summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/yodldocs/DOMAIN_MEMBER.yo149
-rw-r--r--docs/yodldocs/NT_Security.yo292
-rw-r--r--docs/yodldocs/findsmb.1.yo100
-rw-r--r--docs/yodldocs/lmhosts.5.yo94
-rw-r--r--docs/yodldocs/make_smbcodepage.1.yo155
-rw-r--r--docs/yodldocs/nmbd.8.yo232
-rw-r--r--docs/yodldocs/nmblookup.1.yo167
-rw-r--r--docs/yodldocs/rpcclient.8.yo263
-rw-r--r--docs/yodldocs/samba.7.yo145
-rw-r--r--docs/yodldocs/smb.conf.5.yo7029
-rw-r--r--docs/yodldocs/smbcacls.1.yo208
-rw-r--r--docs/yodldocs/smbclient.1.yo767
-rw-r--r--docs/yodldocs/smbcontrol.1.yo112
-rw-r--r--docs/yodldocs/smbd.8.yo443
-rw-r--r--docs/yodldocs/smbpasswd.5.yo213
-rw-r--r--docs/yodldocs/smbpasswd.8.yo319
-rw-r--r--docs/yodldocs/smbrun.1.yo81
-rw-r--r--docs/yodldocs/smbsh.1.yo87
-rw-r--r--docs/yodldocs/smbspool.8.yo89
-rw-r--r--docs/yodldocs/smbstatus.1.yo85
-rw-r--r--docs/yodldocs/smbtar.1.yo140
-rw-r--r--docs/yodldocs/swat.8.yo162
-rw-r--r--docs/yodldocs/testparm.1.yo116
-rw-r--r--docs/yodldocs/testprns.1.yo98
-rw-r--r--docs/yodldocs/wbinfo.1.yo133
-rw-r--r--docs/yodldocs/winbindd.8.yo400
26 files changed, 0 insertions, 12079 deletions
diff --git a/docs/yodldocs/DOMAIN_MEMBER.yo b/docs/yodldocs/DOMAIN_MEMBER.yo
deleted file mode 100644
index e13a2f2a58..0000000000
--- a/docs/yodldocs/DOMAIN_MEMBER.yo
+++ /dev/null
@@ -1,149 +0,0 @@
-mailto(samba@samba.org)
-
-article(Joining an NT Domain with Samba 2.0)(Jeremy Allison, Samba Team)(7th October 1999)
-
-center(Joining an NT Domain with Samba 2.0)
-center(-----------------------------------)
-
-In order for a Samba-2 server to join an NT domain, you must first add
-the NetBIOS name of the Samba server to the NT domain on the PDC using
-Server Manager for Domains. This creates the machine account in the
-domain (PDC) SAM. Note that you should add the Samba server as a "Windows
-NT Workstation or Server", em(NOT) as a Primary or backup domain controller.
-
-Assume you have a Samba-2 server with a NetBIOS name of tt(SERV1) and are
-joining an NT domain called tt(DOM), which has a PDC with a NetBIOS name
-of tt(DOMPDC) and two backup domain controllers with NetBIOS names tt(DOMBDC1)
-and tt(DOMBDC2).
-
-In order to join the domain, first stop all Samba daemons and run the
-command
-
-tt(smbpasswd -j DOM -r DOMPDC)
-
-as we are joining the domain DOM and the PDC for that domain (the only
-machine that has write access to the domain SAM database) is DOMPDC. If this is
-successful you will see the message:
-
-tt(smbpasswd: Joined domain DOM.)
-
-in your terminal window. See the url(bf(smbpasswd))(smbpasswd.8.html)
-man page for more details.
-
-This command goes through the machine account password change
-protocol, then writes the new (random) machine account password for
-this Samba server into a file in the same directory in which an
-smbpasswd file would be stored - normally :
-
-tt(/usr/local/samba/private)
-
-The filename looks like this:
-
-tt(<NT DOMAIN NAME>.<Samba Server Name>.mac)
-
-The tt(.mac) suffix stands for machine account password file. So in
-our example above, the file would be called:
-
-tt(DOM.SERV1.mac)
-
-This file is created and owned by root and is not readable by any
-other user. It is the key to the domain-level security for your
-system, and should be treated as carefully as a shadow password file.
-
-Now, before restarting the Samba daemons you must edit your
-url(bf(smb.conf))(smb.conf.5.html) file to tell Samba it should now
-use domain security.
-
-Change (or add) your
-
-url(bf("security ="))(smb.conf.5.html#security)
-
-line in the url(bf([global]))(smb.conf.5.html#global) section of your
-url(bf(smb.conf))(smb.conf.5.html) to read:
-
-tt(security = domain)
-
-Next change the
-
-url(bf("workgroup ="))(smb.conf.5.html#workgroup)
-
-line in the url(bf([global]))(smb.conf.5.html#global) section to read:
-
-tt(workgroup = DOM)
-
-as this is the name of the domain we are joining.
-
-You must also have the parameter url(bf("encrypt passwords"))(smb.conf.5.html#encryptpasswords)
-set to tt("yes") in order for your users to authenticate to the
-NT PDC.
-
-Finally, add (or modify) a:
-
-url(bf("password server ="))(smb.conf.5.html#passwordserver)
-
-line in the url(bf([global]))(smb.conf.5.html#global) section to read:
-
-tt(password server = DOMPDC DOMBDC1 DOMBDC2)
-
-These are the primary and backup domain controllers Samba will attempt
-to contact in order to authenticate users. Samba will try to contact
-each of these servers in order, so you may want to rearrange this list
-in order to spread out the authentication load among domain
-controllers.
-
-Alternatively, if you want smbd to automatically determine the
-list of Domain controllers to use for authentication, you may set this line to be :
-
-tt(password server = *)
-
-This method, which is new in Samba 2.0.6 and above, allows Samba
-to use exactly the same mechanism that NT does. This method either broadcasts or
-uses a WINS database in order to find domain controllers to
-authenticate against.
-
-Finally, restart your Samba daemons and get ready for clients to begin
-using domain security!
-
-
-center(Why is this better than security = server?)
-center(------------------------------------------)
-
-Currently, domain security in Samba doesn't free you from having to
-create local Unix users to represent the users attaching to your
-server. This means that if domain user tt(DOM\fred) attaches to your
-domain security Samba server, there needs to be a local Unix user fred
-to represent that user in the Unix filesystem. This is very similar to
-the older Samba security mode url(bf("security=server"))(smb.conf.5.html#securityequalserver), where Samba would pass
-through the authentication request to a Windows NT server in the same
-way as a Windows 95 or Windows 98 server would.
-
-The advantage to domain-level security is that the authentication in
-domain-level security is passed down the authenticated RPC channel in
-exactly the same way that an NT server would do it. This means Samba
-servers now participate in domain trust relationships in exactly the
-same way NT servers do (i.e., you can add Samba servers into a
-resource domain and have the authentication passed on from a resource
-domain PDC to an account domain PDC.
-
-In addition, with url(bf("security=server"))(smb.conf.5.html#securityequalserver) every Samba daemon on a
-server has to keep a connection open to the authenticating server for
-as long as that daemon lasts. This can drain the connection resources
-on a Microsoft NT server and cause it to run out of available
-connections. With url(bf("security =domain"))(smb.conf.5.html#securityequaldomain), however, the Samba
-daemons connect to the PDC/BDC only for as long as is necessary to
-authenticate the user, and then drop the connection, thus conserving
-PDC connection resources.
-
-And finally, acting in the same manner as an NT server authenticating
-to a PDC means that as part of the authentication reply, the Samba
-server gets the user identification information such as the user SID,
-the list of NT groups the user belongs to, etc. All this information
-will allow Samba to be extended in the future into a mode the
-developers currently call appliance mode. In this mode, no local Unix
-users will be necessary, and Samba will generate Unix uids and gids
-from the information passed back from the PDC when a user is
-authenticated, making a Samba server truly plug and play in an NT
-domain environment. Watch for this code soon.
-
-em(NOTE:) Much of the text of this document was first published in the
-Web magazine url(bf("LinuxWorld"))(http://www.linuxworld.com) as the article url(bf("Doing the NIS/NT Samba"))(http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html).
diff --git a/docs/yodldocs/NT_Security.yo b/docs/yodldocs/NT_Security.yo
deleted file mode 100644
index ab9f29f0dd..0000000000
--- a/docs/yodldocs/NT_Security.yo
+++ /dev/null
@@ -1,292 +0,0 @@
-mailto(samba@samba.org)
-
-article(Viewing and changing UNIX permissions using the NT security dialogs in Samba 2.0.4)(Jeremy Allison, Samba Team)(12th April 1999)
-
-center(bf(Viewing and changing UNIX permissions using the NT security dialogs))nl()
-center(bf(-------------------------------------------------------------------))
-
-New in the bf(Samba 2.0.4) release is the
-ability for Windows NT clients to use their native security
-settings dialog box to view and modify the underlying UNIX
-permissions.
-
-Note that this ability is careful not to compromise the security
-of the UNIX host Samba is running on, and still obeys all the
-file permission rules that a Samba administrator can set.
-
-In Samba 2.0.4 and above the default value of the parameter
-url(bf("nt acl support"))(smb.conf.5.html#ntaclsupport) has been
-changed from "false" to "true", so manipulation of permissions is
-turned on by default.
-
-bf(How to view file security on a Samba share)nl()
-bf(------------------------------------------)
-
-From an NT 4.0 client, single-click with the right mouse button on
-any file or directory in a Samba mounted drive letter or UNC path.
-When the menu pops-up, click on the tt(Properties) entry at the
-bottom of the menu. This brings up the normal file properties dialog
-box, but with Samba 2.0.4 this will have a new tab along the top
-marked tt(Security). Click on this tab and you will see three buttons,
-em(Permissions), em(Auditing), and em(Ownership). The em(Auditing)
-button will cause either an error message tt("A requested privilege is
-not held by the client") to appear if the user is not the NT Administrator,
-or a dialog which is intended to allow an Administrator to add
-auditing requirements to a file if the user is logged on as the
-NT Administrator. This dialog is non-functional with a Samba
-share at this time, as the only useful button, the tt(Add) button
-will not currently allow a list of users to be seen.
-
-bf(Viewing file ownership)nl()
-bf(----------------------)
-
-Clicking on the tt("Ownership") button brings up a dialog box telling
-you who owns the given file. The owner name will be of the form :
-
-tt("SERVER\user (Long name)")
-
-Where tt(SERVER) is the NetBIOS name of the Samba server, tt(user)
-is the user name of the UNIX user who owns the file, and tt((Long name))
-is the discriptive string identifying the user (normally found in the
-GECOS field of the UNIX password database). Click on the tt(Close)
-button to remove this dialog.
-
-If the parameter url(bf("nt acl support"))(smb.conf.5.html#ntaclsupport)
-is set to "false" then the file owner will be shown as the NT user
-tt("Everyone").
-
-The tt(Take Ownership) button will not allow you to change the
-ownership of this file to yourself (clicking on it will display a
-dialog box complaining that the user you are currently logged onto
-the NT client cannot be found). The reason for this is that changing
-the ownership of a file is a privilaged operation in UNIX, available
-only to the em(root) user. As clicking on this button causes NT to
-attempt to change the ownership of a file to the current user logged
-into the NT client this will not work with Samba at this time.
-
-There is an NT chown command that will work with Samba and allow
-a user with Administrator privillage connected to a Samba 2.0.4
-server as root to change the ownership of files on both a local NTFS
-filesystem or remote mounted NTFS or Samba drive. This is available
-as part of the bf(Seclib) NT security library written by Jeremy
-Allison of the Samba Team, available from the main Samba ftp site.
-
-bf(Viewing file or directory permissions)nl()
-bf(-------------------------------------)
-
-The third button is the tt("Permissions") button. Clicking on this
-brings up a dialog box that shows both the permissions and the UNIX
-owner of the file or directory. The owner is displayed in the form :
-
-tt("SERVER\user (Long name)")
-
-Where tt(SERVER) is the NetBIOS name of the Samba server, tt(user)
-is the user name of the UNIX user who owns the file, and tt((Long name))
-is the discriptive string identifying the user (normally found in the
-GECOS field of the UNIX password database).
-
-If the parameter url(bf("nt acl support"))(smb.conf.5.html#ntaclsupport)
-is set to "false" then the file owner will be shown as the NT user
-tt("Everyone") and the permissions will be shown as NT tt("Full Control").
-
-The permissions field is displayed differently for files and directories,
-so I'll describe the way file permissions are displayed first.
-
-bf(File Permissions)nl()
-bf(----------------)
-
-The standard UNIX user/group/world triple and the correspinding
-"read", "write", "execute" permissions triples are mapped by Samba
-into a three element NT ACL with the 'r', 'w', and 'x' bits mapped
-into the corresponding NT permissions. The UNIX world permissions are mapped
-into the global NT group tt(Everyone), followed by the list of permissions
-allowed for UNIX world. The UNIX owner and group permissions
-are displayed as an NT tt(user) icon and an NT tt(local group) icon
-respectively followed by the list of permissions allowed for the
-UNIX user and group.
-
-As many UNIX permission sets don't map into common NT names such as
-tt("read"), tt("change") or tt("full control") then usually the permissions
-will be prefixed by the words tt("Special Access") in the NT display
-list.
-
-But what happens if the file has no permissions allowed for a
-particular UNIX user group or world component ? In order to
-allow "no permissions" to be seen and modified then Samba overloads
-the NT tt("Take Ownership") ACL attribute (which has no meaning in
-UNIX) and reports a component with no permissions as having the NT
-tt("O") bit set. This was chosen of course to make it look like a
-zero, meaning zero permissions. More details on the decision behind
-this will be given below.
-
-bf(Directory Permissions)nl()
-bf(---------------------)
-
-Directories on an NT NTFS file system have two different sets of
-permissions. The first set of permissions is the ACL set on the
-directory itself, this is usually displayed in the first set of
-parentheses in the normal tt("RW") NT style. This first set of
-permissions is created by Samba in exactly the same way as normal
-file permissions are, described above, and is displayed in the
-same way.
-
-The second set of directory permissions has no real meaning in the
-UNIX permissions world and represents the tt("inherited") permissions
-that any file created within this directory would inherit.
-
-Samba synthesises these inherited permissions for NT by returning as
-an NT ACL the UNIX permission mode that a new file created by Samba
-on this share would receive.
-
-bf(Modifying file or directory permissions)nl()
-bf(---------------------------------------)
-
-Modifying file and directory permissions is as simple as changing
-the displayed permissions in the dialog box, and clicking the tt(OK)
-button. However, there are limitations that a user needs to be aware
-of, and also interactions with the standard Samba permission masks
-and mapping of DOS attributes that need to also be taken into account.
-
-If the parameter url(bf("nt acl support"))(smb.conf.5.html#ntaclsupport)
-is set to "false" then any attempt to set security permissions will
-fail with an tt("Access Denied") message.
-
-The first thing to note is that the tt("Add") button will not return
-a list of users in Samba 2.0.4 (it will give an error message of
-tt("The remote proceedure call failed and did not execute")). This
-means that you can only manipulate the current user/group/world
-permissions listed in the dialog box. This actually works quite well
-as these are the only permissions that UNIX actually has.
-
-If a permission triple (either user, group, or world) is removed from
-the list of permissions in the NT dialog box, then when the tt("OK")
-button is pressed it will be applied as "no permissions" on the UNIX
-side. If you then view the permissions again the "no permissions" entry
-will appear as the NT tt("O") flag, as described above. This allows you
-to add permissions back to a file or directory once you have removed
-them from a triple component.
-
-As UNIX supports only the "r", "w" and "x" bits of an NT ACL
-then if other NT security attributes such as "Delete access"
-are selected then they will be ignored when applied on the
-Samba server.
-
-When setting permissions on a directory the second set of permissions
-(in the second set of parentheses) is by default applied to all
-files within that directory. If this is not what you want you
-must uncheck the tt("Replace permissions on existing files") checkbox
-in the NT dialog before clicking tt("OK").
-
-If you wish to remove all permissions from a user/group/world
-component then you may either highlight the component and click
-the tt("Remove") button, or set the component to only have the special
-tt("Take Ownership") permission (dsplayed as tt("O")) highlighted.
-
-bf(Interaction with the standard Samba create mask parameters)nl()
-bf(----------------------------------------------------------)
-
-Note that with Samba 2.0.5 there are four new parameters to
-control this interaction.
-
-These are :
-
-tt(security mask)
-tt(force security mode)
-tt(directory security mask)
-tt(force directory security mode)
-
-Once a user clicks tt("OK") to apply the permissions Samba maps
-the given permissions into a user/group/world r/w/x triple set,
-and then will check the changed permissions for a file against
-the bits set in the url(bf("security mask"))(smb.conf.5.html#securitymask)
-parameter. Any bits that were changed that are not set to '1'
-in this parameter are left alone in the file permissions.
-
-Essentially, zero bits in the url(bf("security mask"))(smb.conf.5.html#securitymask)
-mask may be treated as a set of bits the user is em(not) allowed to change,
-and one bits are those the user is allowed to change.
-
-If not set explicitly this parameter is set to the same value as the
-url(bf("create mask"))(smb.conf.5.html#createmask) parameter to provide compatibility
-with Samba 2.0.4 where this permission change facility was introduced.
-To allow a user to modify all the user/group/world permissions on a file,
-set this parameter to 0777.
-
-Next Samba checks the changed permissions for a file against the
-bits set in the url(bf("force security mode"))(smb.conf.5.html#forcesecuritymode)
-parameter. Any bits that were changed that correspond to bits set
-to '1' in this parameter are forced to be set.
-
-Essentially, bits set in the url(bf("force security mode"))(smb.conf.5.html#forcesecuritymode)
-parameter may be treated as a set of bits that, when modifying security on a file, the
-user has always set to be 'on'.
-
-If not set explicitly this parameter is set to the same value as the
-url(bf("force create mode"))(smb.conf.5.html#forcecreatemode) parameter to provide compatibility
-with Samba 2.0.4 where the permission change facility was introduced.
-To allow a user to modify all the user/group/world permissions on a file,
-with no restrictions set this parameter to 000.
-
-The url(bf("security mask"))(smb.conf.5.html#securitymask) and
-url(bf("force security mode"))(smb.conf.5.html#forcesecuritymode) parameters
-are applied to the change request in that order.
-
-For a directory Samba will perform the same operations as described above
-for a file except using the parameter url(bf("directory security mask"))(smb.conf.5.html#directorysecuritymask)
-instead of url(bf("security mask"))(smb.conf.5.html#securitymask), and
-url(bf("force directory security mode"))(smb.conf.5.html#forcedirectorysecuritymode) parameter instead
-of url(bf("force security mode"))(smb.conf.5.html#forcesecuritymode).
-
-The url(bf("directory security mask"))(smb.conf.5.html#directorysecuritymask)
-parameter by default is set to the same value as the url(bf("directory mask"))(smb.conf.5.html#directorymask)
-parameter and the url(bf("force directory security mode"))(smb.conf.5.html#forcedirectorysecuritymode)
-parameter by default is set to the same value as the
-iurl(bf("force directory mode"))(smb.conf.5.html#forcedirectorymode) parameter
-to provide compatibility with Samba 2.0.4 where the permission change facility was introduced.
-
-In this way Samba enforces the permission restrictions that an administrator
-can set on a Samba share, whilst still allowing users to modify the
-permission bits within that restriction.
-
-If you want to set up a share that allows users full control
-in modifying the permission bits on their files and directories and
-doesn't force any particular bits to be set 'on', then set the following
-parameters in the url(bf(smb.conf.5))(smb.conf.5.html) file in
-that share specific section :
-
-tt(security mask = 0777)
-tt(force security mode = 0)
-tt(directory security mask = 0777)
-tt(force directory security mode = 0)
-
-As described, in Samba 2.0.4 the parameters :
-
-tt(create mask)
-tt(force create mode)
-tt(directory mask)
-tt(force directory mode)
-
-were used instead of the parameters discussed here.
-
-bf(Interaction with the standard Samba file attribute mapping)nl()
-bf(----------------------------------------------------------)
-
-Samba maps some of the DOS attribute bits (such as "read only")
-into the UNIX permissions of a file. This means there can be a
-conflict between the permission bits set via the security dialog
-and the permission bits set by the file attribute mapping.
-
-One way this can show up is if a file has no UNIX read access
-for the owner it will show up as "read only" in the standard
-file attributes tabbed dialog. Unfortunately this dialog is
-the same one that contains the security info in another tab.
-
-What this can mean is that if the owner changes the permissions
-to allow themselves read access using the security dialog, clicks
-tt("OK") to get back to the standard attributes tab dialog, and
-then clicks tt("OK") on that dialog, then NT will set the file
-permissions back to read-only (as that is what the attributes
-still say in the dialog). This means that after setting permissions
-and clicking tt("OK") to get back to the attributes dialog you
-should always hit tt("Cancel") rather than tt("OK") to ensure
-that your changes are not overridden.
diff --git a/docs/yodldocs/findsmb.1.yo b/docs/yodldocs/findsmb.1.yo
deleted file mode 100644
index 2eed8fd26c..0000000000
--- a/docs/yodldocs/findsmb.1.yo
+++ /dev/null
@@ -1,100 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(findsmb htmlcommand((1)))(1)(2 May 2000)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(findsmb)(list info about machines that respond to SMB name queries on a subnet)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(findsmb) [link(subnet broadcast address)(subnetbroadcastaddress)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This perl script is part of the bf(Samba) suite.
-
-bf(findsmb) is a perl script that prints out several pieces
-of information about machines on a subnet that respond to SMB
-name query requests.
-It uses url(bf(nmblookup))(nmblookup.1.html) and
-url(bf(smbclient))(smbclient.1.html) to obtain this information.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(subnetbroadcastaddress)
-dit(bf(subnet broadcast address)) Without this option, bf(findsmb)
-will probe the subnet of the machine where bf(findsmb) is run.
-This value is passed to bf(nmblookup) as part of the bf(-B)
-option
-
-enddit()
-
-label(EXAMPLES)
-manpagesection(EXAMPLES)
-
-The output of bf(findsmb) lists the following information for all
-machines that respond to the initial bf(nmblookup) for any name:
-IP address, NetBIOS name, Workgroup name, operating system, and
-SMB server version.
-
-There will be a "+" in front of the workgroup name for machines that are
-local master browsers for that workgroup. There will be an "*" in front
-of the workgroup name for machines that are the domain master browser for
-that workgroup. Machines that are running Windows, Windows 95 or Windows 98
-will not show any information about the operating system or server version.
-
-The command must be run on a system without
-bf(nmbd) running. If bf(nmbd) is running on the system, you will only
-get the IP address and the DNS name of the machine. To get proper responses
-from Windows 95 and Windows 98 machines, the command must be run as root.
-
-For example running:
-
-tt(findsmb)
-
-on a machine without bf(nmbd) running would yield output similar
-to the following
-
-verb(
-IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
----------------------------------------------------------------------
-192.168.35.10 MINESET-TEST1 [DMVENGR]
-192.168.35.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2.0.6]
-192.168.35.56 HERBNT2 [HERB-NT]
-192.168.35.63 GANDALF [MVENGR] [Unix] [Samba 2.0.5a for IRIX]
-192.168.35.65 SAUNA [WORKGROUP] [Unix] [Samba 1.9.18p10]
-192.168.35.71 FROGSTAR [ENGR] [Unix] [Samba 2.0.0 for IRIX]
-192.168.35.78 HERBDHCP1 +[HERB]
-192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
-192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
-192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
-)
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(nmblookup (1)))(nmblookup.1.html), url(bf(smbclient (1)))(smbclient.1.html)
-
-label(AUTHOR)
-manpageauthor()
-
-This perl script was developed by Herb Lewis of SGI.
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/lmhosts.5.yo b/docs/yodldocs/lmhosts.5.yo
deleted file mode 100644
index e78ce508b0..0000000000
--- a/docs/yodldocs/lmhosts.5.yo
+++ /dev/null
@@ -1,94 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(lmhosts htmlcommand((5)))(5)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(lmhosts)(The Samba NetBIOS hosts file)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-lmhosts is the bf(Samba) NetBIOS name to IP address mapping file.
-
-label(DESCRIPTION)
-manpagedescription()
-
-This file is part of the bf(Samba) suite.
-
-bf(lmhosts) is the bf(Samba) NetBIOS name to IP address mapping file. It
-is very similar to the bf(/etc/hosts) file format, except that the
-hostname component must correspond to the NetBIOS naming format.
-
-label(FILEFORMAT)
-manpagesection(FILE FORMAT)
-
-It is an ASCII file containing one line for NetBIOS name. The two
-fields on each line are separated from each other by white space. Any
-entry beginning with # is ignored. Each line in the lmhosts file
-contains the following information :
-
-startit()
-
-it() bf(IP Address) - in dotted decimal format.
-
-it() bf(NetBIOS Name) - This name format is a maximum fifteen
-character host name, with an optional trailing tt('#') character
-followed by the NetBIOS name type as two hexadecimal digits.
-
-If the trailing tt('#') is omitted then the given IP address will be
-returned for all names that match the given name, whatever the NetBIOS
-name type in the lookup.
-
-endit()
-
-An example follows :
-
-# nl()
-# Sample Samba lmhosts file. nl()
-# nl()
-192.9.200.1 TESTPC nl()
-192.9.200.20 NTSERVER#20 nl()
-192.9.200.21 SAMBASERVER nl()
-
-Contains three IP to NetBIOS name mappings. The first and third will
-be returned for any queries for the names tt("TESTPC") and
-tt("SAMBASERVER") respectively, whatever the type component of the
-NetBIOS name requested.
-
-The second mapping will be returned only when the tt("0x20") name type
-for a name tt("NTSERVER") is queried. Any other name type will not be
-resolved.
-
-The default location of the bf(lmhosts) file is in the same directory
-as the url(bf(smb.conf))(smb.conf.html) file.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(smb.conf (5)))(smb.conf.5.html#nameresolveorder),
-url(bf(smbclient (1)))(smbclient.1.html#minusR),
-url(bf(smbpasswd (8)))(smbpasswd.8.html#minusR), url(bf(samba (7)))(samba.7.html).
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/make_smbcodepage.1.yo b/docs/yodldocs/make_smbcodepage.1.yo
deleted file mode 100644
index 8919153020..0000000000
--- a/docs/yodldocs/make_smbcodepage.1.yo
+++ /dev/null
@@ -1,155 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(make_smbcodepage htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(make_codepage)(Construct a codepage file for Samba)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(make_smbcodepage) [link(c|d)(cord)] link(codepage)(codepage) link(inputfile)(inputfile) link(outputfile)(outputfile)
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(make_smbcodepage) compiles or de-compiles codepage files for use
-with the internationalization features of Samba 2.0
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(cord)
-dit(c|d) This tells bf(make_smbcodepage) if it is compiling (bf(c)) a text
-format code page file to binary, or (bf(d)) de-compiling a binary codepage
-file to text.
-
-label(codepage)
-dit(codepage) This is the codepage we are processing (a number, e.g. 850).
-
-label(inputfile)
-dit(inputfile) This is the input file to process. In the 'bf(c)' case this
-will be a text codepage definition file such as the ones found in the
-Samba em(source/codepages) directory. In the 'bf(d)' case this will be the
-binary format codepage definition file normally found in the
-em(lib/codepages) directory in the Samba install directory path.
-
-label(outputfile)
-dit(outputfile) This is the output file to produce.
-
-endit()
-
-label(SambaCodepageFiles)
-manpagesection(Samba Codepage Files)
-
-A text Samba codepage definition file is a description that tells
-Samba how to map from upper to lower case for characters greater than
-ascii 127 in the specified DOS code page. Note that for certain DOS
-codepages (437 for example) mapping from lower to upper case may be
-non-symmetrical. For example, in code page 437 lower case a acute maps to
-a plain upper case A when going from lower to upper case, but
-plain upper case A maps to plain lower case a when lower casing a
-character.
-
-A binary Samba codepage definition file is a binary representation of
-the same information, including a value that specifies what codepage
-this file is describing.
-
-As Samba does not yet use UNICODE (current for Samba version 2.0) you
-must specify the client code page that your DOS and Windows clients
-are using if you wish to have case insensitivity done correctly for
-your particular language. The default codepage Samba uses is 850
-(Western European). Text codepage definition sample files are
-provided in the Samba distribution for codepages 437 (USA), 737
-(Greek), 850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic),
-866 (Cyrillic), 932 (Kanji SJIS), 936 (Simplified Chinese), 949
-(Hangul) and 950 (Traditional Chinese). Users are encouraged to write
-text codepage definition files for their own code pages and donate
-them to email(samba@samba.org). All codepage files in the
-Samba em(source/codepages) directory are compiled and installed when a
-em('make install') command is issued there.
-
-The client codepage used by the url(bf(smbd))(smbd.8.html) server is
-configured using the url(bf(client code
-page))(smb.conf.5.html#clientcodepage) parameter in the
-url(bf(smb.conf))(smb.conf.5.html) file.
-
-label(FILES)
-manpagefiles()
-
-bf(codepage_def.<codepage>)
-
-These are the input (text) codepage files provided in the Samba
-em(source/codepages) directory.
-
-A text codepage definition file consists of multiple lines
-containing four fields. These fields are :
-
-startit()
-
-it() bf(lower): which is the (hex) lower case character mapped on this
-line.
-
-it() bf(upper): which is the (hex) upper case character that the lower
-case character will map to.
-
-it() bf(map upper to lower) which is a boolean value (put either True
-or False here) which tells Samba if it is to map the given upper case
-character to the given lower case character when lower casing a
-filename.
-
-it() bf(map lower to upper) which is a boolean value (put either True
-or False here) which tells Samba if it is to map the given lower case
-character to the given upper case character when upper casing a
-filename.
-
-endit()
-
-bf(codepage.<codepage>) These are the output (binary) codepage files
-produced and placed in the Samba destination em(lib/codepage)
-directory.
-
-label(INSTALLATION)
-manpagesection(INSTALLATION)
-
-The location of the server and its support files is a matter for
-individual system administrators. The following are thus suggestions
-only.
-
-It is recommended that the bf(make_smbcodepage) program be installed
-under the em(/usr/local/samba) hierarchy, in a directory readable by
-all, writeable only by root. The program itself should be executable
-by all. The program should NOT be setuid or setgid!
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(smb.conf(5)))(smb.conf.5.html), url(bf(smbd (8)))(smbd.8.html)
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/nmbd.8.yo b/docs/yodldocs/nmbd.8.yo
deleted file mode 100644
index c9031c0e6a..0000000000
--- a/docs/yodldocs/nmbd.8.yo
+++ /dev/null
@@ -1,232 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(nmbd)(8)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(nmbd)(NetBIOS name server to provide NetBIOS over IP
-naming services to clients)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(nmbd) [link(-D)(minusD)] [link(-a)(minusa)] [link(-o)(minuso)] [link(-h)(minush)] [link(-V)(minusV)] [link(-H lmhosts file)(minusH)] [link(-d debuglevel)(minusd)] [link(-l log file basename)(minusl)] [link(-n primary NetBIOS name)(minusn)] [link(-p port number)(minusp)] [link(-s configuration file)(minuss)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(nmbd) is a server that understands and can reply to NetBIOS over IP
-name service requests, like those produced by SMBD/CIFS clients such
-as Windows 95/98, Windows NT and LanManager clients. It also
-participates in the browsing protocols which make up the Windows
-"Network Neighborhood" view.
-
-SMB/CIFS clients, when they start up, may wish to locate an SMB/CIFS
-server. That is, they wish to know what IP number a specified host is
-using.
-
-Amongst other services, bf(nmbd) will listen for such requests,
-and if its own NetBIOS name is specified it will respond with the IP
-number of the host it is running on. Its "own NetBIOS name" is by
-default the primary DNS name of the host it is running on, but this
-can be overridden with the bf(-n) option (see link(OPTIONS)(OPTIONS) below). Thus
-bf(nmbd) will reply to broadcast queries for its own name(s). Additional
-names for bf(nmbd) to respond on can be set via parameters in the
-url(bf(smb.conf(5)))(smb.conf.5.html) configuration file.
-
-bf(nmbd) can also be used as a WINS (Windows Internet Name Server)
-server. What this basically means is that it will act as a WINS
-database server, creating a database from name registration requests
-that it receives and replying to queries from clients for these names.
-
-In addition, bf(nmbd) can act as a WINS proxy, relaying broadcast queries
-from clients that do not understand how to talk the WINS protocol to a
-WIN server.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(minusD)
-dit(bf(-D)) If specified, this parameter causes bf(nmbd) to operate
-as a daemon. That is, it detaches itself and runs in the background,
-fielding requests on the appropriate port. By default, bf(nmbd) will
-NOT operate as a daemon. nmbd can also be operated from the inetd
-meta-daemon, although this is not recommended.
-
-label(minusa)
-dit(bf(-a)) If this parameter is specified, each new connection will
-append log messages to the log file. This is the default.
-
-label(minuso)
-dit(bf(-o)) If this parameter is specified, the log files will be
-overwritten when opened. By default, the log files will be appended
-to.
-
-label(minush)
-dit(bf(-h)) Prints the help information (usage) for bf(nmbd).
-
-label(minusV)
-dit(bf(-V)) Prints the version number for bf(nmbd).
-
-label(minusH)
-dit(bf(-H filename)) NetBIOS lmhosts file.
-
-The lmhosts file is a list of NetBIOS names to IP addresses that is
-loaded by the nmbd server and used via the name resolution mechanism
-url(bf(name resolve order))(smb.conf.5.html#nameresolveorder) described in
-url(bf(smb.conf (5)))(smb.conf.5.html) to resolve any
-NetBIOS name queries needed by the server. Note that the contents of
-this file are em(NOT) used by bf(nmbd) to answer any name queries. Adding
-a line to this file affects name NetBIOS resolution from this host
-em(ONLY).
-
-The default path to this file is compiled into Samba as part of the
-build process. Common defaults are em(/usr/local/samba/lib/lmhosts),
-em(/usr/samba/lib/lmhosts) or em(/etc/lmhosts). See the
-url(bf(lmhosts (5)))(lmhosts.5.html) man page for details on the contents of this file.
-
-label(minusd)
-dit(bf(-d debuglevel)) debuglevel is an integer from 0 to 10.
-
-The default value if this parameter is not specified is zero.
-
-The higher this value, the more detail will be logged to the log files
-about the activities of the server. At level 0, only critical errors
-and serious warnings will be logged. Level 1 is a reasonable level for
-day to day running - it generates a small amount of information about
-operations carried out.
-
-Levels above 1 will generate considerable amounts of log data, and
-should only be used when investigating a problem. Levels above 3 are
-designed for use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic.
-
-Note that specifying this parameter here will override the url(bf(log
-level))(smb.conf.5.html#loglevel) parameter in the url(bf(smb.conf
-(5)))(smb.conf.5.html) file.
-
-label(minusl)
-dit(bf(-l logfile)) The bf(-l) parameter specifies a path and base
-filename into which operational data from the running nmbd server will
-be logged. The actual log file name is generated by appending the
-extension ".nmb" to the specified base name. For example, if the name
-specified was "log" then the file log.nmb would contain the debugging
-data.
-
-The default log file path is compiled into Samba as part of the
-build process. Common defaults are em(/usr/local/samba/var/log.nmb),
-em(/usr/samba/var/log.nmb) or em(/var/log/log.nmb).
-
-label(minusn)
-dit(bf(-n primary NetBIOS name)) This option allows you to override
-the NetBIOS name that Samba uses for itself. This is identical to
-setting the url(bf(NetBIOS name))(smb.conf.5.html#netbiosname) parameter
-in the url(bf(smb.conf))(smb.conf.5.html) file
-but will override the setting in the url(bf(smb.conf))(smb.conf.5.html) file.
-
-label(minusp)
-dit(bf(-p UDP port number)) UDP port number is a positive integer value.
-
-This option changes the default UDP port number (normally 137) that
-bf(nmbd) responds to name queries on. Don't use this option unless you are
-an expert, in which case you won't need help!
-
-label(minuss)
-dit(bf(-s configuration file)) The default configuration file name is
-set at build time, typically as em(/usr/local/samba/lib/smb.conf), but
-this may be changed when Samba is autoconfigured.
-
-The file specified contains the configuration details required by the
-server. See url(bf(smb.conf (5)))(smb.conf.5.html) for more information.
-
-endit()
-
-label(FILES)
-manpagefiles()
-
-bf(/etc/inetd.conf)
-
-If the server is to be run by the inetd meta-daemon, this file must
-contain suitable startup information for the meta-daemon.
-
-bf(/etc/rc)
-
-(or whatever initialization script your system uses).
-
-If running the server as a daemon at startup, this file will need to
-contain an appropriate startup sequence for the server.
-
-bf(/usr/local/samba/lib/smb.conf)
-
-This is the default location of the
-url(bf(smb.conf))(smb.conf.5.html) server configuration
-file. Other common places that systems install this file are
-em(/usr/samba/lib/smb.conf) and em(/etc/smb.conf).
-
-When run as a bf(WINS) server (see the url(bf(wins support))(smb.conf.5.html#winssupport)
-parameter in the url(bf(smb.conf (5)))(smb.conf.5.html) man page), bf(nmbd) will
-store the WINS database in the file tt(wins.dat) in the tt(var/locks) directory
-configured under wherever Samba was configured to install itself.
-
-If bf(nmbd) is acting as a bf(browse master) (see the url(bf(local master))(smb.conf.5.html#localmaster)
-parameter in the url(bf(smb.conf (5)))(smb.conf.5.html) man page), bf(nmbd) will
-store the browsing database in the file tt(browse.dat) in the tt(var/locks) directory
-configured under wherever Samba was configured to install itself.
-
-label(SIGNALS)
-manpagesection(SIGNALS)
-
-To shut down an bf(nmbd) process it is recommended that SIGKILL (-9)
-em(NOT) be used, except as a last resort, as this may leave the name
-database in an inconsistent state. The correct way to terminate
-bf(nmbd) is to send it a SIGTERM (-15) signal and wait for it to die on
-its own.
-
-bf(nmbd) will accept SIGHUP, which will cause it to dump out it's
-namelists into the file tt(namelist.debug) in the
-em(/usr/local/samba/var/locks) directory (or the em(var/locks)
-directory configured under wherever Samba was configured to install
-itself). This will also cause bf(nmbd) to dump out it's server database in
-the log.nmb file. In addition, the debug log level of nmbd may be raised
-by sending it a SIGUSR1 (tt(kill -USR1 <nmbd-pid>)) and lowered by sending it a
-SIGUSR2 (tt(kill -USR2 <nmbd-pid>)). This is to allow transient
-problems to be diagnosed, whilst still running at a normally low log
-level.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-bf(inetd (8)), url(bf(smbd (8)))(smbd.8.html), url(bf(smb.conf
-(5)))(smb.conf.5.html), url(bf(smbclient (1)))(smbclient.1.html),
-url(bf(testparm (1)))(testparm.1.html), url(bf(testprns
-(1)))(testprns.1.html), and the Internet RFC's bf(rfc1001.txt),
-bf(rfc1002.txt). In addition the CIFS (formerly SMB) specification is
-available as a link from the Web page :
-url(http://samba.org/cifs/)(http://samba.org/cifs/).
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/nmblookup.1.yo b/docs/yodldocs/nmblookup.1.yo
deleted file mode 100644
index f05cf3ea11..0000000000
--- a/docs/yodldocs/nmblookup.1.yo
+++ /dev/null
@@ -1,167 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(nmblookup htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(nmblookup)(NetBIOS over TCP/IP client used to lookup NetBIOS names)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(nmblookup) [link(-M)(minusM)] [link(-R)(minusR)] [link(-S)(minusS)] [link(-r)(minusr)] [link(-A)(minusA)] [link(-h)(minush)] [link(-B broadcast address)(minusB)] [link(-U unicast address)(minusU)] [link(-d debuglevel)(minusd)] [link(-s smb config file)(minuss)] [link(-i NetBIOS scope)(minusi)] [link(-T)(minusT)] link(name)(name)
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(nmblookup) is used to query NetBIOS names and map them to IP
-addresses in a network using NetBIOS over TCP/IP queries. The options
-allow the name queries to be directed at a particular IP broadcast area
-or to a particular machine. All queries are done over UDP.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(minusM)
-dit(bf(-M)) Searches for a master browser by looking up the
-NetBIOS name link(bf(name))(name) with a type of 0x1d. If link(bf(name))(name)
-is tt("-") then it does a lookup on the special name tt(__MSBROWSE__).
-
-label(minusR)
-dit(bf(-R)) Set the recursion desired bit in the packet to do a
-recursive lookup. This is used when sending a name query to a machine
-running a WINS server and the user wishes to query the names in the
-WINS server. If this bit is unset the normal (broadcast responding)
-NetBIOS processing code on a machine is used instead. See rfc1001,
-rfc1002 for details.
-
-label(minusS)
-dit(bf(-S)) Once the name query has returned an IP address then do a
-node status query as well. A node status query returns the NetBIOS names
-registered by a host.
-
-label(minusr)
-dit(bf(-r)) Try and bind to UDP port 137 to send and receive UDP
-datagrams. The reason for this option is a bug in Windows 95 where it
-ignores the source port of the requesting packet and only replies to
-UDP port 137. Unfortunately, on most UNIX systems root privilage is
-needed to bind to this port, and in addition, if the
-url(bf(nmbd))(nmbd.8.html) daemon is running on this machine it also
-binds to this port.
-
-label(minusA)
-dit(bf(-A)) Interpret <name> as an IP Address and do a node status
-query on this address.
-
-label(minush)
-dit(bf(-h)) Print a help (usage) message.
-
-label(minusB)
-dit(bf(-B broadcast address)) Send the query to the given broadcast
-address. Without this option the default behavior of nmblookup is to
-send the query to the broadcast address of the network
-interfaces as either auto-detected or defined in the
-url(bf(interfaces))(smb.conf.5.html#interfaces) parameter of the
-url(bf(smb.conf (5)))(smb.conf.5.html) file.
-
-label(minusU)
-dit(bf(-U unicast address)) Do a unicast query to the specified
-address or host tt("unicast address"). This option (along with the
-link(bf(-R))(minusR) option) is needed to query a WINS server.
-
-label(minusd)
-dit(bf(-d debuglevel)) debuglevel is an integer from 0 to 10.
-
-The default value if this parameter is not specified is zero.
-
-The higher this value, the more detail will be logged about the
-activities of bf(nmblookup). At level 0, only critical errors and
-serious warnings will be logged.
-
-Levels above 1 will generate considerable amounts of log data, and
-should only be used when investigating a problem. Levels above 3 are
-designed for use only by developers and generate HUGE amounts of
-data, most of which is extremely cryptic.
-
-Note that specifying this parameter here will override the url(bf(log
-level))(smb.conf.5.html#loglevel) parameter in the url(bf(smb.conf
-(5)))(smb.conf.5.html) file.
-
-label(minuss)
-dit(bf(-s smb.conf)) This parameter specifies the pathname to the
-Samba configuration file, url(bf(smb.conf))(smb.conf.5.html).
-This file controls all aspects of
-the Samba setup on the machine.
-
-label(minusi)
-dit(bf(-i scope)) This specifies a NetBIOS scope that bf(nmblookup) will use
-to communicate with when generating NetBIOS names. For details on the
-use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes
-are em(very) rarely used, only set this parameter if you are the
-system administrator in charge of all the NetBIOS systems you
-communicate with.
-
-label(minusT)
-dit(bf(-T)) This causes any IP addresses found in the lookup to be
-looked up via a reverse DNS lookup into a DNS name, and printed out
-before each tt("IP address NetBIOS name") pair that is the normal
-output.
-
-label(name)
-dit(bf(name)) This is the NetBIOS name being queried. Depending upon
-the previous options this may be a NetBIOS name or IP address. If a
-NetBIOS name then the different name types may be specified by
-appending tt(#<type>) to the name. This name may also be tt("*"),
-which will return all registered names within a broadcast area.
-
-enddit()
-
-label(EXAMPLES)
-manpagesection(EXAMPLES)
-
-bf(nmblookup) can be used to query a WINS server (in the same way
-bf(nslookup) is used to query DNS servers). To query a WINS server,
-bf(nmblookup) must be called like this:
-
-tt(nmblookup -U server -R 'name')
-
-For example, running :
-
-tt(nmblookup -U samba.org -R IRIX#1B')
-
-would query the WINS server samba.org for the domain master
-browser (1B name type) for the IRIX workgroup.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(samba (7)))(samba.7.html), url(bf(nmbd (8)))(nmbd.8.html),
-url(bf(smb.conf (5)))(smb.conf.5.html)
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
-
diff --git a/docs/yodldocs/rpcclient.8.yo b/docs/yodldocs/rpcclient.8.yo
deleted file mode 100644
index 52d29cc52f..0000000000
--- a/docs/yodldocs/rpcclient.8.yo
+++ /dev/null
@@ -1,263 +0,0 @@
-mailto(samba-bugs@samba.org)
-manpage(RPCCLIENT)(8)(August 27, 2000)(Samba)(SAMBA)
-label(NAME)
-manpagename(rpcclient)(developer's tool to testing client side MS-RPC functions)
-label(SYNOPSIS)
-manpagesynopsis()
-dit(bf(rpcclient)) [link(-d debuglevel)(minusd)] [link(-S server)(minusS)] [link(-l logbasename)(minusl)] [link(-n netbios name)(minusn)] [link(-N)(minusN)]
-[link(-m maxprotocol)(minusl)] [link(-I destIP)(minusI)] [link(-E)(minusE)] [link(-U username)(minusU)] [link(-W workgroup)(minusW)] [link(-c `command string`)(minusc)]
-[link(-t terminalcode)(minust)] [link(-i scope)(minusi)] [link(-O socket options)(minusO)]
-[link(-s smb.conf)(minuss)]
-label(DESCRIPTION)
-manpagedescription()
-dit(bf(rpcclient))
-is a utility for developers for executing various MS-RPC functions. It's
-primary use is for testing Samba's own MS-RPC server implementation, however
-many administrators have written scripts around it to manage Windows NT clients
-from their UNIX workstation.
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(minusd)
-dit(bf(-d debuglevel))
-set the debuglevel. Debug level 0 is the lowest and 100 being the
-highest. This should be set to 100 if you are planning on
-submitting a bug report to the Samba team (see BUGS.txt).
-
-label(minusS)
-dit(bf(-S server))
-NetBIOS name of Server to which you wish to connect. The server can be
-any SMB/CIFS server. The name is resolved using either the "name resolve
-order = " line or by using the bf(-R) option.
-
-label(minusl)
-dit(bf(-l logbasename))
-File name for log/debug files. .client will be
-appended. The log file is never removed by the client.
-
-label(minusn)
-dit(bf(-n netbios name))
-NetBIOS name of the local machine. This option
-is only needed if your Samba client cannot find
-it automatically. Samba should use the uppercase of the machine's
-hostname.
-
-label(minusN)
-dit(bf(-N))
-tells rpcclient not to ask for a password. rpcclient will prompt
-the user by default.
-
-label(minusI)
-dit(bf(-I destIP))
-The IP address of the server specified with the bf(-S)
-option. Only needed when the server's NetBIOS
-name cannot be resolved using WINS or broadcast
-and isn't found in the LMHOSTS file.
-
-label(minusE)
-dit(bf(-E))
-causes regedit to write messages to stderr instead of stdout.
-
-label(minusU)
-dit(bf(-U username[%pass]))
-Sets the SMB username or username and password. If %pass is not
-specified, The user will be prompted. The client will first check the USER
-environment variable, then the LOGNAME variable and if either exist, the
-string is uppercased. Anything in these variables following a % sign will be
-treated as the password. If these environmental variables are not found, the
-username GUEST is used.
-
-If the password is not included in these environment variables
-(using the %pass syntax), rpcclient will look for a PASSWD environment
-variable from which to read the password.
-
-A third option is to use a credentials file which contains
-the plaintext of the username and password. This option is
-mainly provided for scripts where the admin doesn't desire to
-pass the credentials on the command line or via environment variables.
-If this method is used, make certain that the permissions on the file
-restrict access from unwanted users. See the bf(-A) for more details.
-
-Be cautious about including passwords in scripts or in the
-tt(PASSWD) environment variable. Also, on many systems the command
-line of a running process may be seen via the tt(ps) command to be
-safe always allow smbclient to prompt for a password and type it in
-directly.
-
-label(minusA)
-dit(bf(-A <filename>)) This option allows you to specify a file from which
-to read the username and password used in the connection. The format
-of the file is
-
-tt(username = <value>) nl()
-tt(password = <value>) nl()
-
-Make certain that the permissions on the file restrict access from
-unwanted users.
-
-label(minusW)
-dit(bf(-W domain))
-Set the SMB domain of the username. This overrides the default
-domain which is the domain of the server specified with the
-bt(-S) option. If the domain specified is the same as the server's
-NetBIOS name, it causes the client to log on using the
-server's local SAM (as opposed to the Domain SAM).
-
-label(minusP)
-dit(bf(-P))
-operate in promptless mode. Without this mode (the default)
-rpcclient displays a prompt of the form '[domain\username@host]$'
-
-label(minusc)
-dit(bf(-c 'command string'))
-execute semicolon separated commands (listed below))
-
-label(minust)
-dit(bf(-t terminalcode))
-This tells the Samba client how to interpret the incoming filenames, in regards
-to character sets. The list here is not complete. For a complete list see your
-local Samba source. Some valid options are sjis, euc, jis7, jis8, junet and hex.
-
-label(minusO)
-dit(bf(-O socket options))
-These socket options are the same as in smb.conf (under the bt(socket options = )
-section).
-
-label(minuss)
-dit(bf(-s smb.conf))
-Specifies the location of the all important smb.conf file.
-
-label(minusi)
-dit(bf(-i scope))
-Defines the NetBIOS scope. For more information on NetBIOS scopes, see rfc1001
-and rfc1002. NetBIOS scopes are rarely used.
-
-enddit()
-
-label(COMMANDS)
-manpagesection(COMMANDS)
-
-label(SPOOLSSCMD)
-dit(bf(SPOOLSS Commands))
-dit(link(spoolenum)(SPOOLSSENUMPRINTERS))
-Execute an EnumPrinters call. This lists the various
-installed and share printers. Refer to the MS Platform
-SDK documentation for more details of the various
-flags and calling options.
-
-dit(link(spoolenumports <level>)(SPOOLSSENUMPORTS))
-Executes an EnumPorts call using the specified info level.
-Currently only info level 1 and 2 are supported.
-
-dit(link(spoolenumdata)(SPOOLSSENUMPRINTERDATA))
-Enumerate all printer setting data stored on the server.
-On Windows NT clients, these values are stored
-in the registry, while Samba servers store them in the printers
-TDB. This command corresponds to the MS Platform SDK EnumPorts
-function.
-
-dit(link(spooljobs <printer>)(SPOOLSSENUMJOBS))
-List the jobs and status of a given printer. This command
-corresponds to the MS Platform SDK EnumJobs function.
-
-dit(link(spoolopen <printer>)(SPOOLSSOPENPRINTER))
-Execute an OpenPrinterEx() and ClosePrinter()
-RPC against a given printer.
-
-dit(link(spoolgetdata)(SPOOLSSGETPRINTERDATA))
-Retrive the data for a given printer setting. See the
-bf(spoolenumdata) command for more information. This command
-corresponds to the GetPrinterData() MS Platform SDK function.
-
-dit(link(spoolgetprinter <printer>)(SPOOLSSGETPRINTER))
-Retrieve the current printer information. This command
-sorresponds to the GetPrinter() MS Platform SDK function.
-
-dit(link(spoolgetprinterdriver <printer>)(SPOOLSGETPRINTERDRIVER))
-Retrive the printer driver information (such as driver file,
-config file, dependent files, etc...) for the given printer.
-This command corresponds to the GetPrinterDriver() MS Platform
-SDK function.
-
-dit(link(spoolgetprinterdriverdir <arch>)(SPOOLSSGETPRINTERDRIVERDIR))
-Execute a GetPrinterDriverDirectory() RPC to retreive the
-SMB share name and subdirectory for storing printer driver
-files for a given architecture. Possible values for <arch> are
-"Windows 4.0" (for Windows 95/98), "Windows NT x86", "Windows NT
-PowerPC", "Windows Alpha_AXP", and "Windows NT R4000".
-
-dit(link(spooladdprinter <printername> <sharename>
-<drivername> <port>)(SPOOLSSADDPRINTER))
-Add a printer on the remote server. This printer will be automatically
-shared. Be aware that the printer driver must already be installed
-on the server (see bf(addprinterdriver)) and the <port> must
-be a valid port name.
-
-dit(link(spooladdprinterdriver <arch> <config>)(SPOOLSSADDPRINTERDRIVER))
-Execute an AddPrinterDriver() RPC to install the printer
-driver information on the server. Note that the driver files
-should already exist in the directort returned by
-bf(spoolgetprinterdriverdir). Possible values for <arch>
-are the same as those for the bf(spooolgetprintedriverdir) command.
-The <config> parameter is defined as follows:
-
-dit()<Long Printer Name>:<Driver File Name>:<Data File Name>:\
- <Config File Name>:<Help File Name>:<Language Monitor Name>:\
- <Default Data Type>:<Comma Separated list of Files>
-
-dit()Any empty fields should be enter as the string "NULL".
-
-dit()Samba does not need to support the concept of Print Monitors
-since these only apply to local printers whose driver can make use
-of a bi-directional link for communication. This field should
-be "NULL". On a remote NT print server, the Print Monitor for a driver
-must already be installed prior to adding the driver or else the RPC
-will fail.
-
-label(GENERALCMD)
-dit(bf(General Commands))
-dit(link(set)(SET))
-Set miscellaneous rpcclient command line options during a running
-session.
-
-dit(link(use)(USE))
-Connect to a rmeote SMB server. bf(rpcclient) has the ability
-to maintain connections to multiple server simulaneously.
-
-dit(link(help)(HELP))
-Print a listing of all known commands or extended help
-on a particular command.
-
-dit(link(quit)(QUIT))
-Exit rpcclient.
-
-
-label(BUGS)
-manpagesection(BUGS)
-rpcclient is designed as a developer testing tool and may not be robust
-in certain areas (such as command line parsing). It has been known to
-generate a core dump upon failures when invalid parameters where
-passed to the interpreter.
-
-From Luke Leighton's original rpcclient man page:
-"WARNING! The MSRPC over SMB code has been developed from examining
-Network traces. No documentation is available from the original creators
-(Microsoft) on how MSRPC over SMB works, or how the individual MSRPC services
-work. Microsoft's implementation of these services has been demonstrated
-(and reported) to be... a bit flakey in places.
-
-The development of Samba's implementation is also a bit rough, and as more
-of the services are understood, it can even result in versions of
-bf(smbd(8)) and rpcclient that are incompatible for some commands or
-services. Additionally, the developers are sending reports to Microsoft,
-and problems found or reported to Microsoft are fixed in Service Packs,
-which may result in incompatibilities."
-
-label(SEEALSO)
-manpageseealso()
-bf(samba (7))
-manpageauthor()
-Samba is written by The Samba Team as Open Source. This man page was written
-by Matthew Geddes, Luke Kenneth Casson, and Gerald Carter.
diff --git a/docs/yodldocs/samba.7.yo b/docs/yodldocs/samba.7.yo
deleted file mode 100644
index d50fa363d9..0000000000
--- a/docs/yodldocs/samba.7.yo
+++ /dev/null
@@ -1,145 +0,0 @@
-mailto(samba@samba.org)
-manpage(Samba htmlcommand((7)))(7)(23 Oct 1998)(Samba)()
-
-label(NAME)
-manpagename(Samba)(A Windows SMB/CIFS fileserver for UNIX)
-
-label(SYNOPSIS)
-manpagesynopsis()
-bf(Samba)
-
-
-label(DESCRIPTION)
-manpagedescription()
-
-The Samba software suite is a collection of programs that implements
-the Server Message Block(commonly abbreviated as SMB) protocol for
-UNIX systems. This protocol is sometimes also referred to as the
-Common Internet File System (CIFS), LanManager or NetBIOS protocol.
-
-label(COMPONENTS)
-manpagesection(COMPONENTS)
-
-The Samba suite is made up of several components. Each component is
-described in a separate manual page. It is strongly recommended that
-you read the documentation that comes with Samba and the manual pages
-of those components that you use. If the manual pages aren't clear
-enough then please send a patch or bug report
-to email(samba@samba.org).
-
-startdit()
-
-dit(url(bf(smbd))(smbd.8.html)) nl() nl() The url(bf(smbd)
-(8))(smbd.8.html) daemon provides the file and print services to SMB
-clients, such as Windows 95/98, Windows NT, Windows for Workgroups or
-LanManager. The configuration file for this daemon is described in
-url(bf(smb.conf (5)))(smb.conf.5.html).
-
-dit(url(bf(nmbd))(nmbd.8.html)) nl() nl() The url(bf(nmbd)
-(8))(nmbd.8.html) daemon provides NetBIOS nameserving and browsing
-support. The configuration file for this daemon is described in
-url(bf(smb.conf (5)))(smb.conf.5.html).
-
-dit(url(bf(smbclient))(smbclient.1.html)) nl() nl() The url(bf(smbclient)
-(1))(smbclient.1.html) program implements a simple ftp-like
-client. This is useful for accessing SMB shares on other compatible
-servers (such as Windows NT), and can also be used to allow a UNIX box
-to print to a printer attached to any SMB server (such as a PC running
-Windows NT).
-
-dit(url(bf(testparm))(testparm.1.html)) nl() nl() The url(bf(testparm
-(1)))(testparm.1.html) utility allows you to test your url(bf(smb.conf
-(5)))(smb.conf.5.html) configuration file.
-
-dit(url(bf(testprns))(testprns.1.html)) nl() nl() the url(bf(testprns
-(1)))(testprns.1.html) utility allows you to test the printers defined
-in your printcap file.
-
-dit(url(bf(smbstatus))(smbstatus.1.html)) nl() nl() The url(bf(smbstatus)
-(1))(smbstatus.1.html) utility allows you list current connections to the
-url(bf(smbd (8)))(smbd.8.html) server.
-
-dit(url(bf(nmblookup))(nmblookup.1.html)) nl() nl() the
-url(bf(nmblookup (1)))(nmblookup.1.html) utility allows NetBIOS name
-queries to be made from the UNIX machine.
-
-dit(url(bf(make_smbcodepage))(make_smbcodepage.1.html)) nl() nl() The
-url(bf(make_smbcodepage (1)))(make_smbcodepage.1.html) utility allows
-you to create SMB code page definition files for your url(bf(smbd
-(8)))(smbd.8.html) server.
-
-dit(url(bf(smbpasswd))(smbpasswd.8.html)) nl() nl() The url(bf(smbpasswd
-(8)))(smbpasswd.8.html) utility allows you to change SMB encrypted
-passwords on Samba and Windows NT(tm) servers.
-
-enddit()
-
-label(AVAILABILITY)
-manpagesection(AVAILABILITY)
-
-The Samba software suite is licensed under the GNU Public License
-(GPL). A copy of that license should have come with the package in the
-file COPYING. You are encouraged to distribute copies of the Samba
-suite, but please obey the terms of this license.
-
-The latest version of the Samba suite can be obtained via anonymous
-ftp from samba.org in the directory pub/samba/. It is
-also available on several mirror sites worldwide.
-
-You may also find useful information about Samba on the newsgroup
-comp.protocols.smb and the Samba mailing list. Details on how to join
-the mailing list are given in the README file that comes with Samba.
-
-If you have access to a WWW viewer (such as Netscape or Mosaic) then
-you will also find lots of useful information, including back issues
-of the Samba mailing list, at
-url(http://samba.org/samba/)(http://samba.org/samba/).
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(CONTRIBUTIONS)
-manpagesection(CONTRIBUTIONS)
-
-If you wish to contribute to the Samba project, then I suggest you
-join the Samba mailing list at email(samba@samba.org). See the
-Web page at url(http://lists.samba.org/)(http://lists.samba.org/)
-for details on how to do this.
-
-If you have patches to submit or bugs to report then you may mail them
-directly to email(samba@samba.org). Note, however, that due to
-the enormous popularity of this package the Samba Team may take some
-time to respond to mail. We prefer patches in em(diff -u) format.
-
-label(CREDITS)
-manpagesection(CREDITS)
-
-Contributors to the project are now too numerous to mention here but
-all deserve the thanks of all Samba users. To see a full list, look at
-url(ftp://samba.org/pub/samba/alpha/change-log)(ftp://samba.org/pub/samba/alpha/change-log)
-for the pre-CVS changes and at
-url(ftp://samba.org/pub/samba/alpha/cvs.log)(ftp://samba.org/pub/samba/alpha/cvs.log)
-for the contributors to Samba post-CVS. CVS is the Open Source source
-code control system used by the Samba Team to develop Samba. The
-project would have been unmanageable without it.
-
-In addition, several commercial organizations now help fund the Samba
-Team with money and equipment. For details see the Samba Web pages at
-url(http://samba.org/samba/samba-thanks.html)(http://samba.org/samba/samba-thanks.html).
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
diff --git a/docs/yodldocs/smb.conf.5.yo b/docs/yodldocs/smb.conf.5.yo
deleted file mode 100644
index 70603d15ce..0000000000
--- a/docs/yodldocs/smb.conf.5.yo
+++ /dev/null
@@ -1,7029 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(smb.conf htmlcommand((5)))(5)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(smb.conf)(The configuration file for the Samba suite)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(smb.conf) The bf(smb.conf) file is a configuration file for the
-Samba suite. bf(smb.conf) contains runtime configuration information
-for the Samba programs. The bf(smb.conf) file is designed to be
-configured and administered by the url(bf(swat (8)))(swat.8.html)
-program. The complete description of the file format and possible
-parameters held within are here for reference purposes.
-
-label(FILEFORMAT)
-manpagesection(FILE FORMAT)
-
-The file consists of sections and parameters. A section begins with
-the name of the section in square brackets and continues until the
-next section begins. Sections contain parameters of the form
-
-tt('name = value')
-
-The file is line-based - that is, each newline-terminated line
-represents either a comment, a section name or a parameter.
-
-Section and parameter names are not case sensitive.
-
-Only the first equals sign in a parameter is significant. Whitespace
-before or after the first equals sign is discarded. Leading, trailing
-and internal whitespace in section and parameter names is
-irrelevant. Leading and trailing whitespace in a parameter value is
-discarded. Internal whitespace within a parameter value is retained
-verbatim.
-
-Any line beginning with a semicolon (';') or a hash ('#') character is
-ignored, as are lines containing only whitespace.
-
-Any line ending in a tt('\') is "continued" on the next line in the
-customary UNIX fashion.
-
-The values following the equals sign in parameters are all either a
-string (no quotes needed) or a boolean, which may be given as yes/no,
-0/1 or true/false. Case is not significant in boolean values, but is
-preserved in string values. Some items such as create modes are
-numeric.
-
-label(SECTIONDESCRIPTIONS)
-manpagesection(SECTION DESCRIPTIONS)
-
-Each section in the configuration file (except for the
-link(bf([global]))(global) section) describes a shared resource (known
-as a em("share")). The section name is the name of the shared resource
-and the parameters within the section define the shares attributes.
-
-There are three special sections, link(bf([global]))(global),
-link(bf([homes]))(homes) and link(bf([printers]))(printers), which are
-described under link(bf('special sections'))(SPECIALSECTIONS). The
-following notes apply to ordinary section descriptions.
-
-A share consists of a directory to which access is being given plus
-a description of the access rights which are granted to the user of
-the service. Some housekeeping options are also specifiable.
-
-Sections are either filespace services (used by the client as an
-extension of their native file systems) or printable services (used by
-the client to access print services on the host running the server).
-
-Sections may be designated link(bf(guest))(guestok) services, in which
-case no password is required to access them. A specified UNIX
-link(bf(guest account))(guestaccount) is used to define access
-privileges in this case.
-
-Sections other than guest services will require a password to access
-them. The client provides the username. As older clients only provide
-passwords and not usernames, you may specify a list of usernames to
-check against the password using the link(bf("user="))(user) option in
-the share definition. For modern clients such as Windows 95/98 and
-Windows NT, this should not be necessary.
-
-Note that the access rights granted by the server are masked by the
-access rights granted to the specified or guest UNIX user by the host
-system. The server does not grant more access than the host system
-grants.
-
-The following sample section defines a file space share. The user has
-write access to the path tt(/home/bar). The share is accessed via
-the share name "foo":
-
-verb(
-
- [foo]
- path = /home/bar
- writeable = true
-
-)
-
-The following sample section defines a printable share. The share
-is readonly, but printable. That is, the only write access permitted
-is via calls to open, write to and close a spool file. The
-link(bf('guest ok'))(guestok) parameter means access will be permitted
-as the default guest user (specified elsewhere):
-
-verb(
- [aprinter]
- path = /usr/spool/public
- writeable = false
- printable = true
- guest ok = true
-)
-
-label(SPECIALSECTIONS)
-manpagesection(SPECIAL SECTIONS)
-
-startdit()
-
-label(global)
-dit(bf(The [global] section))
-
-Parameters in this section apply to the server as a whole, or are
-defaults for sections which do not specifically define certain
-items. See the notes under link(bf('PARAMETERS'))(PARAMETERS) for more
-information.
-
-label(homes)
-dit(bf(The [homes] section))
-
-If a section called tt('homes') is included in the configuration file,
-services connecting clients to their home directories can be created
-on the fly by the server.
-
-When the connection request is made, the existing sections are
-scanned. If a match is found, it is used. If no match is found, the
-requested section name is treated as a user name and looked up in the
-local password file. If the name exists and the correct password has
-been given, a share is created by cloning the [homes] section.
-
-Some modifications are then made to the newly created share:
-
-startit()
-
-it() The share name is changed from tt('homes') to the located
-username
-
-it() If no path was given, the path is set to the user's home
-directory.
-
-endit()
-
-If you decide to use a link(bf(path=))(path) line in your [homes]
-section then you may find it useful to use the link(bf(%S))(percentS)
-macro. For example :
-
-tt(path=/data/pchome/%S)
-
-would be useful if you have different home directories for your PCs
-than for UNIX access.
-
-This is a fast and simple way to give a large number of clients access
-to their home directories with a minimum of fuss.
-
-A similar process occurs if the requested section name is tt("homes"),
-except that the share name is not changed to that of the requesting
-user. This method of using the [homes] section works well if different
-users share a client PC.
-
-The [homes] section can specify all the parameters a normal service
-section can specify, though some make more sense than others. The
-following is a typical and suitable [homes] section:
-
-verb(
- [homes]
- writeable = yes
-)
-
-An important point is that if guest access is specified in the [homes]
-section, all home directories will be visible to all clients
-bf(without a password). In the very unlikely event that this is
-actually desirable, it would be wise to also specify link(bf(read only
-access))(readonly).
-
-Note that the link(bf(browseable))(browseable) flag for auto home
-directories will be inherited from the global browseable flag, not the
-[homes] browseable flag. This is useful as it means setting
-browseable=no in the [homes] section will hide the [homes] share but
-make any auto home directories visible.
-
-label(printers)
-dit(bf(The [printers] section))
-
-This section works like link(bf([homes]))(homes), but for printers.
-
-If a bf([printers]) section occurs in the configuration file, users are
-able to connect to any printer specified in the local host's printcap
-file.
-
-When a connection request is made, the existing sections are
-scanned. If a match is found, it is used. If no match is found, but a
-link(bf([homes]))(homes) section exists, it is used as described
-above. Otherwise, the requested section name is treated as a printer
-name and the appropriate printcap file is scanned to see if the
-requested section name is a valid printer share name. If a match is
-found, a new printer share is created by cloning the bf([printers])
-section.
-
-A few modifications are then made to the newly created share:
-
-startit()
-
-it() The share name is set to the located printer name
-
-it() If no printer name was given, the printer name is set to the
-located printer name
-
-it() If the share does not permit guest access and no username was
-given, the username is set to the located printer name.
-
-endit()
-
-Note that the bf([printers]) service MUST be printable - if you specify
-otherwise, the server will refuse to load the configuration file.
-
-Typically the path specified would be that of a world-writeable spool
-directory with the sticky bit set on it. A typical bf([printers]) entry
-would look like this:
-
-verb(
- [printers]
- path = /usr/spool/public
- guest ok = yes
- printable = yes
-)
-
-All aliases given for a printer in the printcap file are legitimate
-printer names as far as the server is concerned. If your printing
-subsystem doesn't work like that, you will have to set up a
-pseudo-printcap. This is a file consisting of one or more lines like
-this:
-
-verb( alias|alias|alias|alias... )
-
-Each alias should be an acceptable printer name for your printing
-subsystem. In the link(bf([global]))(global) section, specify the new
-file as your printcap. The server will then only recognize names
-found in your pseudo-printcap, which of course can contain whatever
-aliases you like. The same technique could be used simply to limit
-access to a subset of your local printers.
-
-An alias, by the way, is defined as any component of the first entry
-of a printcap record. Records are separated by newlines, components
-(if there are more than one) are separated by vertical bar symbols
-("|").
-
-NOTE: On SYSV systems which use lpstat to determine what printers are
-defined on the system you may be able to use link(bf("printcap name =
-lpstat"))(printcapname) to automatically obtain a list of
-printers. See the link(bf("printcap name"))(printcapname) option for
-more details.
-
-enddit()
-
-label(PARAMETERS)
-manpagesection(PARAMETERS)
-
-Parameters define the specific attributes of sections.
-
-Some parameters are specific to the link(bf([global]))(global) section
-(e.g., link(bf(security))(security)). Some parameters are usable in
-all sections (e.g., link(bf(create mode))(createmode)). All others are
-permissible only in normal sections. For the purposes of the following
-descriptions the link(bf([homes]))(homes) and
-link(bf([printers]))(printers) sections will be considered normal.
-The letter tt('G') in parentheses indicates that a parameter is
-specific to the link(bf([global]))(global) section. The letter tt('S')
-indicates that a parameter can be specified in a service specific
-section. Note that all tt('S') parameters can also be specified in the
-link(bf([global]))(global) section - in which case they will define
-the default behavior for all services.
-
-Parameters are arranged here in alphabetical order - this may not
-create best bedfellows, but at least you can find them! Where there
-are synonyms, the preferred synonym is described, others refer to the
-preferred synonym.
-
-label(VARIABLESUBSTITUTIONS)
-manpagesection(VARIABLE SUBSTITUTIONS)
-
-Many of the strings that are settable in the config file can take
-substitutions. For example the option link(bf(tt("path =
-/tmp/%u")))(path) would be interpreted as tt("path = /tmp/john") if
-the user connected with the username john.
-
-These substitutions are mostly noted in the descriptions below, but
-there are some general substitutions which apply whenever they might
-be relevant. These are:
-
-startit()
-
-label(percentS)
-it() bf(%S) = the name of the current service, if any.
-
-label(percentP)
-it() bf(%P) = the root directory of the current service, if any.
-
-label(percentu)
-it() bf(%u) = user name of the current service, if any.
-
-label(percentg)
-it() bf(%g) = primary group name of link(bf(%u))(percentu).
-
-label(percentU)
-it() bf(%U) = session user name (the user name that
-the client wanted, not necessarily the same as the one they got).
-
-label(percentG)
-it() bf(%G) = primary group name of link(bf(%U))(percentU).
-
-label(percentH)
-it() bf(%H) = the home directory of the user given by link(bf(%u))(percentu).
-
-label(percentv)
-it() bf(%v) = the Samba version.
-
-label(percenth)
-it() bf(%h) = the internet hostname that Samba is running on.
-
-label(percentm)
-it() bf(%m) = the NetBIOS name of the client machine (very useful).
-
-label(percentL)
-it() bf(%L) = the NetBIOS name of the server. This allows you to change your
-config based on what the client calls you. Your server can have a "dual
-personality".
-
-label(percentM)
-it() bf(%M) = the internet name of the client machine.
-
-label(percentN)
-it() bf(%N) = the name of your NIS home directory server. This is
-obtained from your NIS auto.map entry. If you have not compiled Samba
-with the bf(--with-automount) option then this value will be the same
-as link(bf(%L))(percentL).
-
-label(percentp)
-it() bf(%p) = the path of the service's home directory, obtained from your NIS
-auto.map entry. The NIS auto.map entry is split up as "%N:%p".
-
-label(percentR)
-it() bf(%R) = the selected protocol level after protocol
-negotiation. It can be one of CORE, COREPLUS, LANMAN1, LANMAN2 or NT1.
-
-label(percentd)
-it() bf(%d) = The process id of the current server process.
-
-label(percenta)
-it() bf(%a) = the architecture of the remote
-machine. Only some are recognized, and those may not be 100%
-reliable. It currently recognizes Samba, WfWg, WinNT and
-Win95. Anything else will be known as "UNKNOWN". If it gets it wrong
-then sending a level 3 log to email(samba@samba.org)
-should allow it to be fixed.
-
-label(percentI)
-it() bf(%I) = The IP address of the client machine.
-
-label(percentT)
-it() bf(%T) = the current date and time.
-
-label(percentDollar)
-it() bf(%$(envvar)) = The value of the environment variable bf(envar).
-
-endit()
-
-There are some quite creative things that can be done with these
-substitutions and other smb.conf options.
-
-label(NAMEMANGLING)
-manpagesection(NAME MANGLING)
-
-Samba supports em("name mangling") so that DOS and Windows clients can
-use files that don't conform to the 8.3 format. It can also be set to
-adjust the case of 8.3 format filenames.
-
-There are several options that control the way mangling is performed,
-and they are grouped here rather than listed separately. For the
-defaults look at the output of the testparm program.
-
-All of these options can be set separately for each service (or
-globally, of course).
-
-The options are:
-
-label(manglecaseoption)
-bf("mangle case = yes/no") controls if names that have characters that
-aren't of the "default" case are mangled. For example, if this is yes
-then a name like tt("Mail") would be mangled. Default em(no).
-
-label(casesensitiveoption)
-bf("case sensitive = yes/no") controls whether filenames are case
-sensitive. If they aren't then Samba must do a filename search and
-match on passed names. Default em(no).
-
-label(defaultcaseoption)
-bf("default case = upper/lower") controls what the default case is for new
-filenames. Default em(lower).
-
-label(preservecaseoption)
-bf("preserve case = yes/no") controls if new files are created with the
-case that the client passes, or if they are forced to be the tt("default")
-case. Default em(Yes).
-
-label(shortpreservecaseoption)
-
-bf("short preserve case = yes/no") controls if new files which conform
-to 8.3 syntax, that is all in upper case and of suitable length, are
-created upper case, or if they are forced to be the tt("default")
-case. This option can be use with link(bf("preserve case =
-yes"))(preservecaseoption) to permit long filenames to retain their
-case, while short names are lowered. Default em(Yes).
-
-By default, Samba 2.0 has the same semantics as a Windows NT
-server, in that it is case insensitive but case preserving.
-
-label(NOTEABOUTUSERNAMEPASSWORDVALIDATION)
-manpagesection(NOTE ABOUT USERNAME/PASSWORD VALIDATION)
-
-There are a number of ways in which a user can connect to a
-service. The server follows the following steps in determining if it
-will allow a connection to a specified service. If all the steps fail
-then the connection request is rejected. If one of the steps pass then
-the following steps are not checked.
-
-If the service is marked link(bf("guest only = yes"))(guestonly) then
-steps 1 to 5 are skipped.
-
-starteit()
-
-eit() Step 1: If the client has passed a username/password pair and
-that username/password pair is validated by the UNIX system's password
-programs then the connection is made as that username. Note that this
-includes the tt(\\server\service%username) method of passing a
-username.
-
-eit() Step 2: If the client has previously registered a username with
-the system and now supplies a correct password for that username then
-the connection is allowed.
-
-eit() Step 3: The client's netbios name and any previously used user
-names are checked against the supplied password, if they match then
-the connection is allowed as the corresponding user.
-
-eit() Step 4: If the client has previously validated a
-username/password pair with the server and the client has passed the
-validation token then that username is used.
-
-eit() Step 5: If a link(bf("user = "))(user) field is given in the
-smb.conf file for the service and the client has supplied a password,
-and that password matches (according to the UNIX system's password
-checking) with one of the usernames from the link(bf(user=))(user)
-field then the connection is made as the username in the
-link(bf("user="))(user) line. If one of the username in the
-link(bf(user=))(user) list begins with a tt('@') then that name
-expands to a list of names in the group of the same name.
-
-eit() Step 6: If the service is a guest service then a connection is
-made as the username given in the link(bf("guest account
-="))(guestaccount) for the service, irrespective of the supplied
-password.
-
-endeit()
-
-label(COMPLETELISTOFGLOBALPARAMETERS)
-manpagesection(COMPLETE LIST OF GLOBAL PARAMETERS)
-
-Here is a list of all global parameters. See the section of each
-parameter for details. Note that some are synonyms.
-
-startit()
-
-it() link(bf(add user script))(adduserscript)
-
-it() link(bf(allow trusted domains))(allowtrusteddomains)
-
-it() link(bf(announce as))(announceas)
-
-it() link(bf(announce version))(announceversion)
-
-it() link(bf(auto services))(autoservices)
-
-it() link(bf(bind interfaces only))(bindinterfacesonly)
-
-it() link(bf(browse list))(browselist)
-
-it() link(bf(change notify timeout))(changenotifytimeout)
-
-it() link(bf(character set))(characterset)
-
-it() link(bf(client code page))(clientcodepage)
-
-it() link(bf(coding system))(codingsystem)
-
-it() link(bf(config file))(configfile)
-
-it() link(bf(deadtime))(deadtime)
-
-it() link(bf(debug hires timestamp))(debughirestimestamp)
-
-it() link(bf(debug pid))(debugpid)
-
-it() link(bf(debug timestamp))(debugtimestamp)
-
-it() link(bf(debug uid))(debuguid)
-
-it() link(bf(debug level))(debuglevel)
-
-it() link(bf(default))(default)
-
-it() link(bf(default service))(defaultservice)
-
-it() link(bf(delete user script))(deleteuserscript)
-
-it() link(bf(dfree command))(dfreecommand)
-
-it() link(bf(dns proxy))(dnsproxy)
-
-it() link(bf(domain admin group))(domainadmingroup)
-
-it() link(bf(domain admin users))(domainadminusers)
-
-it() link(bf(domain groups))(domaingroups)
-
-it() link(bf(domain guest group))(domainguestgroup)
-
-it() link(bf(domain guest users))(domainguestusers)
-
-it() link(bf(domain logons))(domainlogons)
-
-it() link(bf(domain master))(domainmaster)
-
-it() link(bf(encrypt passwords))(encryptpasswords)
-
-it() link(bf(enhanced browsing))(enhancedbrowsing)
-
-it() link(bf(getwd cache))(getwdcache)
-
-it() link(bf(hide local users))(hidelocalusers)
-
-it() link(bf(homedir map))(homedirmap)
-
-it() link(bf(hosts equiv))(hostsequiv)
-
-it() link(bf(interfaces))(interfaces)
-
-it() link(bf(keepalive))(keepalive)
-
-it() link(bf(kernel oplocks))(kerneloplocks)
-
-it() link(bf(ldap filter))(ldapfilter)
-
-it() link(bf(ldap port))(ldapport)
-
-it() link(bf(ldap root))(ldaproot)
-
-it() link(bf(ldap root passwd))(ldaprootpasswd)
-
-it() link(bf(ldap server))(ldapserver)
-
-it() link(bf(ldap suffix))(ldapsuffix)
-
-it() link(bf(lm announce))(lmannounce)
-
-it() link(bf(lm interval))(lminterval)
-
-it() link(bf(load printers))(loadprinters)
-
-it() link(bf(local master))(localmaster)
-
-it() link(bf(lock dir))(lockdir)
-
-it() link(bf(lock directory))(lockdirectory)
-
-it() link(bf(log file))(logfile)
-
-it() link(bf(log level))(loglevel)
-
-it() link(bf(logon drive))(logondrive)
-
-it() link(bf(logon home))(logonhome)
-
-it() link(bf(logon path))(logonpath)
-
-it() link(bf(logon script))(logonscript)
-
-it() link(bf(lpq cache time))(lpqcachetime)
-
-it() link(bf(machine password timeout))(machinepasswordtimeout)
-
-it() link(bf(mangled stack))(mangledstack)
-
-it() link(bf(map to guest))(maptoguest)
-
-it() link(bf(max disk size))(maxdisksize)
-
-it() link(bf(max log size))(maxlogsize)
-
-it() link(bf(max mux))(maxmux)
-
-it() link(bf(max open files))(maxopenfiles)
-
-it() link(bf(max packet))(maxpacket)
-
-it() link(bf(max ttl))(maxttl)
-
-it() link(bf(max wins ttl))(maxwinsttl)
-
-it() link(bf(max xmit))(maxxmit)
-
-it() link(bf(message command))(messagecommand)
-
-it() link(bf(min passwd length))(minpasswdlength)
-
-it() link(bf(min password length))(minpasswordlength)
-
-it() link(bf(min wins ttl))(minwinsttl)
-
-it() link(bf(name resolve order))(nameresolveorder)
-
-it() link(bf(netbios aliases))(netbiosaliases)
-
-it() link(bf(netbios name))(netbiosname)
-
-it() link(bf(netbios scope))(netbiosscope)
-
-it() link(bf(nis homedir))(nishomedir)
-
-it() link(bf(nt acl support))(ntaclsupport)
-
-it() link(bf(nt pipe support))(ntpipesupport)
-
-it() link(bf(nt smb support))(ntsmbsupport)
-
-it() link(bf(null passwords))(nullpasswords)
-
-it() link(bf(ole locking compatibility))(olelockingcompatibility)
-
-it() link(bf(oplock break wait time))(oplockbreakwaittime)
-
-it() link(bf(os level))(oslevel)
-
-it() link(bf(packet size))(packetsize)
-
-it() link(bf(panic action))(panicaction)
-
-it() link(bf(passwd chat))(passwdchat)
-
-it() link(bf(passwd chat debug))(passwdchatdebug)
-
-it() link(bf(passwd program))(passwdprogram)
-
-it() link(bf(password level))(passwordlevel)
-
-it() link(bf(password server))(passwordserver)
-
-it() link(bf(prefered master))(preferedmaster)
-
-it() link(bf(preferred master))(preferredmaster)
-
-it() link(bf(preload))(preload)
-
-it() link(bf(printcap))(printcap)
-
-it() link(bf(printcap name))(printcapname)
-
-it() link(bf(printer driver file))(printerdriverfile)
-
-it() link(bf(private dir))(privatedir)
-
-it() link(bf(protocol))(protocol)
-
-it() link(bf(read bmpx))(readbmpx)
-
-it() link(bf(read prediction))(readprediction)
-
-it() link(bf(read raw))(readraw)
-
-it() link(bf(read size))(readsize)
-
-it() link(bf(remote announce))(remoteannounce)
-
-it() link(bf(remote browse sync))(remotebrowsesync)
-
-it() link(bf(restrict anonymous))(restrictanonymous)
-
-it() link(bf(root))(root)
-
-it() link(bf(root dir))(rootdir)
-
-it() link(bf(root directory))(rootdirectory)
-
-it() link(bf(security))(security)
-
-it() link(bf(server string))(serverstring)
-
-it() link(bf(shared mem size))(sharedmemsize)
-
-it() link(bf(smb passwd file))(smbpasswdfile)
-
-it() link(bf(smbrun))(smbrun)
-
-it() link(bf(socket address))(socketaddress)
-
-it() link(bf(socket options))(socketoptions)
-
-it() link(bf(source environment))(sourceenvironment)
-
-it() link(bf(ssl))(ssl)
-
-it() link(bf(ssl CA certDir))(sslCAcertDir)
-
-it() link(bf(ssl CA certFile))(sslCAcertFile)
-
-it() link(bf(ssl ciphers))(sslciphers)
-
-it() link(bf(ssl client cert))(sslclientcert)
-
-it() link(bf(ssl client key))(sslclientkey)
-
-it() link(bf(ssl compatibility))(sslcompatibility)
-
-it() link(bf(ssl hosts))(sslhosts)
-
-it() link(bf(ssl hosts resign))(sslhostsresign)
-
-it() link(bf(ssl require clientcert))(sslrequireclientcert)
-
-it() link(bf(ssl require servercert))(sslrequireservercert)
-
-it() link(bf(ssl server cert))(sslservercert)
-
-it() link(bf(ssl server key))(sslserverkey)
-
-it() link(bf(ssl version))(sslversion)
-
-it() link(bf(stat cache))(statcache)
-
-it() link(bf(stat cache size))(statcachesize)
-
-it() link(bf(strip dot))(stripdot)
-
-it() link(bf(syslog))(syslog)
-
-it() link(bf(syslog only))(syslogonly)
-
-it() link(bf(template homedir))(templatehomedir)
-
-it() link(bf(template shell))(templateshell)
-
-it() link(bf(time offset))(timeoffset)
-
-it() link(bf(time server))(timeserver)
-
-it() link(bf(timestamp logs))(timestamplogs)
-
-it() link(bf(unix password sync))(unixpasswordsync)
-
-it() link(bf(unix realname))(unixrealname)
-
-it() link(bf(update encrypted))(updateencrypted)
-
-it() link(bf(use rhosts))(userhosts)
-
-it() link(bf(username level))(usernamelevel)
-
-it() link(bf(username map))(usernamemap)
-
-it() link(bf(utmp directory))(utmpdirectory)
-
-it() link(bf(valid chars))(validchars)
-
-it() link(bf(winbind cache time))(winbindcachetime)
-
-it() link(bf(winbind gid))(winbindgid)
-
-it() link(bf(winbind uid))(winbinduid)
-
-it() link(bf(wins hook))(winshook)
-
-it() link(bf(wins proxy))(winsproxy)
-
-it() link(bf(wins server))(winsserver)
-
-it() link(bf(wins support))(winssupport)
-
-it() link(bf(workgroup))(workgroup)
-
-it() link(bf(write raw))(writeraw)
-
-endit()
-
-label(COMPLETELISTOFSERVICEPARAMETERS)
-manpagesection(COMPLETE LIST OF SERVICE PARAMETERS)
-
-Here is a list of all service parameters. See the section of each
-parameter for details. Note that some are synonyms.
-
-startit()
-
-it() link(bf(admin users))(adminusers)
-
-it() link(bf(allow hosts))(allowhosts)
-
-it() link(bf(alternate permissions))(alternatepermissions)
-
-it() link(bf(available))(available)
-
-it() link(bf(blocking locks))(blockinglocks)
-
-it() link(bf(browsable))(browsable)
-
-it() link(bf(browseable))(browseable)
-
-it() link(bf(case sensitive))(casesensitive)
-
-it() link(bf(casesignames))(casesignames)
-
-it() link(bf(comment))(comment)
-
-it() link(bf(copy))(copy)
-
-it() link(bf(create mask))(createmask)
-
-it() link(bf(create mode))(createmode)
-
-it() link(bf(default case))(defaultcase)
-
-it() link(bf(delete readonly))(deletereadonly)
-
-it() link(bf(delete veto files))(deletevetofiles)
-
-it() link(bf(deny hosts))(denyhosts)
-
-it() link(bf(directory))(directory)
-
-it() link(bf(directory mask))(directorymask)
-
-it() link(bf(directory mode))(directorymode)
-
-it() link(bf(directory security mask))(directorysecuritymask)
-
-it() link(bf(dont descend))(dontdescend)
-
-it() link(bf(dos filetime resolution))(dosfiletimeresolution)
-
-it() link(bf(dos filetimes))(dosfiletimes)
-
-it() link(bf(exec))(exec)
-
-it() link(bf(fake directory create times))(fakedirectorycreatetimes)
-
-it() link(bf(fake oplocks))(fakeoplocks)
-
-it() link(bf(follow symlinks))(followsymlinks)
-
-it() link(bf(force create mode))(forcecreatemode)
-
-it() link(bf(force directory mode))(forcedirectorymode)
-
-it() link(bf(force directory security mode))(forcedirectorysecuritymode)
-
-it() link(bf(force group))(forcegroup)
-
-it() link(bf(force security mode))(forcesecuritymode)
-
-it() link(bf(force user))(forceuser)
-
-it() link(bf(fstype))(fstype)
-
-it() link(bf(group))(group)
-
-it() link(bf(guest account))(guestaccount)
-
-it() link(bf(guest ok))(guestok)
-
-it() link(bf(guest only))(guestonly)
-
-it() link(bf(hide dot files))(hidedotfiles)
-
-it() link(bf(hide files))(hidefiles)
-
-it() link(bf(hosts allow))(hostsallow)
-
-it() link(bf(hosts deny))(hostsdeny)
-
-it() link(bf(include))(include)
-
-it() link(bf(inherit permissions))(inheritpermissions)
-
-it() link(bf(invalid users))(invalidusers)
-
-it() link(bf(level2 oplocks))(level2oplocks)
-
-it() link(bf(locking))(locking)
-
-it() link(bf(lppause command))(lppausecommand)
-
-it() link(bf(lpq command))(lpqcommand)
-
-it() link(bf(lpresume command))(lpresumecommand)
-
-it() link(bf(lprm command))(lprmcommand)
-
-it() link(bf(magic output))(magicoutput)
-
-it() link(bf(magic script))(magicscript)
-
-it() link(bf(mangle case))(manglecase)
-
-it() link(bf(mangle locks))(manglelocks)
-
-it() link(bf(mangled map))(mangledmap)
-
-it() link(bf(mangled names))(manglednames)
-
-it() link(bf(mangling char))(manglingchar)
-
-it() link(bf(map archive))(maparchive)
-
-it() link(bf(map hidden))(maphidden)
-
-it() link(bf(map system))(mapsystem)
-
-it() link(bf(max connections))(maxconnections)
-
-it() link(bf(min print space))(minprintspace)
-
-it() link(bf(only guest))(onlyguest)
-
-it() link(bf(only user))(onlyuser)
-
-it() link(bf(oplock contention limit))(oplockcontentionlimit)
-
-it() link(bf(oplocks))(oplocks)
-
-it() link(bf(path))(path)
-
-it() link(bf(postexec))(postexec)
-
-it() link(bf(postscript))(postscript)
-
-it() link(bf(preexec))(preexec)
-
-it() link(bf(preexec close))(preexecclose)
-
-it() link(bf(preserve case))(preservecase)
-
-it() link(bf(print command))(printcommand)
-
-it() link(bf(print ok))(printok)
-
-it() link(bf(printable))(printable)
-
-it() link(bf(printer))(printer)
-
-it() link(bf(printer admin))(printer admin)
-
-it() link(bf(printer driver))(printerdriver)
-
-it() link(bf(printer driver location))(printerdriverlocation)
-
-it() link(bf(printer name))(printername)
-
-it() link(bf(printing))(printing)
-
-it() link(bf(public))(public)
-
-it() link(bf(queuepause command))(queuepausecommand)
-
-it() link(bf(queueresume command))(queueresumecommand)
-
-it() link(bf(read list))(readlist)
-
-it() link(bf(read only))(readonly)
-
-it() link(bf(root postexec))(rootpostexec)
-
-it() link(bf(root preexec))(rootpreexec)
-
-it() link(bf(root preexec close))(rootpreexecclose)
-
-it() link(bf(security mask))(securitymask)
-
-it() link(bf(set directory))(setdirectory)
-
-it() link(bf(share modes))(sharemodes)
-
-it() link(bf(short preserve case))(shortpreservecase)
-
-it() link(bf(status))(status)
-
-it() link(bf(strict locking))(strictlocking)
-
-it() link(bf(strict sync))(strictsync)
-
-it() link(bf(sync always))(syncalways)
-
-it() link(bf(user))(user)
-
-it() link(bf(username))(username)
-
-it() link(bf(users))(users)
-
-it() link(bf(utmp))(utmp)
-
-it() link(bf(valid users))(validusers)
-
-it() link(bf(veto files))(vetofiles)
-
-it() link(bf(veto oplock files))(vetooplockfiles)
-
-it() link(bf(volume))(volume)
-
-it() link(bf(wide links))(widelinks)
-
-it() link(bf(writable))(writable)
-
-it() link(bf(write cache size))(writecachesize)
-
-it() link(bf(write list))(writelist)
-
-it() link(bf(write ok))(writeok)
-
-it() link(bf(writeable))(writeable)
-
-endit()
-
-label(EXPLANATIONOFEACHPARAMETER)
-manpagesection(EXPLANATION OF EACH PARAMETER)
-
-startdit()
-
-label(adduserscript)
-dit(bf(add user script (G)))
-
-This is the full pathname to a script that will be run em(AS ROOT) by
-url(bf(smbd (8)))(smbd.8.html) under special circumstances decribed
-below.
-
-Normally, a Samba server requires that UNIX users are created for all
-users accessing files on this server. For sites that use Windows NT
-account databases as their primary user database creating these users
-and keeping the user list in sync with the Windows NT PDC is an
-onerous task. This option allows url(bf(smbd))(smbd.8.html) to create
-the required UNIX users em(ON DEMAND) when a user accesses the Samba
-server.
-
-In order to use this option, url(bf(smbd))(smbd.8.html) must be set to
-link(bf(security=server))(securityequalserver) or
-link(bf(security=domain))(securityequaldomain) and bf("add user script")
-must be set to a full pathname for a script that will create a UNIX user
-given one argument of bf(%u), which expands into the UNIX user name to
-create.
-
-When the Windows user attempts to access the Samba server, at
-em("login")(session setup in the SMB protocol) time,
-url(bf(smbd))(smbd.8.html) contacts the link(bf(password
-server))(passwordserver) and attempts to authenticate the given user
-with the given password. If the authentication succeeds then
-url(bf(smbd))(smbd.8.html) attempts to find a UNIX user in the UNIX
-password database to map the Windows user into. If this lookup fails,
-and bf("add user script") is set then url(bf(smbd))(smbd.8.html) will
-call the specified script em(AS ROOT), expanding any bf(%u) argument
-to be the user name to create.
-
-If this script successfully creates the user then
-url(bf(smbd))(smbd.8.html) will continue on as though the UNIX user
-already existed. In this way, UNIX users are dynamically created to
-match existing Windows NT accounts.
-
-See also link(bf(security=server))(securityequalserver),
-link(bf(security=domain))(securityequaldomain), link(bf(password
-server))(passwordserver), link(bf(delete user
-script))(deleteuserscript).
-
- bf(Default:)
-tt( add user script = <empty string>)
-
- bf(Example:)
-tt( add user script = /usr/local/samba/bin/add_user %u)
-
-label(adminusers)
-dit(bf(admin users (S)))
-
-This is a list of users who will be granted administrative privileges
-on the share. This means that they will do all file operations as the
-super-user (root).
-
-You should use this option very carefully, as any user in this list
-will be able to do anything they like on the share, irrespective of
-file permissions.
-
- bf(Default:) nl()
-tt( no admin users)
-
- bf(Example:) nl()
-tt( admin users = jason)
-
-label(allow hosts)
-dit(bf(allow hosts (S)))
-
-Synonym for link(bf(hosts allow))(hostsallow).
-
-label(allowtrusteddomains)
-dit(bf(allow trusted domains (G)))
-
-This option only takes effect when the link(bf(security))(security)
-option is set to bf(server) or bf(domain). If it is set to no,
-then attempts to connect to a resource from a domain or workgroup other than
-the one which smbd is running in will fail, even if that domain
-is trusted by the remote server doing the authentication.
-
-This is useful if you only want your Samba server to serve resources
-to users in the domain it is a member of. As an example, suppose that there are
-two domains DOMA and DOMB. DOMB is trusted by DOMA, which contains
-the Samba server. Under normal circumstances, a user with an account
-in DOMB can then access the resources of a UNIX account with the same
-account name on the Samba server even if they do not have an account
-in DOMA. This can make implementing a security boundary difficult.
-
- bf(Default:)
-tt( allow trusted domains = Yes)
-
- bf(Example:)
-tt( allow trusted domains = No)
-
-label(alternatepermissions)
-dit(bf(alternate permissions (S)))
-
-This is a deprecated parameter. It no longer has any effect in Samba2.0.
-In previous versions of Samba it affected the way the DOS "read only"
-attribute was mapped for a file. In Samba2.0 a file is marked "read only"
-if the UNIX file does not have the 'w' bit set for the owner of the file,
-regardless if the owner of the file is the currently logged on user or not.
-
-label(announceas)
-dit(bf(announce as (G)))
-
-This specifies what type of server url(bf(nmbd))(nmbd.8.html) will
-announce itself as, to a network neighborhood browse list. By default
-this is set to Windows NT. The valid options are : "NT", which is a
-synonym for "NT Server", "NT Server", "NT Workstation", "Win95" or
-"WfW" meaning Windows NT Server, Windows NT Workstation, Windows 95
-and Windows for Workgroups respectively. Do not change this parameter
-unless you have a specific need to stop Samba appearing as an NT server
-as this may prevent Samba servers from participating as browser servers correctly.
-
- bf(Default:)
-tt( announce as = NT Server)
-
- bf(Example)
-tt( announce as = Win95)
-
-label(announceversion)
-dit(bf(announce version (G)))
-
-This specifies the major and minor version numbers that nmbd will use
-when announcing itself as a server. The default is 4.2. Do not change
-this parameter unless you have a specific need to set a Samba server
-to be a downlevel server.
-
- bf(Default:)
-tt( announce version = 4.2)
-
- bf(Example:)
-tt( announce version = 2.0)
-
-
-label(autoservices)
-dit(bf(auto services (G)))
-
-This is a list of services that you want to be automatically added to
-the browse lists. This is most useful for homes and printers services
-that would otherwise not be visible.
-
-Note that if you just want all printers in your printcap file loaded
-then the link(bf("load printers"))(loadprinters) option is easier.
-
- bf(Default:)
-tt( no auto services)
-
- bf(Example:)
-tt( auto services = fred lp colorlp)
-
-label(available)
-dit(bf(available (S)))
-
-This parameter lets you em('turn off') a service. If tt('available = no'),
-then em(ALL) attempts to connect to the service will fail. Such failures
-are logged.
-
- bf(Default:)
-tt( available = yes)
-
- bf(Example:)
-tt( available = no)
-
-label(bindinterfacesonly)
-dit(bf(bind interfaces only (G)))
-
-This global parameter allows the Samba admin to limit what interfaces
-on a machine will serve smb requests. If affects file service
-url(bf(smbd))(smbd.8.html) and name service url(bf(nmbd))(nmbd.8.html)
-in slightly different ways.
-
-For name service it causes url(bf(nmbd))(nmbd.8.html) to bind to ports
-137 and 138 on the interfaces listed in the
-link(bf('interfaces'))(interfaces)
-parameter. url(bf(nmbd))(nmbd.8.html) also binds to the 'all
-addresses' interface (0.0.0.0) on ports 137 and 138 for the purposes
-of reading broadcast messages. If this option is not set then
-url(bf(nmbd))(nmbd.8.html) will service name requests on all of these
-sockets. If bf("bind interfaces only") is set then
-url(bf(nmbd))(nmbd.8.html) will check the source address of any
-packets coming in on the broadcast sockets and discard any that don't
-match the broadcast addresses of the interfaces in the
-link(bf('interfaces'))(interfaces) parameter list. As unicast packets
-are received on the other sockets it allows url(bf(nmbd))(nmbd.8.html)
-to refuse to serve names to machines that send packets that arrive
-through any interfaces not listed in the
-link(bf("interfaces"))(interfaces) list. IP Source address spoofing
-does defeat this simple check, however so it must not be used
-seriously as a security feature for url(bf(nmbd))(nmbd.8.html).
-
-For file service it causes url(bf(smbd))(smbd.8.html) to bind only to
-the interface list given in the link(bf('interfaces'))(interfaces)
-parameter. This restricts the networks that url(bf(smbd))(smbd.8.html)
-will serve to packets coming in those interfaces. Note that you
-should not use this parameter for machines that are serving PPP or
-other intermittent or non-broadcast network interfaces as it will not
-cope with non-permanent interfaces.
-
-If bf("bind interfaces only") is set then unless the network address
-em(127.0.0.1) is added to the link(bf('interfaces'))(interfaces) parameter
-list url(bf(smbpasswd))(smbpasswd.8.html) and
-url(bf(swat))(swat.8.html) may not work as expected due to the
-reasons covered below.
-
-To change a users SMB password, the url(bf(smbpasswd))(smbpasswd.8.html)
-by default connects to the em("localhost" - 127.0.0.1) address as an SMB
-client to issue the password change request. If bf("bind interfaces only")
-is set then unless the network address em(127.0.0.1) is added to the
-link(bf('interfaces'))(interfaces) parameter list then
-url(bf(smbpasswd))(smbpasswd.8.html) will fail to connect in it's
-default mode. url(bf(smbpasswd))(smbpasswd.8.html) can be forced to
-use the primary IP interface of the local host by using its
-url(bf("-r remote machine"))(smbpasswd.8.html#minusr) parameter, with
-bf("remote machine") set to the IP name of the primary interface
-of the local host.
-
-The url(bf(swat))(swat.8.html) status page tries to connect with
-url(bf(smbd))(smbd.8.html) and url(bf(nmbd))(nmbd.8.html) at the address
-em(127.0.0.1) to determine if they are running. Not adding em(127.0.0.1) will cause
-url(bf(smbd))(smbd.8.html) and url(bf(nmbd))(nmbd.8.html) to always show
-"not running" even if they really are. This can prevent
-url(bf(swat))(swat.8.html) from starting/stopping/restarting
-url(bf(smbd))(smbd.8.html) and url(bf(nmbd))(nmbd.8.html).
-
- bf(Default:)
-tt( bind interfaces only = False)
-
- bf(Example:)
-tt( bind interfaces only = True)
-
-label(blockinglocks)
-dit(bf(blocking locks (S)))
-
-This parameter controls the behavior of url(bf(smbd))(smbd.8.html) when
-given a request by a client to obtain a byte range lock on a region
-of an open file, and the request has a time limit associated with it.
-
-If this parameter is set and the lock range requested cannot be
-immediately satisfied, Samba 2.0 will internally queue the lock
-request, and periodically attempt to obtain the lock until the
-timeout period expires.
-
-If this parameter is set to "False", then Samba 2.0 will behave
-as previous versions of Samba would and will fail the lock
-request immediately if the lock range cannot be obtained.
-
-This parameter can be set per share.
-
- bf(Default:)
-tt( blocking locks = True)
-
- bf(Example:)
-tt( blocking locks = False)
-
-label(browsable)
-dit(bf(browsable (S)))
-
-Synonym for link(bf(browseable))(browseable).
-
-label(browselist)
-dit(bf(browse list(G)))
-
-This controls whether url(bf(smbd))(smbd.8.html) will serve a browse
-list to a client doing a NetServerEnum call. Normally set to true. You
-should never need to change this.
-
- bf(Default:)
-tt( browse list = Yes)
-
-label(browseable)
-dit(bf(browseable))
-
-This controls whether this share is seen in the list of available
-shares in a net view and in the browse list.
-
- bf(Default:)
-tt( browseable = Yes)
-
- bf(Example:)
-tt( browseable = No)
-
-label(casesensitive)
-dit(bf(case sensitive (S)))
-
-See the discussion in the section link(bf(NAME MANGLING))(NAMEMANGLING).
-
-label(casesignames)
-dit(bf(casesignames (S)))
-
-Synonym for link(bf("case sensitive"))(casesensitive).
-
-label(changenotifytimeout)
-dit(bf(change notify timeout (G)))
-
-One of the new NT SMB requests that Samba 2.0 supports is the
-"ChangeNotify" requests. This SMB allows a client to tell a server to
-em("watch") a particular directory for any changes and only reply to
-the SMB request when a change has occurred. Such constant scanning of
-a directory is expensive under UNIX, hence an
-url(bf(smbd))(smbd.8.html) daemon only performs such a scan on each
-requested directory once every bf(change notify timeout) seconds.
-
-bf(change notify timeout) is specified in units of seconds.
-
- bf(Default:)
-tt( change notify timeout = 60)
-
- bf(Example:)
-tt( change notify timeout = 300)
-
-Would change the scan time to every 5 minutes.
-
-label(characterset)
-dit(bf(character set (G)))
-
-This allows a smbd to map incoming filenames from a DOS Code page (see
-the link(bf(client code page))(clientcodepage) parameter) to several
-built in UNIX character sets. The built in code page translations are:
-
-startit()
-
-it() bf(ISO8859-1) Western European UNIX character set. The parameter
-link(bf(client code page))(clientcodepage) em(MUST) be set to code
-page 850 if the bf(character set) parameter is set to iso8859-1
-in order for the conversion to the UNIX character set to be done
-correctly.
-
-it() bf(ISO8859-2) Eastern European UNIX character set. The parameter
-link(bf(client code page))(clientcodepage) em(MUST) be set to code
-page 852 if the bf(character set) parameter is set to ISO8859-2
-in order for the conversion to the UNIX character set to be done
-correctly.
-
-it() bf(ISO8859-5) Russian Cyrillic UNIX character set. The parameter
-link(bf(client code page))(clientcodepage) em(MUST) be set to code
-page 866 if the bf(character set) parameter is set to ISO8859-5
-in order for the conversion to the UNIX character set to be done
-correctly.
-
-it() bf(ISO8859-7) Greek UNIX character set. The parameter
-link(bf(client code page))(clientcodepage) em(MUST) be set to code
-page 737 if the bf(character set) parameter is set to ISO8859-7
-in order for the conversion to the UNIX character set to be done
-correctly.
-
-it() bf(KOI8-R) Alternate mapping for Russian Cyrillic UNIX
-character set. The parameter link(bf(client code
-page))(clientcodepage) em(MUST) be set to code page 866 if the
-bf(character set) parameter is set to KOI8-R in order for the
-conversion to the UNIX character set to be done correctly.
-
-endit()
-
-em(BUG). These MSDOS code page to UNIX character set mappings should
-be dynamic, like the loading of MS DOS code pages, not static.
-
-See also link(bf(client code page))(clientcodepage). Normally this
-parameter is not set, meaning no filename translation is done.
-
- bf(Default:)
-tt( character set = <empty string>)
-
- bf(Example:)
-tt( character set = ISO8859-1)
-
-label(clientcodepage)
-dit(bf(client code page (G)))
-
-This parameter specifies the DOS code page that the clients accessing
-Samba are using. To determine what code page a Windows or DOS client
-is using, open a DOS command prompt and type the command "chcp". This
-will output the code page. The default for USA MS-DOS, Windows 95, and
-Windows NT releases is code page 437. The default for western european
-releases of the above operating systems is code page 850.
-
-This parameter tells url(bf(smbd))(smbd.8.html) which of the
-tt(codepage.XXX) files to dynamically load on startup. These files,
-described more fully in the manual page url(bf(make_smbcodepage
-(1)))(make_smbcodepage.1.html), tell url(bf(smbd))(smbd.8.html) how
-to map lower to upper case characters to provide the case insensitivity
-of filenames that Windows clients expect.
-
-Samba currently ships with the following code page files :
-
-startit()
-
-it() bf(Code Page 437 - MS-DOS Latin US)
-
-it() bf(Code Page 737 - Windows '95 Greek)
-
-it() bf(Code Page 850 - MS-DOS Latin 1)
-
-it() bf(Code Page 852 - MS-DOS Latin 2)
-
-it() bf(Code Page 861 - MS-DOS Icelandic)
-
-it() bf(Code Page 866 - MS-DOS Cyrillic)
-
-it() bf(Code Page 932 - MS-DOS Japanese SJIS)
-
-it() bf(Code Page 936 - MS-DOS Simplified Chinese)
-
-it() bf(Code Page 949 - MS-DOS Korean Hangul)
-
-it() bf(Code Page 950 - MS-DOS Traditional Chinese)
-
-endit()
-
-Thus this parameter may have any of the values 437, 737, 850, 852,
-861, 932, 936, 949, or 950. If you don't find the codepage you need,
-read the comments in one of the other codepage files and the
-url(bf(make_smbcodepage (1)))(make_smbcodepage.1.html) man page and
-write one. Please remember to donate it back to the Samba user
-community.
-
-This parameter co-operates with the link(bf("valid
-chars"))(validchars) parameter in determining what characters are
-valid in filenames and how capitalization is done. If you set both
-this parameter and the link(bf("valid chars"))(validchars) parameter
-the bf("client code page") parameter em(MUST) be set before the
-link(bf("valid chars"))(validchars) parameter in the bf(smb.conf)
-file. The link(bf("valid chars"))(validchars) string will then augment
-the character settings in the "client code page" parameter.
-
-If not set, bf("client code page") defaults to 850.
-
-See also : link(bf("valid chars"))(validchars)
-
- bf(Default:)
-tt( client code page = 850)
-
- bf(Example:)
-tt( client code page = 936)
-
-label(codingsystem)
-dit(bf(codingsystem (G)))
-
-This parameter is used to determine how incoming Shift-JIS Japanese
-characters are mapped from the incoming link(bf("client code
-page"))(clientcodepage) used by the client, into file names in the
-UNIX filesystem. Only useful if link(bf("client code
-page"))(clientcodepage) is set to 932 (Japanese Shift-JIS).
-
-The options are :
-
-startit()
-
-it() bf(SJIS) Shift-JIS. Does no conversion of the incoming filename.
-
-it() bf(JIS8, J8BB, J8BH, J8@B, J8@J, J8@H ) Convert from incoming
-Shift-JIS to eight bit JIS code with different shift-in, shift out
-codes.
-
-it() bf(JIS7, J7BB, J7BH, J7@B, J7@J, J7@H ) Convert from incoming
-Shift-JIS to seven bit JIS code with different shift-in, shift out
-codes.
-
-it() bf(JUNET, JUBB, JUBH, JU@B, JU@J, JU@H ) Convert from incoming
-Shift-JIS to JUNET code with different shift-in, shift out codes.
-
-it() bf(EUC) Convert an incoming Shift-JIS character to EUC code.
-
-it() bf(HEX) Convert an incoming Shift-JIS character to a 3 byte hex
-representation, i.e. tt(:AB).
-
-it() bf(CAP) Convert an incoming Shift-JIS character to the 3 byte hex
-representation used by the Columbia AppleTalk Program (CAP),
-i.e. tt(:AB). This is used for compatibility between Samba and CAP.
-
-endit()
-
-label(comment)
-dit(bf(comment (S)))
-
-This is a text field that is seen next to a share when a client does a
-queries the server, either via the network neighborhood or via "net
-view" to list what shares are available.
-
-If you want to set the string that is displayed next to the machine
-name then see the server string command.
-
- bf(Default:)
-tt( No comment string)
-
- bf(Example:)
-tt( comment = Fred's Files)
-
-label(configfile)
-dit(bf(config file (G)))
-
-This allows you to override the config file to use, instead of the
-default (usually bf(smb.conf)). There is a chicken and egg problem
-here as this option is set in the config file!
-
-For this reason, if the name of the config file has changed when the
-parameters are loaded then it will reload them from the new config
-file.
-
-This option takes the usual substitutions, which can be very useful.
-
-If the config file doesn't exist then it won't be loaded (allowing you
-to special case the config files of just a few clients).
-
- bf(Example:)
-tt( config file = /usr/local/samba/lib/smb.conf.%m)
-
-label(copy)
-dit(bf(copy (S)))
-
-This parameter allows you to em('clone') service entries. The specified
-service is simply duplicated under the current service's name. Any
-parameters specified in the current section will override those in the
-section being copied.
-
-This feature lets you set up a 'template' service and create similar
-services easily. Note that the service being copied must occur earlier
-in the configuration file than the service doing the copying.
-
- bf(Default:)
-tt( none)
-
- bf(Example:)
-tt( copy = otherservice)
-
-label(createmask)
-dit(bf(create mask (S)))
-
-A synonym for this parameter is link(bf('create mode'))(createmode).
-
-When a file is created, the necessary permissions are calculated
-according to the mapping from DOS modes to UNIX permissions, and the
-resulting UNIX mode is then bit-wise 'AND'ed with this parameter.
-This parameter may be thought of as a bit-wise MASK for the UNIX modes
-of a file. Any bit em(*not*) set here will be removed from the modes set
-on a file when it is created.
-
-The default value of this parameter removes the 'group' and 'other'
-write and execute bits from the UNIX modes.
-
-Following this Samba will bit-wise 'OR' the UNIX mode created from
-this parameter with the value of the "force create mode" parameter
-which is set to 000 by default.
-
-This parameter does not affect directory modes. See the parameter
-link(bf('directory mode'))(directorymode) for details.
-
-See also the link(bf("force create mode"))(forcecreatemode) parameter
-for forcing particular mode bits to be set on created files. See also
-the link(bf("directory mode"))(directorymode) parameter for masking
-mode bits on created directories.
-See also the link(bf("inherit permissions"))(inheritpermissions) parameter.
-
- bf(Default:)
-tt( create mask = 0744)
-
- bf(Example:)
-tt( create mask = 0775)
-
-label(createmode)
-dit(bf(create mode (S)))
-
-This is a synonym for link(bf(create mask))(createmask).
-
-label(deadtime)
-dit(bf(deadtime (G)))
-
-The value of the parameter (a decimal integer) represents the number
-of minutes of inactivity before a connection is considered dead, and
-it is disconnected. The deadtime only takes effect if the number of
-open files is zero.
-
-This is useful to stop a server's resources being exhausted by a large
-number of inactive connections.
-
-Most clients have an auto-reconnect feature when a connection is
-broken so in most cases this parameter should be transparent to users.
-
-Using this parameter with a timeout of a few minutes is recommended
-for most systems.
-
-A deadtime of zero indicates that no auto-disconnection should be
-performed.
-
- bf(Default:)
-tt( deadtime = 0)
-
- bf(Example:)
-tt( deadtime = 15)
-
-label(debughirestimestamp)
-dit(bf(debug hires timestamp (G)))
-
-Sometimes the timestamps in the log messages are needed with a
-resolution of higher that seconds, this boolean parameter adds
-microsecond resolution to the timestamp message header when turned on.
-
-Note that the parameter link(bf(debug timestamp))(debugtimestamp)
-must be on for this to have an effect.
-
- bf(Default:)
-tt( debug hires timestamp = No)
-
- bf(Example:)
-tt( debug hires timestamp = Yes)
-
-label(debugtimestamp)
-dit(bf(debug timestamp (G)))
-
-Samba2.0 debug log messages are timestamped by default. If you are
-running at a high link(bf("debug level"))(debuglevel) these timestamps
-can be distracting. This boolean parameter allows timestamping to be turned
-off.
-
- bf(Default:)
-tt( debug timestamp = Yes)
-
- bf(Example:)
-tt( debug timestamp = No)
-
-label(debugpid)
-dit(bf(debug pid (G)))
-
-When using only one log file for more then one forked smbd-process
-there may be hard to follow which process outputs which message.
-This boolean parameter is adds the process-id to the timestamp message
-headers in the logfile when turned on.
-
-Note that the parameter link(bf(debug timestamp))(debugtimestamp)
-must be on for this to have an effect.
-
- bf(Default:)
-tt( debug pid = No)
-
- bf(Example:)
-tt( debug pid = Yes)
-
-label(debuguid)
-dit(bf(debug uid (G)))
-
-Samba is sometimes run as root and sometime run as the connected
-user, this boolean parameter inserts the current euid, egid, uid
-and gid to the timestamp message headers in the log file if turned on.
-
-Note that the parameter link(bf(debug timestamp))(debugtimestamp)
-must be on for this to have an effect.
-
- bf(Default:)
-tt( debug uid = No)
-
- bf(Example:)
-tt( debug uid = Yes)
-
-label(debuglevel)
-dit(bf(debug level (G)))
-
-The value of the parameter (an integer) allows the debug level
-(logging level) to be specified in the bf(smb.conf) file. This is to
-give greater flexibility in the configuration of the system.
-
-The default will be the debug level specified on the command line
-or level zero if none was specified.
-
- bf(Example:)
-tt( debug level = 3)
-
-label(default)
-dit(bf(default (G)))
-
-A synonym for link(bf(default service))(defaultservice).
-
-label(defaultcase)
-dit(bf(default case (S)))
-
-See the section on link(bf("NAME MANGLING"))(NAMEMANGLING). Also note
-the link(bf("short preserve case"))(shortpreservecase) parameter.
-
-label(defaultservice)
-dit(bf(default service (G)))
-
-This parameter specifies the name of a service which will be connected
-to if the service actually requested cannot be found. Note that the
-square brackets are em(NOT) given in the parameter value (see example
-below).
-
-There is no default value for this parameter. If this parameter is not
-given, attempting to connect to a nonexistent service results in an
-error.
-
-Typically the default service would be a link(bf(guest ok))(guestok),
-link(bf(read-only))(readonly) service.
-
-Also note that the apparent service name will be changed to equal that
-of the requested service, this is very useful as it allows you to use
-macros like link(bf(%S))(percentS) to make a wildcard service.
-
-Note also that any tt('_') characters in the name of the service used
-in the default service will get mapped to a tt('/'). This allows for
-interesting things.
-
-
- bf(Example:)
-verb(
- default service = pub
-
- [pub]
- path = /%S
-)
-
-label(deleteuserscript)
-dit(bf(delete user script (G)))
-
-This is the full pathname to a script that will be run em(AS ROOT) by
-url(bf(smbd (8)))(smbd.8.html) under special circumstances decribed
-below.
-
-Normally, a Samba server requires that UNIX users are created for all
-users accessing files on this server. For sites that use Windows NT
-account databases as their primary user database creating these users
-and keeping the user list in sync with the Windows NT PDC is an
-onerous task. This option allows url(bf(smbd))(smbd.8.html) to delete
-the required UNIX users em(ON DEMAND) when a user accesses the Samba
-server and the Windows NT user no longer exists.
-
-In order to use this option, url(bf(smbd))(smbd.8.html) must be set to
-link(bf(security=domain))(securityequaldomain) and bf("delete user
-script") must be set to a full pathname for a script that will delete
-a UNIX user given one argument of bf(%u), which expands into the UNIX
-user name to delete. em(NOTE) that this is different to the
-link(bf(add user script))(adduserscript) which will work with the
-link(bf(security=server))(securityequalserver) option as well as
-link(bf(security=domain))(securityequaldomain). The reason for this
-is only when Samba is a domain member does it get the information
-on an attempted user logon that a user no longer exists. In the
-link(bf(security=server))(securityequalserver) mode a missing user
-is treated the same as an invalid password logon attempt. Deleting
-the user in this circumstance would not be a good idea.
-
-When the Windows user attempts to access the Samba server, at
-em("login")(session setup in the SMB protocol) time,
-url(bf(smbd))(smbd.8.html) contacts the link(bf(password
-server))(passwordserver) and attempts to authenticate the given user
-with the given password. If the authentication fails with the specific
-Domain error code meaning that the user no longer exists then
-url(bf(smbd))(smbd.8.html) attempts to find a UNIX user in the UNIX
-password database that matches the Windows user account. If this lookup succeeds,
-and bf("delete user script") is set then url(bf(smbd))(smbd.8.html) will
-call the specified script em(AS ROOT), expanding any bf(%u) argument
-to be the user name to delete.
-
-This script should delete the given UNIX username. In this way, UNIX
-users are dynamically deleted to match existing Windows NT accounts.
-
-See also link(bf(security=domain))(securityequaldomain),
-link(bf(password server))(passwordserver), link(bf(add user
-script))(adduserscript).
-
- bf(Default:)
-tt( delete user script = <empty string>)
-
- bf(Example:)
-tt( delete user script = /usr/local/samba/bin/del_user %u)
-
-label(deletereadonly)
-dit(bf(delete readonly (S)))
-
-This parameter allows readonly files to be deleted. This is not
-normal DOS semantics, but is allowed by UNIX.
-
-This option may be useful for running applications such as rcs, where
-UNIX file ownership prevents changing file permissions, and DOS
-semantics prevent deletion of a read only file.
-
- bf(Default:)
-tt( delete readonly = No)
-
- bf(Example:)
-tt( delete readonly = Yes)
-
-label(deletevetofiles)
-dit(bf(delete veto files (S)))
-
-This option is used when Samba is attempting to delete a directory
-that contains one or more vetoed directories (see the link(bf('veto
-files'))(vetofiles) option). If this option is set to False (the
-default) then if a vetoed directory contains any non-vetoed files or
-directories then the directory delete will fail. This is usually what
-you want.
-
-If this option is set to True, then Samba will attempt to recursively
-delete any files and directories within the vetoed directory. This can
-be useful for integration with file serving systems such as bf(NetAtalk),
-which create meta-files within directories you might normally veto
-DOS/Windows users from seeing (e.g. tt(.AppleDouble))
-
-Setting tt('delete veto files = True') allows these directories to be
-transparently deleted when the parent directory is deleted (so long
-as the user has permissions to do so).
-
-See also the link(bf(veto files))(vetofiles) parameter.
-
- bf(Default:)
-tt( delete veto files = False)
-
- bf(Example:)
-tt( delete veto files = True)
-
-label(denyhosts)
-dit(bf(deny hosts (S)))
-
-Synonym for link(bf(hosts deny))(hostsdeny).
-
-label(dfreecommand)
-dit(bf(dfree command (G)))
-
-The dfree command setting should only be used on systems where a
-problem occurs with the internal disk space calculations. This has
-been known to happen with Ultrix, but may occur with other operating
-systems. The symptom that was seen was an error of "Abort Retry
-Ignore" at the end of each directory listing.
-
-This setting allows the replacement of the internal routines to
-calculate the total disk space and amount available with an external
-routine. The example below gives a possible script that might fulfill
-this function.
-
-The external program will be passed a single parameter indicating a
-directory in the filesystem being queried. This will typically consist
-of the string tt("./"). The script should return two integers in
-ascii. The first should be the total disk space in blocks, and the
-second should be the number of available blocks. An optional third
-return value can give the block size in bytes. The default blocksize
-is 1024 bytes.
-
-Note: Your script should em(NOT) be setuid or setgid and should be
-owned by (and writeable only by) root!
-
- bf(Default:)
-tt( By default internal routines for determining the disk capacity
-and remaining space will be used.)
-
- bf(Example:)
-tt( dfree command = /usr/local/samba/bin/dfree)
-
-Where the script dfree (which must be made executable) could be:
-
-verb(
- #!/bin/sh
- df $1 | tail -1 | awk '{print $2" "$4}'
-)
-
-or perhaps (on Sys V based systems):
-
-verb(
- #!/bin/sh
- /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
-)
-
- Note that you may have to replace the command names with full
-path names on some systems.
-
-label(directory)
-dit(bf(directory (S)))
-
-Synonym for link(bf(path))(path).
-
-label(directorymask)
-dit(bf(directory mask (S)))
-
-This parameter is the octal modes which are used when converting DOS
-modes to UNIX modes when creating UNIX directories.
-
-When a directory is created, the necessary permissions are calculated
-according to the mapping from DOS modes to UNIX permissions, and the
-resulting UNIX mode is then bit-wise 'AND'ed with this parameter.
-This parameter may be thought of as a bit-wise MASK for the UNIX modes
-of a directory. Any bit em(*not*) set here will be removed from the
-modes set on a directory when it is created.
-
-The default value of this parameter removes the 'group' and 'other'
-write bits from the UNIX mode, allowing only the user who owns the
-directory to modify it.
-
-Following this Samba will bit-wise 'OR' the UNIX mode created from
-this parameter with the value of the "force directory mode"
-parameter. This parameter is set to 000 by default (i.e. no extra mode
-bits are added).
-
-See the link(bf("force directory mode"))(forcedirectorymode) parameter
-to cause particular mode bits to always be set on created directories.
-
-See also the link(bf("create mode"))(createmode) parameter for masking
-mode bits on created files, and the link(bf("directory security mask"))(directorysecuritymask)
-parameter.
-
-See also the link(bf("inherit permissions"))(inheritpermissions) parameter.
-
- bf(Default:)
-tt( directory mask = 0755)
-
- bf(Example:)
-tt( directory mask = 0775)
-
-label(directorymode)
-dit(bf(directory mode (S)))
-
-Synonym for link(bf(directory mask))(directorymask).
-
-label(directorysecuritymask)
-dit(bf(directory security mask (S)))
-
-This parameter controls what UNIX permission bits can be modified
-when a Windows NT client is manipulating the UNIX permission on a
-directory using the native NT security dialog box.
-
-This parameter is applied as a mask (AND'ed with) to the changed
-permission bits, thus preventing any bits not in this mask from
-being modified. Essentially, zero bits in this mask may be treated
-as a set of bits the user is not allowed to change.
-
-If not set explicitly this parameter is set to the same value as the
-link(bf(directory mask))(directorymask) parameter. To allow a user to
-modify all the user/group/world permissions on a directory, set this
-parameter to 0777.
-
-em(Note) that users who can access the Samba server through other
-means can easily bypass this restriction, so it is primarily
-useful for standalone "appliance" systems. Administrators of
-most normal systems will probably want to set it to 0777.
-
-See also the link(bf(force directory security
-mode))(forcedirectorysecuritymode), link(bf(security
-mask))(securitymask), link(bf(force security mode))(forcesecuritymode)
-parameters.
-
- bf(Default:)
-tt( directory security mask = <same as directory mask>)
-
- bf(Example:)
-tt( directory security mask = 0777)
-
-label(dnsproxy)
-dit(bf(dns proxy (G)))
-
-Specifies that url(bf(nmbd))(nmbd.8.html) when acting as a WINS
-server and finding that a NetBIOS name has not been registered, should
-treat the NetBIOS name word-for-word as a DNS name and do a lookup
-with the DNS server for that name on behalf of the name-querying
-client.
-
-Note that the maximum length for a NetBIOS name is 15 characters, so
-the DNS name (or DNS alias) can likewise only be 15 characters,
-maximum.
-
-url(bf(nmbd))(nmbd.8.html) spawns a second copy of itself to do the
-DNS name lookup requests, as doing a name lookup is a blocking action.
-
-See also the parameter link(bf(wins support))(winssupport).
-
- bf(Default:)
-tt( dns proxy = yes)
-
-label(domainadmingroup)
-bf(domain admin group (G))
-
-This is an bf(EXPERIMENTAL) parameter that is part of the unfinished
-Samba NT Domain Controller Code. It may be removed in a later release.
-To work with the latest code builds that may have more support for
-Samba NT Domain Controller functionality please subscribe to the
-mailing list bf(Samba-ntdom) available by visiting the web page at
-url(http://lists.samba.org/)(http://lists.samba.org/)
-
-label(domainadminusers)
-dit(bf(domain admin users (G)))
-
-This is an bf(EXPERIMENTAL) parameter that is part of the unfinished
-Samba NT Domain Controller Code. It may be removed in a later release.
-To work with the latest code builds that may have more support for
-Samba NT Domain Controller functionality please subscribe to the
-mailing list bf(Samba-ntdom) available by visiting the web page at
-url(http://lists.samba.org/)(http://lists.samba.org/)
-
-label(domaingroups)
-dit(bf(domain groups (G)))
-
-This is an bf(EXPERIMENTAL) parameter that is part of the unfinished
-Samba NT Domain Controller Code. It may be removed in a later release.
-To work with the latest code builds that may have more support for
-Samba NT Domain Controller functionality please subscribe to the
-mailing list bf(Samba-ntdom) available by visiting the web page at
-url(http://lists.samba.org/)(http://lists.samba.org/)
-
-label(domainguestgroup)
-dit(bf(domain guest group (G)))
-
-This is an bf(EXPERIMENTAL) parameter that is part of the unfinished
-Samba NT Domain Controller Code. It may be removed in a later release.
-To work with the latest code builds that may have more support for
-Samba NT Domain Controller functionality please subscribe to the
-mailing list bf(Samba-ntdom) available by visiting the web page at
-url(http://lists.samba.org/)(http://lists.samba.org/)
-
-label(domainguestusers)
-dit(bf(domain guest users (G)))
-
-This is an bf(EXPERIMENTAL) parameter that is part of the unfinished
-Samba NT Domain Controller Code. It may be removed in a later release.
-To work with the latest code builds that may have more support for
-Samba NT Domain Controller functionality please subscribe to the
-mailing list bf(Samba-ntdom) available by visiting the web page at
-url(http://lists.samba.org/)(http://lists.samba.org/)
-
-label(domainlogons)
-dit(bf(domain logons (G)))
-
-If set to true, the Samba server will serve Windows 95/98 Domain
-logons for the link(bf(workgroup))(workgroup) it is in. For more
-details on setting up this feature see the file DOMAINS.txt in the
-Samba documentation directory tt(docs/) shipped with the source code.
-
-Note that Win95/98 Domain logons are em(NOT) the same as Windows
-NT Domain logons. NT Domain logons require a Primary Domain Controller
-(PDC) for the Domain. It is intended that in a future release Samba
-will be able to provide this functionality for Windows NT clients
-also.
-
- bf(Default:)
-tt( domain logons = no)
-
-label(domainmaster)
-dit(bf(domain master (G)))
-
-Tell url(bf(nmbd))(nmbd.8.html) to enable WAN-wide browse list
-collation. Setting this option causes url(bf(nmbd))(nmbd.8.html) to
-claim a special domain specific NetBIOS name that identifies it as a
-domain master browser for its given
-link(bf(workgroup))(workgroup). Local master browsers in the same
-link(bf(workgroup))(workgroup) on broadcast-isolated subnets will give
-this url(bf(nmbd))(nmbd.8.html) their local browse lists, and then
-ask url(bf(smbd))(smbd.8.html) for a complete copy of the browse list
-for the whole wide area network. Browser clients will then contact
-their local master browser, and will receive the domain-wide browse
-list, instead of just the list for their broadcast-isolated subnet.
-
-Note that Windows NT Primary Domain Controllers expect to be able to
-claim this link(bf(workgroup))(workgroup) specific special NetBIOS
-name that identifies them as domain master browsers for that
-link(bf(workgroup))(workgroup) by default (i.e. there is no way to
-prevent a Windows NT PDC from attempting to do this). This means that
-if this parameter is set and url(bf(nmbd))(nmbd.8.html) claims the
-special name for a link(bf(workgroup))(workgroup) before a Windows NT
-PDC is able to do so then cross subnet browsing will behave strangely
-and may fail.
-
- bf(Default:)
-tt( domain master = no)
-
-label(dont descend)
-dit(bf(dont descend (S)))
-
-There are certain directories on some systems (e.g., the tt(/proc) tree
-under Linux) that are either not of interest to clients or are
-infinitely deep (recursive). This parameter allows you to specify a
-comma-delimited list of directories that the server should always show
-as empty.
-
-Note that Samba can be very fussy about the exact format of the "dont
-descend" entries. For example you may need tt("./proc") instead of
-just tt("/proc"). Experimentation is the best policy :-)
-
- bf(Default:)
-tt( none (i.e., all directories are OK to descend))
-
- bf(Example:)
-tt( dont descend = /proc,/dev)
-
-label(dosfiletimeresolution)
-dit(bf(dos filetime resolution (S)))
-
-Under the DOS and Windows FAT filesystem, the finest granularity on
-time resolution is two seconds. Setting this parameter for a share
-causes Samba to round the reported time down to the nearest two second
-boundary when a query call that requires one second resolution is made
-to url(bf(smbd))(smbd.8.html).
-
-This option is mainly used as a compatibility option for Visual C++
-when used against Samba shares. If oplocks are enabled on a share,
-Visual C++ uses two different time reading calls to check if a file
-has changed since it was last read. One of these calls uses a
-one-second granularity, the other uses a two second granularity. As
-the two second call rounds any odd second down, then if the file has a
-timestamp of an odd number of seconds then the two timestamps will not
-match and Visual C++ will keep reporting the file has changed. Setting
-this option causes the two timestamps to match, and Visual C++ is
-happy.
-
- bf(Default:)
-tt( dos filetime resolution = False)
-
- bf(Example:)
-tt( dos filetime resolution = True)
-
-label(dos filetimes)
-dit(bf(dos filetimes (S)))
-
-Under DOS and Windows, if a user can write to a file they can change
-the timestamp on it. Under POSIX semantics, only the owner of the file
-or root may change the timestamp. By default, Samba runs with POSIX
-semantics and refuses to change the timestamp on a file if the user
-smbd is acting on behalf of is not the file owner. Setting this option
-to True allows DOS semantics and smbd will change the file timestamp as
-DOS requires.
-
- bf(Default:)
-tt( dos filetimes = False)
-
- bf(Example:)
-tt( dos filetimes = True)
-
-label(encryptpasswords)
-dit(bf(encrypt passwords (G)))
-
-This boolean controls whether encrypted passwords will be negotiated
-with the client. Note that Windows NT 4.0 SP3 and above and also
-Windows 98 will by default expect encrypted passwords unless a
-registry entry is changed. To use encrypted passwords in Samba see the
-file ENCRYPTION.txt in the Samba documentation directory tt(docs/)
-shipped with the source code.
-
-In order for encrypted passwords to work correctly
-url(bf(smbd))(smbd.8.html) must either have access to a local
-url(bf(smbpasswd (5)))(smbpasswd.5.html) file (see the
-url(bf(smbpasswd (8)))(smbpasswd.8.html) program for information on
-how to set up and maintain this file), or set the
-link(bf(security=))(security) parameter to either
-link(bf("server"))(securityequalserver) or
-link(bf("domain"))(securityequaldomain) which causes
-url(bf(smbd))(smbd.8.html) to authenticate against another server.
-
-label(enhancedbrowsing)
-dit(bf(enhanced browsing (G)))
-
-This option enables a couple of enhancements to cross-subnet browse
-propogation that have been added in Samba but which are not standard
-in Microsoft implementations. Enhanced browsing is enabled by
-default, and can be diabled using "enhanced browsing = No".
-
-The first enhancement to browse propogation consists of a regular
-wildcard query to a Samba WINS server for all Domain Master Browsers,
-followed by a browse synchronisation with each of the returned
-DMBs. The second enhancement consists of a regular randomised browse
-synchronisation with all currently known DMBs.
-
-You may wish to disable this option if you have a problem with empty
-workgroups not disappearing from browse lists. Due to the restrictions
-of the browse protocols these enhancements can cause a empty workgroup
-to stay around forever which can be annoying.
-
-In general you should leave this option enabled as it makes
-cross-subnet browse propogation much more reliable.
-
-label(exec)
-dit(bf(exec (S)))
-
-This is a synonym for link(bf(preexec))(preexec).
-
-label(fake directory create times)
-dit(bf(fake directory create times (S)))
-
-NTFS and Windows VFAT file systems keep a create time for all files
-and directories. This is not the same as the ctime - status change
-time - that Unix keeps, so Samba by default reports the earliest of
-the various times Unix does keep. Setting this parameter for a share
-causes Samba to always report midnight 1-1-1980 as the create time for
-directories.
-
-This option is mainly used as a compatibility option for Visual C++
-when used against Samba shares. Visual C++ generated makefiles have
-the object directory as a dependency for each object file, and a make
-rule to create the directory. Also, when NMAKE compares timestamps it
-uses the creation time when examining a directory. Thus the object
-directory will be created if it does not exist, but once it does exist
-it will always have an earlier timestamp than the object files it
-contains.
-
-However, Unix time semantics mean that the create time reported by
-Samba will be updated whenever a file is created or deleted in the
-directory. NMAKE therefore finds all object files in the object
-directory bar the last one built are out of date compared to the
-directory and rebuilds them. Enabling this option ensures directories
-always predate their contents and an NMAKE build will proceed as
-expected.
-
- bf(Default:)
-tt( fake directory create times = False)
-
- bf(Example:)
-tt( fake directory create times = True)
-
-label(fakeoplocks)
-dit(bf(fake oplocks (S)))
-
-Oplocks are the way that SMB clients get permission from a server to
-locally cache file operations. If a server grants an oplock
-(opportunistic lock) then the client is free to assume that it is the
-only one accessing the file and it will aggressively cache file
-data. With some oplock types the client may even cache file open/close
-operations. This can give enormous performance benefits.
-
-When you set tt("fake oplocks = yes") url(bf(smbd))(smbd.8.html) will
-always grant oplock requests no matter how many clients are using the
-file.
-
-It is generally much better to use the real link(bf(oplocks))(oplocks)
-support rather than this parameter.
-
-If you enable this option on all read-only shares or shares that you
-know will only be accessed from one client at a time such as
-physically read-only media like CDROMs, you will see a big performance
-improvement on many operations. If you enable this option on shares
-where multiple clients may be accessing the files read-write at the
-same time you can get data corruption. Use this option carefully!
-
-This option is disabled by default.
-
-label(followsymlinks)
-dit(bf(follow symlinks (S)))
-
-This parameter allows the Samba administrator to stop
-url(bf(smbd))(smbd.8.html) from following symbolic links in a
-particular share. Setting this parameter to em("No") prevents any file
-or directory that is a symbolic link from being followed (the user
-will get an error). This option is very useful to stop users from
-adding a symbolic link to tt(/etc/passwd) in their home directory for
-instance. However it will slow filename lookups down slightly.
-
-This option is enabled (i.e. url(bf(smbd))(smbd.8.html) will follow
-symbolic links) by default.
-
-label(forcecreatemode)
-dit(bf(force create mode (S)))
-
-This parameter specifies a set of UNIX mode bit permissions that will
-em(*always*) be set on a file by Samba. This is done by bitwise
-'OR'ing these bits onto the mode bits of a file that is being created
-or having its permissions changed. The default for this parameter is
-(in octal) 000. The modes in this parameter are bitwise 'OR'ed onto
-the file mode after the mask set in the link(bf("create
-mask"))(createmask) parameter is applied.
-
-See also the parameter link(bf("create mask"))(createmask) for details
-on masking mode bits on files.
-
-See also the link(bf("inherit permissions"))(inheritpermissions) parameter.
-
- bf(Default:)
-tt( force create mode = 000)
-
- bf(Example:)
-tt( force create mode = 0755)
-
-would force all created files to have read and execute permissions set
-for 'group' and 'other' as well as the read/write/execute bits set for
-the 'user'.
-
-label(forcedirectorymode)
-dit(bf(force directory mode (S)))
-
-This parameter specifies a set of UNIX mode bit permissions that will
-em(*always*) be set on a directory created by Samba. This is done by
-bitwise 'OR'ing these bits onto the mode bits of a directory that is
-being created. The default for this parameter is (in octal) 0000 which
-will not add any extra permission bits to a created directory. This
-operation is done after the mode mask in the parameter
-link(bf("directory mask"))(directorymask) is applied.
-
-See also the parameter link(bf("directory mask"))(directorymask) for
-details on masking mode bits on created directories.
-
-See also the link(bf("inherit permissions"))(inheritpermissions) parameter.
-
- bf(Default:)
-tt( force directory mode = 000)
-
- bf(Example:)
-tt( force directory mode = 0755)
-
-would force all created directories to have read and execute
-permissions set for 'group' and 'other' as well as the
-read/write/execute bits set for the 'user'.
-
-label(forcedirectorysecuritymode)
-dit(bf(force directory security mode (S)))
-
-This parameter controls what UNIX permission bits can be modified when
-a Windows NT client is manipulating the UNIX permission on a directory
-using the native NT security dialog box.
-
-This parameter is applied as a mask (OR'ed with) to the changed
-permission bits, thus forcing any bits in this mask that the user may
-have modified to be on. Essentially, one bits in this mask may be
-treated as a set of bits that, when modifying security on a directory,
-the user has always set to be 'on'.
-
-If not set explicitly this parameter is set to the same value as the
-link(bf(force directory mode))(forcedirectorymode) parameter. To allow
-a user to modify all the user/group/world permissions on a directory,
-with restrictions set this parameter to 000.
-
-em(Note) that users who can access the Samba server through other
-means can easily bypass this restriction, so it is primarily
-useful for standalone "appliance" systems. Administrators of
-most normal systems will probably want to set it to 0000.
-
-See also the link(bf(directory security mask))(directorysecuritymask),
-link(bf(security mask))(securitymask), link(bf(force security
-mode))(forcesecuritymode) parameters.
-
- bf(Default:)
-tt( force directory security mode = <same as force directory mode>)
-
- bf(Example:)
-tt( force directory security mode = 0)
-
-label(forcegroup)
-dit(bf(force group (S)))
-
-This specifies a UNIX group name that will be assigned as the default
-primary group for all users connecting to this service. This is useful
-for sharing files by ensuring that all access to files on service will
-use the named group for their permissions checking. Thus, by assigning
-permissions for this group to the files and directories within this
-service the Samba administrator can restrict or allow sharing of these
-files.
-
-In Samba 2.0.5 and above this parameter has extended functionality in the following
-way. If the group name listed here has a '+' character prepended to it
-then the current user accessing the share only has the primary group
-default assigned to this group if they are already assigned as a member
-of that group. This allows an administrator to decide that only users
-who are already in a particular group will create files with group
-ownership set to that group. This gives a finer granularity of ownership
-assignment. For example, the setting tt(force group = +sys) means
-that only users who are already in group sys will have their default
-primary group assigned to sys when accessing this Samba share. All
-other users will retain their ordinary primary group.
-
-If the link(bf("force user"))(forceuser) parameter is also set the
-group specified in bf(force group) will override the primary group
-set in link(bf("force user"))(forceuser).
-
-See also link(bf("force user"))(forceuser)
-
- bf(Default:)
-tt( no forced group)
-
- bf(Example:)
-tt( force group = agroup)
-
-label(forcesecuritymode)
-dit(bf(force security mode (S)))
-
-This parameter controls what UNIX permission bits can be modified when
-a Windows NT client is manipulating the UNIX permission on a file
-using the native NT security dialog box.
-
-This parameter is applied as a mask (OR'ed with) to the changed
-permission bits, thus forcing any bits in this mask that the user may
-have modified to be on. Essentially, one bits in this mask may be
-treated as a set of bits that, when modifying security on a file, the
-user has always set to be 'on'.
-
-If not set explicitly this parameter is set to the same value as the
-link(bf(force create mode))(forcecreatemode) parameter. To allow
-a user to modify all the user/group/world permissions on a file,
-with no restrictions set this parameter to 000.
-
-em(Note) that users who can access the Samba server through other
-means can easily bypass this restriction, so it is primarily
-useful for standalone "appliance" systems. Administrators of
-most normal systems will probably want to set it to 0000.
-
-See also the link(bf(force directory security
-mode))(forcedirectorysecuritymode), link(bf(directory security
-mask))(directorysecuritymask), link(bf(security mask))(securitymask)
-parameters.
-
- bf(Default:)
-tt( force security mode = <same as force create mode>)
-
- bf(Example:)
-tt( force security mode = 0)
-
-label(forceuser)
-dit(bf(force user (S)))
-
-This specifies a UNIX user name that will be assigned as the default
-user for all users connecting to this service. This is useful for
-sharing files. You should also use it carefully as using it
-incorrectly can cause security problems.
-
-This user name only gets used once a connection is established. Thus
-clients still need to connect as a valid user and supply a valid
-password. Once connected, all file operations will be performed as the
-tt("forced user"), no matter what username the client connected as.
-
-This can be very useful.
-
-In Samba 2.0.5 and above this parameter also causes the primary
-group of the forced user to be used as the primary group for all
-file activity. Prior to 2.0.5 the primary group was left as the
-primary group of the connecting user (this was a bug).
-
-See also link(bf("force group"))(forcegroup)
-
- bf(Default:)
-tt( no forced user)
-
- bf(Example:)
-tt( force user = auser)
-
-label(fstype)
-dit(bf(fstype (S)))
-
-This parameter allows the administrator to configure the string that
-specifies the type of filesystem a share is using that is reported by
-url(bf(smbd))(smbd.8.html) when a client queries the filesystem type
-for a share. The default type is bf("NTFS") for compatibility with
-Windows NT but this can be changed to other strings such as "Samba" or
-"FAT" if required.
-
- bf(Default:)
-tt( fstype = NTFS)
-
- bf(Example:)
-tt( fstype = Samba)
-
-label(getwdcache)
-dit(bf(getwd cache (G)))
-
-This is a tuning option. When this is enabled a caching algorithm
-will be used to reduce the time taken for getwd() calls. This can have
-a significant impact on performance, especially when the
-link(bf(widelinks))(widelinks) parameter is set to False.
-
- bf(Default:)
-tt( getwd cache = No)
-
- bf(Example:)
-tt( getwd cache = Yes)
-
-label(group)
-dit(bf(group (S)))
-
-Synonym for link(bf("force group"))(forcegroup).
-
-label(guestaccount)
-dit(bf(guest account (S)))
-
-This is a username which will be used for access to services which are
-specified as link(bf('guest ok'))(guestok) (see below). Whatever
-privileges this user has will be available to any client connecting to
-the guest service. Typically this user will exist in the password
-file, but will not have a valid login. The user account bf("ftp") is
-often a good choice for this parameter. If a username is specified in
-a given service, the specified username overrides this one.
-
-One some systems the default guest account "nobody" may not be able to
-print. Use another account in this case. You should test this by
-trying to log in as your guest user (perhaps by using the tt("su -")
-command) and trying to print using the system print command such as
-bf(lpr (1)) or bf(lp (1)).
-
- bf(Default:)
-tt( specified at compile time, usually "nobody")
-
- bf(Example:)
-tt( guest account = ftp)
-
-label(guestok)
-dit(bf(guest ok (S)))
-
-If this parameter is em('yes') for a service, then no password is
-required to connect to the service. Privileges will be those of the
-link(bf(guest account))(guestaccount).
-
-See the section below on link(bf(security))(security) for more
-information about this option.
-
- bf(Default:)
-tt( guest ok = no)
-
- bf(Example:)
-tt( guest ok = yes)
-
-label(guestonly)
-dit(bf(guest only (S)))
-
-If this parameter is em('yes') for a service, then only guest
-connections to the service are permitted. This parameter will have no
-affect if link(bf("guest ok"))(guestok) or link(bf("public"))(public)
-is not set for the service.
-
-See the section below on link(bf(security))(security) for more
-information about this option.
-
- bf(Default:)
-tt( guest only = no)
-
- bf(Example:)
-tt( guest only = yes)
-
-label(hidedotfiles)
-dit(bf(hide dot files (S)))
-
-This is a boolean parameter that controls whether files starting with
-a dot appear as hidden files.
-
- bf(Default:)
-tt( hide dot files = yes)
-
- bf(Example:)
-tt( hide dot files = no)
-
-
-label(hidefiles)
-dit(bf(hide files(S)))
-
-This is a list of files or directories that are not visible but are
-accessible. The DOS 'hidden' attribute is applied to any files or
-directories that match.
-
-Each entry in the list must be separated by a tt('/'), which allows
-spaces to be included in the entry. tt('*') and tt('?') can be used
-to specify multiple files or directories as in DOS wildcards.
-
-Each entry must be a Unix path, not a DOS path and must not include the
-Unix directory separator tt('/').
-
-Note that the case sensitivity option is applicable in hiding files.
-
-Setting this parameter will affect the performance of Samba, as it
-will be forced to check all files and directories for a match as they
-are scanned.
-
-See also link(bf("hide dot files"))(hidedotfiles), link(bf("veto
-files"))(vetofiles) and link(bf("case sensitive"))(casesensitive).
-
- bf(Default)
-verb(
- No files or directories are hidden by this option (dot files are
- hidden by default because of the "hide dot files" option).
-)
-
- bf(Example)
-tt( hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/)
-
-The above example is based on files that the Macintosh SMB client
-(DAVE) available from url(bf(Thursby))(http://www.thursby.com) creates for
-internal use, and also still hides all files beginning with a dot.
-
-label(hidelocalusers)
-dit(bf(hide local users(G)))
-
-This parameter toggles the hiding of local UNIX users (root, wheel, floppy, etc)
-from remote clients.
-
- bf(Default:)
-tt( hide local users = No)
-
- bf(Example:)
-tt( hide local users = Yes)
-
-label(homedirmap)
-dit(bf(homedir map (G)))
-
-If link(bf("nis homedir"))(nishomedir) is true, and
-url(bf(smbd))(smbd.8.html) is also acting as a Win95/98 link(bf(logon
-server))(domainlogons) then this parameter specifies the NIS (or YP)
-map from which the server for the user's home directory should be
-extracted. At present, only the Sun auto.home map format is
-understood. The form of the map is:
-
-tt(username server:/some/file/system)
-
-and the program will extract the servername from before the first
-tt(':'). There should probably be a better parsing system that copes
-with different map formats and also Amd (another automounter) maps.
-
-NB: A working NIS is required on the system for this option to work.
-
-See also link(bf("nis homedir"))(nishomedir), link(bf(domain
-logons))(domainlogons).
-
- bf(Default:)
-tt( homedir map = auto.home)
-
- bf(Example:)
-tt( homedir map = amd.homedir)
-
-label(hostsallow)
-dit(bf(hosts allow (S)))
-
-A synonym for this parameter is link(bf('allow hosts'))(allowhosts)
-
-This parameter is a comma, space, or tab delimited set of hosts which
-are permitted to access a service.
-
-If specified in the link(bf([global]))(global) section then it will
-apply to all services, regardless of whether the individual service
-has a different setting.
-
-You can specify the hosts by name or IP number. For example, you could
-restrict access to only the hosts on a Class C subnet with something
-like tt("allow hosts = 150.203.5."). The full syntax of the list is
-described in the man page bf(hosts_access (5)). Note that this man
-page may not be present on your system, so a brief description will
-be given here also.
-
-Note that the localhost address 127.0.0.1 will always be allowed
-access unless specifically denied by a "hosts deny" option.
-
-You can also specify hosts by network/netmask pairs and by netgroup
-names if your system supports netgroups. The em(EXCEPT) keyword can also
-be used to limit a wildcard list. The following examples may provide
-some help:
-
-bf(Example 1): allow all IPs in 150.203.*.* except one
-
-tt( hosts allow = 150.203. EXCEPT 150.203.6.66)
-
-bf(Example 2): allow hosts that match the given network/netmask
-
-tt( hosts allow = 150.203.15.0/255.255.255.0)
-
-bf(Example 3): allow a couple of hosts
-
-tt( hosts allow = lapland, arvidsjaur)
-
-bf(Example 4): allow only hosts in NIS netgroup "foonet", but
-deny access from one particular host
-
-tt( hosts allow = @foonet)
-
-tt( hosts deny = pirate)
-
-Note that access still requires suitable user-level passwords.
-
-See url(bf(testparm (1)))(testparm.1.html) for a way of testing your
-host access to see if it does what you expect.
-
- bf(Default:)
-tt( none (i.e., all hosts permitted access))
-
- bf(Example:)
-tt( allow hosts = 150.203.5. myhost.mynet.edu.au)
-
-
-label(hostsdeny)
-dit(bf(hosts deny (S)))
-
-The opposite of link(bf('hosts allow'))(hostsallow) - hosts listed
-here are em(NOT) permitted access to services unless the specific
-services have their own lists to override this one. Where the lists
-conflict, the link(bf('allow'))(hostsallow) list takes precedence.
-
- bf(Default:)
-tt( none (i.e., no hosts specifically excluded))
-
- bf(Example:)
-tt( hosts deny = 150.203.4. badhost.mynet.edu.au)
-
-label(hostsequiv)
-dit(bf(hosts equiv (G)))
-
-If this global parameter is a non-null string, it specifies the name
-of a file to read for the names of hosts and users who will be allowed
-access without specifying a password.
-
-This is not be confused with link(bf(hosts allow))(hostsallow) which
-is about hosts access to services and is more useful for guest
-services. bf(hosts equiv) may be useful for NT clients which will not
-supply passwords to samba.
-
-NOTE: The use of bf(hosts equiv) can be a major security hole. This is
-because you are trusting the PC to supply the correct username. It is
-very easy to get a PC to supply a false username. I recommend that the
-bf(hosts equiv) option be only used if you really know what you are
-doing, or perhaps on a home network where you trust your spouse and
-kids. And only if you em(really) trust them :-).
-
- bf(Default)
-tt( No host equivalences)
-
- bf(Example)
-tt( hosts equiv = /etc/hosts.equiv)
-
-label(include)
-dit(bf(include (G)))
-
-This allows you to include one config file inside another. The file
-is included literally, as though typed in place.
-
-It takes the standard substitutions, except link(bf(%u))(percentu),
-link(bf(%P))(percentP) and link(bf(%S))(percentS).
-
-label(inheritpermissions)
-dit(bf(inherit permissions (S)))
-
-The permissions on new files and directories are normally governed by
-link(bf("create mask"))(createmask),
-link(bf("directory mask"))(directorymask),
-link(bf("force create mode"))(forcecreatemode) and
-link(bf("force directory mode"))(forcedirectorymode)
-but the boolean inherit permissions parameter overrides this.
-
-New directories inherit the mode of the parent directory,
-including bits such as setgid.
-
-New files inherit their read/write bits from the parent directory.
-Their execute bits continue to be determined by
-link(bf("map archive"))(maparchive),
-link(bf("map hidden"))(maphidden) and
-link(bf("map system"))(mapsystem) as usual.
-
-Note that the setuid bit is *never* set via inheritance
-(the code explicitly prohibits this).
-
-This can be particularly useful on large systems with many users,
-perhaps several thousand,
-to allow a single bf([homes]) share to be used flexibly by each user.
-
-See also link(bf("create mask"))(createmask), link(bf("directory mask"))(directorymask),
-link(bf("force create mode"))(forcecreatemode) and
-link(bf("force directory mode"))(forcedirectorymode).
-
- bf(Default)
-tt( inherit permissions = no)
-
- bf(Example)
-tt( inherit permissions = yes)
-
-label(interfaces)
-dit(bf(interfaces (G)))
-
-This option allows you to override the default network interfaces list
-that Samba will use for browsing, name registration and other NBT
-traffic. By default Samba will query the kernel for the list of all
-active interfaces and use any interfaces except 127.0.0.1 that are
-broadcast capable.
-
-The option takes a list of interface strings. Each string can be in
-any of the following forms:
-
-startit()
-it() a network interface name (such as eth0). This may include
- shell-like wildcards so eth* will match any interface starting
- with the substring "eth"
-it() an IP address. In this case the netmask is determined
- from the list of interfaces obtained from the kernel
-it() an IP/mask pair.
-it() a broadcast/mask pair.
-endit()
-
-The "mask" parameters can either be a bit length (such as 24 for a C
-class network) or a full netmask in dotted decmal form.
-
-The "IP" parameters above can either be a full dotted decimal IP
-address or a hostname which will be looked up via the OSes normal
-hostname resolution mechanisms.
-
-For example, the following line:
-
-tt(interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0)
-
-would configure three network interfaces corresponding to the eth0
-device and IP addresses 192.168.2.10 and 192.168.3.10. The netmasks of
-the latter two interfaces would be set to 255.255.255.0.
-
-See also link(bf("bind interfaces only"))(bindinterfacesonly).
-
-label(invalidusers)
-dit(bf(invalid users (S)))
-
-This is a list of users that should not be allowed to login to this
-service. This is really a em("paranoid") check to absolutely ensure an
-improper setting does not breach your security.
-
-A name starting with a tt('@') is interpreted as an NIS netgroup first
-(if your system supports NIS), and then as a UNIX group if the name
-was not found in the NIS netgroup database.
-
-A name starting with tt('+') is interpreted only by looking in the
-UNIX group database. A name starting with tt('&') is interpreted only
-by looking in the NIS netgroup database (this requires NIS to be
-working on your system). The characters tt('+') and tt('&') may be
-used at the start of the name in either order so the value
-tt("+&group") means check the UNIX group database, followed by the NIS
-netgroup database, and the value tt("&+group") means check the NIS
-netgroup database, followed by the UNIX group database (the same as
-the tt('@') prefix).
-
-The current servicename is substituted for
-link(bf(%S))(percentS). This is useful in the link(bf([homes]))(homes)
-section.
-
-See also link(bf("valid users"))(validusers).
-
- bf(Default:)
-tt( No invalid users)
-
- bf(Example:)
-tt( invalid users = root fred admin @wheel)
-
-label(keepalive)
-dit(bf(keepalive (G)))
-
-The value of the parameter (an integer) represents the number of
-seconds between bf('keepalive') packets. If this parameter is zero, no
-keepalive packets will be sent. Keepalive packets, if sent, allow the
-server to tell whether a client is still present and responding.
-
-Keepalives should, in general, not be needed if the socket being used
-has the SO_KEEPALIVE attribute set on it (see link(bf("socket
-options"))(socketoptions)). Basically you should only use this option
-if you strike difficulties.
-
- bf(Default:)
-tt( keepalive = 0)
-
- bf(Example:)
-tt( keepalive = 60)
-
-label(kerneloplocks)
-dit(bf(kernel oplocks (G)))
-
-For UNIXs that support kernel based link(bf(oplocks))(oplocks)
-(currently only IRIX but hopefully also Linux and FreeBSD soon) this
-parameter allows the use of them to be turned on or off.
-
-Kernel oplocks support allows Samba link(bf(oplocks))(oplocks) to be
-broken whenever a local UNIX process or NFS operation accesses a file
-that url(bf(smbd))(smbd.8.html) has oplocked. This allows complete
-data consistency between SMB/CIFS, NFS and local file access (and is a
-em(very) cool feature :-).
-
-This parameter defaults to em("On") on systems that have the support,
-and em("off") on systems that don't. You should never need to touch
-this parameter.
-
-See also the link(bf("oplocks"))(oplocks) and link(bf("level2 oplocks"))(level2oplocks)
-parameters.
-
-label(ldapfilter)
-dit(bf(ldap filter (G)))
-
-This parameter is part of the em(EXPERIMENTAL) Samba support for a
-password database stored on an LDAP server back-end. These options
-are only available if your version of Samba was configured with
-the bf(--with-ldap) option.
-
-This parameter specifies an LDAP search filter used to search for a
-user name in the LDAP database. It must contain the string
-link(bf(%u))(percentU) which will be replaced with the user being
-searched for.
-
- bf(Default:)
-tt( empty string.)
-
-label(ldapport)
-dit(bf(ldap port (G)))
-
-This parameter is part of the em(EXPERIMENTAL) Samba support for a
-password database stored on an LDAP server back-end. These options
-are only available if your version of Samba was configured with
-the bf(--with-ldap) option.
-
-This parameter specifies the TCP port number to use to contact
-the LDAP server on.
-
- bf(Default:)
-tt( ldap port = 389.)
-
-label(ldaproot)
-dit(bf(ldap root (G)))
-
-This parameter is part of the em(EXPERIMENTAL) Samba support for a
-password database stored on an LDAP server back-end. These options
-are only available if your version of Samba was configured with
-the bf(--with-ldap) option.
-
-This parameter specifies the entity to bind to the LDAP server
-as (essentially the LDAP username) in order to be able to perform
-queries and modifications on the LDAP database.
-
-See also link(bf(ldap root passwd))(ldaprootpasswd).
-
- bf(Default:)
-tt( empty string (no user defined))
-
-label(ldaprootpasswd)
-dit(bf(ldap root passwd (G)))
-
-This parameter is part of the em(EXPERIMENTAL) Samba support for a
-password database stored on an LDAP server back-end. These options
-are only available if your version of Samba was configured with
-the bf(--with-ldap) option.
-
-This parameter specifies the password for the entity to bind to the
-LDAP server as (the password for this LDAP username) in order to be
-able to perform queries and modifications on the LDAP database.
-
-em(BUGS:) This parameter should em(NOT) be a readable parameter
-in the bf(smb.conf) file and will be removed once a correct
-storage place is found.
-
-See also link(bf(ldap root))(ldaproot).
-
- bf(Default:)
-tt( empty string.)
-
-label(ldapserver)
-dit(bf(ldap server (G)))
-
-This parameter is part of the em(EXPERIMENTAL) Samba support for a
-password database stored on an LDAP server back-end. These options
-are only available if your version of Samba was configured with
-the bf(--with-ldap) option.
-
-This parameter specifies the DNS name of the LDAP server to use
-for SMB/CIFS authentication purposes.
-
- bf(Default:)
-tt( ldap server = localhost)
-
-label(ldapsuffix)
-dit(bf(ldap suffix (G)))
-
-This parameter is part of the em(EXPERIMENTAL) Samba support for a
-password database stored on an LDAP server back-end. These options
-are only available if your version of Samba was configured with
-the bf(--with-ldap) option.
-
-This parameter specifies the tt("dn") or LDAP em("distinguished name")
-that tells url(bf(smbd))(smbd.8.html) to start from when searching
-for an entry in the LDAP password database.
-
- bf(Default:)
-tt( empty string.)
-
-label(level2oplocks)
-dit(bf(level2 oplocks (S)))
-
-This parameter (new in Samba 2.0.5) controls whether Samba supports
-level2 (read-only) oplocks on a share. In Samba 2.0.5 this parameter
-defaults to "False" as the code is new, but will default to "True"
-in a later release.
-
-Level2, or read-only oplocks allow Windows NT clients that have an
-oplock on a file to downgrade from a read-write oplock to a read-only
-oplock once a second client opens the file (instead of releasing all
-oplocks on a second open, as in traditional, exclusive oplocks). This
-allows all openers of the file that support level2 oplocks to cache
-the file for read-ahead only (ie. they may not cache writes or lock
-requests) and increases performance for many acesses of files that
-are not commonly written (such as application .EXE files).
-
-Once one of the clients which have a read-only oplock writes to
-the file all clients are notified (no reply is needed or waited
-for) and told to break their oplocks to "none" and delete any
-read-ahead caches.
-
-It is recommended that this parameter be turned on to speed access
-to shared executables (and also to test the code :-).
-
-For more discussions on level2 oplocks see the CIFS spec.
-
-Currently, if link(bf("kernel oplocks"))(kerneloplocks) are supported
-then level2 oplocks are not granted (even if this parameter is set
-to tt("true")). Note also, the link(bf("oplocks"))(oplocks) parameter must
-be set to "true" on this share in order for this parameter to have any
-effect.
-
-See also the link(bf("oplocks"))(oplocks) and link(bf("kernel oplocks"))(kerneloplocks) parameters.
-
- bf(Default:)
-tt( level2 oplocks = False)
-
- bf(Example:)
-tt( level2 oplocks = True)
-
-label(lmannounce)
-dit(bf(lm announce (G)))
-
-This parameter determines if url(bf(nmbd))(nmbd.8.html) will produce
-Lanman announce broadcasts that are needed by bf(OS/2) clients in order
-for them to see the Samba server in their browse list. This parameter
-can have three values, tt("true"), tt("false"), or tt("auto"). The
-default is tt("auto"). If set to tt("false") Samba will never produce
-these broadcasts. If set to tt("true") Samba will produce Lanman
-announce broadcasts at a frequency set by the parameter link(bf("lm
-interval"))(lminterval). If set to tt("auto") Samba will not send Lanman
-announce broadcasts by default but will listen for them. If it hears
-such a broadcast on the wire it will then start sending them at a
-frequency set by the parameter link(bf("lm interval"))(lminterval).
-
-See also link(bf("lm interval"))(lminterval).
-
- bf(Default:)
-tt( lm announce = auto)
-
- bf(Example:)
-tt( lm announce = true)
-
-label(lminterval)
-dit(bf(lm interval (G)))
-
-If Samba is set to produce Lanman announce broadcasts needed by
-bf(OS/2) clients (see the link(bf("lm announce"))(lmannounce)
-parameter) then this parameter defines the frequency in seconds with
-which they will be made. If this is set to zero then no Lanman
-announcements will be made despite the setting of the link(bf("lm
-announce"))(lmannounce) parameter.
-
-See also link(bf("lm announce"))(lmannounce).
-
- bf(Default:)
-tt( lm interval = 60)
-
- bf(Example:)
-tt( lm interval = 120)
-
-label(loadprinters)
-dit(bf(load printers (G)))
-
-A boolean variable that controls whether all printers in the printcap
-will be loaded for browsing by default. See the
-link(bf("printers"))(printers) section for more details.
-
- bf(Default:)
-tt( load printers = yes)
-
- bf(Example:)
-tt( load printers = no)
-
-label(localmaster)
-dit(bf(local master (G)))
-
-This option allows url(bf(nmbd))(nmbd.8.html) to try and become a
-local master browser on a subnet. If set to False then
-url(bf(nmbd))(nmbd.8.html) will not attempt to become a local master
-browser on a subnet and will also lose in all browsing elections. By
-default this value is set to true. Setting this value to true doesn't
-mean that Samba will em(become) the local master browser on a subnet,
-just that url(bf(nmbd))(nmbd.8.html) will em(participate) in
-elections for local master browser.
-
-Setting this value to False will cause url(bf(nmbd))(nmbd.8.html)
-em(never) to become a local master browser.
-
- bf(Default:)
-tt( local master = yes)
-
-label(lock dir)
-dit(bf(lock dir (G)))
-
-Synonym for link(bf("lock directory"))(lockdirectory).
-
-label(lockdirectory)
-dit(bf(lock directory (G)))
-
-This option specifies the directory where lock files will be placed.
-The lock files are used to implement the link(bf("max
-connections"))(maxconnections) option.
-
- bf(Default:)
-tt( lock directory = /tmp/samba)
-
- bf(Example:)
-tt( lock directory = /usr/local/samba/var/locks)
-
-label(locking)
-dit(bf(locking (S)))
-
-This controls whether or not locking will be performed by the server
-in response to lock requests from the client.
-
-If tt("locking = no"), all lock and unlock requests will appear to
-succeed and all lock queries will indicate that the queried lock is
-clear.
-
-If tt("locking = yes"), real locking will be performed by the server.
-
-This option em(may) be useful for read-only filesystems which em(may)
-not need locking (such as cdrom drives), although setting this
-parameter of tt("no") is not really recommended even in this case.
-
-Be careful about disabling locking either globally or in a specific
-service, as lack of locking may result in data corruption. You should
-never need to set this parameter.
-
- bf(Default:)
-tt( locking = yes)
-
- bf(Example:)
-tt( locking = no)
-
-label(logfile)
-dit(bf(log file (G)))
-
-This options allows you to override the name of the Samba log file
-(also known as the debug file).
-
-This option takes the standard substitutions, allowing you to have
-separate log files for each user or machine.
-
- bf(Example:)
-tt( log file = /usr/local/samba/var/log.%m)
-
-label(loglevel)
-dit(bf(log level (G)))
-
-Synonym for link(bf("debug level"))(debuglevel).
-
-label(logondrive)
-dit(bf(logon drive (G)))
-
-This parameter specifies the local path to which the home directory
-will be connected (see link(bf("logon home"))(logonhome)) and is only
-used by NT Workstations.
-
-Note that this option is only useful if Samba is set up as a
-link(bf(logon server))(domainlogons).
-
- bf(Example:)
-tt( logon drive = h:)
-
-label(logonhome)
-dit(bf(logon home (G)))
-
-This parameter specifies the home directory location when a Win95/98 or
-NT Workstation logs into a Samba PDC. It allows you to do
-
-tt("NET USE H: /HOME")
-
-from a command prompt, for example.
-
-This option takes the standard substitutions, allowing you to have
-separate logon scripts for each user or machine.
-
-This parameter can be used with Win9X workstations to ensure that
-roaming profiles are stored in a subdirectory of the user's home
-directory. This is done in the following way:
-
-tt(" logon home = \\%L\%U\profile")
-
-This tells Samba to return the above string, with substitutions made
-when a client requests the info, generally in a NetUserGetInfo request.
-Win9X clients truncate the info to \\server\share when a user does tt("net use /home"),
-but use the whole string when dealing with profiles.
-
-Note that in prior versions of Samba, the tt("logon path") was returned rather than
-tt("logon home"). This broke tt("net use /home") but allowed profiles outside the
-home directory. The current implementation is correct, and can be used for profiles
-if you use the above trick.
-
-Note that this option is only useful if Samba is set up as a
-link(bf(logon server))(domainlogons).
-
- bf(Example:)
-tt( logon home = "\\remote_smb_server\%U")
-
- bf(Default:)
-tt( logon home = "\\%N\%U")
-
-label(logonpath)
-dit(bf(logon path (G)))
-
-This parameter specifies the home directory where roaming profiles
-(NTuser.dat etc files for Windows NT) are stored. Contrary to previous
-versions of these manual pages, it has nothing to do with Win 9X roaming
-profiles. To find out how to handle roaming profiles for Win 9X system, see
-the tt("logon home") parameter.
-
-This option takes the standard substitutions, allowing you to have
-separate logon scripts for each user or machine. It also specifies
-the directory from which the tt("application data"), (tt("desktop"), tt("start menu"),
-tt("network neighborhood"), tt("programs") and other folders, and their
-contents, are loaded and displayed on your Windows NT client.
-
-The share and the path must be readable by the user for the
-preferences and directories to be loaded onto the Windows NT
-client. The share must be writeable when the logs in for the first
-time, in order that the Windows NT client can create the NTuser.dat
-and other directories.
-
-Thereafter, the directories and any of the contents can, if required, be
-made read-only. It is not advisable that the NTuser.dat file be made
-read-only - rename it to NTuser.man to achieve the desired effect (a
-em(MAN)datory profile).
-
-Windows clients can sometimes maintain a connection to the [homes]
-share, even though there is no user logged in. Therefore, it is vital
-that the logon path does not include a reference to the homes share
-(i.e. setting this parameter to tt(\\%N\HOMES\profile_path) will cause
-problems).
-
-This option takes the standard substitutions, allowing you to have
-separate logon scripts for each user or machine.
-
-Note that this option is only useful if Samba is set up as a
-link(bf(logon server))(domainlogons).
-
- bf(Default:)
-tt( logon path = \\%N\%U\profile)
-
- bf(Example:)
-tt( logon path = \\PROFILESERVER\HOME_DIR\%U\PROFILE)
-
-label(logonscript)
-dit(bf(logon script (G)))
-
-This parameter specifies the batch file (.bat) or NT command file
-(.cmd) to be downloaded and run on a machine when a user successfully
-logs in. The file must contain the DOS style cr/lf line endings.
-Using a DOS-style editor to create the file is recommended.
-
-The script must be a relative path to the tt([netlogon]) service. If
-the tt([netlogon]) service specifies a link(bf(path))(path) of
-/usr/local/samba/netlogon, and logon script = STARTUP.BAT, then the
-file that will be downloaded is:
-
-tt(/usr/local/samba/netlogon/STARTUP.BAT)
-
-The contents of the batch file is entirely your choice. A suggested
-command would be to add tt(NET TIME \\SERVER /SET /YES), to force every
-machine to synchronize clocks with the same time server. Another use
-would be to add tt(NET USE U: \\SERVER\UTILS) for commonly used
-utilities, or tt(NET USE Q: \\SERVER\ISO9001_QA) for example.
-
-Note that it is particularly important not to allow write access to
-the tt([netlogon]) share, or to grant users write permission on the
-batch files in a secure environment, as this would allow the batch
-files to be arbitrarily modified and security to be breached.
-
-This option takes the standard substitutions, allowing you to have
-separate logon scripts for each user or machine.
-
-Note that this option is only useful if Samba is set up as a
-link(bf(logon server))(domainlogons).
-
- bf(Example:)
-tt( logon script = scripts\%U.bat)
-
-label(lppausecommand)
-dit(bf(lppause command (S)))
-
-This parameter specifies the command to be executed on the server host
-in order to stop printing or spooling a specific print job.
-
-This command should be a program or script which takes a printer name
-and job number to pause the print job. One way of implementing this is
-by using job priorities, where jobs having a too low priority won't be
-sent to the printer.
-
-If a tt("%p") is given then the printername is put in its place. A
-tt("%j") is replaced with the job number (an integer). On HPUX (see
-link(bf(printing=hpux))(printing)), if the tt("-p%p") option is added
-to the lpq command, the job will show up with the correct status,
-i.e. if the job priority is lower than the set fence priority it will
-have the PAUSED status, whereas if the priority is equal or higher it
-will have the SPOOLED or PRINTING status.
-
-Note that it is good practice to include the absolute path in the
-lppause command as the PATH may not be available to the server.
-
-See also the link(bf("printing"))(printing) parameter.
-
- bf(Default:)
- Currently no default value is given to this string, unless the
-value of the link(bf("printing"))(printing) parameter is tt(SYSV), in
-which case the default is :
-
-tt( lp -i %p-%j -H hold)
-
-or if the value of the link(bf("printing"))(printing) parameter is tt(softq),
-then the default is:
-
-tt( qstat -s -j%j -h)
-
- bf(Example for HPUX:)
- lppause command = /usr/bin/lpalt %p-%j -p0
-
-label(lpqcachetime)
-dit(bf(lpq cache time (G)))
-
-This controls how long lpq info will be cached for to prevent the
-bf(lpq) command being called too often. A separate cache is kept for
-each variation of the bf(lpq) command used by the system, so if you
-use different bf(lpq) commands for different users then they won't
-share cache information.
-
-The cache files are stored in tt(/tmp/lpq.xxxx) where xxxx is a hash of
-the bf(lpq) command in use.
-
-The default is 10 seconds, meaning that the cached results of a
-previous identical bf(lpq) command will be used if the cached data is
-less than 10 seconds old. A large value may be advisable if your
-bf(lpq) command is very slow.
-
-A value of 0 will disable caching completely.
-
-See also the link(bf("printing"))(printing) parameter.
-
- bf(Default:)
-tt( lpq cache time = 10)
-
- bf(Example:)
-tt( lpq cache time = 30)
-
-label(lpqcommand)
-dit(bf(lpq command (S)))
-
-This parameter specifies the command to be executed on the server host
-in order to obtain tt("lpq")-style printer status information.
-
-This command should be a program or script which takes a printer name
-as its only parameter and outputs printer status information.
-
-Currently eight styles of printer status information are supported;
-BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. This covers most UNIX
-systems. You control which type is expected using the
-link(bf("printing ="))(printing) option.
-
-Some clients (notably Windows for Workgroups) may not correctly send
-the connection number for the printer they are requesting status
-information about. To get around this, the server reports on the first
-printer service connected to by the client. This only happens if the
-connection number sent is invalid.
-
-If a tt(%p) is given then the printername is put in its place. Otherwise
-it is placed at the end of the command.
-
-Note that it is good practice to include the absolute path in the bf(lpq
-command) as the PATH may not be available to the server.
-
-See also the link(bf("printing"))(printing) parameter.
-
- bf(Default:)
-tt( depends on the setting of printing =)
-
- bf(Example:)
-tt( lpq command = /usr/bin/lpq %p)
-
-label(lpresumecommand)
-dit(bf(lpresume command (S)))
-
-This parameter specifies the command to be executed on the server host
-in order to restart or continue printing or spooling a specific print
-job.
-
-This command should be a program or script which takes a printer name
-and job number to resume the print job. See also the link(bf("lppause
-command"))(lppausecommand) parameter.
-
-If a tt(%p) is given then the printername is put in its place. A
-tt(%j) is replaced with the job number (an integer).
-
-Note that it is good practice to include the absolute path in the bf(lpresume
-command) as the PATH may not be available to the server.
-
-See also the link(bf("printing"))(printing) parameter.
-
- bf(Default:)
-
- Currently no default value is given to this string, unless the
-value of the link(bf("printing"))(printing) parameter is tt(SYSV), in
-which case the default is :
-
-tt( lp -i %p-%j -H resume)
-
-or if the value of the link(bf("printing"))(printing) parameter is tt(softq),
-then the default is:
-
-tt( qstat -s -j%j -r)
-
- bf(Example for HPUX:)
-tt( lpresume command = /usr/bin/lpalt %p-%j -p2)
-
-label(lprmcommand)
-dit(bf(lprm command (S)))
-
-This parameter specifies the command to be executed on the server host
-in order to delete a print job.
-
-This command should be a program or script which takes a printer name
-and job number, and deletes the print job.
-
-If a tt(%p) is given then the printername is put in its place. A
-tt(%j) is replaced with the job number (an integer).
-
-Note that it is good practice to include the absolute path in the
-bf(lprm command) as the PATH may not be available to the server.
-
-See also the link(bf("printing"))(printing) parameter.
-
- bf(Default:)
-tt( depends on the setting of "printing =")
-
- bf(Example 1:)
-tt( lprm command = /usr/bin/lprm -P%p %j)
-
- bf(Example 2:)
-tt( lprm command = /usr/bin/cancel %p-%j)
-
-label(machinepasswordtimeout)
-dit(bf(machine password timeout (G)))
-
-If a Samba server is a member of an Windows NT Domain (see the
-link(bf("security=domain"))(securityequaldomain)) parameter) then
-periodically a running url(bf(smbd))(smbd.8.html) process will try and
-change the bf(MACHINE ACCOUNT PASWORD) stored in the file called
-tt(<Domain>.<Machine>.mac) where tt(<Domain>) is the name of the
-Domain we are a member of and tt(<Machine>) is the primary
-link(bf("NetBIOS name"))(netbiosname) of the machine
-url(bf(smbd))(smbd.8.html) is running on. This parameter specifies how
-often this password will be changed, in seconds. The default is one
-week (expressed in seconds), the same as a Windows NT Domain member
-server.
-
-See also url(bf(smbpasswd (8)))(smbpasswd.8.html), and the
-link(bf("security=domain"))(securityequaldomain)) parameter.
-
- bf(Default:)
-tt( machine password timeout = 604800)
-
-label(magicoutput)
-dit(bf(magic output (S)))
-
-This parameter specifies the name of a file which will contain output
-created by a magic script (see the link(bf("magic
-script"))(magicscript) parameter below).
-
-Warning: If two clients use the same link(bf("magic
-script"))(magicscript) in the same directory the output file content
-is undefined.
-
- bf(Default:)
-tt( magic output = <magic script name>.out)
-
- bf(Example:)
-tt( magic output = myfile.txt)
-
-label(magicscript)
-dit(bf(magic script (S)))
-
-This parameter specifies the name of a file which, if opened, will be
-executed by the server when the file is closed. This allows a UNIX
-script to be sent to the Samba host and executed on behalf of the
-connected user.
-
-Scripts executed in this way will be deleted upon completion,
-permissions permitting.
-
-If the script generates output, output will be sent to the file
-specified by the link(bf("magic output"))(magicoutput) parameter (see
-above).
-
-Note that some shells are unable to interpret scripts containing
-carriage-return-linefeed instead of linefeed as the end-of-line
-marker. Magic scripts must be executable em("as is") on the host,
-which for some hosts and some shells will require filtering at the DOS
-end.
-
-Magic scripts are em(EXPERIMENTAL) and should em(NOT) be relied upon.
-
- bf(Default:)
-tt( None. Magic scripts disabled.)
-
- bf(Example:)
-tt( magic script = user.csh)
-
-label(manglecase)
-dit(bf(mangle case (S)))
-
-See the section on link(bf("NAME MANGLING"))(NAMEMANGLING).
-
-label(manglelocks)
-dit(bf(mangle locks (S)))
-
-This option is was introduced with Samba 2.0.4 and above and has been
-removed in Samba 2.0.6 as Samba now dynamically configures such things
-on 32 bit systems.
-
-label(mangledmap)
-dit(bf(mangled map (S)))
-
-This is for those who want to directly map UNIX file names which can
-not be represented on Windows/DOS. The mangling of names is not always
-what is needed. In particular you may have documents with file
-extensions that differ between DOS and UNIX. For example, under UNIX
-it is common to use tt(".html") for HTML files, whereas under
-Windows/DOS tt(".htm") is more commonly used.
-
-So to map tt("html") to tt("htm") you would use:
-
-tt( mangled map = (*.html *.htm))
-
-One very useful case is to remove the annoying tt(";1") off the ends
-of filenames on some CDROMS (only visible under some UNIXs). To do
-this use a map of (*;1 *).
-
- bf(default:)
-tt( no mangled map)
-
- bf(Example:)
-tt( mangled map = (*;1 *))
-
-label(manglednames)
-dit(bf(mangled names (S)))
-
-This controls whether non-DOS names under UNIX should be mapped to
-DOS-compatible names ("mangled") and made visible, or whether non-DOS
-names should simply be ignored.
-
-See the section on link(bf("NAME MANGLING"))(NAMEMANGLING) for details
-on how to control the mangling process.
-
-If mangling is used then the mangling algorithm is as follows:
-
-startit()
-
-it() The first (up to) five alphanumeric characters before the
-rightmost dot of the filename are preserved, forced to upper case, and
-appear as the first (up to) five characters of the mangled name.
-
-it() A tilde tt("~") is appended to the first part of the mangled
-name, followed by a two-character unique sequence, based on the
-original root name (i.e., the original filename minus its final
-extension). The final extension is included in the hash calculation
-only if it contains any upper case characters or is longer than three
-characters.
-
-Note that the character to use may be specified using the
-link(bf("mangling char"))(manglingchar) option, if you don't like
-tt('~').
-
-it() The first three alphanumeric characters of the final extension
-are preserved, forced to upper case and appear as the extension of the
-mangled name. The final extension is defined as that part of the
-original filename after the rightmost dot. If there are no dots in the
-filename, the mangled name will have no extension (except in the case
-of link(bf("hidden files"))(hidefiles) - see below).
-
-it() Files whose UNIX name begins with a dot will be presented as DOS
-hidden files. The mangled name will be created as for other filenames,
-but with the leading dot removed and tt("___") as its extension regardless
-of actual original extension (that's three underscores).
-
-endit()
-
-The two-digit hash value consists of upper case alphanumeric
-characters.
-
-This algorithm can cause name collisions only if files in a directory
-share the same first five alphanumeric characters. The probability of
-such a clash is 1/1300.
-
-The name mangling (if enabled) allows a file to be copied between UNIX
-directories from Windows/DOS while retaining the long UNIX
-filename. UNIX files can be renamed to a new extension from
-Windows/DOS and will retain the same basename. Mangled names do not
-change between sessions.
-
- bf(Default:)
-tt( mangled names = yes)
-
- bf(Example:)
-tt( mangled names = no)
-
-label(manglingchar)
-dit(bf(mangling char (S)))
-
-This controls what character is used as the em("magic") character in
-link(bf(name mangling))(manglednames). The default is a tt('~') but
-this may interfere with some software. Use this option to set it to
-whatever you prefer.
-
- bf(Default:)
-tt( mangling char = ~)
-
- bf(Example:)
-tt( mangling char = ^)
-
-label(mangledstack)
-dit(bf(mangled stack (G)))
-
-This parameter controls the number of mangled names that should be
-cached in the Samba server url(bf(smbd))(smbd.8.html).
-
-This stack is a list of recently mangled base names (extensions are
-only maintained if they are longer than 3 characters or contains upper
-case characters).
-
-The larger this value, the more likely it is that mangled names can be
-successfully converted to correct long UNIX names. However, large
-stack sizes will slow most directory access. Smaller stacks save
-memory in the server (each stack element costs 256 bytes).
-
-It is not possible to absolutely guarantee correct long file names, so
-be prepared for some surprises!
-
- bf(Default:)
-tt( mangled stack = 50)
-
- bf(Example:)
-tt( mangled stack = 100)
-
-label(maparchive)
-dit(bf(map archive (S)))
-
-This controls whether the DOS archive attribute should be mapped to
-the UNIX owner execute bit. The DOS archive bit is set when a file
-has been modified since its last backup. One motivation for this
-option it to keep Samba/your PC from making any file it touches from
-becoming executable under UNIX. This can be quite annoying for shared
-source code, documents, etc...
-
-Note that this requires the link(bf("create mask"))(createmask)
-parameter to be set such that owner execute bit is not masked out
-(i.e. it must include 100). See the parameter link(bf("create
-mask"))(createmask) for details.
-
- bf(Default:)
-tt( map archive = yes)
-
- bf(Example:)
-tt( map archive = no)
-
-label(maphidden)
-dit(bf(map hidden (S)))
-
-This controls whether DOS style hidden files should be mapped to the
-UNIX world execute bit.
-
-Note that this requires the link(bf("create mask"))(createmask) to be
-set such that the world execute bit is not masked out (i.e. it must
-include 001). See the parameter link(bf("create mask"))(createmask)
-for details.
-
- bf(Default:)
-tt( map hidden = no)
-
- bf(Example:)
-tt( map hidden = yes)
-
-label(mapsystem)
-dit(bf(map system (S)))
-
-This controls whether DOS style system files should be mapped to the
-UNIX group execute bit.
-
-Note that this requires the link(bf("create mask"))(createmask) to be
-set such that the group execute bit is not masked out (i.e. it must
-include 010). See the parameter link(bf("create mask"))(createmask)
-for details.
-
- bf(Default:)
-tt( map system = no)
-
- bf(Example:)
-tt( map system = yes)
-
-label(maptoguest)
-dit(bf(map to guest (G)))
-
-This parameter is only useful in link(bf(security))(security) modes
-other than link(bf("security=share"))(securityequalshare) - i.e. user,
-server, and domain.
-
-This parameter can take three different values, which tell
-url(bf(smbd))(smbd.8.html) what to do with user login requests that
-don't match a valid UNIX user in some way.
-
-The three settings are :
-
-startit()
-
-it() bf("Never") - Means user login requests with an invalid password
-are rejected. This is the default.
-
-it() bf("Bad User") - Means user logins with an invalid password are
-rejected, unless the username does not exist, in which case it is
-treated as a guest login and mapped into the link(bf("guest
-account"))(guestaccount).
-
-it() bf("Bad Password") - Means user logins with an invalid
-password are treated as a guest login and mapped into the
-link(bf("guest account"))(guestaccount). Note that this can
-cause problems as it means that any user incorrectly typing their
-password will be silently logged on a bf("guest") - and
-will not know the reason they cannot access files they think
-they should - there will have been no message given to them
-that they got their password wrong. Helpdesk services will
-em(*hate*) you if you set the bf("map to guest") parameter
-this way :-).
-
-endit()
-
-Note that this parameter is needed to set up bf("Guest") share
-services when using link(bf(security))(security) modes other than
-share. This is because in these modes the name of the resource being
-requested is em(*not*) sent to the server until after the server has
-successfully authenticated the client so the server cannot make
-authentication decisions at the correct time (connection to the
-share) for bf("Guest") shares.
-
-For people familiar with the older Samba releases, this parameter
-maps to the old compile-time setting of the GUEST_SESSSETUP value
-in local.h.
-
- bf(Default:)
-tt( map to guest = Never)
- bf(Example):
-tt( map to guest = Bad User)
-
-label(maxconnections)
-dit(bf(max connections (S)))
-
-This option allows the number of simultaneous connections to a service
-to be limited. If bf("max connections") is greater than 0 then
-connections will be refused if this number of connections to the
-service are already open. A value of zero mean an unlimited number of
-connections may be made.
-
-Record lock files are used to implement this feature. The lock files
-will be stored in the directory specified by the link(bf("lock
-directory"))(lockdirectory) option.
-
- bf(Default:)
-tt( max connections = 0)
-
- bf(Example:)
-tt( max connections = 10)
-
-label(maxdisksize)
-dit(bf(max disk size (G)))
-
-This option allows you to put an upper limit on the apparent size of
-disks. If you set this option to 100 then all shares will appear to be
-not larger than 100 MB in size.
-
-Note that this option does not limit the amount of data you can put on
-the disk. In the above case you could still store much more than 100
-MB on the disk, but if a client ever asks for the amount of free disk
-space or the total disk size then the result will be bounded by the
-amount specified in bf("max disk size").
-
-This option is primarily useful to work around bugs in some pieces of
-software that can't handle very large disks, particularly disks over
-1GB in size.
-
-A bf("max disk size") of 0 means no limit.
-
- bf(Default:)
-tt( max disk size = 0)
-
- bf(Example:)
-tt( max disk size = 1000)
-
-label(maxlogsize)
-dit(bf(max log size (G)))
-
-This option (an integer in kilobytes) specifies the max size the log
-file should grow to. Samba periodically checks the size and if it is
-exceeded it will rename the file, adding a tt(".old") extension.
-
-A size of 0 means no limit.
-
- bf(Default:)
-tt( max log size = 5000)
-
- bf(Example:)
-tt( max log size = 1000)
-
-label(maxmux)
-dit(bf(max mux (G)))
-
-This option controls the maximum number of outstanding simultaneous
-SMB operations that samba tells the client it will allow. You should
-never need to set this parameter.
-
- bf(Default:)
-tt( max mux = 50)
-
-label(maxopenfiles)
-dit(bf(max open files (G)))
-
-This parameter limits the maximum number of open files that one
-url(bf(smbd))(smbd.8.html) file serving process may have open for
-a client at any one time. The default for this parameter is set
-very high (10,000) as Samba uses only one bit per unopened file.
-
-The limit of the number of open files is usually set by the
-UNIX per-process file descriptor limit rather than this parameter
-so you should never need to touch this parameter.
-
- bf(Default:)
-tt( max open files = 10000)
-
-label(maxpacket)
-dit(bf(max packet (G)))
-
-Synonym for link(bf("packet size"))(packetsize).
-
-label(maxttl)
-dit(bf(max ttl (G)))
-
-This option tells url(bf(nmbd))(nmbd.8.html) what the default 'time
-to live' of NetBIOS names should be (in seconds) when
-url(bf(nmbd))(nmbd.8.html) is requesting a name using either a
-broadcast packet or from a WINS server. You should never need to
-change this parameter. The default is 3 days.
-
- bf(Default:)
-tt( max ttl = 259200)
-
-label(maxwinsttl)
-dit(bf(max wins ttl (G)))
-
-This option tells url(bf(nmbd))(nmbd.8.html) when acting as a WINS
-server link(bf((wins support =true)))(winssupport) what the maximum
-'time to live' of NetBIOS names that url(bf(nmbd))(nmbd.8.html) will
-grant will be (in seconds). You should never need to change this
-parameter. The default is 6 days (518400 seconds).
-
-See also the link(bf("min wins ttl"))(minwinsttl) parameter.
-
- bf(Default:)
-tt( max wins ttl = 518400)
-
-label(maxxmit)
-dit(bf(max xmit (G)))
-
-This option controls the maximum packet size that will be negotiated
-by Samba. The default is 65535, which is the maximum. In some cases
-you may find you get better performance with a smaller value. A value
-below 2048 is likely to cause problems.
-
- bf(Default:)
-tt( max xmit = 65535)
-
- bf(Example:)
-tt( max xmit = 8192)
-
-label(messagecommand)
-dit(bf(message command (G)))
-
-This specifies what command to run when the server receives a WinPopup
-style message.
-
-This would normally be a command that would deliver the message
-somehow. How this is to be done is up to your imagination.
-
-An example is:
-
-tt( message command = csh -c 'xedit %s;rm %s' &)
-
-This delivers the message using bf(xedit), then removes it
-afterwards. em(NOTE THAT IT IS VERY IMPORTANT THAT THIS COMMAND RETURN
-IMMEDIATELY). That's why I have the tt('&') on the end. If it doesn't
-return immediately then your PCs may freeze when sending messages
-(they should recover after 30secs, hopefully).
-
-All messages are delivered as the global guest user. The command takes
-the standard substitutions, although link(bf(%u))(percentu) won't work
-(link(bf(%U))(percentU) may be better in this case).
-
-Apart from the standard substitutions, some additional ones apply. In
-particular:
-
-startit()
-
-it() tt("%s") = the filename containing the message.
-
-it() tt("%t") = the destination that the message was sent to (probably the server
-name).
-
-it() tt("%f") = who the message is from.
-
-endit()
-
-You could make this command send mail, or whatever else takes your
-fancy. Please let us know of any really interesting ideas you have.
-
-Here's a way of sending the messages as mail to root:
-
-tt(message command = /bin/mail -s 'message from %f on %m' root < %s; rm %s)
-
-If you don't have a message command then the message won't be
-delivered and Samba will tell the sender there was an
-error. Unfortunately WfWg totally ignores the error code and carries
-on regardless, saying that the message was delivered.
-
-If you want to silently delete it then try:
-
-tt("message command = rm %s").
-
- bf(Default:)
-tt( no message command)
-
- bf(Example:)
-tt( message command = csh -c 'xedit %s;rm %s' &)
-
-label(minprintspace)
-dit(bf(min print space (S)))
-
-This sets the minimum amount of free disk space that must be available
-before a user will be able to spool a print job. It is specified in
-kilobytes. The default is 0, which means a user can always spool a print
-job.
-
-See also the link(bf(printing))(printing) parameter.
-
- bf(Default:)
-tt( min print space = 0)
-
- bf(Example:)
-tt( min print space = 2000)
-
-label(minpasswdlength)
-dit(bf(min passwd length (G)))
-
-Synonym for link(bf("min password length"))(minpasswordlength).
-
-label(minpasswordlength)
-dit(bf(min password length (G)))
-
-This option sets the minimum length in characters of a plaintext password
-than smbd will accept when performing UNIX password changing.
-
-See also link(bf("unix password sync"))(unixpasswordsync),
-link(bf("passwd program"))(passwdprogram) and link(bf("passwd chat
-debug"))(passwdchatdebug).
-
- bf(Default:)
-tt( min password length = 5)
-
-
-label(minwinsttl)
-dit(bf(min wins ttl (G)))
-
-This option tells url(bf(nmbd))(nmbd.8.html) when acting as a WINS
-server link(bf((wins support = true)))(winssupport) what the minimum
-'time to live' of NetBIOS names that url(bf(nmbd))(nmbd.8.html) will
-grant will be (in seconds). You should never need to change this
-parameter. The default is 6 hours (21600 seconds).
-
- bf(Default:)
-tt( min wins ttl = 21600)
-
-
-label(nameresolveorder)
-dit(bf(name resolve order (G)))
-
-This option is used by the programs in the Samba suite to determine
-what naming services and in what order to resolve host names to IP
-addresses. The option takes a space separated string of different name
-resolution options.
-
-The options are :"lmhosts", "host", "wins" and "bcast". They cause
-names to be resolved as follows :
-
-startit()
-
-it() bf(lmhosts) : Lookup an IP address in the Samba lmhosts file.
-If the line in lmhosts has no name type attached to the NetBIOS
-name (see the url(bf(lmhosts (5)))(lmhosts.5.html) for details) then
-any name type matches for lookup.
-
-it() bf(host) : Do a standard host name to IP address resolution,
-using the system /etc/hosts, NIS, or DNS lookups. This method of name
-resolution is operating system depended for instance on IRIX or
-Solaris this may be controlled by the em(/etc/nsswitch.conf) file).
-Note that this method is only used if the NetBIOS name type being
-queried is the 0x20 (server) name type, otherwise it is ignored.
-
-it() bf(wins) : Query a name with the IP address listed in the
-link(bf(wins server))(winsserver) parameter. If no WINS server has
-been specified this method will be ignored.
-
-it() bf(bcast) : Do a broadcast on each of the known local interfaces
-listed in the link(bf(interfaces))(interfaces) parameter. This is the
-least reliable of the name resolution methods as it depends on the
-target host being on a locally connected subnet.
-
-endit()
-
- bf(Default:)
-tt( name resolve order = lmhosts host wins bcast)
-
- bf(Example:)
-tt( name resolve order = lmhosts bcast host)
-
-This will cause the local lmhosts file to be examined first, followed
-by a broadcast attempt, followed by a normal system hostname lookup.
-
-label(netbiosaliases)
-dit(bf(netbios aliases (G)))
-
-This is a list of NetBIOS names that url(bf(nmbd))(nmbd.8.html) will
-advertise as additional names by which the Samba server is known. This
-allows one machine to appear in browse lists under multiple names. If
-a machine is acting as a link(bf(browse server))(localmaster) or
-link(bf(logon server))(domainlogons) none of these names will be
-advertised as either browse server or logon servers, only the primary
-name of the machine will be advertised with these capabilities.
-
-See also link(bf("netbios name"))(netbiosname).
-
- bf(Default:)
-tt( empty string (no additional names))
-
- bf(Example:)
-tt( netbios aliases = TEST TEST1 TEST2)
-
-label(netbiosname)
-dit(bf(netbios name (G)))
-
-This sets the NetBIOS name by which a Samba server is known. By
-default it is the same as the first component of the host's DNS name.
-If a machine is a link(bf(browse server))(localmaster) or
-link(bf(logon server))(domainlogons) this name (or the first component
-of the hosts DNS name) will be the name that these services are
-advertised under.
-
-See also link(bf("netbios aliases"))(netbiosaliases).
-
- bf(Default:)
-tt( Machine DNS name.)
-
- bf(Example:)
-tt( netbios name = MYNAME)
-
-label(netbiosscope)
-dit(bf(netbios scope (G)))
-
-This sets the NetBIOS scope that Samba will operate under. This should
-not be set unless every machine on your LAN also sets this value.
-
-label(nishomedir)
-dit(bf(nis homedir (G)))
-
-Get the home share server from a NIS map. For UNIX systems that use an
-automounter, the user's home directory will often be mounted on a
-workstation on demand from a remote server.
-
-When the Samba logon server is not the actual home directory server,
-but is mounting the home directories via NFS then two network hops
-would be required to access the users home directory if the logon
-server told the client to use itself as the SMB server for home
-directories (one over SMB and one over NFS). This can be very
-slow.
-
-This option allows Samba to return the home share as being on a
-different server to the logon server and as long as a Samba daemon is
-running on the home directory server, it will be mounted on the Samba
-client directly from the directory server. When Samba is returning the
-home share to the client, it will consult the NIS map specified in
-link(bf("homedir map"))(homedirmap) and return the server listed
-there.
-
-Note that for this option to work there must be a working NIS
-system and the Samba server with this option must also be a
-link(bf(logon server))(domainlogons).
-
- bf(Default:)
-tt( nis homedir = false)
-
- bf(Example:)
-tt( nis homedir = true)
-
-label(ntaclsupport)
-dit(bf(nt acl support (G)))
-
-This boolean parameter controls whether url(bf(smbd))(smbd.8.html)
-will attempt to map UNIX permissions into Windows NT access control lists.
-
- bf(Default:)
-tt( nt acl support = yes)
-
- bf(Example:)
-tt( nt acl support = no)
-
-label(ntpipesupport)
-dit(bf(nt pipe support (G)))
-
-This boolean parameter controls whether url(bf(smbd))(smbd.8.html)
-will allow Windows NT clients to connect to the NT SMB specific
-tt(IPC$) pipes. This is a developer debugging option and can be left
-alone.
-
- bf(Default:)
-tt( nt pipe support = yes)
-
-label(ntsmbsupport)
-dit(bf(nt smb support (G)))
-
-This boolean parameter controls whether url(bf(smbd))(smbd.8.html)
-will negotiate NT specific SMB support with Windows NT
-clients. Although this is a developer debugging option and should be
-left alone, benchmarking has discovered that Windows NT clients give
-faster performance with this option set to tt("no"). This is still
-being investigated. If this option is set to tt("no") then Samba
-offers exactly the same SMB calls that versions prior to Samba2.0
-offered. This information may be of use if any users are having
-problems with NT SMB support.
-
- bf(Default:)
-tt( nt support = yes)
-
-label(nullpasswords)
-dit(bf(null passwords (G)))
-
-Allow or disallow client access to accounts that have null passwords.
-
-See also url(bf(smbpasswd (5)))(smbpasswd.5.html).
-
- bf(Default:)
-tt( null passwords = no)
-
- bf(Example:)
-tt( null passwords = yes)
-
-label(olelockingcompatibility)
-dit(bf(ole locking compatibility (G)))
-
-This parameter allows an administrator to turn off the byte range lock
-manipulation that is done within Samba to give compatibility for OLE
-applications. Windows OLE applications use byte range locking as a
-form of inter-process communication, by locking ranges of bytes around
-the 2^32 region of a file range. This can cause certain UNIX lock
-managers to crash or otherwise cause problems. Setting this parameter
-to tt("no") means you trust your UNIX lock manager to handle such cases
-correctly.
-
- bf(Default:)
-tt( ole locking compatibility = yes)
-
- bf(Example:)
-tt( ole locking compatibility = no)
-
-label(onlyguest)
-dit(bf(only guest (S)))
-
-A synonym for link(bf("guest only"))(guestonly).
-
-label(onlyuser)
-dit(bf(only user (S)))
-
-This is a boolean option that controls whether connections with
-usernames not in the link(bf(user=))(user) list will be allowed. By
-default this option is disabled so a client can supply a username to
-be used by the server.
-
-Note that this also means Samba won't try to deduce usernames from the
-service name. This can be annoying for the link(bf([homes]))(homes)
-section. To get around this you could use "link(bf(user))(user) =
-link(bf(%S))(percentS)" which means your link(bf("user"))(user) list
-will be just the service name, which for home directories is the name
-of the user.
-
-See also the link(bf(user))(user) parameter.
-
- bf(Default:)
-tt( only user = False)
-
- bf(Example:)
-tt( only user = True)
-
-label(oplocks)
-dit(bf(oplocks (S)))
-
-This boolean option tells smbd whether to issue oplocks (opportunistic
-locks) to file open requests on this share. The oplock code can
-dramatically (approx. 30% or more) improve the speed of access to files
-on Samba servers. It allows the clients to aggressively cache files
-locally and you may want to disable this option for unreliable network
-environments (it is turned on by default in Windows NT Servers). For
-more information see the file Speed.txt in the Samba docs/ directory.
-
-Oplocks may be selectively turned off on certain files on a per share basis.
-See the 'veto oplock files' parameter. On some systems oplocks are recognized
-by the underlying operating system. This allows data synchronization between
-all access to oplocked files, whether it be via Samba or NFS or a local
-UNIX process. See the link(bf(kernel oplocks))(kerneloplocks) parameter
-for details.
-
-See also the link(bf("kernel oplocks"))(kerneloplocks) and
-link(bf("level2 oplocks"))(level2oplocks) parameters.
-
- bf(Default:)
-tt( oplocks = True)
-
- bf(Example:)
-tt( oplocks = False)
-
-label(oplockbreakwaittime)
-dit(bf(oplock break wait time (G)))
-
-This is a tuning parameter added due to bugs in both Windows 9x and WinNT.
-If Samba responds to a client too quickly when that client issues an SMB that
-can cause an oplock break request, then the client redirector can fail and
-not respond to the break request. This tuning parameter (which is set in
-milliseconds) is the amount of time Samba will wait before sending an
-oplock break request to such (broken) clients.
-
-em(DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA
-OPLOCK CODE).
-
- bf(Default:)
-tt( oplock break wait time = 10)
-
-label(oplockcontentionlimit)
-dit(bf(oplock contention limit (S)))
-
-This is a em(very) advanced url(bf(smbd))(smbd.8.html) tuning option to improve
-the efficiency of the granting of oplocks under multiple client contention for the same file.
-
-In brief it specifies a number, which causes smbd not to grant an oplock even
-when requested if the approximate number of clients contending for an oplock on
-the same file goes over this limit. This causes url(bf(smbd))(smbd.8.html) to
-behave in a similar way to Windows NT.
-
-em(DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA
-OPLOCK CODE).
-
- bf(Default:)
-tt( oplock contention limit = 2)
-
-label(oslevel)
-dit(bf(os level (G)))
-
-This integer value controls what level Samba advertises itself as for
-browse elections. The value of this parameter determines whether
-url(bf(nmbd))(nmbd.8.html) has a chance of becoming a local master
-browser for the link(bf(WORKGROUP))(workgroup) in the local broadcast
-area. The default is zero, which means url(bf(nmbd))(nmbd.8.html) will
-lose elections to Windows machines. See BROWSING.txt in the Samba
-docs/ directory for details.
-
- bf(Default:)
-tt( os level = 20)
-
- bf(Example:)
-tt( os level = 65 ; This will win against any NT Server)
-
-label(packetsize)
-dit(bf(packet size (G)))
-
-This is a deprecated parameter that has no effect on the current
-Samba code. It is left in the parameter list to prevent breaking
-old bf(smb.conf) files.
-
-label(panicaction)
-dit(bf(panic action (G)))
-
-This is a Samba developer option that allows a system command to be
-called when either url(bf(smbd))(smbd.8.html) or
-url(bf(nmbd))(nmbd.8.html) crashes. This is usually used to draw
-attention to the fact that a problem occurred.
-
- bf(Default:)
-tt( panic action = <empty string>)
-
-label(passwdchat)
-dit(bf(passwd chat (G)))
-
-This string controls the em("chat") conversation that takes places
-between url(bf(smbd))(smbd.8.html) and the local password changing
-program to change the users password. The string describes a sequence
-of response-receive pairs that url(bf(smbd))(smbd.8.html) uses to
-determine what to send to the link(bf(passwd))(passwdprogram) program
-and what to expect back. If the expected output is not received then
-the password is not changed.
-
-This chat sequence is often quite site specific, depending on what
-local methods are used for password control (such as NIS etc).
-
-The string can contain the macros tt("%o") and tt("%n") which are
-substituted for the old and new passwords respectively. It can also
-contain the standard macros tt("\n"), tt("\r"), tt("\t") and tt("\s")
-to give line-feed, carriage-return, tab and space.
-
-The string can also contain a tt('*') which matches any sequence of
-characters.
-
-Double quotes can be used to collect strings with spaces in them into
-a single string.
-
-If the send string in any part of the chat sequence is a fullstop
-tt(".") then no string is sent. Similarly, is the expect string is a
-fullstop then no string is expected.
-
-Note that if the link(bf("unix password sync"))(unixpasswordsync)
-parameter is set to true, then this sequence is called em(*AS ROOT*)
-when the SMB password in the smbpasswd file is being changed, without
-access to the old password cleartext. In this case the old password
-cleartext is set to tt("") (the empty string).
-
-See also link(bf("unix password sync"))(unixpasswordsync),
-link(bf("passwd program"))(passwdprogram) and link(bf("passwd chat
-debug"))(passwdchatdebug).
-
- bf(Example:)
-verb( passwd chat = "*Enter OLD password*" %o\n "*Enter NEW password*" %n\n \
- "*Reenter NEW password*" %n\n "*Password changed*"
-)
-
- bf(Default:)
-verb( passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed*)
-
-label(passwdchatdebug)
-dit(bf(passwd chat debug (G)))
-
-This boolean specifies if the passwd chat script parameter is run in
-tt("debug") mode. In this mode the strings passed to and received from
-the passwd chat are printed in the url(bf(smbd))(smbd.8.html) log with
-a link(bf("debug level"))(debuglevel) of 100. This is a dangerous
-option as it will allow plaintext passwords to be seen in the
-url(bf(smbd))(smbd.8.html) log. It is available to help Samba admins
-debug their link(bf("passwd chat"))(passwdchat) scripts when calling
-the link(bf("passwd program"))(passwdprogram) and should be turned off
-after this has been done. This parameter is off by default.
-
-See also link(bf("passwd chat"))(passwdchat), link(bf("passwd
-program"))(passwdprogram).
-
- bf(Example:)
-tt( passwd chat debug = True)
-
- bf(Default:)
-tt( passwd chat debug = False)
-
-label(passwdprogram)
-dit(bf(passwd program (G)))
-
-The name of a program that can be used to set UNIX user passwords.
-Any occurrences of link(bf(%u))(percentu) will be replaced with the
-user name. The user name is checked for existence before calling the
-password changing program.
-
-Also note that many passwd programs insist in em("reasonable")
-passwords, such as a minimum length, or the inclusion of mixed case
-chars and digits. This can pose a problem as some clients (such as
-Windows for Workgroups) uppercase the password before sending it.
-
-em(Note) that if the link(bf("unix password sync"))(unixpasswordsync)
-parameter is set to tt("True") then this program is called em(*AS
-ROOT*) before the SMB password in the
-url(bf(smbpasswd))(smbpasswd.5.html) file is changed. If this UNIX
-password change fails, then url(bf(smbd))(smbd.8.html) will fail to
-change the SMB password also (this is by design).
-
-If the link(bf("unix password sync"))(unixpasswordsync) parameter is
-set this parameter em(MUST USE ABSOLUTE PATHS) for em(ALL) programs
-called, and must be examined for security implications. Note that by
-default link(bf("unix password sync"))(unixpasswordsync) is set to
-tt("False").
-
-See also link(bf("unix password sync"))(unixpasswordsync).
-
- bf(Default:)
-tt( passwd program = /bin/passwd)
-
- bf(Example:)
-tt( passwd program = /sbin/passwd %u)
-
-label(passwordlevel)
-dit(bf(password level (G)))
-
-Some client/server combinations have difficulty with mixed-case
-passwords. One offending client is Windows for Workgroups, which for
-some reason forces passwords to upper case when using the LANMAN1
-protocol, but leaves them alone when using COREPLUS!
-
-This parameter defines the maximum number of characters that may be
-upper case in passwords.
-
-For example, say the password given was tt("FRED"). If bf(password
-level) is set to 1, the following combinations would be tried if
-tt("FRED") failed:
-
-tt("Fred"), tt("fred"), tt("fRed"), tt("frEd"), tt("freD")
-
-If bf(password level) was set to 2, the following combinations would
-also be tried:
-
-tt("FRed"), tt("FrEd"), tt("FreD"), tt("fREd"), tt("fReD"),
-tt("frED"), tt(..)
-
-And so on.
-
-The higher value this parameter is set to the more likely it is that a
-mixed case password will be matched against a single case
-password. However, you should be aware that use of this parameter
-reduces security and increases the time taken to process a new
-connection.
-
-A value of zero will cause only two attempts to be made - the password
-as is and the password in all-lower case.
-
- bf(Default:)
-tt( password level = 0)
-
- bf(Example:)
-tt( password level = 4)
-
-label(passwordserver)
-dit(bf(password server (G)))
-
-By specifying the name of another SMB server (such as a WinNT box)
-with this option, and using link(bf("security = domain"))(security) or
-link(bf("security = server"))(security) you can get Samba to do all
-its username/password validation via a remote server.
-
-This options sets the name of the password server to use. It must be a
-NetBIOS name, so if the machine's NetBIOS name is different from its
-internet name then you may have to add its NetBIOS name to the lmhosts
-file which is stored in the same directory as the bf(smb.conf) file.
-
-The name of the password server is looked up using the parameter
-link(bf("name resolve order="))(nameresolveorder) and so may resolved
-by any method and order described in that parameter.
-
-The password server much be a machine capable of using the "LM1.2X002"
-or the "LM NT 0.12" protocol, and it must be in user level security
-mode.
-
-NOTE: Using a password server means your UNIX box (running Samba) is
-only as secure as your password server. em(DO NOT CHOOSE A PASSWORD
-SERVER THAT YOU DON'T COMPLETELY TRUST).
-
-Never point a Samba server at itself for password serving. This will
-cause a loop and could lock up your Samba server!
-
-The name of the password server takes the standard substitutions, but
-probably the only useful one is link(bf(%m))(percentm), which means
-the Samba server will use the incoming client as the password
-server. If you use this then you better trust your clients, and you
-better restrict them with hosts allow!
-
-If the link(bf("security"))(security) parameter is set to
-bf("domain"), then the list of machines in this option must be a list
-of Primary or Backup Domain controllers for the
-link(bf(Domain))(workgroup) or the character tt(*), as the Samba server is cryptographicly
-in that domain, and will use cryptographicly authenticated RPC calls
-to authenticate the user logging on. The advantage of using
-link(bf("security=domain"))(securityequaldomain) is that if you list
-several hosts in the bf("password server") option then
-url(bf(smbd))(smbd.8.html) will try each in turn till it finds one
-that responds. This is useful in case your primary server goes down.
-
-If the bf("password server") option is set to the character tt(*),
-then Samba will attempt to auto-locate the Primary or Backup Domain controllers
-to authenticate against by doing a query for the name tt(WORKGROUP<1C>)
-and then contacting each server returned in the list of IP addresses
-from the link(bf(name resolution))(nameresolveorder) source.
-
-If the link(bf("security"))(security) parameter is set to
-link(bf("server"))(securityequalserver), then there are different
-restrictions that link(bf("security=domain"))(securityequaldomain)
-doesn't suffer from:
-
-startit()
-
-it() You may list several password servers in the bf("password server")
-parameter, however if an url(bf(smbd))(smbd.8.html) makes a connection
-to a password server, and then the password server fails, no more
-users will be able to be authenticated from this
-url(bf(smbd))(smbd.8.html). This is a restriction of the SMB/CIFS
-protocol when in link(bf("security=server"))(securityequalserver) mode
-and cannot be fixed in Samba.
-
-it() If you are using a Windows NT server as your password server then
-you will have to ensure that your users are able to login from the
-Samba server, as when in
-link(bf("security=server"))(securityequalserver) mode the network
-logon will appear to come from there rather than from the users
-workstation.
-
-endit()
-
-See also the link(bf("security"))(security) parameter.
-
- bf(Default:)
-tt( password server = <empty string>)
-
- bf(Example:)
-tt( password server = NT-PDC, NT-BDC1, NT-BDC2)
-
- bf(Example:)
-tt( password server = *)
-
-label(path)
-dit(bf(path (S)))
-
-This parameter specifies a directory to which the user of the service
-is to be given access. In the case of printable services, this is
-where print data will spool prior to being submitted to the host for
-printing.
-
-For a printable service offering guest access, the service should be
-readonly and the path should be world-writeable and have the sticky bit
-set. This is not mandatory of course, but you probably won't get the
-results you expect if you do otherwise.
-
-Any occurrences of link(bf(%u))(percentu) in the path will be replaced
-with the UNIX username that the client is using on this
-connection. Any occurrences of link(bf(%m))(percentm) will be replaced
-by the NetBIOS name of the machine they are connecting from. These
-replacements are very useful for setting up pseudo home directories
-for users.
-
-Note that this path will be based on link(bf("root dir"))(rootdir) if
-one was specified.
-
- bf(Default:)
-tt( none)
-
- bf(Example:)
-tt( path = /home/fred)
-
-label(postexec)
-dit(bf(postexec (S)))
-
-This option specifies a command to be run whenever the service is
-disconnected. It takes the usual substitutions. The command may be run
-as the root on some systems.
-
-An interesting example may be do unmount server resources:
-
-tt(postexec = /etc/umount /cdrom)
-
-See also link(bf(preexec))(preexec).
-
- bf(Default:)
-tt( none (no command executed))
-
- bf(Example:)
-tt( postexec = echo "%u disconnected from %S from %m (%I)" >> /tmp/log)
-
-label(postscript)
-dit(bf(postscript (S)))
-
-This parameter forces a printer to interpret the print files as
-postscript. This is done by adding a tt(%!) to the start of print output.
-
-This is most useful when you have lots of PCs that persist in putting
-a control-D at the start of print jobs, which then confuses your
-printer.
-
- bf(Default:)
-tt( postscript = False)
-
- bf(Example:)
-tt( postscript = True)
-
-label(preexec)
-dit(bf(preexec (S)))
-
-This option specifies a command to be run whenever the service is
-connected to. It takes the usual substitutions.
-
-An interesting example is to send the users a welcome message every
-time they log in. Maybe a message of the day? Here is an example:
-
-verb(
- preexec = csh -c 'echo \"Welcome to %S!\" | \
- /usr/local/samba/bin/smbclient -M %m -I %I' &
-)
-
-Of course, this could get annoying after a while :-)
-
-See also link(bf(preexec close))(preexecclose) and link(bf(postexec))(postexec).
-
- bf(Default:)
-tt( none (no command executed))
-
- bf(Example:)
-tt( preexec = echo \"%u connected to %S from %m (%I)\" >> /tmp/log)
-
-label(preexecclose)
-dit(bf(preexec close (S)))
-
-This boolean option controls whether a non-zero return code from
-link(bf("preexec"))(preexec) should close the service being connected to.
-
- bf(Default:)
-tt( preexec close = no)
-
- bf(Example:)
-tt( preexec close = yes)
-
-label(preferredmaster)
-dit(bf(preferred master (G)))
-
-This boolean parameter controls if url(bf(nmbd))(nmbd.8.html) is a
-preferred master browser for its workgroup.
-
-If this is set to true, on startup, url(bf(nmbd))(nmbd.8.html) will
-force an election, and it will have a slight advantage in winning the
-election. It is recommended that this parameter is used in
-conjunction with link(bf("domain master = yes"))(domainmaster), so
-that url(bf(nmbd))(nmbd.8.html) can guarantee becoming a domain
-master.
-
-Use this option with caution, because if there are several hosts
-(whether Samba servers, Windows 95 or NT) that are preferred master
-browsers on the same subnet, they will each periodically and
-continuously attempt to become the local master browser. This will
-result in unnecessary broadcast traffic and reduced browsing
-capabilities.
-
-See also link(bf(os level))(oslevel).
-
- bf(Default:)
-tt( preferred master = no)
-
- bf(Example:)
-tt( preferred master = yes)
-
-label(preferedmaster)
-dit(bf(prefered master (G)))
-
-Synonym for link(bf("preferred master"))(preferredmaster) for people
-who cannot spell :-).
-
-label(preload)
-dit(bf(preload))
-Synonym for link(bf("auto services"))(autoservices).
-
-label(preservecase)
-dit(bf(preserve case (S)))
-
-This controls if new filenames are created with the case that the
-client passes, or if they are forced to be the tt("default") case.
-
- bf(Default:)
-tt( preserve case = yes)
-
-See the section on link(bf("NAME MANGLING"))(NAMEMANGLING) for a
-fuller discussion.
-
-label(printcommand)
-dit(bf(print command (S)))
-
-After a print job has finished spooling to a service, this command
-will be used via a tt(system()) call to process the spool
-file. Typically the command specified will submit the spool file to
-the host's printing subsystem, but there is no requirement that this
-be the case. The server will not remove the spool file, so whatever
-command you specify should remove the spool file when it has been
-processed, otherwise you will need to manually remove old spool files.
-
-The print command is simply a text string. It will be used verbatim,
-with two exceptions: All occurrences of tt("%s") and tt("%f") will be
-replaced by the appropriate spool file name, and all occurrences of
-tt("%p") will be replaced by the appropriate printer name. The spool
-file name is generated automatically by the server, the printer name
-is discussed below.
-
-The print command em(MUST) contain at least one occurrence of tt("%s")
-or tt("%f") - the tt("%p") is optional. At the time a job is
-submitted, if no printer name is supplied the tt("%p") will be
-silently removed from the printer command.
-
-If specified in the link(bf("[global]"))(global) section, the print
-command given will be used for any printable service that does not
-have its own print command specified.
-
-If there is neither a specified print command for a printable service
-nor a global print command, spool files will be created but not
-processed and (most importantly) not removed.
-
-Note that printing may fail on some UNIXs from the tt("nobody")
-account. If this happens then create an alternative guest account that
-can print and set the link(bf("guest account"))(guestaccount) in the
-link(bf("[global]"))(global) section.
-
-You can form quite complex print commands by realizing that they are
-just passed to a shell. For example the following will log a print
-job, print the file, then remove it. Note that tt(';') is the usual
-separator for command in shell scripts.
-
-tt(print command = echo Printing %s >> /tmp/print.log; lpr -P %p %s; rm %s)
-
-You may have to vary this command considerably depending on how you
-normally print files on your system. The default for the parameter
-varies depending on the setting of the link(bf("printing="))(printing)
-parameter.
-
- bf(Default:)
- For link(bf("printing="))(printing) BSD, AIX, QNX, LPRNG or PLP :
-tt( print command = lpr -r -P%p %s)
-
- For link(bf("printing="))(printing) SYS or HPUX :
-tt( print command = lp -c -d%p %s; rm %s)
-
- For link(bf("printing="))(printing) SOFTQ :
-tt( print command = lp -d%p -s %s; rm %s)
-
- bf(Example:)
-tt( print command = /usr/local/samba/bin/myprintscript %p %s)
-
-label(printok)
-dit(bf(print ok (S)))
-
-Synonym for link(bf(printable))(printable).
-
-label(printable)
-dit(bf(printable (S)))
-
-If this parameter is tt("yes"), then clients may open, write to and
-submit spool files on the directory specified for the service.
-
-Note that a printable service will ALWAYS allow writing to the service
-path (user privileges permitting) via the spooling of print data. The
-link(bf("writeable"))(writeable) parameter controls only non-printing
-access to the resource.
-
- bf(Default:)
-tt( printable = no)
-
- bf(Example:)
-tt( printable = yes)
-
-label(printcap)
-dit(bf(printcap (G)))
-
-Synonym for link(bf(printcapname))(printcapname).
-
-label(printer admin)
-dit(bf(printer admin (S)))
-
-This is a list of users that can do anything to printers via the
-remote administration interfaces offered by MSRPC (usually using a NT
-workstation). Note that the root user always has admin rights.
-
- bf(Default:)
-tt( printer admin = <empty string>)
-
- bf(Example:)
-tt( printer admin = admin, @staff)
-
-label(printcapname)
-dit(bf(printcap name (G)))
-
-This parameter may be used to override the compiled-in default
-printcap name used by the server (usually /etc/printcap). See the
-discussion of the link(bf([printers]))(printers) section above for
-reasons why you might want to do this.
-
-On System V systems that use bf(lpstat) to list available printers you
-can use tt("printcap name = lpstat") to automatically obtain lists of
-available printers. This is the default for systems that define SYSV
-at configure time in Samba (this includes most System V based
-systems). If bf("printcap name") is set to bf(lpstat) on these systems
-then Samba will launch tt("lpstat -v") and attempt to parse the output
-to obtain a printer list.
-
-A minimal printcap file would look something like this:
-
-verb(
- print1|My Printer 1
- print2|My Printer 2
- print3|My Printer 3
- print4|My Printer 4
- print5|My Printer 5
-)
-
-where the tt('|') separates aliases of a printer. The fact that the
-second alias has a space in it gives a hint to Samba that it's a
-comment.
-
-em(NOTE): Under AIX the default printcap name is
-tt("/etc/qconfig"). Samba will assume the file is in AIX tt("qconfig")
-format if the string tt("/qconfig") appears in the printcap filename.
-
- bf(Default:)
-tt( printcap name = /etc/printcap)
-
- bf(Example:)
-tt( printcap name = /etc/myprintcap)
-
-label(printer)
-dit(bf(printer (S)))
-
-This parameter specifies the name of the printer to which print jobs
-spooled through a printable service will be sent.
-
-If specified in the link(bf([global]))(global) section, the printer
-name given will be used for any printable service that does not have
-its own printer name specified.
-
- bf(Default:)
- none (but may be tt("lp") on many systems)
-
- bf(Example:)
- printer name = laserwriter
-
-label(printerdriver)
-dit(bf(printer driver (S)))
-
-This option allows you to control the string that clients receive when
-they ask the server for the printer driver associated with a
-printer. If you are using Windows95 or WindowsNT then you can use this
-to automate the setup of printers on your system.
-
-You need to set this parameter to the exact string (case sensitive)
-that describes the appropriate printer driver for your system. If you
-don't know the exact string to use then you should first try with no
-bf("printer driver") option set and the client will give you a list of
-printer drivers. The appropriate strings are shown in a scrollbox
-after you have chosen the printer manufacturer.
-
-See also link(bf("printer driver file"))(printerdriverfile).
-
- bf(Example:)
- printer driver = HP LaserJet 4L
-
-label(printerdriverfile)
-dit(bf(printer driver file (G)))
-
-This parameter tells Samba where the printer driver definition file,
-used when serving drivers to Windows 95 clients, is to be found. If
-this is not set, the default is :
-
-tt(SAMBA_INSTALL_DIRECTORY/lib/printers.def)
-
-This file is created from Windows 95 tt("msprint.inf") files found on
-the Windows 95 client system. For more details on setting up serving
-of printer drivers to Windows 95 clients, see the documentation file
-in the docs/ directory, PRINTER_DRIVER.txt.
-
- bf(Default:)
-tt( None (set in compile).)
-
- bf(Example:)
-tt( printer driver file = /usr/local/samba/printers/drivers.def)
-
-See also link(bf("printer driver location"))(printerdriverlocation).
-
-label(printerdriverlocation)
-dit(bf(printer driver location (S)))
-
-This parameter tells clients of a particular printer share where to
-find the printer driver files for the automatic installation of
-drivers for Windows 95 machines. If Samba is set up to serve printer
-drivers to Windows 95 machines, this should be set to
-
-tt(\\MACHINE\PRINTER$)
-
-Where MACHINE is the NetBIOS name of your Samba server, and PRINTER$
-is a share you set up for serving printer driver files. For more
-details on setting this up see the documentation file in the docs/
-directory, PRINTER_DRIVER.txt.
-
- bf(Default:)
-tt( None)
-
- bf(Example:)
-tt( printer driver location = \\MACHINE\PRINTER$)
-
-See also link(bf("printer driver file"))(printerdriverfile).
-
-label(printername)
-dit(bf(printer name (S)))
-
-Synonym for link(bf(printer))(printer).
-
-label(printing)
-dit(bf(printing (S)))
-
-This parameters controls how printer status information is interpreted
-on your system. It also affects the default values for the
-link(bf("print command"))(printcommand), link(bf("lpq
-command"))(lpqcommand) link(bf("lppause command"))(lppausecommand),
-link(bf("lpresume command"))(lpresumecommand), and link(bf("lprm
-command"))(lprmcommand) if specified in the link(bf([global]))(global)
-section.
-
-Currently eight printing styles are supported. They are
-bf("printing=BSD"), bf("printing=AIX"),
-bf("printing=LPRNG"), bf("printing=PLP"), bf("printing=SYSV"),
-bf("printing="HPUX"), bf("printing=QNX"), bf("printing=SOFTQ"),
-and bf("printing=CUPS").
-
-To see what the defaults are for the other print commands when using
-the various options use the url(bf("testparm"))(testparm.1.html) program.
-
-This option can be set on a per printer basis
-
-See also the discussion in the link(bf([printers]))(printers) section.
-
-label(privatedir)
-dit(bf(private dir(G)))
-
-The bf(private dir) parameter allows an administator to define a
-directory path used to hold the various databases Samba will use
-to store things like a the machine trust account information
-when acting as a domain member (i.e. where the secrets.tdb file will
-be located), where the passdb.tbd file will stored in the case
-of using the experiemental tdbsam support, etc...
-
- bf(Default:)
-tt( private dir = <compile time location of smbpasswd>)
-
- bf(Example:)
-tt( private dir = /etc/smbprivate)
-
-label(protocol)
-dit(bf(protocol (G)))
-
-The value of the parameter (a string) is the highest protocol level
-that will be supported by the server.
-
-Possible values are :
-
-startit()
-
-it() CORE: Earliest version. No concept of user names.
-
-it() COREPLUS: Slight improvements on CORE for efficiency.
-
-it() LANMAN1: First em("modern") version of the protocol. Long
-filename support.
-
-it() LANMAN2: Updates to Lanman1 protocol.
-
-it() NT1: Current up to date version of the protocol. Used by Windows
-NT. Known as CIFS.
-
-endit()
-
-Normally this option should not be set as the automatic negotiation
-phase in the SMB protocol takes care of choosing the appropriate
-protocol.
-
- bf(Default:)
-tt( protocol = NT1)
-
- bf(Example:)
-tt( protocol = LANMAN1)
-
-label(public)
-dit(bf(public (S)))
-
-Synonym for link(bf("guest ok"))(guestok).
-
-label(queuepausecommand)
-dit(bf(queuepause command (S)))
-
-This parameter specifies the command to be executed on the server host
-in order to pause the printerqueue.
-
-This command should be a program or script which takes a printer name
-as its only parameter and stops the printerqueue, such that no longer
-jobs are submitted to the printer.
-
-This command is not supported by Windows for Workgroups, but can be
-issued from the Printer's window under Windows 95 & NT.
-
-If a tt("%p") is given then the printername is put in its
-place. Otherwise it is placed at the end of the command.
-
-Note that it is good practice to include the absolute path in the
-command as the PATH may not be available to the server.
-
- bf(Default:)
-tt( depends on the setting of "printing =")
-
- bf(Example:)
-tt( queuepause command = disable %p)
-
-label(queueresumecommand)
-dit(bf(queueresume command (S)))
-
-This parameter specifies the command to be executed on the server host
-in order to resume the printerqueue. It is the command to undo the
-behavior that is caused by the previous parameter
-(link(bf("queuepause command))(queuepausecommand)).
-
-This command should be a program or script which takes a printer name
-as its only parameter and resumes the printerqueue, such that queued
-jobs are resubmitted to the printer.
-
-This command is not supported by Windows for Workgroups, but can be
-issued from the Printer's window under Windows 95 & NT.
-
-If a tt("%p") is given then the printername is put in its
-place. Otherwise it is placed at the end of the command.
-
-Note that it is good practice to include the absolute path in the
-command as the PATH may not be available to the server.
-
- bf(Default:)
-tt( depends on the setting of "printing =")
-
- bf(Example:)
-tt( queuepause command = enable %p)
-
-label(read bmpx)
-dit(bf(read bmpx (G)))
-
-This boolean parameter controls whether url(bf(smbd))(smbd.8.html)
-will support the "Read Block Multiplex" SMB. This is now rarely used
-and defaults to off. You should never need to set this parameter.
-
- bf(Default:)
- read bmpx = No
-
-label(readlist)
-dit(bf(read list (S)))
-
-This is a list of users that are given read-only access to a
-service. If the connecting user is in this list then they will not be
-given write access, no matter what the link(bf("writeable"))(writeable)
-option is set to. The list can include group names using the syntax
-described in the link(bf("invalid users"))(invalidusers) parameter.
-
-See also the link(bf("write list"))(writelist) parameter and
-the link(bf("invalid users"))(invalidusers) parameter.
-
- bf(Default:)
-tt( read list = <empty string>)
-
- bf(Example:)
-tt( read list = mary, @students)
-
-label(readonly)
-dit(bf(read only (S)))
-
-Note that this is an inverted synonym for
-link(bf("writeable"))(writeable).
-
-label(readprediction)
-dit(bf(read prediction (G)))
-
-em(NOTE): This code is currently disabled in Samba2.0 and
-may be removed at a later date. Hence this parameter has
-no effect.
-
-This options enables or disables the read prediction code used to
-speed up reads from the server. When enabled the server will try to
-pre-read data from the last accessed file that was opened read-only
-while waiting for packets.
-
- bf(Default:)
-tt( read prediction = False)
-
-label(readraw)
-dit(bf(read raw (G)))
-
-This parameter controls whether or not the server will support the raw
-read SMB requests when transferring data to clients.
-
-If enabled, raw reads allow reads of 65535 bytes in one packet. This
-typically provides a major performance benefit.
-
-However, some clients either negotiate the allowable block size
-incorrectly or are incapable of supporting larger block sizes, and for
-these clients you may need to disable raw reads.
-
-In general this parameter should be viewed as a system tuning tool and left
-severely alone. See also link(bf("write raw"))(writeraw).
-
- bf(Default:)
-tt( read raw = yes)
-
-label(readsize)
-dit(bf(read size (G)))
-
-The option bf("read size") affects the overlap of disk reads/writes
-with network reads/writes. If the amount of data being transferred in
-several of the SMB commands (currently SMBwrite, SMBwriteX and
-SMBreadbraw) is larger than this value then the server begins writing
-the data before it has received the whole packet from the network, or
-in the case of SMBreadbraw, it begins writing to the network before
-all the data has been read from disk.
-
-This overlapping works best when the speeds of disk and network access
-are similar, having very little effect when the speed of one is much
-greater than the other.
-
-The default value is 16384, but very little experimentation has been
-done yet to determine the optimal value, and it is likely that the
-best value will vary greatly between systems anyway. A value over
-65536 is pointless and will cause you to allocate memory
-unnecessarily.
-
- bf(Default:)
-tt( read size = 16384)
-
- bf(Example:)
-tt( read size = 8192)
-
-label(remoteannounce)
-dit(bf(remote announce (G)))
-
-This option allows you to setup url(bf(nmbd))(nmbd.8.html) to
-periodically announce itself to arbitrary IP addresses with an
-arbitrary workgroup name.
-
-This is useful if you want your Samba server to appear in a remote
-workgroup for which the normal browse propagation rules don't
-work. The remote workgroup can be anywhere that you can send IP
-packets to.
-
-For example:
-
-tt( remote announce = 192.168.2.255/SERVERS 192.168.4.255/STAFF)
-
-the above line would cause nmbd to announce itself to the two given IP
-addresses using the given workgroup names. If you leave out the
-workgroup name then the one given in the
-link(bf("workgroup"))(workgroup) parameter is used instead.
-
-The IP addresses you choose would normally be the broadcast addresses
-of the remote networks, but can also be the IP addresses of known
-browse masters if your network config is that stable.
-
-See the documentation file BROWSING.txt in the docs/ directory.
-
- bf(Default:)
-tt( remote announce = <empty string>)
-
- bf(Example:)
-tt( remote announce = 192.168.2.255/SERVERS 192.168.4.255/STAFF)
-
-label(remotebrowsesync)
-dit(bf(remote browse sync (G)))
-
-This option allows you to setup url(bf(nmbd))(nmbd.8.html) to
-periodically request synchronization of browse lists with the master
-browser of a samba server that is on a remote segment. This option
-will allow you to gain browse lists for multiple workgroups across
-routed networks. This is done in a manner that does not work with any
-non-samba servers.
-
-This is useful if you want your Samba server and all local clients to
-appear in a remote workgroup for which the normal browse propagation
-rules don't work. The remote workgroup can be anywhere that you can
-send IP packets to.
-
-For example:
-
-tt( remote browse sync = 192.168.2.255 192.168.4.255)
-
-the above line would cause url(bf(nmbd))(nmbd.8.html) to request the
-master browser on the specified subnets or addresses to synchronize
-their browse lists with the local server.
-
-The IP addresses you choose would normally be the broadcast addresses
-of the remote networks, but can also be the IP addresses of known
-browse masters if your network config is that stable. If a machine IP
-address is given Samba makes NO attempt to validate that the remote
-machine is available, is listening, nor that it is in fact the browse
-master on it's segment.
-
- bf(Default:)
-tt( remote browse sync = <empty string>)
-
- bf(Example:)
-tt( remote browse sync = 192.168.2.255 192.168.4.255)
-
-
-label(restrict anonymous)
-dit(bf(restrict anonymous (G)))
-
-This is a boolean parameter. If it is true, then anonymous access
-to the server will be restricted, namely in the case where the server
-is expecting the client to send a username, but it doesn't. Setting
-it to true will force these anonymous connections to be denied, and
-the client will be required to always supply a username and password
-when connecting. Use of this parameter is only recommened for homogenous
-NT client environments.
-
-This parameter makes the use of macro expansions that rely
-on the username (%U, %G, etc) consistant. NT 4.0 likes to use
-anonymous connections when refreshing the share list, and this
-is a way to work around that.
-
-When restrict anonymous is true, all anonymous connections are denied
-no matter what they are for. This can effect the ability of a machine
-to access the samba Primary Domain Controller to revalidate it's machine
-account after someone else has logged on the client interactively. The
-NT client will display a message saying that the machine's account in
-the domain doesn't exist or the password is bad. The best way to deal
-with this is to reboot NT client machines between interactive logons,
-using "Shutdown and Restart", rather than "Close all programs and logon
-as a different user".
-
- bf(Default:)
-tt( restrict anonymous = false)
-
- bf(Example:)
-tt( restrict anonymous = true)
-
-label(root)
-dit(bf(root (G)))
-
-Synonym for link(bf("root directory"))(rootdirectory).
-
-label(rootdir)
-dit(bf(root dir (G)))
-
-Synonym for link(bf("root directory"))(rootdirectory).
-
-label(rootdirectory)
-dit(bf(root directory (G)))
-
-The server will tt("chroot()") (i.e. Change it's root directory) to
-this directory on startup. This is not strictly necessary for secure
-operation. Even without it the server will deny access to files not in
-one of the service entries. It may also check for, and deny access to,
-soft links to other parts of the filesystem, or attempts to use
-tt("..") in file names to access other directories (depending on the
-setting of the link(bf("wide links"))(widelinks) parameter).
-
-Adding a bf("root directory") entry other than tt("/") adds an extra
-level of security, but at a price. It absolutely ensures that no
-access is given to files not in the sub-tree specified in the bf("root
-directory") option, em(*including*) some files needed for complete
-operation of the server. To maintain full operability of the server
-you will need to mirror some system files into the bf("root
-directory") tree. In particular you will need to mirror /etc/passwd
-(or a subset of it), and any binaries or configuration files needed
-for printing (if required). The set of files that must be mirrored is
-operating system dependent.
-
- bf(Default:)
-tt( root directory = /)
-
-bf(Example:)
-tt( root directory = /homes/smb)
-
-label(rootpostexec)
-dit(bf(root postexec (S)))
-
-This is the same as the link(bf("postexec"))(postexec) parameter
-except that the command is run as root. This is useful for unmounting
-filesystems (such as cdroms) after a connection is closed.
-
-See also link(bf("postexec"))(postexec).
-
-label(rootpreexec)
-dit(bf(root preexec (S)))
-
-This is the same as the link(bf("preexec"))(preexec) parameter except
-that the command is run as root. This is useful for mounting
-filesystems (such as cdroms) before a connection is finalized.
-
-See also link(bf("preexec"))(preexec)
-and link(bf("root preexec close"))(rootpreexecclose).
-
-label(rootpreexecclose)
-dit(bf(root preexec close (S)))
-
-This is the same as the link(bf("preexec close"))(preexecclose) parameter
-except that the command is run as root.
-
-See also link(bf("preexec"))(preexec), link(bf("preexec close"))(preexecclose).
-
-label(security)
-dit(bf(security (G)))
-
-This option affects how clients respond to Samba and is one of the most
-important settings in the bf(smb.conf) file.
-
-The option sets the tt("security mode bit") in replies to protocol
-negotiations with url(bf(smbd))(smbd.8.html) to turn share level
-security on or off. Clients decide based on this bit whether (and how)
-to transfer user and password information to the server.
-
-The default is link("security=user")(securityequaluser), as this is
-the most common setting needed when talking to Windows 98 and Windows
-NT.
-
-The alternatives are link(bf("security = share"))(securityequalshare),
-link(bf("security = server"))(securityequalserver) or
-link(bf("security=domain"))(securityequaldomain).
-
-em(*****NOTE THAT THIS DEFAULT IS DIFFERENT IN SAMBA2.0 THAN FOR
-PREVIOUS VERSIONS OF SAMBA *******).
-
-In previous versions of Samba the default was
-link(bf("security=share"))(securityequalshare) mainly because that was
-the only option at one stage.
-
-There is a bug in WfWg that has relevance to this setting. When in
-user or server level security a WfWg client will totally ignore the
-password you type in the "connect drive" dialog box. This makes it
-very difficult (if not impossible) to connect to a Samba service as
-anyone except the user that you are logged into WfWg as.
-
-If your PCs use usernames that are the same as their usernames on the
-UNIX machine then you will want to use bf("security = user"). If you
-mostly use usernames that don't exist on the UNIX box then use
-bf("security = share").
-
-You should also use link(bf(security=share))(securityequalshare) if
-you want to mainly setup shares without a password (guest
-shares). This is commonly used for a shared printer server. It is more
-difficult to setup guest shares with
-link(bf(security=user))(securityequaluser), see the link(bf("map to
-guest"))(maptoguest)parameter for details.
-
-It is possible to use url(bf(smbd))(smbd.8.html) in a em("hybrid
-mode") where it is offers both user and share level security under
-different link(bf(NetBIOS aliases))(netbiosaliases). See the
-link(bf(NetBIOS aliases))(netbiosaliases) and the
-link(bf(include))(include) parameters for more information.
-
-The different settings will now be explained.
-
-startdit()
-
-label(securityequalshare)
-dit(bf("security=share")) When clients connect to a share level
-security server then need not log onto the server with a valid
-username and password before attempting to connect to a shared
-resource (although modern clients such as Windows 95/98 and Windows NT
-will send a logon request with a username but no password when talking
-to a bf(security=share) server). Instead, the clients send
-authentication information (passwords) on a per-share basis, at the
-time they attempt to connect to that share.
-
-Note that url(bf(smbd))(smbd.8.html) em(*ALWAYS*) uses a valid UNIX
-user to act on behalf of the client, even in bf("security=share")
-level security.
-
-As clients are not required to send a username to the server
-in share level security, url(bf(smbd))(smbd.8.html) uses several
-techniques to determine the correct UNIX user to use on behalf
-of the client.
-
-A list of possible UNIX usernames to match with the given
-client password is constructed using the following methods :
-
-startit()
-
-it() If the link(bf("guest only"))(guestonly) parameter is set, then
-all the other stages are missed and only the link(bf("guest
-account"))(guestaccount) username is checked.
-
-it() Is a username is sent with the share connection request, then
-this username (after mapping - see link(bf("username
-map"))(usernamemap)), is added as a potential username.
-
-it() If the client did a previous em("logon") request (the
-SessionSetup SMB call) then the username sent in this SMB
-will be added as a potential username.
-
-it() The name of the service the client requested is added
-as a potential username.
-
-it() The NetBIOS name of the client is added to the list as a
-potential username.
-
-it() Any users on the link(bf("user"))(user) list are added
-as potential usernames.
-
-endit()
-
-If the link(bf("guest only"))(guestonly) parameter is not set, then
-this list is then tried with the supplied password. The first user for
-whom the password matches will be used as the UNIX user.
-
-If the link(bf("guest only"))(guestonly) parameter is set, or no
-username can be determined then if the share is marked as available to
-the link(bf("guest account"))(guestaccount), then this guest user will
-be used, otherwise access is denied.
-
-Note that it can be em(*very*) confusing in share-level security as to
-which UNIX username will eventually be used in granting access.
-
-See also the section link(bf("NOTE ABOUT USERNAME/PASSWORD
-VALIDATION"))(NOTEABOUTUSERNAMEPASSWORDVALIDATION).
-
-label(securityequaluser)
-dit(bf("security=user"))
-
-This is the default security setting in Samba2.0. With user-level
-security a client must first tt("log-on") with a valid username and
-password (which can be mapped using the link(bf("username
-map"))(usernamemap) parameter). Encrypted passwords (see the
-link(bf("encrypted passwords"))(encryptpasswords) parameter) can also
-be used in this security mode. Parameters such as
-link(bf("user"))(user) and link(bf("guest only"))(guestonly), if set
-are then applied and may change the UNIX user to use on this
-connection, but only after the user has been successfully
-authenticated.
-
-em(Note) that the name of the resource being requested is
-em(*not*) sent to the server until after the server has successfully
-authenticated the client. This is why guest shares don't work in user
-level security without allowing the server to automatically map unknown
-users into the link(bf("guest account"))(guestaccount). See the
-link(bf("map to guest"))(maptoguest) parameter for details on
-doing this.
-
-See also the section link(bf("NOTE ABOUT USERNAME/PASSWORD
-VALIDATION"))(NOTEABOUTUSERNAMEPASSWORDVALIDATION).
-
-label(securityequalserver)
-dit(bf("security=server"))
-
-In this mode Samba will try to validate the username/password by
-passing it to another SMB server, such as an NT box. If this fails it
-will revert to bf("security = user"), but note that if encrypted
-passwords have been negotiated then Samba cannot revert back to
-checking the UNIX password file, it must have a valid smbpasswd file
-to check users against. See the documentation file in the docs/
-directory ENCRYPTION.txt for details on how to set this up.
-
-em(Note) that from the clients point of view bf("security=server") is
-the same as link(bf("security=user"))(securityequaluser). It only
-affects how the server deals with the authentication, it does not in
-any way affect what the client sees.
-
-em(Note) that the name of the resource being requested is
-em(*not*) sent to the server until after the server has successfully
-authenticated the client. This is why guest shares don't work in server
-level security without allowing the server to automatically map unknown
-users into the link(bf("guest account"))(guestaccount). See the
-link(bf("map to guest"))(maptoguest) parameter for details on
-doing this.
-
-See also the section link(bf("NOTE ABOUT USERNAME/PASSWORD
-VALIDATION"))(NOTEABOUTUSERNAMEPASSWORDVALIDATION).
-
-See also the link(bf("password server"))(passwordserver) parameter.
-and the link(bf("encrypted passwords"))(encryptpasswords) parameter.
-
-label(securityequaldomain)
-dit(bf("security=domain"))
-
-This mode will only work correctly if
-url(bf(smbpasswd))(smbpasswd.8.html) has been used to add this machine
-into a Windows NT Domain. It expects the link(bf("encrypted
-passwords"))(encryptpasswords) parameter to be set to tt("true"). In
-this mode Samba will try to validate the username/password by passing
-it to a Windows NT Primary or Backup Domain Controller, in exactly the
-same way that a Windows NT Server would do.
-
-em(Note) that a valid UNIX user must still exist as well as the
-account on the Domain Controller to allow Samba to have a valid
-UNIX account to map file access to.
-
-em(Note) that from the clients point of view bf("security=domain") is
-the same as link(bf("security=user"))(securityequaluser). It only
-affects how the server deals with the authentication, it does not in
-any way affect what the client sees.
-
-em(Note) that the name of the resource being requested is
-em(*not*) sent to the server until after the server has successfully
-authenticated the client. This is why guest shares don't work in domain
-level security without allowing the server to automatically map unknown
-users into the link(bf("guest account"))(guestaccount). See the
-link(bf("map to guest"))(maptoguest) parameter for details on
-doing this.
-
-em(BUG:) There is currently a bug in the implementation of
-bf("security=domain) with respect to multi-byte character
-set usernames. The communication with a Domain Controller
-must be done in UNICODE and Samba currently does not widen
-multi-byte user names to UNICODE correctly, thus a multi-byte
-username will not be recognized correctly at the Domain Controller.
-This issue will be addressed in a future release.
-
-See also the section link(bf("NOTE ABOUT USERNAME/PASSWORD
-VALIDATION"))(NOTEABOUTUSERNAMEPASSWORDVALIDATION).
-
-See also the link(bf("password server"))(passwordserver) parameter.
-and the link(bf("encrypted passwords"))(encryptpasswords) parameter.
-
-enddit()
-
- bf(Default:)
-tt( security = USER)
-
- bf(Example:)
-tt( security = DOMAIN)
-
-label(securitymask)
-dit(bf(security mask (S)))
-
-This parameter controls what UNIX permission bits can be modified
-when a Windows NT client is manipulating the UNIX permission on a
-file using the native NT security dialog box.
-
-This parameter is applied as a mask (AND'ed with) to the changed
-permission bits, thus preventing any bits not in this mask from
-being modified. Essentially, zero bits in this mask may be treated
-as a set of bits the user is not allowed to change.
-
-If not set explicitly this parameter is set to the same value as the
-link(bf(create mask))(createmask) parameter. To allow a user to
-modify all the user/group/world permissions on a file, set this
-parameter to 0777.
-
-em(Note) that users who can access the Samba server through other
-means can easily bypass this restriction, so it is primarily
-useful for standalone "appliance" systems. Administrators of
-most normal systems will probably want to set it to 0777.
-
-See also the link(bf(force directory security
-mode))(forcedirectorysecuritymode), link(bf(directory security
-mask))(directorysecuritymask), link(bf(force security
-mode))(forcesecuritymode) parameters.
-
- bf(Default:)
-tt( security mask = <same as create mask>)
-
- bf(Example:)
-tt( security mask = 0777)
-
-
-label(serverstring)
-dit(bf(server string (G)))
-
-This controls what string will show up in the printer comment box in
-print manager and next to the IPC connection in tt("net view"). It can be
-any string that you wish to show to your users.
-
-It also sets what will appear in browse lists next to the machine
-name.
-
-A tt("%v") will be replaced with the Samba version number.
-
-A tt("%h") will be replaced with the hostname.
-
- bf(Default:)
-tt( server string = Samba %v)
-
- bf(Example:)
-tt( server string = University of GNUs Samba Server)
-
-label(setdirectory)
-dit(bf(set directory (S)))
-
-If tt("set directory = no"), then users of the service may not use the
-setdir command to change directory.
-
-The setdir command is only implemented in the Digital Pathworks
-client. See the Pathworks documentation for details.
-
- bf(Default:)
-tt( set directory = no)
-
- bf(Example:)
-tt( set directory = yes)
-
-label(sharemodes)
-dit(bf(share modes (S)))
-
-This enables or disables the honoring of the tt("share modes") during a
-file open. These modes are used by clients to gain exclusive read or
-write access to a file.
-
-These open modes are not directly supported by UNIX, so they are
-simulated using shared memory, or lock files if your UNIX doesn't
-support shared memory (almost all do).
-
-The share modes that are enabled by this option are DENY_DOS,
-DENY_ALL, DENY_READ, DENY_WRITE, DENY_NONE and DENY_FCB.
-
-This option gives full share compatibility and enabled by default.
-
-You should em(*NEVER*) turn this parameter off as many Windows
-applications will break if you do so.
-
- bf(Default:)
-tt( share modes = yes)
-
-label(sharedmemsize)
-dit(bf(shared mem size (G)))
-
-It specifies the size of the shared memory (in bytes) to use between
-url(bf(smbd))(smbd.8.html) processes. This parameter defaults to one
-megabyte of shared memory. It is possible that if you have a large
-server with many files open simultaneously that you may need to
-increase this parameter. Signs that this parameter is set too low are
-users reporting strange problems trying to save files (locking errors)
-and error messages in the smbd log looking like tt("ERROR
-smb_shm_alloc : alloc of XX bytes failed").
-
-If your OS refuses the size that Samba asks for then Samba will try a
-smaller size, reducing by a factor of 0.8 until the OS accepts it.
-
- bf(Default:)
-tt( shared mem size = 1048576)
-
- bf(Example:)
-tt( shared mem size = 5242880 ; Set to 5mb for a large number of files.)
-
-label(shortpreservecase)
-dit(bf(short preserve case (S)))
-
-This boolean parameter controls if new files which conform to 8.3
-syntax, that is all in upper case and of suitable length, are created
-upper case, or if they are forced to be the tt("default") case. This
-option can be use with link(bf("preserve case
-=yes"))(preservecaseoption) to permit long filenames to retain their
-case, while short names are lowered. Default em(Yes).
-
-See the section on link(bf(NAME MANGLING))(NAMEMANGLING).
-
- bf(Default:)
-tt( short preserve case = yes)
-
-label(smbpasswdfile)
-dit(bf(smb passwd file (G)))
-
-This option sets the path to the encrypted smbpasswd file. By default
-the path to the smbpasswd file is compiled into Samba.
-
- bf(Default:)
-tt( smb passwd file= <compiled default>)
-
- bf(Example:)
-tt( smb passwd file = /usr/samba/private/smbpasswd)
-
-label(smbrun)
-dit(bf(smbrun (G)))
-
-This sets the full path to the bf(smbrun) binary. This defaults to the
-value in the Makefile.
-
-You must get this path right for many services to work correctly.
-
-You should not need to change this parameter so long as Samba
-is installed correctly.
-
- bf(Default:)
-tt( smbrun=<compiled default>)
-
- bf(Example:)
-tt( smbrun = /usr/local/samba/bin/smbrun)
-
-label(socketaddress)
-dit(bf(socket address (G)))
-
-This option allows you to control what address Samba will listen for
-connections on. This is used to support multiple virtual interfaces on
-the one server, each with a different configuration.
-
-By default samba will accept connections on any address.
-
- bf(Example:)
-tt( socket address = 192.168.2.20)
-
-label(socketoptions)
-dit(bf(socket options (G)))
-
-This option allows you to set socket options to be used when talking
-with the client.
-
-Socket options are controls on the networking layer of the operating
-systems which allow the connection to be tuned.
-
-This option will typically be used to tune your Samba server for
-optimal performance for your local network. There is no way that Samba
-can know what the optimal parameters are for your net, so you must
-experiment and choose them yourself. We strongly suggest you read the
-appropriate documentation for your operating system first (perhaps
-bf("man setsockopt") will help).
-
-You may find that on some systems Samba will say "Unknown socket
-option" when you supply an option. This means you either incorrectly
-typed it or you need to add an include file to includes.h for your OS.
-If the latter is the case please send the patch to
-email(samba@samba.org).
-
-Any of the supported socket options may be combined in any way you
-like, as long as your OS allows it.
-
-This is the list of socket options currently settable using this
-option:
-
-startit()
-
-it() SO_KEEPALIVE
-
-it() SO_REUSEADDR
-
-it() SO_BROADCAST
-
-it() TCP_NODELAY
-
-it() IPTOS_LOWDELAY
-
-it() IPTOS_THROUGHPUT
-
-it() SO_SNDBUF *
-
-it() SO_RCVBUF *
-
-it() SO_SNDLOWAT *
-
-it() SO_RCVLOWAT *
-
-endit()
-
-Those marked with a tt(*) take an integer argument. The others can
-optionally take a 1 or 0 argument to enable or disable the option, by
-default they will be enabled if you don't specify 1 or 0.
-
-To specify an argument use the syntax SOME_OPTION=VALUE for example
-tt(SO_SNDBUF=8192). Note that you must not have any spaces before or after
-the = sign.
-
-If you are on a local network then a sensible option might be
-
-tt(socket options = IPTOS_LOWDELAY)
-
-If you have a local network then you could try:
-
-tt(socket options = IPTOS_LOWDELAY TCP_NODELAY)
-
-If you are on a wide area network then perhaps try setting
-IPTOS_THROUGHPUT.
-
-Note that several of the options may cause your Samba server to fail
-completely. Use these options with caution!
-
- bf(Default:)
-tt( socket options = TCP_NODELAY)
-
- bf(Example:)
-tt( socket options = IPTOS_LOWDELAY)
-
-label(sourceenvironment)
-dit(bf(source environment (G)))
-
-This parameter causes Samba to set environment variables as per the
-content of the file named.
-
-If the value of this parameter starts with a "|" character then Samba will
-treat that value as a pipe command to open and will set the environment
-variables from the output of the pipe.
-
-The contents of the file or the output of the pipe should be formatted
-as the output of the standard Unix env(1) command. This is of the form :
-
-Example environment entry:
-tt( SAMBA_NETBIOS_NAME=myhostname )
-
- bf(Default:)
-tt(No default value)
-
- bf(Examples:)
-
-tt( source environment = |/etc/smb.conf.sh)
-
-tt( source environment = /usr/local/smb_env_vars)
-
-label(ssl)
-dit(bf(ssl (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-This variable enables or disables the entire SSL mode. If it is set to
-"no", the SSL enabled samba behaves exactly like the non-SSL samba. If
-set to "yes", it depends on the variables link(bf("ssl
-hosts"))(sslhosts) and link(bf("ssl hosts resign"))(sslhostsresign)
-whether an SSL connection will be required.
-
- bf(Default:)
-tt( ssl=no)
- bf(Example:)
-tt( ssl=yes)
-
-label(sslCAcertDir)
-dit(bf(ssl CA certDir (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-This variable defines where to look up the Certification
-Authorities. The given directory should contain one file for each CA
-that samba will trust. The file name must be the hash value over the
-"Distinguished Name" of the CA. How this directory is set up is
-explained later in this document. All files within the directory that
-don't fit into this naming scheme are ignored. You don't need this
-variable if you don't verify client certificates.
-
- bf(Default:)
-tt( ssl CA certDir = /usr/local/ssl/certs)
-
-label(sslCAcertFile)
-dit(bf(ssl CA certFile (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-This variable is a second way to define the trusted CAs. The
-certificates of the trusted CAs are collected in one big file and this
-variable points to the file. You will probably only use one of the two
-ways to define your CAs. The first choice is preferable if you have
-many CAs or want to be flexible, the second is preferable if you only
-have one CA and want to keep things simple (you won't need to create
-the hashed file names). You don't need this variable if you don't
-verify client certificates.
-
- bf(Default:)
-tt( ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem)
-
-label(sslciphers)
-dit(bf(ssl ciphers (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-This variable defines the ciphers that should be offered during SSL
-negotiation. You should not set this variable unless you know what you
-are doing.
-
-label(sslclientcert)
-dit(bf(ssl client cert (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-The certificate in this file is used by
-url(bf(smbclient))(smbclient.1.html) if it exists. It's needed if the
-server requires a client certificate.
-
- bf(Default:)
-tt( ssl client cert = /usr/local/ssl/certs/smbclient.pem)
-
-label(sslclientkey)
-dit(bf(ssl client key (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-This is the private key for url(bf(smbclient))(smbclient.1.html). It's
-only needed if the client should have a certificate.
-
- bf(Default:)
-tt( ssl client key = /usr/local/ssl/private/smbclient.pem)
-
-label(sslcompatibility)
-dit(bf(ssl compatibility (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-This variable defines whether SSLeay should be configured for bug
-compatibility with other SSL implementations. This is probably not
-desirable because currently no clients with SSL implementations other
-than SSLeay exist.
-
- bf(Default:)
-tt( ssl compatibility = no)
-
-label(sslhosts)
-dit(bf(ssl hosts (G)))
-
-See link(bf("ssl hosts resign"))(sslhostsresign).
-
-label(sslhostsresign)
-dit(bf(ssl hosts resign (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-These two variables define whether samba will go into SSL mode or
-not. If none of them is defined, samba will allow only SSL
-connections. If the link(bf("ssl hosts"))(sslhosts) variable lists
-hosts (by IP-address, IP-address range, net group or name), only these
-hosts will be forced into SSL mode. If the bf("ssl hosts resign")
-variable lists hosts, only these hosts will NOT be forced into SSL
-mode. The syntax for these two variables is the same as for the
-link(bf("hosts allow"))(hostsallow) and link(bf("hosts
-deny"))(hostsdeny) pair of variables, only that the subject of the
-decision is different: It's not the access right but whether SSL is
-used or not. See the link(bf("allow hosts"))(allowhosts) parameter for
-details. The example below requires SSL connections from all hosts
-outside the local net (which is 192.168.*.*).
-
- bf(Default:)
-tt( ssl hosts = <empty string>)
-tt( ssl hosts resign = <empty string>)
-
- bf(Example:)
-tt( ssl hosts resign = 192.168.)
-
-label(sslrequireclientcert)
-dit(bf(ssl require clientcert (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-If this variable is set to tt("yes"), the server will not tolerate
-connections from clients that don't have a valid certificate. The
-directory/file given in link(bf("ssl CA certDir"))(sslCAcertDir) and
-link(bf("ssl CA certFile"))(sslCAcertFile) will be used to look up the
-CAs that issued the client's certificate. If the certificate can't be
-verified positively, the connection will be terminated. If this
-variable is set to tt("no"), clients don't need certificates. Contrary
-to web applications you really em(*should*) require client
-certificates. In the web environment the client's data is sensitive
-(credit card numbers) and the server must prove to be trustworthy. In
-a file server environment the server's data will be sensitive and the
-clients must prove to be trustworthy.
-
- bf(Default:)
-tt( ssl require clientcert = no)
-
-label(sslrequireservercert)
-dit(bf(ssl require servercert (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-If this variable is set to tt("yes"), the
-url(bf(smbclient))(smbclient.1.html) will request a certificate from
-the server. Same as link(bf("ssl require
-clientcert"))(sslrequireclientcert) for the server.
-
- bf(Default:)
-tt( ssl require servercert = no)
-
-label(sslservercert)
-dit(bf(ssl server cert (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-This is the file containing the server's certificate. The server _must_
-have a certificate. The file may also contain the server's private key.
-See later for how certificates and private keys are created.
-
- bf(Default:)
-tt( ssl server cert = <empty string>)
-
-label(sslserverkey)
-dit(bf(ssl server key (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-This file contains the private key of the server. If this variable is
-not defined, the key is looked up in the certificate file (it may be
-appended to the certificate). The server em(*must*) have a private key
-and the certificate em(*must*) match this private key.
-
- bf(Default:)
-tt( ssl server key = <empty string>)
-
-label(sslversion)
-dit(bf(ssl version (G)))
-
-This variable is part of SSL-enabled Samba. This is only available if
-the SSL libraries have been compiled on your system and the configure
-option tt("--with-ssl") was given at configure time.
-
-em(Note) that for export control reasons this code is em(**NOT**)
-enabled by default in any current binary version of Samba.
-
-This enumeration variable defines the versions of the SSL protocol
-that will be used. tt("ssl2or3") allows dynamic negotiation of SSL v2
-or v3, tt("ssl2") results in SSL v2, tt("ssl3") results in SSL v3 and
-"tls1" results in TLS v1. TLS (Transport Layer Security) is the
-(proposed?) new standard for SSL.
-
- bf(Default:)
-tt( ssl version = "ssl2or3")
-
-label(statcache)
-dit(bf(stat cache (G)))
-
-This parameter determines if url(bf(smbd))(smbd.8.html) will use a
-cache in order to speed up case insensitive name mappings. You should
-never need to change this parameter.
-
- bf(Default:)
-tt( stat cache = yes)
-
-label(statcachesize)
-dit(bf(stat cache size (G)))
-
-This parameter determines the number of entries in the link(bf(stat
-cache))(statcache). You should never need to change this parameter.
-
- bf(Default:)
-tt( stat cache size = 50)
-
-label(status)
-dit(bf(status (G)))
-
-This enables or disables logging of connections to a status file that
-url(bf(smbstatus))(smbstatus.1.html) can read.
-
-With this disabled url(bf(smbstatus))(smbstatus.1.html) won't be able
-to tell you what connections are active. You should never need to
-change this parameter.
-
- bf(Default:)
- status = yes
-
-label(strictlocking)
-dit(bf(strict locking (S)))
-
-This is a boolean that controls the handling of file locking in the
-server. When this is set to tt("yes") the server will check every read and
-write access for file locks, and deny access if locks exist. This can
-be slow on some systems.
-
-When strict locking is tt("no") the server does file lock checks only
-when the client explicitly asks for them.
-
-Well behaved clients always ask for lock checks when it is important,
-so in the vast majority of cases bf("strict locking = no") is
-preferable.
-
- bf(Default:)
-tt( strict locking = no)
-
- bf(Example:)
-tt( strict locking = yes)
-
-label(strictsync)
-dit(bf(strict sync (S)))
-
-Many Windows applications (including the Windows 98 explorer shell)
-seem to confuse flushing buffer contents to disk with doing a sync to
-disk. Under UNIX, a sync call forces the process to be suspended until
-the kernel has ensured that all outstanding data in kernel disk
-buffers has been safely stored onto stable storage. This is very slow
-and should only be done rarely. Setting this parameter to "no" (the
-default) means that smbd ignores the Windows applications requests for
-a sync call. There is only a possibility of losing data if the
-operating system itself that Samba is running on crashes, so there is
-little danger in this default setting. In addition, this fixes many
-performance problems that people have reported with the new Windows98
-explorer shell file copies.
-
-See also the link(bf("sync always"))(syncalways) parameter.
-
- bf(Default:)
-tt( strict sync = no)
-
- bf(Example:)
-tt( strict sync = yes)
-
-label(stripdot)
-dit(bf(strip dot (G)))
-
-This is a boolean that controls whether to strip trailing dots off
-UNIX filenames. This helps with some CDROMs that have filenames ending
-in a single dot.
-
- bf(Default:)
-tt( strip dot = no)
-
- bf(Example:)
-tt( strip dot = yes)
-
-label(syncalways)
-dit(bf(sync always (S)))
-
-This is a boolean parameter that controls whether writes will always
-be written to stable storage before the write call returns. If this is
-false then the server will be guided by the client's request in each
-write call (clients can set a bit indicating that a particular write
-should be synchronous). If this is true then every write will be
-followed by a fsync() call to ensure the data is written to disk.
-Note that the link(bf("strict sync"))(strictsync) parameter must be
-set to tt("yes") in order for this parameter to have any affect.
-
-See also the link(bf("strict sync"))(strictsync) parameter.
-
- bf(Default:)
-tt( sync always = no)
-
- bf(Example:)
-tt( sync always = yes)
-
-label(syslog)
-dit(bf(syslog (G)))
-
-This parameter maps how Samba debug messages are logged onto the
-system syslog logging levels. Samba debug level zero maps onto syslog
-LOG_ERR, debug level one maps onto LOG_WARNING, debug level two maps
-onto LOG_NOTICE, debug level three maps onto LOG_INFO. All higher
-levels are mapped to LOG_DEBUG.
-
-This paramter sets the threshold for sending messages to syslog.
-Only messages with debug level less than this value will be sent
-to syslog.
-
- bf(Default:)
-tt( syslog = 1)
-
-label(syslogonly)
-dit(bf(syslog only (G)))
-
-If this parameter is set then Samba debug messages are logged into the
-system syslog only, and not to the debug log files.
-
- bf(Default:)
-tt( syslog only = no)
-
-label(templatehomedir)
-dit(bf(template homedir (G)))
-
-NOTE: this parameter is only available in Samba 3.0.
-
-When filling out the user information for a Windows NT user, the
-url(bf(winbindd))(winbindd.8.html) daemon uses this parameter to fill in
-the home directory for that user. If the string tt(%D) is present it is
-substituted with the user's Windows NT domain name. If the string tt(%U)
-is present it is substituted with the user's Windows NT user name.
-
- bf(Default:)
-tt( template homedir = /home/%D/%U)
-
-label(templateshell)
-dit(bf(template shell (G)))
-
-NOTE: this parameter is only available in Samba 3.0.
-
-When filling out the user information for a Windows NT user, the
-url(bf(winbindd))(winbindd.8.html) daemon uses this parameter to fill in
-the login shell for that user.
-
- bf(Default:)
-tt( template shell = /bin/false)
-
-label(timeoffset)
-dit(bf(time offset (G)))
-
-This parameter is a setting in minutes to add to the normal GMT to
-local time conversion. This is useful if you are serving a lot of PCs
-that have incorrect daylight saving time handling.
-
- bf(Default:)
-tt( time offset = 0)
-
- bf(Example:)
-tt( time offset = 60)
-
-label(timeserver)
-
-dit(bf(time server (G)))
-
-This parameter determines if url(bf(nmbd))(nmbd.8.html) advertises
-itself as a time server to Windows clients. The default is False.
-
- bf(Default:)
-tt( time server = False)
-
- bf(Example:)
-tt( time server = True)
-
-label(timestamplogs)
-dit(bf(timestamp logs (G)))
-
-Synonym for url(bf("debug timestamp"))(debugtimestamp).
-
-label(unixpasswordsync)
-dit(bf(unix password sync (G)))
-
-This boolean parameter controls whether Samba attempts to synchronize
-the UNIX password with the SMB password when the encrypted SMB
-password in the smbpasswd file is changed. If this is set to true the
-program specified in the link(bf("passwd program"))(passwdprogram)
-parameter is called em(*AS ROOT*) - to allow the new UNIX password to be
-set without access to the old UNIX password (as the SMB password has
-change code has no access to the old password cleartext, only the
-new). By default this is set to tt("false").
-
-See also link(bf("passwd program"))(passwdprogram), link(bf("passwd
-chat"))(passwdchat).
-
- bf(Default:)
-tt( unix password sync = False)
-
- bf(Example:)
-tt( unix password sync = True)
-
-label(unixrealname)
-dit(bf(unix realname (G)))
-
-This boolean parameter when set causes samba to supply the real name
-field from the unix password file to the client. This is useful for
-setting up mail clients and WWW browsers on systems used by more than
-one person.
-
- bf(Default:)
-tt( unix realname = no)
-
- bf(Example:)
-tt( unix realname = yes)
-
-label(updateencrypted)
-dit(bf(update encrypted (G)))
-
-This boolean parameter allows a user logging on with a plaintext
-password to have their encrypted (hashed) password in the smbpasswd
-file to be updated automatically as they log on. This option allows a
-site to migrate from plaintext password authentication (users
-authenticate with plaintext password over the wire, and are checked
-against a UNIX account database) to encrypted password authentication
-(the SMB challenge/response authentication mechanism) without forcing
-all users to re-enter their passwords via smbpasswd at the time the
-change is made. This is a convenience option to allow the change over
-to encrypted passwords to be made over a longer period. Once all users
-have encrypted representations of their passwords in the smbpasswd
-file this parameter should be set to tt("off").
-
-In order for this parameter to work correctly the link(bf("encrypt
-passwords"))(encryptpasswords) parameter must be set to tt("no") when
-this parameter is set to tt("yes").
-
-Note that even when this parameter is set a user authenticating to
-smbd must still enter a valid password in order to connect correctly,
-and to update their hashed (smbpasswd) passwords.
-
- bf(Default:)
-tt( update encrypted = no)
-
- bf(Example:)
-tt( update encrypted = yes)
-
-label(userhosts)
-dit(bf(use rhosts (G)))
-
-If this global parameter is a true, it specifies that the UNIX users
-tt(".rhosts") file in their home directory will be read to find the
-names of hosts and users who will be allowed access without specifying
-a password.
-
-NOTE: The use of bf(use rhosts) can be a major security hole. This is
-because you are trusting the PC to supply the correct username. It is
-very easy to get a PC to supply a false username. I recommend that the
-bf(use rhosts) option be only used if you really know what you are
-doing.
-
- bf(Default:)
-tt( use rhosts = no)
-
- bf(Example:)
-tt( use rhosts = yes)
-
-label(user)
-dit(bf(user (S)))
-
-Synonym for link(bf("username"))(username).
-
-label(users)
-dit(bf(users (S)))
-
-Synonym for link(bf("username"))(username).
-
-label(username)
-dit(bf(username (S)))
-
-Multiple users may be specified in a comma-delimited list, in which
-case the supplied password will be tested against each username in
-turn (left to right).
-
-The bf(username=) line is needed only when the PC is unable to supply
-its own username. This is the case for the COREPLUS protocol or where
-your users have different WfWg usernames to UNIX usernames. In both
-these cases you may also be better using the tt(\\server\share%user)
-syntax instead.
-
-The bf(username=) line is not a great solution in many cases as it
-means Samba will try to validate the supplied password against each of
-the usernames in the username= line in turn. This is slow and a bad
-idea for lots of users in case of duplicate passwords. You may get
-timeouts or security breaches using this parameter unwisely.
-
-Samba relies on the underlying UNIX security. This parameter does not
-restrict who can login, it just offers hints to the Samba server as to
-what usernames might correspond to the supplied password. Users can
-login as whoever they please and they will be able to do no more
-damage than if they started a telnet session. The daemon runs as the
-user that they log in as, so they cannot do anything that user cannot
-do.
-
-To restrict a service to a particular set of users you can use the
-link(bf("valid users="))(validusers) parameter.
-
-If any of the usernames begin with a tt('@') then the name will be
-looked up first in the yp netgroups list (if Samba is compiled with
-netgroup support), followed by a lookup in the UNIX groups database
-and will expand to a list of all users in the group of that name.
-
-If any of the usernames begin with a tt('+') then the name will be
-looked up only in the UNIX groups database and will expand to a list
-of all users in the group of that name.
-
-If any of the usernames begin with a tt('&') then the name will be
-looked up only in the yp netgroups database (if Samba is compiled with
-netgroup support) and will expand to a list of all users in the
-netgroup group of that name.
-
-Note that searching though a groups database can take quite some time,
-and some clients may time out during the search.
-
-See the section link(bf("NOTE ABOUT USERNAME/PASSWORD
-VALIDATION"))(NOTEABOUTUSERNAMEPASSWORDVALIDATION) for more
-information on how this parameter determines access to the services.
-
- bf(Default:)
-tt( The guest account if a guest service, else the name of the service.)
-
- bf(Examples:)
-verb(
- username = fred
- username = fred, mary, jack, jane, @users, @pcgroup
-)
-
-label(usernamelevel)
-dit(bf(username level (G)))
-
-This option helps Samba to try and 'guess' at the real UNIX username,
-as many DOS clients send an all-uppercase username. By default Samba
-tries all lowercase, followed by the username with the first letter
-capitalized, and fails if the username is not found on the UNIX
-machine.
-
-If this parameter is set to non-zero the behavior changes. This
-parameter is a number that specifies the number of uppercase
-combinations to try whilst trying to determine the UNIX user name. The
-higher the number the more combinations will be tried, but the slower
-the discovery of usernames will be. Use this parameter when you have
-strange usernames on your UNIX machine, such as tt("AstrangeUser").
-
- bf(Default:)
-tt( username level = 0)
-
- bf(Example:)
-tt( username level = 5)
-
-label(usernamemap)
-dit(bf(username map (G)))
-
-This option allows you to specify a file containing a mapping of
-usernames from the clients to the server. This can be used for several
-purposes. The most common is to map usernames that users use on DOS or
-Windows machines to those that the UNIX box uses. The other is to map
-multiple users to a single username so that they can more easily share
-files.
-
-The map file is parsed line by line. Each line should contain a single
-UNIX username on the left then a tt('=') followed by a list of
-usernames on the right. The list of usernames on the right may contain
-names of the form @group in which case they will match any UNIX
-username in that group. The special client name tt('*') is a wildcard
-and matches any name. Each line of the map file may be up to 1023
-characters long.
-
-The file is processed on each line by taking the supplied username and
-comparing it with each username on the right hand side of the tt('=')
-signs. If the supplied name matches any of the names on the right hand
-side then it is replaced with the name on the left. Processing then
-continues with the next line.
-
-If any line begins with a tt('#') or a tt(';') then it is ignored
-
-If any line begins with an tt('!') then the processing will stop after
-that line if a mapping was done by the line. Otherwise mapping
-continues with every line being processed. Using tt('!') is most
-useful when you have a wildcard mapping line later in the file.
-
-For example to map from the name tt("admin") or tt("administrator") to
-the UNIX name tt("root") you would use:
-
-
-tt( root = admin administrator)
-
-Or to map anyone in the UNIX group tt("system") to the UNIX name
-tt("sys") you would use:
-
-tt( sys = @system)
-
-You can have as many mappings as you like in a username map file.
-
-If your system supports the NIS NETGROUP option then the netgroup
-database is checked before the tt(/etc/group) database for matching
-groups.
-
-You can map Windows usernames that have spaces in them by using double
-quotes around the name. For example:
-
-tt( tridge = "Andrew Tridgell")
-
-would map the windows username tt("Andrew Tridgell") to the unix
-username tridge.
-
-The following example would map mary and fred to the unix user sys,
-and map the rest to guest. Note the use of the tt('!') to tell Samba
-to stop processing if it gets a match on that line.
-
-verb(
- !sys = mary fred
- guest = *
-)
-
-Note that the remapping is applied to all occurrences of
-usernames. Thus if you connect to tt("\\server\fred") and tt("fred")
-is remapped to tt("mary") then you will actually be connecting to
-tt("\\server\mary") and will need to supply a password suitable for
-tt("mary") not tt("fred"). The only exception to this is the username
-passed to the link(bf("password server"))(passwordserver) (if you have
-one). The password server will receive whatever username the client
-supplies without modification.
-
-Also note that no reverse mapping is done. The main effect this has is
-with printing. Users who have been mapped may have trouble deleting
-print jobs as PrintManager under WfWg will think they don't own the
-print job.
-
- bf(Default:)
-tt( no username map)
-
- bf(Example:)
-tt( username map = /usr/local/samba/lib/users.map)
-
-label(utmp)
-dit(bf(utmp (S)))
-
-This boolean parameter is only available if Samba has been configured and compiled
-with the option tt(--with-utmp). If set to True then Samba will attempt
-to add utmp or utmpx records (depending on the UNIX system) whenever a
-connection is made to a Samba server. Sites may use this to record the
-user connecting to a Samba share.
-
-See also the link(bf("utmp directory"))(utmpdirectory) parameter.
-
- bf(Default:)
-tt(utmp = False)
-
- bf(Example:)
-tt(utmp = True)
-
-label(utmpdirectory)
-dit(bf(utmp directory(G)))
-
-This parameter is only available if Samba has been configured and compiled
-with the option tt(--with-utmp). It specifies a directory pathname that is
-used to store the utmp or utmpx files (depending on the UNIX system) that
-record user connections to a Samba server. See also the link(bf("utmp"))(utmp)
-parameter. By default this is not set, meaning the system will use whatever
-utmp file the native system is set to use (usually /var/run/utmp on Linux).
-
- bf(Default:)
-tt(no utmp directory)
-
- bf(Example:)
-tt(utmp directory = /var/adm/)
-
-label(winbindcachetime)
-dit(winbind cache time)
-
-NOTE: this parameter is only available in Samba 3.0.
-
-This parameter specifies the number of seconds the
-url(bf(winbindd))(winbindd.8.html) daemon will cache user and group
-information before querying a Windows NT server again.
-
- bf(Default:)
-tt( winbind cache type = 15)
-
-label(winbindgid)
-dit(winbind gid)
-
-NOTE: this parameter is only available in Samba 3.0.
-
-The winbind gid parameter specifies the range of group ids that are
-allocated by the url(bf(winbindd))(winbindd.8.html) daemon. This range of
-group ids should have no existing local or nis groups within it as strange
-conflicts can occur otherwise.
-
- bf(Default:)
-tt( winbind gid = <empty string>)
-
- bf(Example:)
-tt( winbind gid = 10000-20000)
-
-label(winbinduid)
-dit(winbind uid)
-
-NOTE: this parameter is only available in Samba 3.0.
-
-The winbind uid parameter specifies the range of user ids that are
-allocated by the url(bf(winbindd))(winbindd.8.html) daemon. This range of
-ids should have no existing local or nis users within it as strange
-conflicts can occur otherwise.
-
- bf(Default:)
-tt( winbind uid = <empty string>)
-
- bf(Example:)
-tt( winbind uid = 10000-20000)
-
-label(validchars)
-dit(bf(valid chars (G)))
-
-The option allows you to specify additional characters that should be
-considered valid by the server in filenames. This is particularly
-useful for national character sets, such as adding u-umlaut or a-ring.
-
-The option takes a list of characters in either integer or character
-form with spaces between them. If you give two characters with a colon
-between them then it will be taken as an lowercase:uppercase pair.
-
-If you have an editor capable of entering the characters into the
-config file then it is probably easiest to use this method. Otherwise
-you can specify the characters in octal, decimal or hexadecimal form
-using the usual C notation.
-
-For example to add the single character tt('Z') to the charset (which
-is a pointless thing to do as it's already there) you could do one of
-the following
-
-verb(
- valid chars = Z
- valid chars = z:Z
- valid chars = 0132:0172
-)
-
-The last two examples above actually add two characters, and alter the
-uppercase and lowercase mappings appropriately.
-
-Note that you MUST specify this parameter after the link(bf("client
-code page"))(clientcodepage) parameter if you have both set. If
-link(bf("client code page"))(clientcodepage) is set after the
-bf("valid chars") parameter the bf("valid chars") settings will be
-overwritten.
-
-See also the link(bf("client code page"))(clientcodepage) parameter.
-
- bf(Default:)
-verb(
- Samba defaults to using a reasonable set of valid characters
- for English systems
-)
-
- bf(Example)
-tt( valid chars = 0345:0305 0366:0326 0344:0304)
-
-The above example allows filenames to have the Swedish characters in
-them.
-
-NOTE: It is actually quite difficult to correctly produce a bf("valid
-chars") line for a particular system. To automate the process
-email(tino@augsburg.net) has written a package called bf("validchars")
-which will automatically produce a complete bf("valid chars") line for
-a given client system. Look in the examples/validchars/ subdirectory
-of your Samba source code distribution for this package.
-
-label(validusers)
-dit(bf(valid users (S)))
-
-This is a list of users that should be allowed to login to this
-service. Names starting with tt('@'), tt('+') and tt('&') are
-interpreted using the same rules as described in the link(bf("invalid
-users"))(invalidusers) parameter.
-
-If this is empty (the default) then any user can login. If a username
-is in both this list and the link(bf("invalid users"))(invalidusers)
-list then access is denied for that user.
-
-The current servicename is substituted for
-link(bf("%S"))(percentS). This is useful in the
-link(bf([homes]))(homes) section.
-
-See also link(bf("invalid users"))(invalidusers).
-
- bf(Default:)
-tt( No valid users list. (anyone can login))
-
- bf(Example:)
-tt( valid users = greg, @pcusers)
-
-label(vetofiles)
-dit(bf(veto files(S)))
-
-This is a list of files and directories that are neither visible nor
-accessible. Each entry in the list must be separated by a tt('/'),
-which allows spaces to be included in the entry. tt('*') and tt('?')
-can be used to specify multiple files or directories as in DOS
-wildcards.
-
-Each entry must be a unix path, not a DOS path and must em(*not*) include the
-unix directory separator tt('/').
-
-Note that the link(bf("case sensitive"))(casesensitive) option is
-applicable in vetoing files.
-
-One feature of the veto files parameter that it is important to be
-aware of, is that if a directory contains nothing but files that match
-the veto files parameter (which means that Windows/DOS clients cannot
-ever see them) is deleted, the veto files within that directory *are
-automatically deleted* along with it, if the user has UNIX permissions
-to do so.
-
-Setting this parameter will affect the performance of Samba, as it
-will be forced to check all files and directories for a match as they
-are scanned.
-
-See also link(bf("hide files"))(hidefiles) and link(bf("case
-sensitive"))(casesensitive).
-
- bf(Default:)
-tt( No files or directories are vetoed.)
-
- bf(Examples:)
-
- Example 1.
-
-verb(
-
- Veto any files containing the word Security,
- any ending in .tmp, and any directory containing the
- word root.
-
- veto files = /*Security*/*.tmp/*root*/
-)
-
- Example 2.
-
-verb(
- Veto the Apple specific files that a NetAtalk server
- creates.
-
- veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
-)
-
-label(vetooplockfiles)
-dit(bf(veto oplock files (S)))
-
-This parameter is only valid when the link(bf("oplocks"))(oplocks)
-parameter is turned on for a share. It allows the Samba administrator
-to selectively turn off the granting of oplocks on selected files that
-match a wildcarded list, similar to the wildcarded list used in the
-link(bf("veto files"))(vetofiles) parameter.
-
- bf(Default:)
-tt( No files are vetoed for oplock grants.)
-
- bf(Examples:)
-
-You might want to do this on files that you know will be heavily
-contended for by clients. A good example of this is in the NetBench
-SMB benchmark program, which causes heavy client contention for files
-ending in tt(".SEM"). To cause Samba not to grant oplocks on these
-files you would use the line (either in the link(bf([global]))(global)
-section or in the section for the particular NetBench share :
-
-tt( veto oplock files = /*.SEM/)
-
-label(volume)
-dit(bf(volume (S)))
-
-This allows you to override the volume label returned for a
-share. Useful for CDROMs with installation programs that insist on a
-particular volume label.
-
-The default is the name of the share.
-
-label(widelinks)
-dit(bf(wide links (S)))
-
-This parameter controls whether or not links in the UNIX file system
-may be followed by the server. Links that point to areas within the
-directory tree exported by the server are always allowed; this
-parameter controls access only to areas that are outside the directory
-tree being exported.
-
-Note that setting this parameter can have a negative effect on your
-server performance due to the extra system calls that Samba has to
-do in order to perform the link checks.
-
- bf(Default:)
-tt( wide links = yes)
-
- bf(Example:)
-tt( wide links = no)
-
-label(winsproxy)
-dit(bf(wins proxy (G)))
-
-This is a boolean that controls if url(bf(nmbd))(nmbd.8.html) will
-respond to broadcast name queries on behalf of other hosts. You may
-need to set this to tt("yes") for some older clients.
-
- bf(Default:)
-tt( wins proxy = no)
-
-label(winsserver)
-dit(bf(wins server (G)))
-
-This specifies the IP address (or DNS name: IP address for preference)
-of the WINS server that url(bf(nmbd))(nmbd.8.html) should register with.
-If you have a WINS server on your network then you should set this to
-the WINS server's IP.
-
-You should point this at your WINS server if you have a
-multi-subnetted network.
-
-em(NOTE). You need to set up Samba to point to a WINS server if you
-have multiple subnets and wish cross-subnet browsing to work correctly.
-
-See the documentation file BROWSING.txt in the docs/ directory of your
-Samba source distribution.
-
- bf(Default:)
-tt( wins server = )
-
- bf(Example:)
-tt( wins server = 192.9.200.1)
-
-label(winshook)
-dit(bf(wins hook (G)))
-
-When Samba is running as a WINS server this allows you to call an
-external program for all changes to the WINS database. The primary use
-for this option is to allow the dynamic update of external name
-resolution databases such as dynamic DNS.
-
-The wins hook parameter specifies the name of a script or executable
-that will be called as follows:
-
- wins_hook operation name nametype ttl IP_list
-
-The first argument is the operation and is one of "add", "delete",
-or "refresh". In most cases the operation can be ignored as the rest
-of the parameters provide sufficient information. Note that "refresh"
-may sometimes be called when the name has not previously been added,
-in that case it should be treated as an add.
-
-The second argument is the netbios name. If the name is not a legal
-name then the wins hook is not called. Legal names contain only
-letters, digits, hyphens, underscores and periods.
-
-The third argument is the netbios name type as a 2 digit hexadecimal
-number.
-
-The fourth argument is the TTL (time to live) for the name in seconds.
-
-The fifth and subsequent arguments are the IP addresses currently
-registered for that name. If this list is empty then the name should
-be deleted.
-
-An example script that calls the BIND dynamic DNS update program
-"nsupdate" is provided in the examples directory of the Samba source
-code.
-
-label(winssupport)
-dit(bf(wins support (G)))
-
-This boolean controls if the url(bf(nmbd))(nmbd.8.html) process in
-Samba will act as a WINS server. You should not set this to true
-unless you have a multi-subnetted network and you wish a particular
-url(bf(nmbd))(nmbd.8.html) to be your WINS server. Note that you
-should em(*NEVER*) set this to true on more than one machine in your
-network.
-
- bf(Default:)
-tt( wins support = no)
-
-label(workgroup)
-dit(bf(workgroup (G)))
-
-This controls what workgroup your server will appear to be in when
-queried by clients. Note that this parameter also controls the Domain
-name used with the link(bf("security=domain"))(securityequaldomain)
-setting.
-
- bf(Default:)
-tt( set at compile time to WORKGROUP)
-
- bf(Example:)
- workgroup = MYGROUP
-
-label(writable)
-dit(bf(writable (S)))
-
-Synonym for link(bf("writeable"))(writeable) for people who can't spell :-).
-
-label(writelist)
-dit(bf(write list (S)))
-
-This is a list of users that are given read-write access to a
-service. If the connecting user is in this list then they will be
-given write access, no matter what the link(bf("writeable"))(writeable)
-option is set to. The list can include group names using the @group
-syntax.
-
-Note that if a user is in both the read list and the write list then
-they will be given write access.
-
-See also the link(bf("read list"))(readlist) option.
-
- bf(Default:)
-tt( write list = <empty string>)
-
- bf(Example:)
-tt( write list = admin, root, @staff)
-
-label(writecachesize)
-dit(bf(write cache size (S)))
-
-This integer parameter (new with Samba 2.0.7) if set to non-zero causes Samba to create an in-memory
-cache for each oplocked file (it does bf(not) do this for non-oplocked files). All
-writes that the client does not request to be flushed directly to disk will be
-stored in this cache if possible. The cache is flushed onto disk when a write
-comes in whose offset would not fit into the cache or when the file is closed
-by the client. Reads for the file are also served from this cache if the data
-is stored within it.
-
-This cache allows Samba to batch client writes into a more efficient write
-size for RAID disks (ie. writes may be tuned to be the RAID stripe size) and
-can improve performance on systems where the disk subsystem is a bottleneck
-but there is free memory for userspace programs.
-
-The integer parameter specifies the size of this cache (per oplocked file)
-in bytes.
-
- bf(Default:)
-tt( write cache size = 0)
-
- bf(Example:)
-tt( write cache size = 262144)
-for a 256k cache size per file.
-
-label(writeok)
-dit(bf(write ok (S)))
-
-Synonym for link(bf(writeable))(writeable).
-
-label(writeraw)
-dit(bf(write raw (G)))
-
-This parameter controls whether or not the server will support raw
-writes SMB's when transferring data from clients. You should never
-need to change this parameter.
-
- bf(Default:)
-tt( write raw = yes)
-
-label(writeable)
-dit(bf(writeable))
-
-An inverted synonym is link(bf("read only"))(readonly).
-
-If this parameter is tt("no"), then users of a service may not create
-or modify files in the service's directory.
-
-Note that a printable service link(bf(("printable = yes")))(printable)
-will em(*ALWAYS*) allow writing to the directory (user privileges
-permitting), but only via spooling operations.
-
- bf(Default:)
-tt( writeable = no)
-
- bf(Examples:)
-verb(
- read only = no
- writeable = yes
- write ok = yes
-)
-
-endit()
-
-label(WARNINGS)
-manpagesection(WARNINGS)
-
-Although the configuration file permits service names to contain
-spaces, your client software may not. Spaces will be ignored in
-comparisons anyway, so it shouldn't be a problem - but be aware of the
-possibility.
-
-On a similar note, many clients - especially DOS clients - limit
-service names to eight characters. url(bf(Smbd))(smbd.8.html) has no
-such limitation, but attempts to connect from such clients will fail
-if they truncate the service names. For this reason you should
-probably keep your service names down to eight characters in length.
-
-Use of the link(bf([homes]))(homes) and link(bf([printers]))(printers)
-special sections make life for an administrator easy, but the various
-combinations of default attributes can be tricky. Take extreme care
-when designing these sections. In particular, ensure that the
-permissions on spool directories are correct.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpagesection(SEE ALSO)
-
-url(bf(smbd (8)))(smbd.8.html), url(bf(smbclient (1)))(smbclient.1.html),
-url(bf(nmbd (8)))(nmbd.8.html), url(bf(testparm (1)))(testparm.1.html),
-url(bf(testprns (1)))(testprns.1.html), url(bf(Samba))(samba.7.html),
-url(bf(nmblookup (1)))(nmblookup.1.html), url(bf(smbpasswd (5)))(smbpasswd.5.html),
-url(bf(smbpasswd (8)))(smbpasswd.8.html).
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/smbcacls.1.yo b/docs/yodldocs/smbcacls.1.yo
deleted file mode 100644
index e8be5a4d28..0000000000
--- a/docs/yodldocs/smbcacls.1.yo
+++ /dev/null
@@ -1,208 +0,0 @@
-manpage(smbcacls htmlcommand((1)))(1)(22 Dec 2000)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(smbcacls)(Set or get ACLs on an NT file or directory )
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(smbcacls) //server/share filename [link(-U username)(minusU)]
-[link(-A acls)(minusA)] [link(-M acls)(minusM)]
-[link(-D acls)(minusD)] [link(-S acls)(minusS)]
-[link(-C name)(minusC)] [link(-G name)(minusG)]
-[link(-n)(minusn)] [link(-h)(minush)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-The bf(smbcacls) program manipulates NT Access Control Lists (ACLs) on
-SMB file shares.
-
-label(OPTIONS)
-manpageoptions()
-
-The following options are available to the bf(smbcacls) program. The
-format of ACLs is described in the section link(ACL FORMAT)(ACLFORMAT)
-
-startdit()
-
-label(minusA)
-dit(bf(-A acls))
-
-Add the ACLs specified to the ACL list. Existing access control entries
-are unchanged.
-
-label(minusM)
-dit(bf(-M acls))
-
-Modify the mask value (permissions) for the ACLs specified on the command
-line. An error will be printed for each ACL specified that was not already
-present in the ACL list.
-
-label(minusD)
-dit(bf(-D acls))
-
-Delete any ACLs specfied on the command line. An error will be printed for
-each ACL specified that was not already present in the ACL list.
-
-label(minusS)
-dit(bf(-S acls))
-
-This command sets the ACLs on the file with only the ones specified on the
-command line. All other ACLs are erased. Note that the ACL specified must
-contain at least a revision, type, owner and group for the call to succeed.
-
-label(minusC)
-dit(bf(-C username))
-
-This command sets the owner of the file to the given username. Note that
-the user you connect to the server as must have the permissions to modify
-the ownership of a file. Unlike the NT take ownership dialog box this command
-can modify the owner of a file to any arbitrary user.
-
-label(minusG)
-dit(bf(-G username))
-
-This command sets the primary group owner of the file to the given username. Note that
-the user you connect to the server as must have the permissions to modify
-the group ownership of a file. As this attribute is only used in the NT POSIX
-subsystem there is no equivalent NT dialog box.
-
-label(minusU)
-dit(bf(-U username))
-
-Specifies a username used to connect to the specified service. The
-username may be of the form tt(username) in which case the user is
-prompted to enter in a password and the workgroup specified in the
-url(bf(smb.conf))(smb.conf.5.html) file is used, or tt(username%password)
-or tt(DOMAIN\username%password) and the password and workgroup names are
-used as provided.
-
-label(minusC)
-dit(bf(-C name))
-
-The owner of a file or directory can be changed to the name given
-using the -C option. The name can be a sid in the form tt(S-1-x-y-z) or a
-name resolved against the server specified in the first argument.
-
-This command is a shortcut for tt(-M OWNER:name).
-
-label(minusG)
-dit(bf(-G name))
-
-The group owner of a file or directory can be changed to the name given
-using the -G option. The name can be a sid in the form tt(S-1-x-y-z) or a
-name resolved against the server specified in the first argument.
-
-This command is a shortcut for tt(-M GROUP:name).
-
-label(minusn)
-dit(bf(-n))
-
-This option displays all ACL information in numeric format. The default is
-to convert SIDs to names and ACE types and masks to a readable string
-format.
-
-label(minush)
-dit(bf(-h))
-
-Print usage information on the bf(smbcacls) program
-
-enddit()
-
-label(ACLFORMAT)
-manpagesection(ACL FORMAT)
-
-The format of an ACL is one or more ACL entries separated by either
-commas or newlines. An ACL entry is one of the following:
-
-verb(REVISION:<revision number>
-OWNER:<sid or name>
-GROUP:<sid or name>
-ACL:<sid or name>:<type>/<flags>/<mask>)
-
-The revision of the ACL specifies the internal Windows NT ACL revision for
-the security descriptor. If not specified it defaults to 1. Using values
-other than 1 may cause strange behaviour.
-
-The owner and group specify the owner and group sids for the object. If a
-SID in the format tt(S-1-x-y-z) is specified this is used, otherwise
-the name specified is resolved using the server on which the file or
-directory resides.
-
-ACLs specify permissions granted to the SID. This SID again can be
-specified in tt(S-1-x-y-z) format or as a name in which case it is resolved
-against the server on which the file or directory resides. The type, flags
-and mask values determine the type of access granted to the SID.
-
-The type can be either 0 or 1 corresponding to ALLOWED or DENIED access to
-the SID. The flags values are generally zero for file ACLs and either 9 or
-2 for directory ACLs. Some common flags are:
-
-verb(#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1
-#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2
-#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4
-#define SEC_ACE_FLAG_INHERIT_ONLY 0x8)
-
-At present flags can only be specified as decimal or hexadecimal values.
-
-The mask is a value which expresses the access right granted to the SID.
-It can be given as a decimal or hexadecimal value, or by using one of the
-following text strings which map to the NT file permissions of the same
-name.
-
-startdit()
-
-dit() tt(R) Allow read access
-
-dit() tt(W) Allow write access
-
-dit() tt(X) Execute permission on the object
-
-dit() tt(D) Delete the object
-
-dit() tt(P) Change permissions
-
-dit() tt(O) Take ownership
-
-enddit()
-
-The following combined permissions can be specified:
-
-startdit()
-
-dit() tt(READ)
-
-Equivalent to tt(RX) permissions
-
-dit() tt(CHANGE)
-
-Equivalent to tt(RXWD) permissions
-
-dit() tt(FULL)
-
-Equivalent to tt(RWXDPO) permissions
-
-enddit()
-
-label(EXITSTATUS)
-manpagesection(EXIT STATUS)
-
-The bf(smbcacls) program sets the exit status depending on the success or
-otherwise of the operations performed. The exit status may be one of the
-following values.
-
-If the operation succeded, bf(smbcacls) returns and exit status of 0. If
-bf(smbcacls) couldn't connect to the specified server, or there was an
-error getting or setting the ACLs, an exit status of 1 is returned. If
-there was an error parsing any command line arguments, an exit status of 2
-is returned.
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell. Samba is now developed by the Samba Team as an Open
-Source project.
-
-bf(smbcacls) was written by Andrew Tridgell and Tim Potter.
diff --git a/docs/yodldocs/smbclient.1.yo b/docs/yodldocs/smbclient.1.yo
deleted file mode 100644
index 8b42f281ff..0000000000
--- a/docs/yodldocs/smbclient.1.yo
+++ /dev/null
@@ -1,767 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(smbclient htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(smbclient)(ftp-like client to access SMB/CIFS resources on servers)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(smbclient) link(servicename)(servicename) [link(-s smb.conf)(minuss)] [link(-O socket options)(minusO)][link(-R name resolve order)(minusR)] [link(-M NetBIOS name)(minusM)] [link(-i scope)(minusi)] [link(-N)(minusN)] [link(-n NetBIOS name)(minusn)] [link(-d debuglevel)(minusd)] [link(-P)(minusP)] [link(-p port)(minusp)] [link(-l log basename)(minusl)] [link(-h)(minush)] [link(-I dest IP)(minusI)] [link(-E)(minusE)] [link(-U username)(minusU)] [link(-L NetBIOS name)(minusL)] [link(-t terminal code)(minust)] [link(-m max protocol)(minusm)] [link(-b buffersize)(minusb)] [link(-W workgroup)(minusW)] [link(-T<c|x>IXFqgbNan)(minusT)] [link(-D directory)(minusD)] [link(-c command string)(minusc)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(smbclient) is a client that can 'talk' to an SMB/CIFS server. It
-offers an interface similar to that of the ftp program (see bf(ftp
-(1))). Operations include things like getting files from the server
-to the local machine, putting files from the local machine to the
-server, retrieving directory information from the server and so on.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(servicename)
-dit(bf(servicename)) servicename is the name of the service you want
-to use on the server. A service name takes the form
-tt(//server/service) where em(server) is the NetBIOS name of the SMB/CIFS
-server offering the desired service and em(service) is the name
-of the service offered. Thus to connect to the service em(printer) on
-the SMB/CIFS server em(smbserver), you would use the servicename
-
-tt(//smbserver/printer)
-
-Note that the server name required is NOT necessarily the IP (DNS)
-host name of the server ! The name required is a NetBIOS server name,
-which may or may not be the same as the IP hostname of the machine
-running the server.
-
-The server name is looked up according to either the
-link(bf(-R))(minusR) parameter to bf(smbclient) or using the
-url(bf(name resolve order))(smb.conf.5.html#nameresolveorder)
-parameter in the smb.conf file, allowing an administrator to change
-the order and methods by which server names are looked up.
-
-label(password)
-dit(bf(password)) password is the password required to access the
-specified service on the specified server. If this parameter is
-supplied, the link(bf(-N))(minusN) option (suppress password prompt) is assumed.
-
-There is no default password. If no password is supplied on the
-command line (either by using this parameter or adding a password to
-the link(bf(-U))(minusU) option (see below)) and the link(bf(-N))(minusN) option is not specified,
-the client will prompt for a password, even if the desired service
-does not require one. (If no password is required, simply press ENTER
-to provide a null password.)
-
-Note: Some servers (including OS/2 and Windows for Workgroups) insist
-on an uppercase password. Lowercase or mixed case passwords may be
-rejected by these servers.
-
-Be cautious about including passwords in scripts.
-
-label(minuss)
-dit(bf(-s smb.conf)) This parameter specifies the pathname to the
-Samba configuration file, smb.conf. This file controls all aspects of
-the Samba setup on the machine and smbclient also needs to read this
-file.
-
-label(minusO)
-dit(bf(-O socket options)) TCP socket options to set on the client
-socket. See the url(socket options)(smb.conf.5.html#socketoptions)
-parameter in the url(bf(smb.conf (5)))(smb.conf.5.html) manpage for
-the list of valid options.
-
-label(minusR)
-dit(bf(-R name resolve order)) This option allows the user of
-smbclient to determine what name resolution services to use when
-looking up the NetBIOS name of the host being connected to.
-
-The options are :"lmhosts", "host", "wins" and "bcast". They cause
-names to be resolved as follows :
-
-startit()
-
-it() bf(lmhosts) : Lookup an IP address in the Samba lmhosts file.
-The lmhosts file is stored in the same directory as the
-url(bf(smb.conf))(smb.conf.5.html) file.
-
-it() bf(host) : Do a standard host name to IP address resolution,
-using the system /etc/hosts, NIS, or DNS lookups. This method of name
-resolution is operating system depended for instance on IRIX or
-Solaris this may be controlled by the em(/etc/nsswitch.conf) file).
-
-it() bf(wins) : Query a name with the IP address listed in the url(bf(wins
-server))(smb.conf.5.html#winsserver) parameter in the smb.conf file. If
-no WINS server has been specified this method will be ignored.
-
-it() bf(bcast) : Do a broadcast on each of the known local interfaces
-listed in the url(bf(interfaces))(smb.conf.5.html#interfaces) parameter
-in the smb.conf file. This is the least reliable of the name resolution
-methods as it depends on the target host being on a locally connected
-subnet.
-
-endit()
-
-If this parameter is not set then the name resolve order defined
-in the url(bf(smb.conf))(smb.conf.5.html) file parameter
-url((bf(name resolve order)))(smb.conf.5.html#nameresolveorder)
-will be used.
-
-The default order is lmhosts, host, wins, bcast and without this
-parameter or any entry in the url(bf("name resolve
-order"))(smb.conf.5.html#nameresolveorder) parameter of the
-url(bf(smb.conf))(smb.conf.5.html) file the name resolution methods
-will be attempted in this order.
-
-label(minusM)
-dit(bf(-M NetBIOS name)) This options allows you to send messages,
-using the "WinPopup" protocol, to another computer. Once a connection
-is established you then type your message, pressing ^D (control-D) to
-end.
-
-If the receiving computer is running WinPopup the user will receive
-the message and probably a beep. If they are not running WinPopup the
-message will be lost, and no error message will occur.
-
-The message is also automatically truncated if the message is over
-1600 bytes, as this is the limit of the protocol.
-
-One useful trick is to cat the message through bf(smbclient).
-For example:
-
-tt(cat mymessage.txt | smbclient -M FRED)
-
-will send the message in the file em(mymessage.txt) to the machine FRED.
-
-You may also find the link(bf(-U))(minusU) and link(bf(-I))(minusI) options useful, as they allow
-you to control the FROM and TO parts of the message.
-
-See the url(bf(message command))(smb.conf.5.html#messagecommand)
-parameter in the bf(smb.conf (5)) for a description of how to handle
-incoming WinPopup messages in Samba.
-
-Note: Copy WinPopup into the startup group on your WfWg PCs if you
-want them to always be able to receive messages.
-
-label(minusi)
-dit(bf(-i scope)) This specifies a NetBIOS scope that smbclient will use
-to communicate with when generating NetBIOS names. For details on the
-use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes
-are em(very) rarely used, only set this parameter if you are the
-system administrator in charge of all the NetBIOS systems you
-communicate with.
-
-label(minusN)
-dit(bf(-N)) If specified, this parameter suppresses the normal
-password prompt from the client to the user. This is useful when
-accessing a service that does not require a password.
-
-Unless a password is specified on the command line or this parameter
-is specified, the client will request a password.
-
-label(minusn)
-dit(bf(-n NetBIOS name)) By default, the client will use the local
-machine's hostname (in uppercase) as its NetBIOS name. This parameter
-allows you to override the host name and use whatever NetBIOS name you
-wish.
-
-label(minusd)
-dit(bf(-d debuglevel)) debuglevel is an integer from 0 to 10, or the
-letter 'A'.
-
-The default value if this parameter is not specified is zero.
-
-The higher this value, the more detail will be logged to the log files
-about the activities of the client. At level 0, only critical errors
-and serious warnings will be logged. Level 1 is a reasonable level for
-day to day running - it generates a small amount of information about
-operations carried out.
-
-Levels above 1 will generate considerable amounts of log data, and
-should only be used when investigating a problem. Levels above 3 are
-designed for use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic. If debuglevel is set to the
-letter 'A', then em(all) debug messages will be printed. This setting
-is for developers only (and people who em(really) want to know how the
-code works internally).
-
-Note that specifying this parameter here will override the url(bf(log
-level))(smb.conf.5.html#loglevel) parameter in the url(bf(smb.conf
-(5)))(smb.conf.5.html) file.
-
-label(minusP)
-dit(bf(-P)) This option is no longer used. The code in Samba2.0
-now lets the server decide the device type, so no printer specific
-flag is needed.
-
-label(minusp)
-dit(bf(-p port)) This number is the TCP port number that will be used
-when making connections to the server. The standard (well-known) TCP
-port number for an SMB/CIFS server is 139, which is the default.
-
-label(minusl)
-dit(bf(-l logfilename)) If specified, logfilename specifies a base
-filename into which operational data from the running client will be
-logged.
-
-The default base name is specified at compile time.
-
-The base name is used to generate actual log file names. For example,
-if the name specified was "log", the debug file would be
-tt(log.client).
-
-The log file generated is never removed by the client.
-
-label(minush)
-dit(bf(-h)) Print the usage message for the client.
-
-label(minusI)
-dit(bf(-I IP address)) IP address is the address of the server to
-connect to. It should be specified in standard "a.b.c.d" notation.
-
-Normally the client would attempt to locate a named SMB/CIFS server by
-looking it up via the NetBIOS name resolution mechanism described
-above in the link(bf(name resolve order))(minusR) parameter
-above. Using this parameter will force the client to assume that the
-server is on the machine with the specified IP address and the NetBIOS
-name component of the resource being connected to will be ignored.
-
-There is no default for this parameter. If not supplied, it will be
-determined automatically by the client as described above.
-
-label(minusE)
-dit(bf(-E)) This parameter causes the client to write messages to the
-standard error stream (stderr) rather than to the standard output
-stream.
-
-By default, the client writes messages to standard output - typically
-the user's tty.
-
-label(minusU)
-dit(bf(-U username)) This specifies the user name that will be used by
-the client to make a connection, assuming your server is not a downlevel
-server that is running a protocol level that uses passwords on shares,
-not on usernames.
-
-Some servers are fussy about the case of this name, and some insist
-that it must be a valid NetBIOS name.
-
-If no username is supplied, it will default to an uppercase version of
-the environment variable tt(USER) or tt(LOGNAME) in that order. If no
-username is supplied and neither environment variable exists the
-username "GUEST" will be used.
-
-If the tt(USER) environment variable contains a '%' character,
-everything after that will be treated as a password. This allows you
-to set the environment variable to be tt(USER=username%password) so
-that a password is not passed on the command line (where it may be
-seen by the ps command).
-
-You can specify a domain name as part of the username by using a
-username of the form "DOMAIN/user" or "DOMAIN\user".
-
-If the service you are connecting to requires a password, it can be
-supplied using the link(bf(-U))(minusU) option, by appending a percent symbol ("%")
-then the password to username. For example, to attach to a service as
-user tt("fred") with password tt("secret"), you would specify. nl()
-
-tt(-U fred%secret) nl()
-
-on the command line. Note that there are no spaces around the percent
-symbol.
-
-If you specify the password as part of username then the link(bf(-N))(minusN) option
-(suppress password prompt) is assumed.
-
-If you specify the password as a parameter em(AND) as part of username
-then the password as part of username will take precedence. Putting
-nothing before or nothing after the percent symbol will cause an empty
-username or an empty password to be used, respectively.
-
-The password may also be specified by setting up an environment
-variable called tt(PASSWD) that contains the users password. Note
-that this may be very insecure on some systems but on others allows
-users to script smbclient commands without having a password appear in
-the command line of a process listing.
-
-A third option is to use a credentials file which contains
-the plaintext of the username and password. This option is
-mainly provided for scripts where the admin doesn't desire to
-pass the credentials on the command line or via environment variables.
-If this method is used, make certain that the permissions on the file
-restrict access from unwanted users. See the bf(-A) for more details.
-
-Note: Some servers (including OS/2 and Windows for Workgroups) insist
-on an uppercase password. Lowercase or mixed case passwords may be
-rejected by these servers.
-
-Be cautious about including passwords in scripts or in the
-tt(PASSWD) environment variable. Also, on many systems the command
-line of a running process may be seen via the tt(ps) command to be
-safe always allow smbclient to prompt for a password and type it in
-directly.
-
-label(minusA)
-dit(bf(-A <filename>)) This option allows you to specify a file from which
-to read the username and password used in the connection. The format
-of the file is
-
-tt(username = <value>) nl()
-tt(password = <value>) nl()
-
-Make certain that the permissions on the file restrict access from
-unwanted users.
-
-label(minusL)
-dit(bf(-L)) This option allows you to look at what services are
-available on a server. You use it as tt("smbclient -L host") and a
-list should appear. The link(bf(-I))(minusI) option may be useful if your NetBIOS
-names don't match your tcp/ip dns host names or if you are trying to
-reach a host on another network.
-
-label(minust)
-dit(bf(-t terminal code)) This option tells smbclient how to interpret
-filenames coming from the remote server. Usually Asian language
-multibyte UNIX implementations use different character sets than
-SMB/CIFS servers (em(EUC) instead of em(SJIS) for example). Setting
-this parameter will let smbclient convert between the UNIX filenames
-and the SMB filenames correctly. This option has not been seriously
-tested and may have some problems.
-
-The terminal codes include tt(sjis), tt(euc), tt(jis7), tt(jis8),
-tt(junet), tt(hex), tt(cap). This is not a complete list, check the
-Samba source code for the complete list.
-
-label(minusm)
-dit(bf(-m max protocol level)) With the new code in Samba2.0,
-bf(smbclient) always attempts to connect at the maximum
-protocols level the server supports. This parameter is
-preserved for backwards compatibility, but any string
-following the bf(-m) will be ignored.
-
-label(minusb)
-dit(bf(-b buffersize)) This option changes the transmit/send buffer
-size when getting or putting a file from/to the server. The default
-is 65520 bytes. Setting this value smaller (to 1200 bytes) has been
-observed to speed up file transfers to and from a Win9x server.
-
-label(minusW)
-dit(bf(-W WORKGROUP)) Override the default workgroup specified in the
-url(bf(workgroup))(smb.conf.5.html#workgroup) parameter of the
-url(bf(smb.conf))(smb.conf.5.html) file for this connection. This may
-be needed to connect to some servers.
-
-label(minusT) dit(bf(-T tar options)) smbclient may be used to create
-bf(tar (1)) compatible backups of all the files on an SMB/CIFS
-share. The secondary tar flags that can be given to this option are :
-
- startdit()
-
- dit(bf(c)) Create a tar file on UNIX. Must be followed by the
- name of a tar file, tape device or tt("-") for standard output. If
- using standard output you must turn the log level to its lowest value
- tt(-d0) to avoid corrupting your tar file. This flag is
- mutually exclusive with the bf(x) flag.
-
- dit(bf(x)) Extract (restore) a local tar file back to a
- share. Unless the link(bf(-D))(minusD) option is given, the tar files will be
- restored from the top level of the share. Must be followed by the name
- of the tar file, device or tt("-") for standard input. Mutually exclusive
- with the bf(c) flag. Restored files have their creation times (mtime)
- set to the date saved in the tar file. Directories currently do not
- get their creation dates restored properly.
-
- dit(bf(I)) Include files and directories. Is the default
- behavior when filenames are specified above. Causes tar files to
- be included in an extract or create (and therefore everything else to
- be excluded). See example below. Filename globbing works
- in one of two ways. See bf(r) below.
-
- dit(bf(X)) Exclude files and directories. Causes tar files to
- be excluded from an extract or create. See example below. Filename
- globbing works in one of two ways now. See bf(r) below.
-
- dit(bf(b)) Blocksize. Must be followed by a valid (greater than
- zero) blocksize. Causes tar file to be written out in
- blocksize*TBLOCK (usually 512 byte) blocks.
-
- dit(bf(g)) Incremental. Only back up files that have the
- archive bit set. Useful only with the bf(c) flag.
-
- dit(bf(q)) Quiet. Keeps tar from printing diagnostics as it
- works. This is the same as tarmode quiet.
-
- dit(bf(r)) Regular expression include or exclude. Uses regular
- regular expression matching for excluding or excluding files if
- compiled with HAVE_REGEX_H. However this mode can be very slow. If
- not compiled with HAVE_REGEX_H, does a limited wildcard match on * and
- ?.
-
- dit(bf(N)) Newer than. Must be followed by the name of a file
- whose date is compared against files found on the share during a
- create. Only files newer than the file specified are backed up to the
- tar file. Useful only with the bf(c) flag.
-
- dit(bf(a)) Set archive bit. Causes the archive bit to be reset
- when a file is backed up. Useful with the bf(g) and bf(c) flags.
-
- enddit()
-
-em(Tar Long File Names)
-
-smbclient's tar option now supports long file names both on backup and
-restore. However, the full path name of the file must be less than
-1024 bytes. Also, when a tar archive is created, smbclient's tar
-option places all files in the archive with relative names, not
-absolute names.
-
-em(Tar Filenames)
-
-All file names can be given as DOS path names (with tt(\) as the
-component separator) or as UNIX path names (with tt(/) as the
-component separator).
-
-em(Examples)
-
-startit()
-
-it() Restore from tar file backup.tar into myshare on mypc (no password on share).
-
- tt(smbclient //mypc/myshare "" -N -Tx backup.tar)
-
-it() Restore everything except users/docs
-
- tt(smbclient //mypc/myshare "" -N -TXx backup.tar users/docs)
-
-it() Create a tar file of the files beneath users/docs.
-
- tt(smbclient //mypc/myshare "" -N -Tc backup.tar users/docs)
-
-it() Create the same tar file as above, but now use a DOS path name.
-
- tt(smbclient //mypc/myshare "" -N -tc backup.tar users\edocs)
-
-it() Create a tar file of all the files and directories in the share.
-
- tt(smbclient //mypc/myshare "" -N -Tc backup.tar *)
-
-endit()
-
-label(minusD)
-dit(bf(-D initial directory)) Change to initial directory before
-starting. Probably only of any use with the tar link(bf(-T))(minusT) option.
-
-label(minusc)
-dit(bf(-c command string)) command string is a semicolon separated
-list of commands to be executed instead of prompting from stdin.
-link(bf(-N))(minusN) is implied by bf(-c).
-
-This is particularly useful in scripts and for printing stdin to the
-server, e.g. tt(-c 'print -').
-
-enddit()
-
-label(OPERATIONS)
-manpagesection(OPERATIONS)
-
-Once the client is running, the user is presented with a prompt :
-
-tt(smb:\>)
-
-The backslash ("\") indicates the current working directory on the
-server, and will change if the current working directory is changed.
-
-The prompt indicates that the client is ready and waiting to carry out
-a user command. Each command is a single word, optionally followed by
-parameters specific to that command. Command and parameters are
-space-delimited unless these notes specifically state otherwise. All
-commands are case-insensitive. Parameters to commands may or may not
-be case sensitive, depending on the command.
-
-You can specify file names which have spaces in them by quoting the
-name with double quotes, for example "a long file name".
-
-Parameters shown in square brackets (e.g., "[parameter]") are
-optional. If not given, the command will use suitable
-defaults. Parameters shown in angle brackets (e.g., "<parameter>") are
-required.
-
-Note that all commands operating on the server are actually performed
-by issuing a request to the server. Thus the behavior may vary from
-server to server, depending on how the server was implemented.
-
-The commands available are given here in alphabetical order.
-
-startdit()
-
-label(questionmark) dit(bf(? [command])) If "command" is specified,
-the bf(?) command will display a brief informative message about the
-specified command. If no command is specified, a list of available
-commands will be displayed.
-
-label(exclaimationmark) dit(bf(! [shell command])) If "shell command"
-is specified, the bf(!) command will execute a shell locally and run
-the specified shell command. If no command is specified, a local shell
-will be run.
-
-label(cd) dit(bf(cd [directory name])) If "directory name" is
-specified, the current working directory on the server will be changed
-to the directory specified. This operation will fail if for any reason
-the specified directory is inaccessible.
-
-If no directory name is specified, the current working directory on
-the server will be reported.
-
-label(del) dit(bf(del <mask>)) The client will request that the server
-attempt to delete all files matching "mask" from the current working
-directory on the server.
-
-label(dir) dit(bf(dir <mask>)) A list of the files matching "mask" in
-the current working directory on the server will be retrieved from the
-server and displayed.
-
-label(exit) dit(bf(exit)) Terminate the connection with the server and
-exit from the program.
-
-label(get) dit(bf(get <remote file name> [local file name])) Copy the
-file called "remote file name" from the server to the machine running
-the client. If specified, name the local copy "local file name". Note
-that all transfers in smbclient are binary. See also the
-link(bf(lowercase))(lowercase) command.
-
-label(help) dit(bf(help [command])) See the link(bf(?))(questionmark)
-command above.
-
-label(lcd) dit(bf(lcd [directory name])) If "directory name" is
-specified, the current working directory on the local machine will
-be changed to the directory specified. This operation will fail if for
-any reason the specified directory is inaccessible.
-
-If no directory name is specified, the name of the current working
-directory on the local machine will be reported.
-
-label(lowercase) dit(bf(lowercase)) Toggle lowercasing of filenames
-for the link(bf(get))(get) and link(bf(mget))(mget) commands.
-
-When lowercasing is toggled ON, local filenames are converted to
-lowercase when using the link(bf(get))(get) and link(bf(mget))(mget)
-commands. This is often useful when copying (say) MSDOS files from a
-server, because lowercase filenames are the norm on UNIX systems.
-
-label(ls) dit(bf(ls <mask>)) See the link(bf(dir))(dir) command above.
-
-label(mask) dit(bf(mask <mask>)) This command allows the user to set
-up a mask which will be used during recursive operation of the
-link(bf(mget))(mget) and link(bf(mput))(mput) commands.
-
-The masks specified to the link(bf(mget))(mget) and
-link(bf(mput))(mput) commands act as filters for directories rather
-than files when recursion is toggled ON.
-
-The mask specified with the .B mask command is necessary to filter
-files within those directories. For example, if the mask specified in
-an link(bf(mget))(mget) command is "source*" and the mask specified
-with the mask command is "*.c" and recursion is toggled ON, the
-link(bf(mget))(mget) command will retrieve all files matching "*.c" in
-all directories below and including all directories matching "source*"
-in the current working directory.
-
-Note that the value for mask defaults to blank (equivalent to "*") and
-remains so until the mask command is used to change it. It retains the
-most recently specified value indefinitely. To avoid unexpected
-results it would be wise to change the value of .I mask back to "*"
-after using the link(bf(mget))(mget) or link(bf(mput))(mput) commands.
-
-label(md) dit(bf(md <directory name>)) See the link(bf(mkdir))(mkdir)
-command.
-
-label(mget) dit(bf(mget <mask>)) Copy all files matching mask from the
-server to the machine running the client.
-
-Note that mask is interpreted differently during recursive operation
-and non-recursive operation - refer to the link(bf(recurse))(recurse)
-and link(bf(mask))(mask) commands for more information. Note that all
-transfers in .B smbclient are binary. See also the
-link(bf(lowercase))(lowercase) command.
-
-label(mkdir) dit(bf(mkdir <directory name>)) Create a new directory on
-the server (user access privileges permitting) with the specified
-name.
-
-label(mput) dit(bf(mput <mask>)) Copy all files matching mask in
-the current working directory on the local machine to the current
-working directory on the server.
-
-Note that mask is interpreted differently during recursive operation
-and non-recursive operation - refer to the link(bf(recurse))(recurse)
-and link(bf(mask))(mask) commands for more information. Note that all
-transfers in .B smbclient are binary.
-
-label(print) dit(bf(print <file name>)) Print the specified file
-from the local machine through a printable service on the server.
-
-See also the link(bf(printmode))(printmode) command.
-
-label(printmode) dit(bf(printmode <graphics or text>)) Set the print
-mode to suit either binary data (such as graphical information) or
-text. Subsequent print commands will use the currently set print
-mode.
-
-label(prompt) dit(bf(prompt)) Toggle prompting for filenames during
-operation of the link(bf(mget))(mget) and link(bf(mput))(mput)
-commands.
-
-When toggled ON, the user will be prompted to confirm the transfer of
-each file during these commands. When toggled OFF, all specified files
-will be transferred without prompting.
-
-label(put) dit(bf(put <local file name> [remote file name])) Copy the
-file called "local file name" from the machine running the client to
-the server. If specified, name the remote copy "remote file name".
-Note that all transfers in smbclient are binary. See also the
-link(bf(lowercase))(lowercase) command.
-
-label(queue) dit(bf(queue)) Displays the print queue, showing the job
-id, name, size and current status.
-
-label(quit) dit(bf(quit)) See the link(bf(exit))(exit) command.
-
-label(rd) dit(bf(rd <directory name>)) See the link(bf(rmdir))(rmdir)
-command.
-
-label(recurse) dit(bf(recurse)) Toggle directory recursion for the
-commands link(bf(mget))(mget) and link(bf(mput))(mput).
-
-When toggled ON, these commands will process all directories in the
-source directory (i.e., the directory they are copying .IR from ) and
-will recurse into any that match the mask specified to the
-command. Only files that match the mask specified using the
-link(bf(mask))(mask) command will be retrieved. See also the
-link(bf(mask))(mask) command.
-
-When recursion is toggled OFF, only files from the current working
-directory on the source machine that match the mask specified to the
-link(bf(mget))(mget) or link(bf(mput))(mput) commands will be copied,
-and any mask specified using the link(bf(mask))(mask) command will be
-ignored.
-
-label(rm) dit(bf(rm <mask>)) Remove all files matching mask from
-the current working directory on the server.
-
-label(rmdir) dit(bf(rmdir <directory name>)) Remove the specified
-directory (user access privileges permitting) from the server.
-
-label(tar) dit(bf(tar <c|x>[IXbgNa])) Performs a tar operation - see
-the link(bf(-T))(minusT) command line option above. Behavior may be
-affected by the link(bf(tarmode))(tarmode) command (see below). Using
-g (incremental) and N (newer) will affect tarmode settings. Note that
-using the "-" option with tar x may not work - use the command line
-option instead.
-
-label(blocksize) dit(bf(blocksize <blocksize>)) Blocksize. Must be
-followed by a valid (greater than zero) blocksize. Causes tar file to
-be written out in blocksize*TBLOCK (usually 512 byte) blocks.
-
-label(tarmode) dit(bf(tarmode <full|inc|reset|noreset>)) Changes tar's
-behavior with regard to archive bits. In full mode, tar will back up
-everything regardless of the archive bit setting (this is the default
-mode). In incremental mode, tar will only back up files with the
-archive bit set. In reset mode, tar will reset the archive bit on all
-files it backs up (implies read/write share).
-
-label(setmode) dit(bf(setmode <filename> <perm=[+|\-]rsha>)) A version
-of the DOS attrib command to set file permissions. For example:
-
-tt(setmode myfile +r)
-
-would make myfile read only.
-
-enddit()
-
-label(NOTES)
-manpagesection(NOTES)
-
-Some servers are fussy about the case of supplied usernames,
-passwords, share names (AKA service names) and machine names. If you
-fail to connect try giving all parameters in uppercase.
-
-It is often necessary to use the link(bf(-n))(minusn) option when connecting to some
-types of servers. For example OS/2 LanManager insists on a valid
-NetBIOS name being used, so you need to supply a valid name that would
-be known to the server.
-
-smbclient supports long file names where the server supports the
-LANMAN2 protocol or above.
-
-label(ENVIRONMENTVARIABLES)
-manpagesection(ENVIRONMENT VARIABLES)
-
-The variable bf(USER) may contain the username of the person using the
-client. This information is used only if the protocol level is high
-enough to support session-level passwords.
-
-The variable bf(PASSWD) may contain the password of the person using
-the client. This information is used only if the protocol level is
-high enough to support session-level passwords.
-
-label(INSTALLATION)
-manpagesection(INSTALLATION)
-
-The location of the client program is a matter for individual system
-administrators. The following are thus suggestions only.
-
-It is recommended that the smbclient software be installed in the
-/usr/local/samba/bin or /usr/samba/bin directory, this directory
-readable by all, writeable only by root. The client program itself
-should be executable by all. The client should em(NOT) be setuid or
-setgid!
-
-The client log files should be put in a directory readable and
-writeable only by the user.
-
-To test the client, you will need to know the name of a running
-SMB/CIFS server. It is possible to run url(bf(smbd (8)))(smbd.8.html)
-an ordinary user - running that server as a daemon on a
-user-accessible port (typically any port number over 1024) would
-provide a suitable test server.
-
-label(DIAGNOSTICS)
-manpagesection(DIAGNOSTICS)
-
-Most diagnostics issued by the client are logged in a specified log
-file. The log file name is specified at compile time, but may be
-overridden on the command line.
-
-The number and nature of diagnostics available depends on the debug
-level used by the client. If you have problems, set the debug level to
-3 and peruse the log files.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/smbcontrol.1.yo b/docs/yodldocs/smbcontrol.1.yo
deleted file mode 100644
index 9edfc97570..0000000000
--- a/docs/yodldocs/smbcontrol.1.yo
+++ /dev/null
@@ -1,112 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(smbcontrol htmlcommand((1)))(1)(29 Sep 2000)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(smbcontrol)(send messages to smbd or nmbd processes)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(smbcontrol) link(-i)(minusi)
-
-bf(smbcontrol) link(destination)(destination) link(message-type)(messagetype) link(parameters)(parameters)
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(smbcontrol) is a very small program, which sends messages to an
-url(bf(smbd))(smbd.8.html) or an url(bf(nmbd))(nmbd.8.html) daemon
-running on the system.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(minusi)
-dit(bf(-i)) Run interactively. Individual commands of the form
-link(destination)(destination) link(message-type)(messagetype) link(parameters)(parameters)
-can be entered on STDIN. An empty command line or a "q" will quit the program.
-
-label(destination)
-dit(bf(destination)) is one of "nmbd", "smbd" or a process ID.
-
-The bf(smbd) destination causes the message to be "broadcast" to all
-smbd daemons.
-
-The bf(nmbd) destination causes the message to be sent to the nmbd
-daemon specified in the bf(nmbd.pid) file.
-
-If a single process ID is given, the message is sent to only that
-process.
-
-label(messagetype)
-dit(bf(message-type)) is one of: debug, force-election, ping, profile,
-debuglevel, profilelevel, or printer-notify.
-
-The bf(debug) message-type allows the debug level to be set to the value
-specified by the parameter. This can be sent to any of the destinations.
-
-The bf(force-election) message-type can only be sent to the bf(nmbd)
-destination. This message causes the bf(nmbd) daemon to force a
-new browse master election.
-
-The bf(ping) message-type sends the number of "ping" messages specified
-by the parameter and waits for the same number of
-reply "pong" messages. This can be sent to any of the destinations.
-
-The bf(profile) message-type sends a message to an smbd to change the profile
-settings based on the parameter. The parameter can be "on" to turn on
-profile stats collection, "off" to turn off profile stats collection, "count"
-to enable only collection of count stats (time stats are disabled), and
-"flush" to zero the current profile stats.
-This can be sent to any of the destinations.
-
-The bf(debuglevel) message-type sends a "request debug level" message.
-The current debug level setting is returned by a
-"debuglevel" message. This can be sent to any of the destinations.
-
-The bf(profilelevel) message-type sends a "request profile level" message.
-The current profile level setting is returned by a
-"profilelevel" message. This can be sent to any of the destinations.
-
-The bf(printer-notify) message-type sends a message to smbd which in turn
-sends a printer notify message to any Windows NT clients connected to
-a printer. This message-type takes an argument of the printer name to
-send notify messages to. This message can only be sent to smbd.
-
-label(parameters)
-dit(bf(parameters)) is any parameters required for the message-type
-
-enddit()
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(smbd (8)))(smbd.8.html), url(bf(nmbd (8)))(nmbd.8.html)
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-This man page source was written in YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-for the Samba 2.2.0 release by Herb Lewis.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/smbd.8.yo b/docs/yodldocs/smbd.8.yo
deleted file mode 100644
index 2a8cbfbefa..0000000000
--- a/docs/yodldocs/smbd.8.yo
+++ /dev/null
@@ -1,443 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(smbd htmlcommand((8)))(8)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(smbd)(server to provide SMB/CIFS services to clients)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(smbd) [link(-D)(minusD)] [link(-a)(minusa)] [link(-o)(minuso)] [link(-P)(minusP)] [link(-h)(minush)] [link(-V)(minusV)] [link(-d debuglevel)(minusd)] [link(-l log file)(minusl)] [link(-p port number)(minusp)] [link(-O socket options)(minusO)] [link(-s configuration file)(minuss)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(smbd) is the server daemon that provides filesharing and printing
-services to
-Windows clients. The server provides filespace and printer services to
-clients using the SMB (or CIFS) protocol. This is compatible with the
-LanManager protocol, and can service LanManager clients. These
-include MSCLIENT 3.0 for DOS, Windows for Workgroups, Windows 95,
-Windows NT, OS/2, DAVE for Macintosh, and smbfs for Linux.
-
-An extensive description of the services that the server can provide
-is given in the man page for the configuration file controlling the
-attributes of those services (see
-url(bf(smb.conf (5)))(smb.conf.5.html). This man page
-will not describe the services, but will concentrate on the
-administrative aspects of running the server.
-
-Please note that there are significant security implications to
-running this server, and the
-url(bf(smb.conf (5)))(smb.conf.5.html) manpage should be
-regarded as mandatory reading before proceeding with installation.
-
-A session is created whenever a client requests one. Each client gets
-a copy of the server for each session. This copy then services all
-connections made by the client during that session. When all
-connections from its client are closed, the copy of the server for
-that client terminates.
-
-The configuration file, and any files that it includes, are
-automatically reloaded every minute, if they change. You can force a
-reload by sending a SIGHUP to the server. Reloading the configuration
-file will not affect connections to any service that is already
-established. Either the user will have to disconnect from the
-service, or smbd killed and restarted.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(minusD)
-dit(bf(-D)) If specified, this parameter causes the server to operate as a
-daemon. That is, it detaches itself and runs in the background,
-fielding requests on the appropriate port. Operating the server as a
-daemon is the recommended way of running smbd for servers that provide
-more than casual use file and print services.
-
-By default, the server will NOT operate as a daemon.
-
-label(minusa)
-dit(bf(-a)) If this parameter is specified, each new connection will
-append log messages to the log file. This is the default.
-
-label(minuso)
-dit(bf(-o)) If this parameter is specified, the log files will be
-overwritten when opened. By default, the log files will be appended
-to.
-
-label(minusP)
-dit(bf(-P)) Passive option. Causes smbd not to send any network traffic
-out. Used for debugging by the developers only.
-
-label(minush)
-dit(bf(-h)) Prints the help information (usage) for bf(smbd).
-
-label(minusV)
-dit(bf(-V)) Prints the version number for bf(smbd).
-
-label(minusd)
-dit(bf(-d debuglevel)) debuglevel is an integer from 0 to 10.
-
-The default value if this parameter is not specified is zero.
-
-The higher this value, the more detail will be logged to the log files
-about the activities of the server. At level 0, only critical errors
-and serious warnings will be logged. Level 1 is a reasonable level for
-day to day running - it generates a small amount of information about
-operations carried out.
-
-Levels above 1 will generate considerable amounts of log data, and
-should only be used when investigating a problem. Levels above 3 are
-designed for use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic.
-
-Note that specifying this parameter here will override the url(bf(log
-level))(smb.conf.5.html#loglevel) parameter in the url(bf(smb.conf
-(5)))(smb.conf.5.html) file.
-
-label(minusl)
-dit(bf(-l log file)) If specified, em(log file) specifies
-a log filename into which informational and debug messages from the
-running server will be logged. The log file generated is never removed
-by the server although its size may be controlled by the url(bf(max
-log size))(smb.conf.5.html#maxlogsize) option in the url(bf(smb.conf
-(5)))(smb.conf.5.html) file. The default log file name is specified
-at compile time.
-
-label(minusO)
-dit(bf(-O socket options)) See the url(bf(socket
-options))(smb.conf.5.html#socketoptions) parameter in the
-url(bf(smb.conf (5)))(smb.conf.5.html) file for details.
-
-label(minusp)
-dit(bf(-p port number)) port number is a positive integer value. The
-default value if this parameter is not specified is 139.
-
-This number is the port number that will be used when making
-connections to the server from client software. The standard
-(well-known) port number for the SMB over TCP is 139, hence the
-default. If you wish to run the server as an ordinary user rather than
-as root, most systems will require you to use a port number greater
-than 1024 - ask your system administrator for help if you are in this
-situation.
-
-In order for the server to be useful by most clients, should you
-configure it on a port other than 139, you will require port
-redirection services on port 139, details of which are outlined in
-rfc1002.txt section 4.3.5.
-
-This parameter is not normally specified except in the above
-situation.
-
-label(minuss)
-dit(bf(-s configuration file))
-The file specified contains the configuration details required by the
-server. The information in this file includes server-specific
-information such as what printcap file to use, as well as descriptions
-of all the services that the server is to provide. See bf(smb.conf
-(5)) for more information.
-The default configuration file name is determined at compile time.
-
-endit()
-
-label(FILES)
-manpagefiles()
-
-bf(/etc/inetd.conf)
-
-If the server is to be run by the inetd meta-daemon, this file must
-contain suitable startup information for the meta-daemon. See the
-section link(INSTALLATION)(INSTALLATION) below.
-
-bf(/etc/rc)
-
-(or whatever initialization script your system uses).
-
-If running the server as a daemon at startup, this file will need to
-contain an appropriate startup sequence for the server. See the
-section link(INSTALLATION)(INSTALLATION) below.
-
-bf(/etc/services)
-
-If running the server via the meta-daemon inetd, this file must
-contain a mapping of service name (e.g., netbios-ssn) to service port
-(e.g., 139) and protocol type (e.g., tcp). See the section
-link(INSTALLATION)(INSTALLATION) below.
-
-bf(/usr/local/samba/lib/smb.conf)
-
-This is the default location of the em(smb.conf) server configuration
-file. Other common places that systems install this file are
-em(/usr/samba/lib/smb.conf) and em(/etc/smb.conf).
-
-This file describes all the services the server is to make available
-to clients. See url(bf(smb.conf (5)))(smb.conf.5.html) for more information.
-
-label(LIMITATIONS)
-manpagesection(LIMITATIONS)
-
-On some systems bf(smbd) cannot change uid back to root after a
-setuid() call. Such systems are called "trapdoor" uid systems. If you
-have such a system, you will be unable to connect from a client (such
-as a PC) as two different users at once. Attempts to connect the
-second user will result in "access denied" or similar.
-
-label(ENVIRONMENTVARIABLES)
-manpagesection(ENVIRONMENT VARIABLES)
-
-bf(PRINTER)
-
-If no printer name is specified to printable services, most systems
-will use the value of this variable (or "lp" if this variable is not
-defined) as the name of the printer to use. This is not specific to
-the server, however.
-
-label(INSTALLATION)
-manpagesection(INSTALLATION)
-
- The location of the server and its support files is a matter for
-individual system administrators. The following are thus suggestions
-only.
-
-It is recommended that the server software be installed under the
-/usr/local/samba hierarchy, in a directory readable by all, writeable
-only by root. The server program itself should be executable by all,
-as users may wish to run the server themselves (in which case it will
-of course run with their privileges). The server should NOT be
-setuid. On some systems it may be worthwhile to make smbd setgid to an
-empty group. This is because some systems may have a security hole
-where daemon processes that become a user can be attached to with a
-debugger. Making the smbd file setgid to an empty group may prevent
-this hole from being exploited. This security hole and the suggested
-fix has only been confirmed on old versions (pre-kernel 2.0) of Linux
-at the time this was written. It is possible that this hole only
-exists in Linux, as testing on other systems has thus far shown them
-to be immune.
-
-The server log files should be put in a directory readable and
-writeable only by root, as the log files may contain sensitive
-information.
-
-The configuration file should be placed in a directory readable and
-writeable only by root, as the configuration file controls security for
-the services offered by the server. The configuration file can be made
-readable by all if desired, but this is not necessary for correct
-operation of the server and is not recommended. A sample configuration
-file "smb.conf.sample" is supplied with the source to the server -
-this may be renamed to "smb.conf" and modified to suit your needs.
-
-The remaining notes will assume the following:
-
-startit()
-
-it() bf(smbd) (the server program) installed in /usr/local/samba/bin
-
-it() bf(smb.conf) (the configuration file) installed in /usr/local/samba/lib
-
-it() log files stored in /var/adm/smblogs
-
-endit()
-
-The server may be run either as a daemon by users or at startup, or it
-may be run from a meta-daemon such as inetd upon request. If run as a
-daemon, the server will always be ready, so starting sessions will be
-faster. If run from a meta-daemon some memory will be saved and
-utilities such as the tcpd TCP-wrapper may be used for extra security.
-For serious use as file server it is recommended that bf(smbd) be run
-as a daemon.
-
-When you've decided, continue with either
-link(RUNNING THE SERVER AS A DAEMON)(RUNNINGTHESERVERASADAEMON) or
-link(RUNNING THE SERVER ON REQUEST)(RUNNINGTHESERVERONREQUEST).
-
-label(RUNNINGTHESERVERASADAEMON)
-manpagesection(RUNNING THE SERVER AS A DAEMON)
-
-To run the server as a daemon from the command line, simply put the
-link(bf(-D))(minusD) option on the command line. There is no need to place an
-ampersand at the end of the command line - the link(bf(-D))(minusD) option causes
-the server to detach itself from the tty anyway.
-
-Any user can run the server as a daemon (execute permissions
-permitting, of course). This is useful for testing purposes, and may
-even be useful as a temporary substitute for something like ftp. When
-run this way, however, the server will only have the privileges of the
-user who ran it.
-
-To ensure that the server is run as a daemon whenever the machine is
-started, and to ensure that it runs as root so that it can serve
-multiple clients, you will need to modify the system startup
-files. Wherever appropriate (for example, in /etc/rc), insert the
-following line, substituting port number, log file location,
-configuration file location and debug level as desired:
-
-tt(/usr/local/samba/bin/smbd -D -l /var/adm/smblogs/log -s /usr/local/samba/lib/smb.conf)
-
-(The above should appear in your initialization script as a single line.
-Depending on your terminal characteristics, it may not appear that way in
-this man page. If the above appears as more than one line, please treat any
-newlines or indentation as a single space or TAB character.)
-
-If the options used at compile time are appropriate for your system,
-all parameters except link(bf(-D))(minusD) may be
-omitted. See the section link(OPTIONS)(OPTIONS) above.
-
-label(RUNNINGTHESERVERONREQUEST)
-manpagesection(RUNNING THE SERVER ON REQUEST)
-
- If your system uses a meta-daemon such as bf(inetd), you can arrange to
-have the smbd server started whenever a process attempts to connect to
-it. This requires several changes to the startup files on the host
-machine. If you are experimenting as an ordinary user rather than as
-root, you will need the assistance of your system administrator to
-modify the system files.
-
-You will probably want to set up the NetBIOS name server url(bf(nmbd))(nmbd.8.html) at
-the same time as bf(smbd). To do this refer to the man page for
-url(bf(nmbd (8)))(nmbd.8.html).
-
-First, ensure that a port is configured in the file tt(/etc/services). The
-well-known port 139 should be used if possible, though any port may be
-used.
-
-Ensure that a line similar to the following is in tt(/etc/services):
-
-tt(netbios-ssn 139/tcp)
-
-Note for NIS/YP users - you may need to rebuild the NIS service maps
-rather than alter your local tt(/etc/services file).
-
-Next, put a suitable line in the file tt(/etc/inetd.conf) (in the unlikely
-event that you are using a meta-daemon other than inetd, you are on
-your own). Note that the first item in this line matches the service
-name in tt(/etc/services). Substitute appropriate values for your system
-in this line (see bf(inetd (8))):
-
-tt(netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd -d1 -l/var/adm/smblogs/log -s/usr/local/samba/lib/smb.conf)
-
-(The above should appear in tt(/etc/inetd.conf) as a single
-line. Depending on your terminal characteristics, it may not appear
-that way in this man page. If the above appears as more than one
-line, please treat any newlines or indentation as a single space or
-TAB character.)
-
-Note that there is no need to specify a port number here, even if you
-are using a non-standard port number.
-
-Lastly, edit the configuration file to provide suitable services. To
-start with, the following two services should be all you need:
-
-verb(
-
-[homes]
- writeable = yes
-
-[printers]
- writeable = no
- printable = yes
- path = /tmp
- public = yes
-
-)
-
-This will allow you to connect to your home directory and print to any
-printer supported by the host (user privileges permitting).
-
-label(TESTINGTHEINSTALLATION)
-manpagesection(TESTING THE INSTALLATION)
-
-If running the server as a daemon, execute it before proceeding. If
-using a meta-daemon, either restart the system or kill and restart the
-meta-daemon. Some versions of inetd will reread their configuration
-tables if they receive a HUP signal.
-
-If your machine's name is "fred" and your name is "mary", you should
-now be able to connect to the service tt(\\fred\mary).
-
-To properly test and experiment with the server, we recommend using
-the smbclient program (see
-url(bf(smbclient (1)))(smbclient.1.html)) and also going through
-the steps outlined in the file em(DIAGNOSIS.txt) in the em(docs/)
-directory of your Samba installation.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(DIAGNOSTICS)
-manpagesection(DIAGNOSTICS)
-
-Most diagnostics issued by the server are logged in a specified log
-file. The log file name is specified at compile time, but may be
-overridden on the command line.
-
-The number and nature of diagnostics available depends on the debug
-level used by the server. If you have problems, set the debug level to
-3 and peruse the log files.
-
-Most messages are reasonably self-explanatory. Unfortunately, at the time
-this man page was created, there are too many diagnostics available
-in the source code to warrant describing each and every diagnostic. At
-this stage your best bet is still to grep the source code and inspect
-the conditions that gave rise to the diagnostics you are seeing.
-
-label(SIGNALS)
-manpagesection(SIGNALS)
-
-Sending the smbd a SIGHUP will cause it to re-load its smb.conf
-configuration file within a short period of time.
-
-To shut down a users smbd process it is recommended that SIGKILL (-9)
-em(NOT) be used, except as a last resort, as this may leave the shared
-memory area in an inconsistent state. The safe way to terminate an
-smbd is to send it a SIGTERM (-15) signal and wait for it to die on
-its own.
-
-The debug log level of smbd may be raised
-by sending it a SIGUSR1 tt((kill -USR1 <smbd-pid>)) and lowered by
-sending it a SIGUSR2 tt((kill -USR2 <smbd-pid>)). This is to allow
-transient problems to be diagnosed, whilst still running at a normally
-low log level.
-
-Note that as the signal handlers send a debug write, they are not
-re-entrant in smbd. This you should wait until smbd is in a state of
-waiting for an incoming smb before issuing them. It is possible to
-make the signal handlers safe by un-blocking the signals before the
-select call and re-blocking them after, however this would affect
-performance.
-
-label(SEEALSO)
-manpageseealso()
-
-bf(hosts_access (5)), bf(inetd (8)), url(bf(nmbd (8)))(nmbd.8.html),
-url(bf(smb.conf (5)))(smb.conf.5.html), url(bf(smbclient
-(1)))(smbclient.1.html), url(bf(testparm (1)))(testparm.1.html),
-url(bf(testprns (1)))(testprns.1.html), and the Internet RFC's
-bf(rfc1001.txt), bf(rfc1002.txt). In addition the CIFS (formerly SMB)
-specification is available as a link from the Web page :
-url(http://samba.org/cifs/)(http://samba.org/cifs/).
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full list of contributors
-and details on how to submit bug reports, comments etc.
diff --git a/docs/yodldocs/smbpasswd.5.yo b/docs/yodldocs/smbpasswd.5.yo
deleted file mode 100644
index 53350645c9..0000000000
--- a/docs/yodldocs/smbpasswd.5.yo
+++ /dev/null
@@ -1,213 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(smbpasswd htmlcommand((5)))(5)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(smbpasswd)(The Samba encrypted password file)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-smbpasswd is the bf(Samba) encrypted password file.
-
-label(DESCRIPTION)
-manpagedescription()
-
-This file is part of the bf(Samba) suite.
-
-smbpasswd is the bf(Samba) encrypted password file. It contains
-the username, Unix user id and the SMB hashed passwords of the
-user, as well as account flag information and the time the password
-was last changed. This file format has been evolving with Samba
-and has had several different formats in the past.
-
-label(FILEFORMAT)
-manpagesection(FILE FORMAT)
-
-The format of the smbpasswd file used by Samba 2.0 is very similar to
-the familiar Unix bf(passwd (5)) file. It is an ASCII file containing
-one line for each user. Each field within each line is separated from
-the next by a colon. Any entry beginning with # is ignored. The
-smbpasswd file contains the following information for each user:
-
-startit()
-
-label(name)
-dit(bf(name)) nl() nl()
-
- This is the user name. It must be a name that already exists
- in the standard UNIX passwd file.
-
-label(uid)
-dit(bf(uid)) nl() nl()
-
- This is the UNIX uid. It must match the uid field for the same
- user entry in the standard UNIX passwd file. If this does not
- match then Samba will refuse to recognize this bf(smbpasswd) file entry
- as being valid for a user.
-
-label(LanmanPasswordHash)
-dit(bf(Lanman Password Hash)) nl() nl()
-
- This is the em(LANMAN) hash of the users password, encoded as 32 hex
- digits. The em(LANMAN) hash is created by DES encrypting a well known
- string with the users password as the DES key. This is the same
- password used by Windows 95/98 machines. Note that this password hash
- is regarded as weak as it is vulnerable to dictionary attacks and if
- two users choose the same password this entry will be identical (i.e.
- the password is not em("salted") as the UNIX password is). If the
- user has a null password this field will contain the characters
- tt("NO PASSWORD") as the start of the hex string. If the hex string
- is equal to 32 tt('X') characters then the users account is marked as
- em(disabled) and the user will not be able to log onto the Samba
- server.
-
- em(WARNING !!). Note that, due to the challenge-response nature of the
- SMB/CIFS authentication protocol, anyone with a knowledge of this
- password hash will be able to impersonate the user on the network.
- For this reason these hashes are known as em("plain text equivalent")
- and must em(NOT) be made available to anyone but the root user. To
- protect these passwords the bf(smbpasswd) file is placed in a
- directory with read and traverse access only to the root user and the
- bf(smbpasswd) file itself must be set to be read/write only by root,
- with no other access.
-
-label(NTPasswordHash)
-dit(bf(NT Password Hash)) nl() nl()
-
- This is the em(Windows NT) hash of the users password, encoded as 32
- hex digits. The em(Windows NT) hash is created by taking the users
- password as represented in 16-bit, little-endian UNICODE and then
- applying the em(MD4) (internet rfc1321) hashing algorithm to it.
-
- This password hash is considered more secure than the link(bf(Lanman
- Password Hash))(LanmanPasswordHash) as it preserves the case of the
- password and uses a much higher quality hashing algorithm. However, it
- is still the case that if two users choose the same password this
- entry will be identical (i.e. the password is not em("salted") as the
- UNIX password is).
-
- em(WARNING !!). Note that, due to the challenge-response nature of the
- SMB/CIFS authentication protocol, anyone with a knowledge of this
- password hash will be able to impersonate the user on the network.
- For this reason these hashes are known as em("plain text equivalent")
- and must em(NOT) be made available to anyone but the root user. To
- protect these passwords the bf(smbpasswd) file is placed in a
- directory with read and traverse access only to the root user and the
- bf(smbpasswd) file itself must be set to be read/write only by root,
- with no other access.
-
-label(AccountFlags)
-dit(bf(Account Flags)) nl() nl()
-
- This section contains flags that describe the attributes of the users
- account. In the bf(Samba2.0) release this field is bracketed by tt('[')
- and tt(']') characters and is always 13 characters in length (including
- the tt('[') and tt(']') characters). The contents of this field may be
- any of the characters.
-
- startit()
-
- label(capU)
- it() bf('U') This means this is a em("User") account, i.e. an ordinary
- user. Only bf(User) and link(bf(Workstation Trust))(capW) accounts are
- currently supported in the bf(smbpasswd) file.
-
- label(capN)
- it() bf('N') This means the account has em(no) password (the passwords
- in the fields link(bf(Lanman Password Hash))(LanmanPasswordHash) and
- link(bf(NT Password Hash))(NTPasswordHash) are ignored). Note that this
- will only allow users to log on with no password if the
- url(bf(null passwords))(smb.conf.5.html#nullpasswords) parameter is set
- in the url(bf(smb.conf (5)))(smb.conf.5.html) config file.
-
- label(capD)
- it() bf('D') This means the account is disabled and no SMB/CIFS logins
- will be allowed for this user.
-
- label(capW)
- it() bf('W') This means this account is a em("Workstation Trust") account.
- This kind of account is used in the Samba PDC code stream to allow Windows
- NT Workstations and Servers to join a Domain hosted by a Samba PDC.
-
- endit()
-
- Other flags may be added as the code is extended in future. The rest of
- this field space is filled in with spaces.
-
-label(LastChangeTime)
-dit(bf(Last Change Time)) nl() nl()
-
- This field consists of the time the account was last modified. It consists of
- the characters tt(LCT-) (standing for em("Last Change Time")) followed by a numeric
- encoding of the UNIX time in seconds since the epoch (1970) that the last change
- was made.
-
-dit(bf(Following fields)) nl() nl()
-
- All other colon separated fields are ignored at this time.
-
-enddit()
-
-label(NOTES)
-manpagesection(NOTES)
-
-In previous versions of Samba (notably the 1.9.18 series) this file
-did not contain the link(bf(Account Flags))(AccountFlags) or
-link(bf(Last Change Time))(LastChangeTime) fields. The Samba 2.0
-code will read and write these older password files but will not be able to
-modify the old entries to add the new fields. New entries added with
-url(bf(smbpasswd (8)))(smbpasswd.8.html) will contain the new fields
-in the added accounts however. Thus an older bf(smbpasswd) file used
-with Samba 2.0 may end up with some accounts containing the new fields
-and some not.
-
-In order to convert from an old-style bf(smbpasswd) file to a new
-style, run the script bf(convert_smbpasswd), installed in the
-Samba tt(bin/) directory (the same place that the url(bf(smbd))(smbd.8.html)
-and url(bf(nmbd))(nmbd.8.html) binaries are installed) as follows:
-
-verb(
-
- cat old_smbpasswd_file | convert_smbpasswd > new_smbpasswd_file
-
-)
-
-The bf(convert_smbpasswd) script reads from stdin and writes to stdout
-so as not to overwrite any files by accident.
-
-Once this script has been run, check the contents of the new smbpasswd
-file to ensure that it has not been damaged by the conversion script
-(which uses bf(awk)), and then replace the tt(<old smbpasswd file>)
-with the tt(<new smbpasswd file>).
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(smbpasswd (8)))(smbpasswd.8.html), url(bf(samba
-(7)))(samba.7.html), and the Internet RFC1321 for details on the MD4
-algorithm.
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy
-Allison, email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/smbpasswd.8.yo b/docs/yodldocs/smbpasswd.8.yo
deleted file mode 100644
index 3d418e4953..0000000000
--- a/docs/yodldocs/smbpasswd.8.yo
+++ /dev/null
@@ -1,319 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(smbpasswd htmlcommand((8)))(8)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(smbpasswd)(change a users SMB password)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(smbpasswd) [link(-a)(minusa)] [link(-x)(minusx)] [link(-d)(minusd)] [link(-e)(minuse)] [link(-D debug level)(minusD)] [link(-n)(minusn)] [link(-r remote_machine)(minusr)] [link(-R name resolve order)(minusR)] [link(-m)(minusm)] [link(-j DOMAIN)(minusj)] [link(-U username)(minusU)] [link(-h)(minush)] [link(-s)(minuss)] link(username)(username)
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-The bf(smbpasswd) program has several different functions, depending
-on whether it is run by the em(root) user or not. When run as a normal
-user it allows the user to change the password used for their SMB
-sessions on any machines that store SMB passwords.
-
-By default (when run with no arguments) it will attempt to change the
-current users SMB password on the local machine. This is similar to
-the way the bf(passwd (1)) program works. bf(smbpasswd) differs from how
-the bf(passwd) program works however in that it is not em(setuid root)
-but works in a client-server mode and communicates with a locally
-running url(bf(smbd))(smbd.8.html). As a consequence in order for this
-to succeed the url(bf(smbd))(smbd.8.html) daemon must be running on
-the local machine. On a UNIX machine the encrypted SMB passwords are
-usually stored in the url(bf(smbpasswd (5)))(smbpasswd.5.html) file.
-
-When run by an ordinary user with no options. bf(smbpasswd) will
-prompt them for their old smb password and then ask them for their new
-password twice, to ensure that the new password was typed
-correctly. No passwords will be echoed on the screen whilst being
-typed. If you have a blank smb password (specified by the string "NO
-PASSWORD" in the url(bf(smbpasswd))(smbpasswd.5.html) file) then just
-press the <Enter> key when asked for your old password.
-
-bf(smbpasswd) can also be used by a normal user to change their SMB
-password on remote machines, such as Windows NT Primary Domain
-Controllers. See the link((bf(-r)))(minusr) and
-link(bf(-U))(minusU) options below.
-
-When run by root, bf(smbpasswd) allows new users to be added and
-deleted in the url(bf(smbpasswd))(smbpasswd.5.html) file, as well as
-allows changes to the attributes of the user in this file to be made. When
-run by root, bf(smbpasswd) accesses the local
-url(bf(smbpasswd))(smbpasswd.5.html) file directly, thus enabling
-changes to be made even if url(bf(smbd))(smbd.8.html) is not running.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(minusa)
-dit(bf(-a)) This option specifies that the username following should
-be added to the local url(bf(smbpasswd))(smbpasswd.5.html) file, with
-the new password typed (type <Enter> for the old password). This
-option is ignored if the username following already exists in the
-url(bf(smbpasswd))(smbpasswd.5.html) file and it is treated like a
-regular change password command. Note that the user to be added
-bf(must) already exist in the system password file (usually /etc/passwd)
-else the request to add the user will fail.
-
-This option is only available when running bf(smbpasswd) as
-root.
-
-label(minusx)
-dit(bf(-x)) This option specifies that the username following should
-be deleted from the local url(bf(smbpasswd))(smbpasswd.5.html) file.
-
-This option is only available when running bf(smbpasswd) as
-root.
-
-label(minusd)
-dit(bf(-d)) This option specifies that the username following should be
-em(disabled) in the local url(bf(smbpasswd))(smbpasswd.5.html) file.
-This is done by writing a em('D') flag into the account control space
-in the url(bf(smbpasswd))(smbpasswd.5.html) file. Once this is done
-all attempts to authenticate via SMB using this username will fail.
-
-If the url(bf(smbpasswd))(smbpasswd.5.html) file is in the 'old'
-format (pre-Samba 2.0 format) there is no space in the users password
-entry to write this information and so the user is disabled by writing
-'X' characters into the password space in the
-url(bf(smbpasswd))(smbpasswd.5.html) file. See url(bf(smbpasswd
-(5)))(smbpasswd.5.html) for details on the 'old' and new password file
-formats.
-
-This option is only available when running bf(smbpasswd) as root.
-
-label(minuse)
-dit(bf(-e)) This option specifies that the username following should be
-em(enabled) in the local url(bf(smbpasswd))(smbpasswd.5.html) file,
-if the account was previously disabled. If the account was not
-disabled this option has no effect. Once the account is enabled
-then the user will be able to authenticate via SMB once again.
-
-If the smbpasswd file is in the 'old' format then bf(smbpasswd) will
-prompt for a new password for this user, otherwise the account will be
-enabled by removing the em('D') flag from account control space in the
-url(bf(smbpasswd))(smbpasswd.5.html) file. See url(bf(smbpasswd
-(5)))(smbpasswd.5.html) for details on the 'old' and new password file
-formats.
-
-This option is only available when running bf(smbpasswd) as root.
-
-label(minusD)
-dit(bf(-D debuglevel)) debuglevel is an integer from 0
-to 10. The default value if this parameter is not specified is zero.
-
-The higher this value, the more detail will be logged to the log files
-about the activities of smbpasswd. At level 0, only critical errors
-and serious warnings will be logged.
-
-Levels above 1 will generate considerable amounts of log data, and
-should only be used when investigating a problem. Levels above 3 are
-designed for use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic.
-
-label(minusn)
-dit(bf(-n)) This option specifies that the username following should
-have their password set to null (i.e. a blank password) in the local
-url(bf(smbpasswd))(smbpasswd.5.html) file. This is done by writing the
-string "NO PASSWORD" as the first part of the first password stored in
-the url(bf(smbpasswd))(smbpasswd.5.html) file.
-
-Note that to allow users to logon to a Samba server once the password
-has been set to "NO PASSWORD" in the
-url(bf(smbpasswd))(smbpasswd.5.html) file the administrator must set
-the following parameter in the [global] section of the
-url(bf(smb.conf))(smb.conf.5.html) file :
-
-url(null passwords = true)(smb.conf.5.html#nullpasswords)
-
-This option is only available when running bf(smbpasswd) as root.
-
-label(minusr)
-dit(bf(-r remote machine name)) This option allows a
-user to specify what machine they wish to change their password
-on. Without this parameter bf(smbpasswd) defaults to the local
-host. The em("remote machine name") is the NetBIOS name of the
-SMB/CIFS server to contact to attempt the password change. This name
-is resolved into an IP address using the standard name resolution
-mechanism in all programs of the url(bf(Samba))(samba.7.html)
-suite. See the link(bf(-R name resolve order))(minusR) parameter for details on changing this resolving
-mechanism.
-
-The username whose password is changed is that of the current UNIX
-logged on user. See the link(bf(-U username))(minusU)
-parameter for details on changing the password for a different
-username.
-
-Note that if changing a Windows NT Domain password the remote machine
-specified must be the Primary Domain Controller for the domain (Backup
-Domain Controllers only have a read-only copy of the user account
-database and will not allow the password change).
-
-em(Note) that Windows 95/98 do not have a real password database
-so it is not possible to change passwords specifying a Win95/98
-machine as remote machine target.
-
-label(minusR)
-dit(bf(-R name resolve order)) This option allows the user of
-smbclient to determine what name resolution services to use when
-looking up the NetBIOS name of the host being connected to.
-
-The options are :link("lmhosts")(lmhosts), link("host")(host),
-link("wins")(wins) and link("bcast")(bcast). They cause names to be
-resolved as follows :
-
-startit()
-
-label(lmhosts)
-it() bf(lmhosts) : Lookup an IP address in the Samba lmhosts file.
-
-label(host)
-it() bf(host) : Do a standard host name to IP address resolution,
-using the system /etc/hosts, NIS, or DNS lookups. This method of name
-resolution is operating system dependent. For instance on IRIX or
-Solaris, this may be controlled by the em(/etc/nsswitch.conf) file).
-
-label(wins)
-it() bf(wins) : Query a name with the IP address listed in the
-url(bf(wins server))(smb.conf.5.html#winsserver) parameter in the
-url(bf(smb.conf file))(smb.conf.5.html). If
-no WINS server has been specified this method will be ignored.
-
-label(bcast)
-it() bf(bcast) : Do a broadcast on each of the known local interfaces
-listed in the url(bf(interfaces))(smb.conf.5.html#interfaces) parameter
-in the smb.conf file. This is the least reliable of the name resolution
-methods as it depends on the target host being on a locally connected
-subnet.
-
-endit()
-
-If this parameter is not set then the name resolve order defined
-in the url(bf(smb.conf))(smb.conf.5.html) file parameter
-url(bf(name resolve order))(smb.conf.5.html#nameresolveorder)
-will be used.
-
-The default order is lmhosts, host, wins, bcast and without this
-parameter or any entry in the url(bf(smb.conf))(smb.conf.5.html)
-file the name resolution methods will be attempted in this order.
-
-label(minusm)
-dit(bf(-m)) This option tells bf(smbpasswd) that the account being
-changed is a em(MACHINE) account. Currently this is used when Samba is
-being used as an NT Primary Domain Controller. PDC support is not a
-supported feature in Samba2.0 but will become supported in a later
-release. If you wish to know more about using Samba as an NT PDC then
-please subscribe to the mailing list
-email(samba-ntdom@samba.org).
-
-This option is only available when running bf(smbpasswd) as root.
-
-label(minusj)
-dit(bf(-j DOMAIN)) This option is used to add a Samba server into a
-Windows NT Domain, as a Domain member capable of authenticating user
-accounts to any Domain Controller in the same way as a Windows NT
-Server. See the url(bf(security=domain))(smb.conf.5.html#security)
-option in the url(bf(smb.conf (5)))(smb.conf.5.html) man page.
-
-In order to be used in this way, the Administrator for the Windows
-NT Domain must have used the program em("Server Manager for Domains")
-to add the url(primary NetBIOS name)(smb.conf.5.html#netbiosname) of
-the Samba server as a member of the Domain.
-
-After this has been done, to join the Domain invoke bf(smbpasswd) with
-this parameter. bf(smbpasswd) will then look up the Primary Domain
-Controller for the Domain (found in the
-url(bf(smb.conf))(smb.conf.5.html) file in the parameter
-url(bf(password server))(smb.conf.5.html#passwordserver) and change
-the machine account password used to create the secure Domain
-communication. This password is then stored by bf(smbpasswd) in a
-file, read only by root, called tt(<Domain>.<Machine>.mac) where
-tt(<Domain>) is the name of the Domain we are joining and tt(<Machine>)
-is the primary NetBIOS name of the machine we are running on.
-
-Once this operation has been performed the
-url(bf(smb.conf))(smb.conf.5.html) file may be updated to set the
-url(bf(security=domain))(smb.conf.5.html#security) option and all
-future logins to the Samba server will be authenticated to the Windows
-NT PDC.
-
-Note that even though the authentication is being done to the PDC all
-users accessing the Samba server must still have a valid UNIX account
-on that machine.
-
-This option is only available when running bf(smbpasswd) as root.
-
-label(minusU)
-dit(bf(-U username)) This option may only be used in
-conjunction with the link(bf(-r))(minusr)
-option. When changing a password on a remote machine it allows the
-user to specify the user name on that machine whose password will be
-changed. It is present to allow users who have different user names on
-different systems to change these passwords.
-
-label(minush)
-dit(bf(-h)) This option prints the help string for bf(smbpasswd),
-selecting the correct one for running as root or as an ordinary user.
-
-label(minuss)
-dit(bf(-s)) This option causes bf(smbpasswd) to be silent (i.e. not
-issue prompts) and to read it's old and new passwords from standard
-input, rather than from tt(/dev/tty) (like the bf(passwd (1)) program
-does). This option is to aid people writing scripts to drive bf(smbpasswd)
-
-label(username)
-dit(bf(username)) This specifies the username for all of the em(root
-only) options to operate on. Only root can specify this parameter as
-only root has the permission needed to modify attributes directly
-in the local url(bf(smbpasswd))(smbpasswd.5.html) file.
-
-label(NOTES)
-manpagesection(NOTES)
-
-Since bf(smbpasswd) works in client-server mode communicating with a
-local url(bf(smbd))(smbd.8.html) for a non-root user then the bf(smbd)
-daemon must be running for this to work. A common problem is to add a
-restriction to the hosts that may access the bf(smbd) running on the
-local machine by specifying a url(bf("allow
-hosts"))(smb.conf.5.html#allowhosts) or url(bf("deny
-hosts"))(smb.conf.5.html#denyhosts) entry in the
-url(bf(smb.conf))(smb.conf.5.html) file and neglecting to allow
-em("localhost") access to the bf(smbd).
-
-In addition, the bf(smbpasswd) command is only useful if bf(Samba) has
-been set up to use encrypted passwords. See the file bf(ENCRYPTION.txt)
-in the docs directory for details on how to do this.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/smbrun.1.yo b/docs/yodldocs/smbrun.1.yo
deleted file mode 100644
index d9fff9b7a1..0000000000
--- a/docs/yodldocs/smbrun.1.yo
+++ /dev/null
@@ -1,81 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(smbrun htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(smbrun)(interface program between smbd and external programs)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(smbrun) link(shell-command)(shellcommand)
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(smbrun) is a very small 'glue' program, which runs shell commands
-for the url(bf(smbd))(smbd.8.html) daemon url(bf(smbd
-(8)))(smbd.8.html).
-
-It first changes to the highest effective user and group ID that it
-can, then runs the command line provided using the system() call. This
-program is necessary to allow some operating systems to run external
-programs as non-root.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(shellcommand)
-dit(bf(shell-command)) The shell command to execute. The command
-should have a fully-qualified path.
-
-enddit()
-
-label(ENVIRONMENTVARIABLES)
-manpagesection(ENVIRONMENT VARIABLES)
-
-The em(PATH) variable set for the environment in which bf(smbrun) is
-executed will affect what executables are located and executed if a
-fully-qualified path is not given in the command.
-
-label(DIAGNOSTICS)
-manpagesection(DIAGNOSTICS)
-
-If bf(smbrun) cannot be located or cannot be executed by
-url(bf(smbd))(smbd.8.html) then appropriate messages will be found in
-the url(bf(smbd))(smbd.8.html) logs. Other diagnostics are dependent
-on the shell-command being run. It is advisable for your shell
-commands to issue suitable diagnostics to aid trouble-shooting.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(smb.conf (5)))(smb.conf.5.html), url(bf(smbd (8)))(smbd.8.html)
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/smbsh.1.yo b/docs/yodldocs/smbsh.1.yo
deleted file mode 100644
index acf3392939..0000000000
--- a/docs/yodldocs/smbsh.1.yo
+++ /dev/null
@@ -1,87 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(smbsh htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(smbsh)(Allows access to Windows NT filesystem using UNIX commands)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(smbsh)
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(smbsh) allows you to access an NT filesystem using UNIX commands
-such as bf(ls), bf(egrep), and bf(rcp). You must use a shell that
-is dynmanically linked in order for bf(smbsh) to work correctly.
-
-To use the bf(smbsh) command, execute bf(smbsh) from the prompt and
-enter the username and password that authenticate you to the
-machine running the Windows NT operating system.
-
-verb(
-system% smbsh
-Username: user
-Password:
-)
-
-Any dynamically linked command you execute from this shell will
-access the bf(/smb) directory using the smb protocol.
-For example, the command
-
-tt(ls /smb)
-
-will show all the machines in your workgroup.
-The command
-
-tt(ls /smb/<machine-name>)
-
-will show the share names for that machine. You could then, for example, use the
-bf(cd) command to change directories, bf(vi) to edit files, and bf(rcp)
- to copy files.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for the 2.0.3 of the Samba suite.
-
-label(BUGS)
-manpagebugs()
-
-bf(smbsh) works by intercepting the standard libc calls with the dynamically loaded
-versions in bf(smbwrapper.o). Not all calls have been "wrapped" so some programs
-may not function correctly under bf(smbsh).
-
-Programs which are not dynamically linked cannot make use of bf(smbsh)'s
-functionality. Most versions of UNIX have a bf(file) command that will describe how
-a program was linked.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(smb.conf (5)))(smb.conf.5.html),
-url(bf(smbd (8)))(smbd.8.html).
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell (samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
-
diff --git a/docs/yodldocs/smbspool.8.yo b/docs/yodldocs/smbspool.8.yo
deleted file mode 100644
index 53388601a5..0000000000
--- a/docs/yodldocs/smbspool.8.yo
+++ /dev/null
@@ -1,89 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(smbspool htmlcommand((1)))(1)(11 October 1999)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(smbspool)(send print file to an SMB printer)
-
-label(SYNOPSIS)
-manpagesynopsis()
-bf(smbspool) job user title copies options [filename]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the Samba suite.
-
-smbspool is a very small print spooling program that sends a print
-file to an SMB printer. The command-line arguments are position-dependent for
-compatibility with the Common UNIX Printing System, but you can use
-smbspool with any printing system or from a program or script.
-
-manpagesection(DEVICE URI)
-
-smbspool specifies the destination using a Uniform Resource Identifier
-("URI") with a method of "smb". This string can take a number of
-forms:
-
-startit()
-it() smb://server/printer
-
-it() smb://workgroup/server/printer
-
-it() smb://username:password@server/printer
-
-it() smb://username:password@workgroup/server/printer
-
-endit()
-
-smbspool tries to get the URI from argv[0]. If argv[0] contains the
-name of the program then it looks in the DEVICE_URI environment variable.
-
-Programs using the exec(2) functions can pass the URI in argv[0],
-while shell scripts must set the DEVICE_URI environment variable prior to
-running smbspool.
-
-manpagesection(OPTIONS)
-
-The job argument (argv[1]) contains the job ID number and is presently
-not used by smbspool.
-
-The user argument (argv[2]) contains the print user's name and is
-presently not used by smbspool.
-
-The title argument (argv[3]) contains the job title string and is
-passed as the remote file name when sending the print job.
-
-The copies argument (argv[4]) contains the number of copies to be
-printed of the named file. If no filename is provided than this argument is
-not used by smbspool.
-
-The options argument (argv[5]) contains the print options in a single
-string and is presently not used by smbspool.
-
-The filename argument (argv[6]) contains the name of the file to print.
-If this argument is not specified then the print file is read from the
-standard input.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpagesection(SEE ALSO)
-url(bf(smbd (8)))(smbd.8.html)
-
-label(AUTHOR)
-manpageauthor()
-
-smbspool was written by Michael Sweet at Easy Software Products.
-
-The original Samba software and related utilities were created by
-Andrew Tridgell samba@samba.org. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-See samba (7) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/smbstatus.1.yo b/docs/yodldocs/smbstatus.1.yo
deleted file mode 100644
index 8e571d0714..0000000000
--- a/docs/yodldocs/smbstatus.1.yo
+++ /dev/null
@@ -1,85 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(smbstatus htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(smbstatus)(report on current Samba connections)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(smbstatus) [link(-P)(minusP)] [link(-b)(minusb)] [link(-d)(minusd)] [link(-L)(minusL)] [link(-p)(minusp)] [link(-S)(minusS)] [link(-s configuration file)(minuss)] [link(-u username)(minusu)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(smbstatus) is a very simple program to list the current Samba
-connections.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(minusP)
-dit(bf(-P)) If samba has been compiled with the profiling option,
-print only the contents of the profiling shared memory area.
-
-label(minusb)
-dit(bf(-b)) gives brief output.
-
-label(minusd)
-dit(bf(-d)) gives verbose output.
-
-label(minusL)
-dit(bf(-L)) causes smbstatus to only list locks.
-
-label(minusp)
-dit(bf(-p)) print a list of url(bf(smbd))(smbd.8.html)
-processes and exit. Useful for scripting.
-
-label(minusS)
-dit(bf(-S)) causes smbstatus to only list shares.
-
-label(minuss)
-dit(bf(-s configuration file)) The default configuration file name is
-determined at compile time. The file specified contains the
-configuration details required by the server. See url(bf(smb.conf
-(5)))(smb.conf.5.html) for more information.
-
-label(minusu)
-dit(bf(-u username)) selects information relevant to em(username)
-only.
-
-enddit()
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(smb.conf (5)))(smb.conf.5.html), url(bf(smbd (8)))(smbd.8.html)
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/smbtar.1.yo b/docs/yodldocs/smbtar.1.yo
deleted file mode 100644
index 9c321d3853..0000000000
--- a/docs/yodldocs/smbtar.1.yo
+++ /dev/null
@@ -1,140 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(smbtar htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(smbtar)(shell script for backing up SMB/CIFS shares directly to UNIX tape drives)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(smbtar) link(-s server)(minuss) [link(-p password)(minusp)] [link(-x service)(minusx)] [link(-X)(minusX)] [link(-d directory)(minusd)] [link(-u user)(minusu)] [link(-t tape)(minust)] [link(-b blocksize)(minusb)] [link(-N filename)(minusN)] [link(-i)(minusi)] [link(-r)(minusr)] [link(-l log level)(minusl)] [link(-v)(minusv)] filenames
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(smbtar) is a very small shell script on top of
-url(bf(smbclient))(smbclient.1.html) which dumps SMB shares directly
-to tape.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(minuss)
-dit(bf(-s server)) The SMB/CIFS server that the share resides upon.
-
-label(minusx)
-dit(bf(-x service)) The share name on the server to connect
-to. The default is tt(backup).
-
-label(minusX)
-dit(bf(-X)) Exclude mode. Exclude filenames... from tar create or
-restore.
-
-label(minusd)
-dit(bf(-d directory)) Change to initial em(directory) before restoring
-/ backing up files.
-
-label(minusv)
-dit(bf(-v)) Verbose mode.
-
-label(minusp)
-dit(bf(-p password)) The password to use to access a share. Default:
-none
-
-label(minusu)
-dit(bf(-u user)) The user id to connect as. Default: UNIX login name.
-
-label(minust)
-dit(bf(-t tape)) Tape device. May be regular file or tape
-device. Default: em(TAPE) environmental variable; if not set, a file
-called tt(tar.out).
-
-label(minusb)
-dit(bf(-b blocksize)) Blocking factor. Defaults to 20. See bf(tar (1))
-for a fuller explanation.
-
-label(minusN)
-dit(bf(-N filename)) Backup only files newer than filename. Could be
-used (for example) on a log file to implement incremental backups.
-
-label(minusi)
-dit(bf(-i)) Incremental mode; tar files are only backed up if they
-have the archive bit set. The archive bit is reset after each file is
-read.
-
-label(minusr)
-dit(bf(-r)) Restore. Files are restored to the share from the tar
-file.
-
-label(minusl)
-dit(bf(-l log level)) Log (debug) level. Corresponds to the
-url(bf(-d))(smbclient.1.html#minusd) flag of url(bf(smbclient
-(1)))(smbclient.1.html).
-
-enddit()
-
-label(ENVIRONMENTVARIABLES)
-manpagesection(ENVIRONMENT VARIABLES)
-
-The TAPE variable specifies the default tape device to write to. May
-be overridden with the link(bf(-t))(minust) option.
-
-label(BUGS)
-manpagesection(BUGS)
-
-The bf(smbtar) script has different options from ordinary tar and tar
-called from url(bf(smbclient))(smbclient.1.html).
-
-label(CAVEATS)
-manpagesection(CAVEATS)
-
-Sites that are more careful about security may not like the way the
-script handles PC passwords. Backup and restore work on entire shares,
-should work on file lists. bf(smbtar) works best with GNU tar and may
-not work well with other versions.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(smbclient (1)))(smbclient.1.html), url(bf(smb.conf
-(5)))(smb.conf.5.html)
-
-label(DIAGNOSTICS)
-manpagesection(DIAGNOSTICS)
-
-See the url(bf(DIAGNOSTICS))(smbclient.1.html#DIAGNOSTICS) section for
-the url(bf(smbclient))(smbclient.1.html) command.
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-Ricky Poulten email(poultenr@logica.co.uk) wrote the tar extension and
-this man page. The bf(smbtar) script was heavily rewritten and
-improved by Martin Kraemer email(Martin.Kraemer@mch.sni.de). Many
-thanks to everyone who suggested extensions, improvements, bug fixes,
-etc. The man page sources were converted to YODL format (another
-excellent piece of Open Source software available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison,
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
-
-
diff --git a/docs/yodldocs/swat.8.yo b/docs/yodldocs/swat.8.yo
deleted file mode 100644
index d320a090d2..0000000000
--- a/docs/yodldocs/swat.8.yo
+++ /dev/null
@@ -1,162 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(swat htmlcommand((8)))(8)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(swat)(Samba Web Administration Tool)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(swat) [link(-s smb config file)(minuss)] [link(-a)(minusa)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(swat) allows a Samba administrator to configure the complex
-url(bf(smb.conf))(smb.conf.5.html) file via a Web browser. In
-addition, a swat configuration page has help links to all the
-configurable options in the url(bf(smb.conf))(smb.conf.5.html) file
-allowing an administrator to easily look up the effects of any change.
-
-bf(swat) is run from bf(inetd)
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(minuss)
-dit(bf(-s smb configuration file)) The default configuration file path is
-determined at compile time.
-
-The file specified contains the configuration details required by the
-url(bf(smbd))(smbd.8.html) server. This is the file that bf(swat) will
-modify. The information in this file includes server-specific
-information such as what printcap file to use, as well as descriptions
-of all the services that the server is to provide. See url(smb.conf
-(5))(smb.conf.5.html) for more information.
-
-label(minusa)
-dit(bf(-a))
-
-This option disables authentication and puts bf(swat) in demo mode. In
-that mode anyone will be able to modify the
-url(bf(smb.conf))(smb.conf.5.html) file.
-
-Do NOT enable this option on a production server.
-
-endit()
-
-label(INSTALLATION)
-manpagesection(INSTALLATION)
-
-After you compile SWAT you need to run tt("make install") to install the
-swat binary and the various help files and images. A default install
-would put these in:
-
-verb(
-/usr/local/samba/bin/swat
-/usr/local/samba/swat/images/*
-/usr/local/samba/swat/help/*
-)
-
-label(INETD)
-manpagesection(INETD INSTALLATION)
-
-You need to edit your tt(/etc/inetd.conf) and tt(/etc/services) to
-enable bf(SWAT) to be launched via inetd.
-
-In tt(/etc/services) you need to add a line like this:
-
-tt(swat 901/tcp)
-
-Note for NIS/YP users - you may need to rebuild the NIS service maps
-rather than alter your local tt(/etc/services) file.
-
-the choice of port number isn't really important except that it should
-be less than 1024 and not currently used (using a number above 1024
-presents an obscure security hole depending on the implementation
-details of your bf(inetd) daemon).
-
-In tt(/etc/inetd.conf) you should add a line like this:
-
-tt(swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat)
-
-One you have edited tt(/etc/services) and tt(/etc/inetd.conf) you need
-to send a HUP signal to inetd. To do this use tt("kill -1 PID") where
-PID is the process ID of the inetd daemon.
-
-label(LAUNCHING)
-manpagesection(LAUNCHING)
-
-To launch bf(swat) just run your favorite web browser and point it at
-tt(http://localhost:901/).
-
-bf(Note that you can attach to bf(swat) from any IP connected machine but
-connecting from a remote machine leaves your connection open to
-password sniffing as passwords will be sent in the clear over the
-wire.)
-
-manpagefiles()
-
-bf(/etc/inetd.conf)
-
-This file must contain suitable startup information for the
-meta-daemon.
-
-bf(/etc/services)
-
-This file must contain a mapping of service name (e.g., swat) to
-service port (e.g., 901) and protocol type (e.g., tcp).
-
-bf(/usr/local/samba/lib/smb.conf)
-
-This is the default location of the em(smb.conf) server configuration
-file that bf(swat) edits. Other common places that systems install
-this file are em(/usr/samba/lib/smb.conf) and em(/etc/smb.conf).
-
-This file describes all the services the server is to make available
-to clients. See bf(smb.conf (5)) for more information.
-
-label(WARNINGS)
-manpagesection(WARNINGS)
-
-bf(swat) will rewrite your url(bf(smb.conf))(smb.conf.5.html) file. It
-will rearrange the entries and delete all comments,
-url(bf("include="))(smb.conf.5.html#include) and
-url(bf("copy="))(smb.conf.5.html#copy) options. If you have a
-carefully crafted url(bf(smb.conf))(smb.conf.5.html) then back it up
-or don't use bf(swat)!
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-bf(inetd (8)), url(bf(nmbd (8)))(nmbd.8.html),
-url(bf(smb.conf (5)))(smb.conf.5.html).
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell (samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/testparm.1.yo b/docs/yodldocs/testparm.1.yo
deleted file mode 100644
index 573f855c3e..0000000000
--- a/docs/yodldocs/testparm.1.yo
+++ /dev/null
@@ -1,116 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(testparm htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(testparm)(check an smb.conf configuration file for internal correctness)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(testparm) [link(-s)(minuss)] [link(-h)(minush)] [link(-L servername)(minusL)] [link(configfilename)(configfilename)] [link(hostname)(hostname) link(hostIP)(hostIP)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(testparm) is a very simple test program to check an
-url(bf(smbd))(smbd.8.html) configuration file for internal
-correctness. If this program reports no problems, you can use the
-configuration file with confidence that url(bf(smbd))(smbd.8.html)
-will successfully load the configuration file.
-
-Note that this is em(NOT) a guarantee that the services specified in the
-configuration file will be available or will operate as expected.
-
-If the optional host name and host IP address are specified on the
-command line, this test program will run through the service entries
-reporting whether the specified host has access to each service.
-
-If bf(testparm) finds an error in the url(bf(smb.conf))(smb.conf.5.html)
-file it returns an exit code of 1 to the calling program, else it returns
-an exit code of 0. This allows shell scripts to test the output from
-bf(testparm).
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(minuss)
-dit(bf(-s)) Without this option, bf(testparm) will prompt for a
-carriage return after printing the service names and before dumping
-the service definitions.
-
-label(minush)
-dit(bf(-h)) Print usage message
-
-label(minusL)
-dit(bf(-L servername)) Sets the value of the %L macro to servername. This
-is useful for testing include files specified with the %L macro.
-
-label(configfilename)
-dit(bf(configfilename)) This is the name of the configuration file to
-check. If this parameter is not present then the default
-url(bf(smb.conf))(smb.conf.5.html) file will be checked.
-
-label(hostname)
-dit(bf(hostname)) If this parameter and the following are specified,
-then testparm will examine the url(bf("hosts
-allow"))(smb.conf.5.html#hostsallow) and url(bf("hosts
-deny"))(smb.conf.5.html#hostsdeny) parameters in the
-url(bf(smb.conf))(smb.conf.5.html) file to determine if the hostname
-with this IP address would be allowed access to the
-url(bf(smbd))(smbd.8.html) server. If this parameter is supplied, the
-link(hostIP)(hostIP) parameter must also be supplied.
-
-label(hostIP)
-dit(bf(hostIP)) This is the IP address of the host specified in the
-previous parameter. This address must be supplied if the hostname
-parameter is supplied.
-
-enddit()
-
-label(FILES)
-manpagesection(FILES)
-
-url(bf(smb.conf))(smb.conf.5.html). This is usually the name of the
-configuration file used by url(bf(smbd))(smbd.8.html).
-
-label(DIAGNOSTICS)
-manpagesection(DIAGNOSTICS)
-
-The program will issue a message saying whether the configuration file
-loaded OK or not. This message may be preceded by errors and warnings
-if the file did not load. If the file was loaded OK, the program then
-dumps all known service details to stdout.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(smb.conf (5)))(smb.conf.5.html), url(bf(smbd (8)))(smbd.8.html)
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/testprns.1.yo b/docs/yodldocs/testprns.1.yo
deleted file mode 100644
index d9311ffd82..0000000000
--- a/docs/yodldocs/testprns.1.yo
+++ /dev/null
@@ -1,98 +0,0 @@
-mailto(samba@samba.org)
-
-manpage(testprns htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(testprns)(check printer name for validity with smbd )
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(testprns) link(printername)(printername) [link(printcapname)(printcapname)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(testprns) is a very simple test program to determine whether a
-given printer name is valid for use in a service to be provided by
-url(bf(smbd))(smbd.8.html).
-
-"Valid" in this context means "can be found in the printcap
-specified". This program is very stupid - so stupid in fact that it
-would be wisest to always specify the printcap file to use.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(printername)
-dit(bf(printername)) The printer name to validate.
-
-Printer names are taken from the first field in each record in the
-printcap file, single printer names and sets of aliases separated by
-vertical bars ("|") are recognized. Note that no validation or
-checking of the printcap syntax is done beyond that required to
-extract the printer name. It may be that the print spooling system is
-more forgiving or less forgiving than bf(testprns). However, if
-bf(testprns) finds the printer then url(bf(smbd))(smbd.8.html) should
-do so as well.
-
-label(printcapname)
-dit(bf(printcapname)) This is the name of the printcap file within
-which to search for the given printer name.
-
-If no printcap name is specified bf(testprns) will attempt to scan the
-printcap file name specified at compile time.
-
-enddit()
-
-label(FILES)
-manpagesection(FILES)
-
-bf(/etc/printcap) This is usually the default printcap file to
-scan. See bf(printcap (5)).
-
-label(DIAGNOSTICS)
-manpagesection(DIAGNOSTICS)
-
-If a printer is found to be valid, the message "Printer name
-<printername> is valid" will be displayed.
-
-If a printer is found to be invalid, the message "Printer name
-<printername> is not valid" will be displayed.
-
-All messages that would normally be logged during operation of the
-url(bf(Samba))(samba.7.html) daemons are logged by this program to the
-file tt(test.log) in the current directory. The program runs at
-debuglevel 3, so quite extensive logging information is written. The
-log should be checked carefully for errors and warnings.
-
-Other messages are self-explanatory.
-
-label(SEEALSO)
-manpageseealso()
-
-bf(printcap (5)), url(bf(smbd (8)))(smbd.8.html), url(bf(smbclient
-(1)))(smbclient.1.html)
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/wbinfo.1.yo b/docs/yodldocs/wbinfo.1.yo
deleted file mode 100644
index 159d2e8c7b..0000000000
--- a/docs/yodldocs/wbinfo.1.yo
+++ /dev/null
@@ -1,133 +0,0 @@
-mailto(samba-bugs@samba.org)
-manpage(wbinfo htmlcommand((1)))(1)(13 Jun 2000)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(wbinfo)(Query information from winbind daemon)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(wbinfo) link(-u)(minusu) [link(-g)(minusg)] [link(-n name)(minusn)]
-[link(-s sid)(minuss)] [link(-U uid)(minusU)] [link(-G gid)(minusG)]
-[link(-S sid)(minusS)] [link(-Y sid)(minusY)] [link(-t)(minust)]
-[link(-m)(minusm)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite version 3.0 and describes
-functionality not yet implemented in the main version of Samba.
-
-The bf(wbinfo) program queries and returns information created and used by
-the url(bf(winbindd(8)))(winbindd.8.html) daemon.
-
-The url(bf(winbindd(8)))(winbindd.8.html) daemon must be configured and
-running for the bf(wbinfo) program to be able to return information.
-
-label(OPTIONS)
-manpageoptions()
-
-The following options are available to the bf(wbinfo) program:
-
-startdit()
-
-label(minusu)
-dit(bf(-u))
-
-This option will list all users available in the Windows NT domain for
-which the url(bf(winbindd(8)))(winbindd.8.html) daemon is operating in.
-Users in all trusted domains will also be listed. Note that this operation
-does not assign user ids to any users that have not already been seen by
-url(bf(winbindd(8)))(winbindd.8.html).
-
-label(minusg)
-dit(bf(-g))
-
-This option will list all groups available in the Windows NT domain for
-which the url(bf(winbindd(8)))(winbindd.8.html) daemon is operating in.
-Groups in all trusted domains will also be listed. Note that this
-operation does not assign group ids to any groups that have not already
-been seen by url(bf(winbindd(8)))(winbindd.8.html).
-
-label(minusn)
-dit(bf(-n name))
-
-The bf(-n) option queries url(bf(winbindd(8)))(winbindd.8.html) for the SID
-associated with the name specified. Domain names can be specified before
-the user name by using the winbind separator character. For example
-tt(DOM1/Administrator) refers to the tt(Administrator) user in the domain
-tt(DOM1). If no domain is specified then the domain used is the one
-specified in the bf(smb.conf) bf(workgroup) parameter.
-
-label(minuss)
-dit(bf(-s sid))
-
-Use bf(-s) to resolve a SID to a name. This is the inverse of the bf(-n)
-option above. SIDs must be specified as ASCII strings in the traditional
-Microsoft format. For example
-tt(S-1-5-21-1455342024-3071081365-2475485837-500).
-
-label(minusU)
-dit(bf(-U uid))
-
-Try to convert a UNIX user id to a Windows NT SID. If the uid specified
-does not refer to one within the bf(winbind uid range) then the operation
-will fail.
-
-label(minusG)
-dit(bf(-G gid))
-
-Try to convert a UNIX group id to a Windows NT SID. If the gid specified
-does not refer to one within the bf(winbind gid range) then the operation
-will fail.
-
-label(minusS)
-dit(bf(-S sid))
-
-Convert a SID to a UNIX user id. If the SID does not correspond to a UNIX
-user mapped by url(bf(winbindd(8)))(winbindd.8.html) then the operation
-will fail.
-
-label(minusY)
-dit(bf(-Y sid))
-
-Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX
-group mapped by url(bf(winbindd(8)))(winbindd.8.html) then the operation
-will fail.
-
-label(minust)
-dit(bf(-t))
-
-Verify that the workstation trust account created when the Samba server is
-added to the Windows NT domain is working.
-
-label(minusm)
-dit(bf(-m))
-
-Produce a list of domains trusted by the Windows NT server
-url(bf(winbindd(8)))(winbindd.8.html) contacts when resolving names. This
-list does not include the Windows NT domain the server is a Primary Domain
-Controller for.
-
-enddit()
-
-label(EXIT STATUS)
-manpagesection(EXIT STATUS)
-
-The bf(wbinfo) program returns 0 if the operation succeeded, or 1 if
-the operation failed. If the url(bf(winbindd(8)))(winbindd.8.html) daemon
-is not working bf(wbinfo) will always return failure.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(winbindd(8)))(winbindd.8.html)
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell. Samba is now developed by the Samba Team as an Open
-Source project.
-
-bf(wbinfo) was written by Tim Potter.
diff --git a/docs/yodldocs/winbindd.8.yo b/docs/yodldocs/winbindd.8.yo
deleted file mode 100644
index 59547d76d3..0000000000
--- a/docs/yodldocs/winbindd.8.yo
+++ /dev/null
@@ -1,400 +0,0 @@
-mailto(samba-bugs@samba.org)
-manpage(winbindd htmlcommand((8)))(8)(13 Jun 2000)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(winbindd)(Name Service Switch daemon for resolving names from NT servers)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(winbindd) [link(-d debuglevel)(minusd)] [link(-i)(minusi)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite version 3.0 and describes
-functionality not yet implemented in the main version of Samba.
-
-bf(winbindd) is a daemon that provides a service for the Name Service
-Switch capability that is present in most modern C libraries. The Name
-Service Switch allows user and system information to be obtained from
-different databases services such as NIS or DNS. The exact behaviour can
-be configured throught the tt(/etc/nsswitch.conf) file. Users and groups
-are allocated as they are resolved to a range of user and group ids
-specified by the administrator of the Samba system.
-
-The service provided by bf(winbindd) is called `winbind' and can be
-used to resolve user and group information from a Windows NT server.
-The service can also provide authentication services via an associated
-PAM module.
-
-The following nsswitch databases are implemented by the bf(winbindd)
-service:
-
-startdit()
-
-dit(passwd)
-
-User information traditionally stored in the bf(passwd(5)) file and used by
-bf(getpwent(3)) functions.
-
-dit(group)
-
-Group information traditionally stored in the bf(group(5)) file and used by
-bf(getgrent(3)) functions.
-
-enddit()
-
-For example, the following simple configuration in the
-tt(/etc/nsswitch.conf) file can be used to initially resolve user and group
-information from tt(/etc/passwd) and tt(/etc/group) and then from the
-Windows NT server.
-
-verb(
- passwd: files winbind
- group: files winbind
-)
-
-label(OPTIONS)
-manpageoptions()
-
-The following options are available to the bf(winbindd) daemon:
-
-startdit()
-
-label(minusd)
-dit(bf(-d debuglevel))
-Sets the debuglevel to an integer between 0 and 100. 0 is for no debugging
-and 100 is for reams and reams. To submit a bug report to the Samba Team,
-use debug level 100 (see bf(BUGS.txt)).
-
-label(minusi)
-dit(bf(-i))
-Tells bf(winbindd) to not become a daemon and detach from the current terminal.
-This option is used by developers when interactive debugging of bf(winbindd) is
-required.
-
-enddit()
-
-label(NAMEANDIDRESOLUTION)
-manpagesection(NAME AND ID RESOLUTION)
-
-Users and groups on a Windows NT server are assigned a relative id (rid)
-which is unique for the domain when the user or group is created. To
-convert the Windows NT user or group into a unix user or group, a mapping
-between rids and unix user and group ids is required. This is one of the
-jobs that bf(winbindd) performs.
-
-As bf(winbindd) users and groups are resolved from a server, user and group
-ids are allocated from a specified range. This is done on a first come,
-first served basis, although all existing users and groups will be mapped
-as soon as a client performs a user or group enumeration command. The
-allocated unix ids are stored in a database file under the Samba lock
-directory and will be remembered.
-
-WARNING: The rid to unix id database is the only location where the user
-and group mappings are stored by bf(winbindd). If this file is deleted or
-corrupted, there is no way for bf(winbindd) to determine which user and
-group ids correspond to Windows NT user and group rids.
-
-label(CONFIGURATION)
-manpagesection(CONFIGURATION)
-
-Configuration of the bf(winbindd) daemon is done through configuration
-parameters in the url(bf(smb.conf))(smb.conf.5.html) file. All parameters
-should be specified in the [global] section of
-url(bf(smb.conf))(smb.conf.5.html).
-
-startdit()
-
-dit(winbind separator)
-
-The winbind separator option allows you to specify how NT domain names
-and user names are combined into unix user names when presented to
-users. By default winbind will use the traditional \ separator so
-that the unix user names look like DOMAIN\username. In some cases
-this separator character may cause problems as the \ character has
-special meaning in unix shells. In that case you can use the winbind
-separator option to specify an alternative sepataror character. Good
-alternatives may be / (although that conflicts with the unix directory
-separator) or a + character. The + character appears to be the best
-choice for 100% compatibility with existing unix utilities, but may be
-an aesthetically bad choice depending on your taste.
-
- bf(Default:)
-tt( winbind separator = \)
-
- bf(Example:)
-tt( winbind separator = +)
-
-dit(winbind uid)
-
-The winbind uid parameter specifies the range of user ids that are
-allocated by the bf(winbindd) daemon. This range of
-ids should have no existing local or nis users within it as strange
-conflicts can occur otherwise.
-
- bf(Default:)
-tt( winbind uid = <empty string>)
-
- bf(Example:)
-tt( winbind uid = 10000-20000)
-
-dit(winbind gid)
-
-The winbind gid parameter specifies the range of group ids that are
-allocated by the bf(winbindd) daemon. This range of group ids should have
-no existing local or nis groups within it as strange conflicts can occur
-otherwise.
-
- bf(Default:)
-tt( winbind gid = <empty string>)
-
- bf(Example:)
-tt( winbind gid = 10000-20000)
-
-dit(winbind cache time)
-
-This parameter specifies the number of seconds the bf(winbindd) daemon will
-cache user and group information before querying a Windows NT server
-again. When a item in the cache is older than this time bf(winbindd) will ask
-the domain controller for the sequence number of the servers account
-database. If the sequence number has not changed then the cached item is
-marked as valid for a further "winbind cache time" seconds. Otherwise the
-item is fetched from the server. This means that as long as the account
-database is not actively changing bf(winbindd) will only have to send one
-sequence number query packet every "winbind cache time" seconds.
-
- bf(Default:)
-tt( winbind cache time = 15)
-
-dit(winbind enum users)
-
-On large installations it may be necessary to suppress the enumeration of
-users through the tt(setpwent), tt(getpwent) and tt(endpwent) group of
-system calls. If the tt(winbind enum users) parameter is false, calls to
-the tt(getpwent) system call will not return any data.
-
-Warning: Turning off user enumeration may cause some programs to behave
-oddly. For example, the finger program relies on having access to the full
-user list when searching for matching usernames.
-
- bf(Default:)
-tt( winbind enum users = true)
-
-dit(winbind enum groups)
-
-On large installations it may be necessary to suppress the enumeration of
-groups through the tt(setgrent), tt(getgrent) and tt(endgrent) group of
-system calls. If the tt(winbind enum groups) parameter is false, calls to
-the tt(getgrent) system call will not return any data.
-
-Warning: Turning off group enumeration may cause some programs to behave
-oddly.
-
- bf(Default:)
-tt( winbind enum groups = true)
-
-dit(template homedir)
-
-When filling out the user information for a Windows NT user, the
-bf(winbindd) daemon uses this parameter to fill in the home directory for
-that user. If the string tt(%D) is present it is substituted with the
-user's Windows NT domain name. If the string tt(%U) is present it is
-substituted with the user's Windows NT user name.
-
- bf(Default:)
-tt( template homedir = /home/%D/%U)
-
-dit(template shell)
-
-When filling out the user information for a Windows NT user, the
-bf(winbindd) daemon uses this parameter to fill in the shell for that user.
-
- bf(Default:)
-tt( template shell = /bin/false)
-
-enddit()
-
-
-label(EXAMPLESETUP)
-manpagesection(EXAMPLE SETUP)
-
-To setup bf(winbindd) for user and group lookups plus authentication from
-a domain controller use something like the following setup. This was
-tested on a RedHat 6.2 Linux box.
-
-In tt(/etc/nsswitch.conf) put the following:
-verb(
- passwd: files winbind
- group: files winbind
-)
-
-In tt(/etc/pam.d/*) replace the tt(auth) lines with something like this:
-verb(
- auth required /lib/security/pam_securetty.so
- auth required /lib/security/pam_nologin.so
- auth sufficient /lib/security/pam_winbind.so
- auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
-)
-
-Note in particular the use of the tt(sufficient) keyword and the
-tt(use_first_pass) keyword.
-
-Now replace the account lines with this:
-verb(
- account required /lib/security/pam_winbind.so
-)
-
-The next step is to join the domain. To do that use the samedit
-program like this:
-verb(
- samedit -S '*' -W DOMAIN -UAdministrator
-)
-
-The username after the -U can be any Domain user that has administrator
-priviliges on the machine. Next from within samedit, run the command:
-verb(
- createuser MACHINE$ -j DOMAIN -L
-)
-
-This assumes your domain is called tt(DOMAIN) and your Samba workstation
-is called tt(MACHINE).
-
-Next copy tt(libnss_winbind.so.2) to tt(/lib) and tt(pam_winbind.so) to
-tt(/lib/security).
-
-Finally, setup a smb.conf containing directives like the following:
-verb(
- [global]
- winbind separator = +
- winbind cache time = 10
- template shell = /bin/bash
- template homedir = /home/%D/%U
- winbind uid = 10000-20000
- winbind gid = 10000-20000
- workgroup = DOMAIN
- security = domain
- password server = *
-)
-
-Now start bf(winbindd) and you should find that your user and group
-database is expanded to include your NT users and groups, and that you
-can login to your unix box as a domain user, using the tt(DOMAIN+user)
-syntax for the username. You may wish to use the commands "getent
-passwd" and "getent group" to confirm the correct operation of
-bf(winbindd).
-
-label(NOTES)
-manpagesection(NOTES)
-
-The following notes are useful when configuring and running bf(winbindd):
-
-startdit()
-
-dit()
-url(bf(nmbd))(nmbd.8.html) must be running on the local machine for
-bf(winbindd) to work.
-
-dit()
-bf(winbindd) queries the list of trusted domains for the Windows NT server
-on startup and when a SIGHUP is received. Thus, for a running bf(winbindd)
-to become aware of new trust relationships between servers, it must be sent
-a SIGHUP signal.
-
-dit()
-Client processes resolving names through the bf(winbindd) nsswitch module
-read an environment variable named tt(WINBINDD_DOMAIN). If this variable
-contains a comma separated list of Windows NT domain names, then bf(winbindd)
-will only resolve users and groups within those Windows NT domains.
-
-dit()
-PAM is really easy to misconfigure. Make sure you know what you are doing
-when modifying PAM configuration files. It is possible to set up PAM
-such that you can no longer log into your system.
-
-dit()
-If more than one UNIX machine is running bf(winbindd), then in general the
-user and groups ids allocated by bf(winbindd) will not be the same. The
-user and group ids will only be valid for the local machine.
-
-dit()
-If the the Windows NT RID to UNIX user and group id mapping file
-is damaged or destroyed then the mappings will be lost.
-
-enddit()
-
-label(SIGNALS)
-manpagesection(SIGNALS)
-
-The following signals can be used to manipulate the bf(winbindd) daemon.
-
-startdit()
-
-dit(tt(SIGHUP))
-
-Reload the tt(smb.conf) file and apply any parameter changes to the running
-version of bf(winbindd). This signal also clears any cached user and group
-information. The list of other domains trusted by bf(winbindd) is also
-reloaded.
-
-dit(tt(SIGUSR1))
-
-The tt(SIGUSR1) signal will cause bf(winbindd) to write status information
-to the winbind log file including information about the number of user and
-group ids allocated by bf(winbindd).
-
-Log files are stored in the filename specified by the bf(log file) parameter.
-
-enddit()
-
-label(FILES)
-manpagefiles()
-
-The following files are relevant to the operation of the bf(winbindd)
-daemon.
-
-startdit()
-
-dit(/etc/nsswitch.conf(5))
-
-Name service switch configuration file.
-
-dit(/tmp/.winbindd/pipe)
-
-The UNIX pipe over which clients communicate with the bf(winbindd) program.
-For security reasons, the winbind client will only attempt to connect to the
-bf(winbindd) daemon if both the tt(/tmp/.winbindd) directory and
-tt(/tmp/.winbindd/pipe) file are owned by root.
-
-dit(/lib/libnss_winbind.so.X)
-
-Implementation of name service switch library.
-
-dit($LOCKDIR/winbindd_idmap.tdb)
-
-Storage for the Windows NT rid to UNIX user/group id mapping. The lock
-directory is specified when Samba is initially compiled using the
-tt(--with-lockdir) option. This directory is by default
-tt(/usr/local/samba/var/locks).
-
-dit($LOCKDIR/winbindd_cache.tdb)
-
-Storage for cached user and group information.
-
-enddit()
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(samba(7)))(samba.7.html), url(bf(smb.conf(5)))(smb.conf.5.html),
-bf(nsswitch.conf(5)), url(bf(wbinfo(1)))(wbinfo.1.html)
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell. Samba is now developed by the Samba Team as an Open
-Source project.
-
-bf(winbindd) was written by Tim Potter.