case +label(casesensitiveoption) +bf("case sensitive = yes/no") controls whether filenames are case sensitive. If they aren't then Samba must do a filename search and -match on passed names. Default no. +match on passed names. Default em(no). -"default case = upper/lower" controls what the default case is for new -filenames. Default lower. +label(defaultcaseoption) +bf("default case = upper/lower") controls what the default case is for new +filenames. Default em(lower). -"preserve case = yes/no" controls if new files are created with the -case that the client passes, or if they are forced to be the "default" -case. Default no. +label(preservecaseoption) +bf("preserve case = yes/no") controls if new files are created with the +case that the client passes, or if they are forced to be the tt("default") +case. Default em(Yes). -"short preserve case = yes/no" controls if new files which conform to 8.3 -syntax, that is all in upper case and of suitable length, are created -upper case, or if they are forced to be the "default" case. This option can -be use with "preserve case = yes" to permit long filenames to retain their -case, while short names are lowered. Default no. +label(shortpreservecaseoption) -.SS COMPLETE LIST OF GLOBAL PARAMETERS +bf("short preserve case = yes/no") controls if new files which conform +to 8.3 syntax, that is all in upper case and of suitable length, are +created upper case, or if they are forced to be the tt("default") +case. This option can be use with link(bf("preserve case = +yes"))(preservecaseoption) to permit long filenames to retain their +case, while short names are lowered. Default em(Yes). + +label(COMPLETELISTOFGLOBALPARAMETERS) +manpagesection(COMPLETE LIST OF GLOBAL PARAMETERS) Here is a list of all global parameters. See the section of each parameter for details. Note that some are synonyms. -announce as +startit() + +it() link(bf(announce as))(announceas) + +it() link(bf(announce version))(announceversion) + +it() link(bf(auto services))(autoservices) + +it() link(bf(bind interfaces only))(bindinterfacesonly) + +it() link(bf(browse list))(browselist) + +it() link(bf(change notify timeout))(changenotifytimeout) + +it() link(bf(character set))(characterset) + +it() link(bf(client code page))(clientcodepage) + +it() link(bf(coding system))(codingsystem) + +it() link(bf(config file))(configfile) + +it() link(bf(deadtime))(deadtime) + +it() link(bf(debug timestamp))(debugtimestamp) + +it() link(bf(debuglevel))(debuglevel) + +it() link(bf(default))(default) + +it() link(bf(default service))(defaultservice) + +it() link(bf(dfree command))(dfreecommand) + +it() link(bf(dns proxy))(dns proxy) + +it() link(bf(domain admin group))(domainadmingroup) + +it() link(bf(domain admin users))(domainadminusers) + +it() link(bf(domain controller))(domaincontroller) + +it() link(bf(domain groups))(domaingroups) + +it() link(bf(domain guest group))(domainguestgroup) + +it() link(bf(domain guest users))(domainguestusers) + +it() link(bf(domain logons))(domainlogons) + +it() link(bf(domain master))(domainmaster) -announce version +it() link(bf(domain sid))(domainsid) -auto services +it() link(bf(encrypt passwords))(encryptpasswords) -bind interfaces only +it() link(bf(getwd cache))(getwdcache) -browse list +it() link(bf(homedir map))(homedirmap) -character set +it() link(bf(hosts equiv))(hostsequiv) -client code page +it() link(bf(interfaces))(interfaces) -config file +it() link(bf(keepalive))(keepalive) -deadtime +it() link(bf(kernel oplocks))(kerneloplocks) -debuglevel +it() link(bf(ldap filter))(ldapfilter) -default +it() link(bf(ldap port))(ldapport) -default service +it() link(bf(ldap root))(ldaproot) -dfree command +it() link(bf(ldap root passwd))(ldaprootpasswd) -dns proxy +it() link(bf(ldap server))(ldapserver) -domain controller +it() link(bf(ldap suffix))(ldapsuffix) -domain logons +it() link(bf(lm announce))(lmannounce) -domain master +it() link(bf(lm interval))(lminterval) -encrypt passwords +it() link(bf(load printers))(loadprinters) -getwd cache +it() link(bf(local master))(localmaster) -hide files +it() link(bf(lock dir))(lockdir) -hide dot files +it() link(bf(lock directory))(lockdirectory) -homedir map +it() link(bf(log file))(logfile) -hosts equiv +it() link(bf(log level))(loglevel) -include +it() link(bf(logon drive))(logondrive) -interfaces +it() link(bf(logon home))(logonhome) -keepalive +it() link(bf(logon path))(logonpath) -lm announce +it() link(bf(logon script))(logonscript) -lm interval +it() link(bf(lpq cache time))(lpqcachetime) -lock dir +it() link(bf(machine password timeout))(machinepasswordtimeout) -load printers +it() link(bf(mangled stack))(mangledstack) -local master +it() link(bf(max disk size))(maxdisksize) -lock directory +it() link(bf(max log size))(maxlogsize) -log file +it() link(bf(max mux))(maxmux) -log level +it() link(bf(max open files))(maxopenfiles) -logon drive +it() link(bf(max packet))(maxpacket) -logon home +it() link(bf(max ttl))(maxttl) -logon path +it() link(bf(max wins ttl))(maxwinsttl) -logon script +it() link(bf(max xmit))(maxxmit) -lpq cache time +it() link(bf(message command))(messagecommand) -mangled stack +it() link(bf(min wins ttl))(minwinsttl) -max log size +it() link(bf(name resolve order))(nameresolveorder) -max mux +it() link(bf(netbios aliases))(netbiosaliases) -max packet +it() link(bf(netbios name))(netbiosname) -max ttl +it() link(bf(networkstation user login))(networkstationuserlogin) -max xmit +it() link(bf(NIS homedir))(NIShomedir) -max wins ttl +it() link(bf(nt pipe support))(ntpipesupport) -message command +it() link(bf(nt smb support))(ntsmbsupport) -min wins ttl +it() link(bf(null passwords))(nullpasswords) -name resolve order +it() link(bf(ole locking compatibility))(olelockingcompatibility) -netbios aliases +it() link(bf(os level))(oslevel) -netbios name +it() link(bf(packet size))(packetsize) -networkstation user login +it() link(bf(panic action))(panicaction) -nis homedir +it() link(bf(passwd chat))(passwdchat) -null passwords +it() link(bf(passwd chat debug))(passwdchatdebug) -ole locking compatibility +it() link(bf(passwd program))(passwdprogram) -os level +it() link(bf(password level))(passwordlevel) -packet size +it() link(bf(password server))(passwordserver) -passwd chat +it() link(bf(prefered master))(preferedmaster) -passwd chat debug +it() link(bf(preferred master))(preferredmaster) -passwd program +it() link(bf(preload))(preload) -password level +it() link(bf(printcap))(printcap) -password server +it() link(bf(printcap name))(printcapname) -preferred master +it() link(bf(printer driver file))(printerdriverfile) -preload +it() link(bf(protocol))(protocol) -printcap name +it() link(bf(read bmpx))(readbmpx) -printer driver file +it() link(bf(read prediction))(readprediction) -protocol +it() link(bf(read raw))(readraw) -read bmpx +it() link(bf(read size))(readsize) -read prediction +it() link(bf(remote announce))(remoteannounce) -read raw +it() link(bf(remote browse sync))(remotebrowsesync) -read size +it() link(bf(root))(root) -remote announce +it() link(bf(root dir))(rootdir) -remote browse sync +it() link(bf(root directory))(rootdirectory) -root +it() link(bf(security))(security) -root dir +it() link(bf(server string))(serverstring) -root directory +it() link(bf(shared mem size))(sharedmemsize) -security +it() link(bf(smb passwd file))(smbpasswdfile) -server string +it() link(bf(smbrun))(smbrun) -shared file entries +it() link(bf(socket address))(socketaddress) -shared mem size +it() link(bf(socket options))(socketoptions) -smb passwd file +it() link(bf(ssl))(ssl) -smbrun +it() link(bf(ssl CA certDir))(sslCAcertDir) -socket address +it() link(bf(ssl CA certFile))(sslCAcertFile) -socket options +it() link(bf(ssl ciphers))(sslciphers) -status +it() link(bf(ssl client cert))(sslclientcert) -strip dot +it() link(bf(ssl client key))(sslclientkey) -syslog +it() link(bf(ssl compatibility))(sslcompatibility) -syslog only +it() link(bf(ssl hosts))(sslhosts) -time offset +it() link(bf(ssl hosts resign))(sslhostsresign) -time server +it() link(bf(ssl require clientcert))(sslrequireclientcert) -unix password sync +it() link(bf(ssl require servercert))(sslrequireservercert) -unix realname +it() link(bf(ssl server cert))(sslservercert) -update encrypted +it() link(bf(ssl server key))(sslserverkey) -username level +it() link(bf(ssl version))(sslversion) -username map +it() link(bf(stat cache))(statcache) -use rhosts +it() link(bf(stat cache size))(statcachesize) -valid chars +it() link(bf(strip dot))(stripdot) -wins proxy +it() link(bf(syslog))(syslog) -wins server +it() link(bf(syslog only))(syslogonly) -wins support +it() link(bf(time offset))(timeoffset) -workgroup +it() link(bf(time server))(timeserver) -write raw +it() link(bf(timestamp logs))(timestamplogs) -.SS COMPLETE LIST OF SERVICE PARAMETERS +it() link(bf(unix password sync))(unixpasswordsync) + +it() link(bf(unix realname))(unixrealname) + +it() link(bf(update encrypted))(updateencrypted) + +it() link(bf(use rhosts))(userhosts) + +it() link(bf(username level))(usernamelevel) + +it() link(bf(username map))(usernamemap) + +it() link(bf(valid chars))(validchars) + +it() link(bf(wins proxy))(winsproxy) + +it() link(bf(wins server))(winsserver) + +it() link(bf(wins support))(winssupport) + +it() link(bf(workgroup))(workgroup) + +it() link(bf(write raw))(writeraw) + +endit() + +label(COMPLETELISTOFSERVICEPARAMETERS) +manpagesection(COMPLETE LIST OF SERVICE PARAMETERS) Here is a list of all service parameters. See the section of each parameter for details. Note that some are synonyms. -admin users +startit() -allow hosts +it() link(bf(admin users))(adminusers) -alternate permissions +it() link(bf(allow hosts))(allowhosts) -available +it() link(bf(alternate permissions))(alternatepermissions) -browseable +it() link(bf(available))(available) -case sensitive +it() link(bf(blocking locks))(blockinglocks) -case sig names +it() link(bf(browsable))(browsable) -copy +it() link(bf(browseable))(browseable) -create mask +it() link(bf(case sensitive))(casesensitive) -create mode +it() link(bf(casesignames))(casesignames) -comment +it() link(bf(comment))(comment) -default case +it() link(bf(copy))(copy) -delete readonly +it() link(bf(create mask))(createmask) -delete veto files +it() link(bf(create mode))(createmode) -deny hosts +it() link(bf(default case))(defaultcase) -directory +it() link(bf(delete readonly))(deletereadonly) -directory mask +it() link(bf(delete veto files))(deletevetofiles) -directory mode +it() link(bf(deny hosts))(denyhosts) -dont descend +it() link(bf(directory))(directory) -dos filetimes +it() link(bf(directory mask))(directorymask) -dos filetime resolution +it() link(bf(directory mode))(directorymode) -exec +it() link(bf(dont descend))(dontdescend) -fake directory create times +it() link(bf(dos filetime resolution))(dosfiletimeresolution) -fake oplocks +it() link(bf(dos filetimes))(dosfiletimes) -follow symlinks +it() link(bf(exec))(exec) -force create mode +it() link(bf(fake directory create times))(fakedirectorycreatetimes) -force directory mode +it() link(bf(fake oplocks))(fakeoplocks) -force group +it() link(bf(follow symlinks))(followsymlinks) -force user +it() link(bf(force create mode))(forcecreatemode) -guest account +it() link(bf(force directory mode))(forcedirectorymode) -guest ok +it() link(bf(force group))(forcegroup) -guest only +it() link(bf(force user))(forceuser) -hide dot files +it() link(bf(fstype))(fstype) -hosts allow +it() link(bf(group))(group) -hosts deny +it() link(bf(guest account))(guestaccount) -invalid users +it() link(bf(guest ok))(guestok) -locking +it() link(bf(guest only))(guestonly) -lppause command +it() link(bf(hide dot files))(hidedotfiles) -lpq command +it() link(bf(hide files))(hidefiles) -lpresume command +it() link(bf(hosts allow))(hostsallow) -lprm command +it() link(bf(hosts deny))(hostsdeny) -magic output +it() link(bf(include))(include) -magic script +it() link(bf(invalid users))(invalidusers) -mangle case +it() link(bf(locking))(locking) -mangled names +it() link(bf(lppause command))(lppausecommand) -mangling char +it() link(bf(lpq command))(lpqcommand) -map archive +it() link(bf(lpresume command))(lpresumecommand) -map hidden +it() link(bf(lprm command))(lprmcommand) -map system +it() link(bf(magic output))(magicoutput) -max connections +it() link(bf(magic script))(magicscript) -min print space +it() link(bf(mangle case))(manglecase) -only guest +it() link(bf(mangled map))(mangledmap) -only user +it() link(bf(mangled names))(manglednames) -oplocks +it() link(bf(mangling char))(manglingchar) -path +it() link(bf(map archive))(maparchive) -postexec +it() link(bf(map hidden))(maphidden) -postscript +it() link(bf(map system))(mapsystem) -preserve case +it() link(bf(max connections))(maxconnections) -print command +it() link(bf(min print space))(minprintspace) -printer driver +it() link(bf(only guest))(onlyguest) -printer driver location +it() link(bf(only user))(onlyuser) -printing +it() link(bf(oplocks))(oplocks) -print ok +it() link(bf(path))(path) -printable +it() link(bf(postexec))(postexec) -printer +it() link(bf(postscript))(postscript) -printer name +it() link(bf(preexec))(preexec) -public +it() link(bf(preserve case))(preservecase) -queuepause command +it() link(bf(print command))(printcommand) -queueresume command +it() link(bf(print ok))(printok) -read only +it() link(bf(printable))(printable) -read list +it() link(bf(printer))(printer) -revalidate +it() link(bf(printer driver))(printerdriver) -root postexec +it() link(bf(printer driver location))(printerdriverlocation) -root preexec +it() link(bf(printer name))(printername) -set directory +it() link(bf(printing))(printing) -share modes +it() link(bf(public))(public) -short preserve case +it() link(bf(queuepause command))(queuepausecommand) -strict locking +it() link(bf(queueresume command))(queueresumecommand) -strict sync +it() link(bf(read list))(readlist) -sync always +it() link(bf(read only))(readonly) -user +it() link(bf(revalidate))(revalidate) -username +it() link(bf(root postexec))(rootpostexec) -users +it() link(bf(root preexec))(rootpreexec) -valid users +it() link(bf(set directory))(setdirectory) -veto files +it() link(bf(share modes))(sharemodes) -veto oplock files +it() link(bf(short preserve case))(shortpreservecase) -volume +it() link(bf(status))(status) -wide links +it() link(bf(strict locking))(strictlocking) -writable +it() link(bf(strict sync))(strictsync) -write ok +it() link(bf(sync always))(syncalways) -writeable +it() link(bf(user))(user) -write list +it() link(bf(username))(username) -.SS EXPLANATION OF EACH PARAMETER -.RS 3 +it() link(bf(users))(users) -.SS admin users (S) +it() link(bf(valid users))(validusers) -This is a list of users who will be granted administrative privileges -on the share. This means that they will do all file operations as the -super-user (root). +it() link(bf(veto files))(vetofiles) -You should use this option very carefully, as any user in this list -will be able to do anything they like on the share, irrespective of -file permissions. +it() link(bf(veto oplock files))(vetooplockfiles) -.B Default: - no admin users +it() link(bf(volume))(volume) -.B Example: - admin users = jason +it() link(bf(wide links))(wide links) -.SS announce as (G) +it() link(bf(writable))(writable) -This specifies what type of server nmbd will announce itself as in -browse lists. By default this is set to Windows NT. The valid options -are "NT", "Win95" or "WfW" meaining Windows NT, Windows 95 and -Windows for Workgroups respectively. Do not change this parameter -unless you have a specific need to stop Samba appearing as an NT -server as this may prevent Samba servers from participating as -browser servers correctly. +it() link(bf(write list))(write list) -.B Default: - announce as = NT +it() link(bf(write ok))(write ok) -.B Example - announce as = Win95 +it() link(bf(writeable))(writeable) -.SS announce version (G) +endit() -This specifies the major and minor version numbers that nmbd -will use when announcing itself as a server. The default is 4.2. -Do not change this parameter unless you have a specific need to -set a Samba server to be a downlevel server. +label(EXPLANATIONOFEACHPARAMETER) +manpagesection(EXPLANATION OF EACH PARAMETER) -.B Default: - announce version = 4.2 +startdit() -.B Example: - announce version = 2.0 +label(adminusers) +dit(bf(admin users (S))) -.SS auto services (G) -This is a list of services that you want to be automatically added to -the browse lists. This is most useful for homes and printers services -that would otherwise not be visible. +This is a list of users who will be granted administrative privileges +on the share. This means that they will do all file operations as the +super-user (root). -Note that if you just want all printers in your printcap file loaded -then the "load printers" option is easier. +You should use this option very carefully, as any user in this list +will be able to do anything they like on the share, irrespective of +file permissions. -.B Default: - no auto services + bf(Default:) nl() + no admin users -.B Example: - auto services = fred lp colorlp + bf(Example:) nl() + admin users = jason -.SS allow hosts (S) -A synonym for this parameter is 'hosts allow'. +label(allow hosts) +dit(bf(allow hosts (S))) -This parameter is a comma delimited set of hosts which are permitted to access -a service. +A synonym for this parameter is link(bf('hosts allow'))(hostsallow) -If specified in the [global] section then it will apply to all -services, regardless of whether the individual service has a different -setting. +This parameter is a comma, space, or tab delimited set of hosts which +are permitted to access a service. + +If specified in the link(bf([global]))(global) section then it will +apply to all services, regardless of whether the individual service +has a different setting. You can specify the hosts by name or IP number. For example, you could -restrict access to only the hosts on a Class C subnet with something like -"allow hosts = 150.203.5.". The full syntax of the list is described in -the man page -.BR hosts_access (5). +restrict access to only the hosts on a Class C subnet with something +like tt("allow hosts = 150.203.5."). The full syntax of the list is +described in the man page bf(hosts_access (5)). Note that this man +page may not be present on your system, so a brief description will +be given here also. + +em(NOTE:) IF you wish to allow the url(bf(smbpasswd +(8)))(smbpasswd.html.8) program to be run by local users to change +their Samba passwords using the local url(bf(smbd (8)))(smbd.8.html) +daemon, then you em(MUST) ensure that the localhost is listed in your +bf(allow hosts) list, as url(bf(smbpasswd (8)))(smbpasswd.html.8) runs +in client-server mode and is seen by the local +url(bf(smbd))(smbd.8.html) process as just another client. You can also specify hosts by network/netmask pairs and by netgroup -names if your system supports netgroups. The EXCEPT keyword can also +names if your system supports netgroups. The em(EXCEPT) keyword can also be used to limit a wildcard list. The following examples may provide some help: -Example 1: allow all IPs in 150.203.*.* except one +bf(Example 1): allow localhost and all IPs in 150.203.*.* except one - hosts allow = 150.203. EXCEPT 150.203.6.66 +tt( hosts allow = localhost, 150.203. EXCEPT 150.203.6.66) -Example 2: allow hosts that match the given network/netmask +bf(Example 2): allow localhost and hosts that match the given network/netmask - hosts allow = 150.203.15.0/255.255.255.0 +tt( hosts allow = localhost, 150.203.15.0/255.255.255.0) -Example 3: allow a couple of hosts +bf(Example 3): allow a localhost plus a couple of hosts - hosts allow = lapland, arvidsjaur +tt( hosts allow = localhost, lapland, arvidsjaur) -Example 4: allow only hosts in netgroup "foonet" or localhost, but +bf(Example 4): allow only hosts in NIS netgroup "foonet" or localhost, but deny access from one particular host - hosts allow = @foonet, localhost - hosts deny = pirate +tt( hosts allow = @foonet, localhost) +tt( hosts deny = pirate) Note that access still requires suitable user-level passwords. -See -.BR testparm (1) -for a way of testing your host access to see if it -does what you expect. +See utl(bf(testparm (1)))(testparm.1.html) for a way of testing your +host access to see if it does what you expect. -.B Default: + bf(Default:) none (i.e., all hosts permitted access) -.B Example: - allow hosts = 150.203.5. myhost.mynet.edu.au + bf(Example:) + allow hosts = 150.203.5. localhost myhost.mynet.edu.au -.SS alternate permissions (S) +label(alternatepermissions) +dit(bf(alternate permissions (S))) -This option affects the way the "read only" DOS attribute is produced -for UNIX files. If this is false then the read only bit is set for -files on writeable shares which the user cannot write to. +This is a deprecated parameter. It no longer has any effect in Samba2.0. +In previous versions of Samba it affected the way the DOS "read only" +attribute was mapped for a file. In Samba2.0 a file is marked "read only" +if the UNIX file does not have the 'w' bit set for the owner of the file, +regardless if the owner of the file is the currently logged on user or not. -If this is true then it is set for files whos user write bit is not set. +label(announceas) +dit(bf(announce as (G))) -The latter behaviour is useful for when users copy files from each -others directories, and use a file manager that preserves -permissions. Without this option they may get annoyed as all copied -files will have the "read only" bit set. +This specifies what type of server url(bf(nmbd))(nmbd.8.html) will +announce itself as, to a network neighborhood browse list. By default +this is set to Windows NT. The valid options are : "NT", "Win95" or +"WfW" meaining Windows NT, Windows 95 and Windows for Workgroups +respectively. Do not change this parameter unless you have a specific +need to stop Samba appearing as an NT server as this may prevent Samba +servers from participating as browser servers correctly. -.B Default: - alternate permissions = no + bf(Default:) + announce as = NT -.B Example: - alternate permissions = yes + bf(Example) + announce as = Win95 -.SS available (S) -This parameter lets you 'turn off' a service. If 'available = no', then -ALL attempts to connect to the service will fail. Such failures are logged. +label(announceversion) +dit(bf(announce version (G))) -.B Default: +This specifies the major and minor version numbers that nmbd will use +when announcing itself as a server. The default is 4.2. Do not change +this parameter unless you have a specific need to set a Samba server +to be a downlevel server. + + bf(Default:) + announce version = 4.2 + + bf(Example:) + announce version = 2.0 + + +label(autoservices) +dit(bf(auto services (G))) + +This is a list of services that you want to be automatically added to +the browse lists. This is most useful for homes and printers services +that would otherwise not be visible. + +Note that if you just want all printers in your printcap file loaded +then the link(bf("load printers"))(loadprinters) option is easier. + + bf(Default:) + no auto services + + bf(Example:) + auto services = fred lp colorlp + +label(available) +dit(bf(available (S))) + +This parameter lets you em('turn off') a service. If tt('available = no'), +then em(ALL) attempts to connect to the service will fail. Such failures +are logged. + + bf(Default:) available = yes -.B Example: + bf(Example:) available = no -.SS bind interfaces only (G) -This global parameter (new for 1.9.18) allows the Samba admin to limit -what interfaces on a machine will serve smb requests. If affects file service -(smbd) and name service (nmbd) in slightly different ways. - -For name service it causes nmbd to bind to ports 137 and 138 on -the interfaces listed in the 'interfaces' parameter. nmbd also binds -to the 'all addresses' interface (0.0.0.0) on ports 137 and 138 -for the purposes of reading broadcast messages. If this option is -not set then nmbd will service name requests on all of these -sockets. If "bind interfaces only" is set then nmbd will check -the source address of any packets coming in on the broadcast -sockets and discard any that don't match the broadcast addresses -of the interfaces in the 'interfaces' parameter list. As unicast -packets are received on the other sockets it allows nmbd to -refuse to serve names to machines that send packets that arrive -through any interfaces not listed in the 'interfaces' list. -IP Source address spoofing does defeat this simple check, however -so it must not be used seriously as a security feature for nmbd. - -For file service it causes smbd to bind only to the interface -list given in the 'interfaces' parameter. This restricts the -networks that smbd will serve to packets coming in those interfaces. -Note that you should not use this parameter for machines that -are serving ppp or other intermittant or non-broadcast network +label(bindinterfacesonly) +dit(bf(bind interfaces only (G))) + +This global parameter allows the Samba admin to limit what interfaces +on a machine will serve smb requests. If affects file service +url(bf(smbd))(smbd.8.html) and name service url(bf(nmbd))(nmbd.8.html) +in slightly different ways. + +For name service it causes url(bf(nmbd))(nmbd.8.html) to bind to ports +137 and 138 on the interfaces listed in the +link(bf('interfaces'))(interfaces) parameter. nmbd also binds to the +'all addresses' interface (0.0.0.0) on ports 137 and 138 for the +purposes of reading broadcast messages. If this option is not set then +nmbd will service name requests on all of these sockets. If bf("bind +interfaces only") is set then nmbd will check the source address of +any packets coming in on the broadcast sockets and discard any that +don't match the broadcast addresses of the interfaces in the +link(bf('interfaces'))(interfaces) parameter list. As unicast packets +are received on the other sockets it allows nmbd to refuse to serve +names to machines that send packets that arrive through any interfaces +not listed in the 'interfaces' list. IP Source address spoofing does +defeat this simple check, however so it must not be used seriously as +a security feature for nmbd. + +For file service it causes smbd to bind only to the interface list +given in the link(bf('interfaces'))(interfaces) parameter. This +restricts the networks that smbd will serve to packets coming in those +interfaces. Note that you should not use this parameter for machines +that are serving PPP or other intermittant or non-broadcast network interfaces as it will not cope with non-permanent interfaces. -.B Default: +In addition, to change a users SMB password, the +url(bf(smbpasswd))(smbpasswd.8.html) by default connects to the +em("localhost" - 127.0.0.1) address as an SMB client to issue the +password change request. If bf("bind interfaces only") is set then +unless the network address em(127.0.0.1) is added to the +link(bf('interfaces'))(interfaces) parameter list then +url(bf(smbpasswd))(smbpasswd.8.html) will fail to connect in it's +default mode. url(bf(smbpasswd))(smbpasswd.8.html) can be forced to +use the primary IP interface of the local host by using its +url(bf("-r remote machine"))(smbpasswd.8.html#minusr) parameter, with +bf("remote machine") set to the IP name of the primary interface +of the local host. + + bf(Default:) bind interfaces only = False -.B Example: + bf(Example:) bind interfaces only = True -.SS browseable (S) +label(browseable) +dit(bf(browseable (S))) + This controls whether this share is seen in the list of available shares in a net view and in the browse list. -.B Default: + bf(Default:) browseable = Yes -.B Example: + bf(Example:) browseable = No + .SS browse list(G) This controls whether the smbd will serve a browse list to a client doing a NetServerEnum call. Normally set to true. You should never |