diff options
| -rw-r--r-- | docs/manpages-3/smb.conf.5.xml | 711 |
1 files changed, 364 insertions, 347 deletions
diff --git a/docs/manpages-3/smb.conf.5.xml b/docs/manpages-3/smb.conf.5.xml index 3f36eaf9f0..a4ed4c2af1 100644 --- a/docs/manpages-3/smb.conf.5.xml +++ b/docs/manpages-3/smb.conf.5.xml @@ -14,94 +14,103 @@ <refsect1> <title>SYNOPSIS</title> - <para>The <filename moreinfo="none">smb.conf</filename> file is a configuration - file for the Samba suite. <filename moreinfo="none">smb.conf</filename> contains - runtime configuration information for the Samba programs. The <filename moreinfo="none">smb.conf</filename> file - is designed to be configured and administered by the <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> program. The complete - description of the file format and possible parameters held within - are here for reference purposes.</para> </refsect1> + <para> + The <filename moreinfo="none">smb.conf</filename> file is a configuration file for the Samba suite. <filename + moreinfo="none">smb.conf</filename> contains runtime configuration information for the Samba programs. The + <filename moreinfo="none">smb.conf</filename> file is designed to be configured and administered by the + <citerefentry><refentrytitle>swat</refentrytitle> <manvolnum>8</manvolnum></citerefentry> program. The + complete description of the file format and possible parameters held within are here for reference purposes. + </para> +</refsect1> <refsect1 id="FILEFORMATSECT"> <title>FILE FORMAT</title> - <para>The file consists of sections and parameters. A section - begins with the name of the section in square brackets and continues - until the next section begins. Sections contain parameters of the - form</para> - - <para><replaceable>name</replaceable> = <replaceable>value - </replaceable></para> + <para> + The file consists of sections and parameters. A section begins with the name of the section in square brackets + and continues until the next section begins. Sections contain parameters of the form: +<screen> +<replaceable>name</replaceable> = <replaceable>value </replaceable> +</screen> + </para> - <para>The file is line-based - that is, each newline-terminated - line represents either a comment, a section name or a parameter.</para> + <para> + The file is line-based - that is, each newline-terminated line represents either a comment, a section name or + a parameter. + </para> <para>Section and parameter names are not case sensitive.</para> - <para>Only the first equals sign in a parameter is significant. - Whitespace before or after the first equals sign is discarded. - Leading, trailing and internal whitespace in section and parameter - names is irrelevant. Leading and trailing whitespace in a parameter - value is discarded. Internal whitespace within a parameter value - is retained verbatim.</para> + <para> + Only the first equals sign in a parameter is significant. Whitespace before or after the first equals sign is + discarded. Leading, trailing and internal whitespace in section and parameter names is irrelevant. Leading + and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value is + retained verbatim. + </para> - <para>Any line beginning with a semicolon (<quote>;</quote>) or a hash (<quote>#</quote>) - character is ignored, as are lines containing only whitespace.</para> + <para> + Any line beginning with a semicolon (<quote>;</quote>) or a hash (<quote>#</quote>) + character is ignored, as are lines containing only whitespace. + </para> - <para>Any line ending in a <quote>\</quote> is continued - on the next line in the customary UNIX fashion.</para> + <para> + Any line ending in a <quote>\</quote> is continued on the next line in the customary UNIX fashion. + </para> + + <para> + The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean, + which may be given as yes/no, 0/1 or true/false. Case is not significant in boolean values, but is preserved + in string values. Some items such as create modes are numeric. + </para> - <para>The values following the equals sign in parameters are all - either a string (no quotes needed) or a boolean, which may be given - as yes/no, 0/1 or true/false. Case is not significant in boolean - values, but is preserved in string values. Some items such as - create modes are numeric.</para> </refsect1> <refsect1> <title>SECTION DESCRIPTIONS</title> - <para>Each section in the configuration file (except for the - [global] section) describes a shared resource (known - as a <quote>share</quote>). The section name is the name of the - shared resource and the parameters within the section define - the shares attributes.</para> - - <para>There are three special sections, [global], - [homes] and [printers], which are - described under <emphasis>special sections</emphasis>. The - following notes apply to ordinary section descriptions.</para> - - <para>A share consists of a directory to which access is being - given plus a description of the access rights which are granted - to the user of the service. Some housekeeping options are - also specifiable.</para> + <para> + Each section in the configuration file (except for the [global] section) describes a shared resource (known as + a <quote>share</quote>). The section name is the name of the shared resource and the parameters within the + section define the shares attributes. + </para> + + <para> + There are three special sections, [global], [homes] and [printers], which are described under + <emphasis>special sections</emphasis>. The following notes apply to ordinary section descriptions. + </para> + + <para> + A share consists of a directory to which access is being given plus a description of the access rights + which are granted to the user of the service. Some housekeeping options are also specifiable. + </para> - <para>Sections are either file share services (used by the - client as an extension of their native file systems) or - printable services (used by the client to access print services - on the host running the server).</para> + <para> + Sections are either file share services (used by the client as an extension of their native file systems) + or printable services (used by the client to access print services on the host running the server). + </para> - <para>Sections may be designated <emphasis>guest</emphasis> services, - in which case no password is required to access them. A specified - UNIX <emphasis>guest account</emphasis> is used to define access - privileges in this case.</para> - - <para>Sections other than guest services will require a password - to access them. The client provides the username. As older clients - only provide passwords and not usernames, you may specify a list - of usernames to check against the password using the <quote>user =</quote> - option in the share definition. For modern clients such as - Windows 95/98/ME/NT/2000, this should not be necessary.</para> - - <para>The access rights granted by the server are - masked by the access rights granted to the specified or guest - UNIX user by the host system. The server does not grant more - access than the host system grants.</para> + <para> + Sections may be designated <emphasis>guest</emphasis> services, in which case no password is required to + access them. A specified UNIX <emphasis>guest account</emphasis> is used to define access privileges in this + case. + </para> + + <para> + Sections other than guest services will require a password to access them. The client provides the + username. As older clients only provide passwords and not usernames, you may specify a list of usernames to + check against the password using the <literal>user =</literal> option in the share definition. For modern clients + such as Windows 95/98/ME/NT/2000, this should not be necessary. + </para> + + <para> + The access rights granted by the server are masked by the access rights granted to the specified or guest + UNIX user by the host system. The server does not grant more access than the host system grants. + </para> - <para>The following sample section defines a file space share. - The user has write access to the path <filename moreinfo="none">/home/bar</filename>. - The share is accessed via the share name <quote>foo</quote>:</para> + <para> + The following sample section defines a file space share. The user has write access to the path <filename + moreinfo="none">/home/bar</filename>. The share is accessed via the share name <literal>foo</literal>: + </para> <smbconfblock> <smbconfsection name="[foo]"/> @@ -109,12 +118,11 @@ <smbconfoption name="read only">read only = no</smbconfoption> </smbconfblock> - <para>The following sample section defines a printable share. - The share is read-only, but printable. That is, the only write - access permitted is via calls to open, write to and close a - spool file. The <emphasis>guest ok</emphasis> parameter means - access will be permitted as the default guest user (specified - elsewhere):</para> + <para> + The following sample section defines a printable share. The share is read-only, but printable. That is, + the only write access permitted is via calls to open, write to and close a spool file. The <emphasis>guest + ok</emphasis> parameter means access will be permitted as the default guest user (specified elsewhere): + </para> <smbconfblock> <smbconfsection name="[aprinter]"/> @@ -123,6 +131,7 @@ <smbconfoption name="printable">yes</smbconfoption> <smbconfoption name="guest ok">yes</smbconfoption> </smbconfblock> + </refsect1> <refsect1> @@ -131,122 +140,126 @@ <refsect2> <title>The [global] section</title> - <para>Parameters in this section apply to the server - as a whole, or are defaults for sections that do not - specifically define certain items. See the notes - under PARAMETERS for more information.</para> + <para> + Parameters in this section apply to the server as a whole, or are defaults for sections that do not + specifically define certain items. See the notes under PARAMETERS for more information. + </para> </refsect2> <refsect2 id="HOMESECT"> <title>The [homes] section</title> - <para>If a section called [homes] is included in the - configuration file, services connecting clients to their - home directories can be created on the fly by the server.</para> - - <para>When the connection request is made, the existing - sections are scanned. If a match is found, it is used. If no - match is found, the requested section name is treated as a - username and looked up in the local password file. If the - name exists and the correct password has been given, a share is - created by cloning the [homes] section.</para> + <para> + If a section called [homes] is included in the configuration file, services connecting clients + to their home directories can be created on the fly by the server. + </para> + + <para> + When the connection request is made, the existing sections are scanned. If a match is found, it is + used. If no match is found, the requested section name is treated as a username and looked up in the local + password file. If the name exists and the correct password has been given, a share is created by cloning the + [homes] section. + </para> - <para>Some modifications are then made to the newly - created share:</para> + <para> + Some modifications are then made to the newly created share: + </para> <itemizedlist> - <listitem><para>The share name is changed from homes to - the located username.</para></listitem> + <listitem><para> + The share name is changed from homes to the located username. + </para></listitem> - <listitem><para>If no path was given, the path is set to - the user's home directory.</para></listitem> + <listitem><para> + If no path was given, the path is set to the user's home directory. + </para></listitem> </itemizedlist> - <para>If you decide to use a <emphasis>path =</emphasis> line - in your [homes] section, you may find it useful - to use the %S macro. For example :</para> - - <para><userinput moreinfo="none">path = /data/pchome/%S</userinput></para> - - <para>is useful if you have different home directories - for your PCs than for UNIX access.</para> - - <para>This is a fast and simple way to give a large number - of clients access to their home directories with a minimum - of fuss.</para> - - <para>A similar process occurs if the requested section - name is <quote>homes</quote>, except that the share name is not - changed to that of the requesting user. This method of using - the [homes] section works well if different users share - a client PC.</para> + <para> + If you decide to use a <emphasis>path =</emphasis> line in your [homes] section, it may be useful + to use the %S macro. For example: +<screen> +<userinput moreinfo="none">path = /data/pchome/%S</userinput> +</screen> + is useful if you have different home directories for your PCs than for UNIX access. + </para> + + <para> + This is a fast and simple way to give a large number of clients access to their home directories with a minimum + of fuss. + </para> + + <para> + A similar process occurs if the requested section name is <quote>homes</quote>, except that the share + name is not changed to that of the requesting user. This method of using the [homes] section works well if + different users share a client PC. + </para> - <para>The [homes] section can specify all the parameters - a normal service section can specify, though some make more sense - than others. The following is a typical and suitable [homes] - section:</para> + <para> + The [homes] section can specify all the parameters a normal service section can specify, though some make more sense + than others. The following is a typical and suitable [homes] section: + </para> <smbconfblock> <smbconfsection name="[homes]"/> <smbconfoption name="read only">no</smbconfoption> </smbconfblock> - <para>An important point is that if guest access is specified - in the [homes] section, all home directories will be - visible to all clients <emphasis>without a password</emphasis>. - In the very unlikely event that this is actually desirable, it - is wise to also specify <emphasis>read only access</emphasis>.</para> - - <para>The <emphasis>browseable</emphasis> flag for - auto home directories will be inherited from the global browseable - flag, not the [homes] browseable flag. This is useful as - it means setting <emphasis>browseable = no</emphasis> in - the [homes] section will hide the [homes] share but make - any auto home directories visible.</para> + <para> + An important point is that if guest access is specified in the [homes] section, all home directories will be + visible to all clients <emphasis>without a password</emphasis>. In the very unlikely event that this is actually + desirable, it is wise to also specify <emphasis>read only access</emphasis>. + </para> + + <para> + The <emphasis>browseable</emphasis> flag for auto home directories will be inherited from the global browseable + flag, not the [homes] browseable flag. This is useful as it means setting <emphasis>browseable = no</emphasis> in + the [homes] section will hide the [homes] share but make any auto home directories visible. + </para> </refsect2> <refsect2 id="PRINTERSSECT"> <title>The [printers] section</title> - <para>This section works like [homes], - but for printers.</para> - - <para>If a [printers] section occurs in the - configuration file, users are able to connect to any printer - specified in the local host's printcap file.</para> - - <para>When a connection request is made, the existing sections - are scanned. If a match is found, it is used. If no match is found, - but a [homes] section exists, it is used as described - above. Otherwise, the requested section name is treated as a - printer name and the appropriate printcap file is scanned to see - if the requested section name is a valid printer share name. If - a match is found, a new printer share is created by cloning - the [printers] section.</para> - - <para>A few modifications are then made to the newly created - share:</para> + <para> + This section works like [homes], but for printers. + </para> + + <para> + If a [printers] section occurs in the configuration file, users are able to connect to any printer + specified in the local host's printcap file. + </para> + + <para> + When a connection request is made, the existing sections are scanned. If a match is found, it is used. + If no match is found, but a [homes] section exists, it is used as described above. Otherwise, the requested + section name is treated as a printer name and the appropriate printcap file is scanned to see if the requested + section name is a valid printer share name. If a match is found, a new printer share is created by cloning the + [printers] section. + </para> + + <para> + A few modifications are then made to the newly created share: + </para> <itemizedlist> - <listitem><para>The share name is set to the located printer - name</para></listitem> + <listitem><para>The share name is set to the located printer name</para></listitem> - <listitem><para>If no printer name was given, the printer name - is set to the located printer name</para></listitem> + <listitem><para>If no printer name was given, the printer name is set to the located printer name</para></listitem> - <listitem><para>If the share does not permit guest access and - no username was given, the username is set to the located - printer name.</para></listitem> + <listitem><para>If the share does not permit guest access and no username was given, the username is set + to the located printer name.</para></listitem> </itemizedlist> - <para>The [printers] service MUST be - printable - if you specify otherwise, the server will refuse - to load the configuration file.</para> + <para> + The [printers] service MUST be printable - if you specify otherwise, the server will refuse + to load the configuration file. + </para> - <para>Typically the path specified is that of a - world-writeable spool directory with the sticky bit set on - it. A typical [printers] entry looks like - this:</para> + <para> + Typically the path specified is that of a world-writeable spool directory with the sticky bit set on + it. A typical [printers] entry looks like this: + </para> <smbconfblock> <smbconfsection name="[printers]"/> @@ -255,33 +268,32 @@ <smbconfoption name="printable">yes</smbconfoption> </smbconfblock> - <para>All aliases given for a printer in the printcap file - are legitimate printer names as far as the server is concerned. - If your printing subsystem doesn't work like that, you will have - to set up a pseudo-printcap. This is a file consisting of one or - more lines like this:</para> - - <programlisting> + <para> + All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned. + If your printing subsystem doesn't work like that, you will have to set up a pseudo-printcap. This is a file + consisting of one or more lines like this: +<screen> alias|alias|alias|alias... - </programlisting> - - <para>Each alias should be an acceptable printer name for - your printing subsystem. In the [global] section, specify - the new file as your printcap. The server will only recognize - names found in your pseudo-printcap, which of course can contain - whatever aliases you like. The same technique could be used - simply to limit access to a subset of your local printers.</para> - - <para>An alias, by the way, is defined as any component of the - first entry of a printcap record. Records are separated by newlines, - components (if there are more than one) are separated by vertical - bar symbols (<quote>|</quote>).</para> +</screen> +</para> + + <para> + Each alias should be an acceptable printer name for your printing subsystem. In the [global] section, + specify the new file as your printcap. The server will only recognize names found in your pseudo-printcap, + which of course can contain whatever aliases you like. The same technique could be used simply to limit access + to a subset of your local printers. + </para> + + <para> + An alias, by the way, is defined as any component of the first entry of a printcap record. Records are separated by newlines, + components (if there are more than one) are separated by vertical bar symbols (<literal>|</literal>). + </para> - <note><para>On SYSV systems which use lpstat to determine what - printers are defined on the system you may be able to use - <quote>printcap name = lpstat</quote> to automatically obtain a list - of printers. See the <quote>printcap name</quote> option - for more details.</para></note> + <note><para> + On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use + <literal>printcap name = lpstat</literal> to automatically obtain a list of printers. See the <literal>printcap name</literal> option + for more details. + </para></note> </refsect2> </refsect1> @@ -290,42 +302,42 @@ alias|alias|alias|alias... <para>Parameters define the specific attributes of sections.</para> - <para>Some parameters are specific to the [global] section - (e.g., <emphasis>security</emphasis>). Some parameters are usable - in all sections (e.g., <emphasis>create mode</emphasis>). All others - are permissible only in normal sections. For the purposes of the - following descriptions the [homes] and [printers] - sections will be considered normal. The letter <emphasis>G</emphasis> - in parentheses indicates that a parameter is specific to the - [global] section. The letter <emphasis>S</emphasis> - indicates that a parameter can be specified in a service specific - section. All <emphasis>S</emphasis> parameters can also be specified in - the [global] section - in which case they will define - the default behavior for all services.</para> - - <para>Parameters are arranged here in alphabetical order - this may - not create best bedfellows, but at least you can find them! Where - there are synonyms, the preferred synonym is described, others refer - to the preferred synonym.</para> + <para> + Some parameters are specific to the [global] section (e.g., <emphasis>security</emphasis>). Some parameters + are usable in all sections (e.g., <emphasis>create mode</emphasis>). All others are permissible only in normal + sections. For the purposes of the following descriptions the [homes] and [printers] sections will be + considered normal. The letter <emphasis>G</emphasis> in parentheses indicates that a parameter is specific to + the [global] section. The letter <emphasis>S</emphasis> indicates that a parameter can be specified in a + service specific section. All <emphasis>S</emphasis> parameters can also be specified in the [global] section + - in which case they will define the default behavior for all services. + </para> + + <para> + Parameters are arranged here in alphabetical order - this may not create best bedfellows, but at least you can + find them! Where there are synonyms, the preferred synonym is described, others refer to the preferred + synonym. + </para> </refsect1> <refsect1> <title>VARIABLE SUBSTITUTIONS</title> - <para>Many of the strings that are settable in the config file - can take substitutions. For example the option <quote>path = - /tmp/%u</quote> is interpreted as <quote>path = - /tmp/john</quote> if the user connected with the username john.</para> + <para> + Many of the strings that are settable in the config file can take substitutions. For example the option + <quote>path = /tmp/%u</quote> is interpreted as <quote>path = /tmp/john</quote> if the user connected with the + username john. + </para> - <para>These substitutions are mostly noted in the descriptions below, - but there are some general substitutions which apply whenever they - might be relevant. These are:</para> + <para> + These substitutions are mostly noted in the descriptions below, but there are some general substitutions + which apply whenever they might be relevant. These are: + </para> <variablelist> <varlistentry> <term>%U</term> - <listitem><para>session username (the username that the client - wanted, not necessarily the same as the one they got).</para></listitem> + <listitem><para>session username (the username that the client wanted, not + necessarily the same as the one they got).</para></listitem> </varlistentry> <varlistentry> @@ -335,25 +347,22 @@ alias|alias|alias|alias... <varlistentry> <term>%h</term> - <listitem><para>the Internet hostname that Samba is running - on.</para></listitem> + <listitem><para>the Internet hostname that Samba is running on.</para></listitem> </varlistentry> <varlistentry> <term>%m</term> - <listitem><para>the NetBIOS name of the client machine - (very useful).</para></listitem> + <listitem><para>the NetBIOS name of the client machine (very useful).</para></listitem> </varlistentry> <varlistentry> <term>%L</term> - <listitem><para>the NetBIOS name of the server. This allows you - to change your config based on what the client calls you. Your - server can have a <quote>dual personality</quote>.</para> + <listitem><para>the NetBIOS name of the server. This allows you to change your config based on what + the client calls you. Your server can have a <quote>dual personality</quote>.</para> - <para>This parameter is not available when Samba listens - on port 445, as clients no longer send this information.</para> - </listitem> + <para>This parameter is not available when Samba listens on port 445, as clients no longer + send this information. + </para></listitem> </varlistentry> @@ -365,27 +374,26 @@ alias|alias|alias|alias... <varlistentry> <term>%R</term> - <listitem><para>the selected protocol level after - protocol negotiation. It can be one of CORE, COREPLUS, - LANMAN1, LANMAN2 or NT1.</para></listitem> + <listitem><para>the selected protocol level after protocol negotiation. It can be one of CORE, COREPLUS, + LANMAN1, LANMAN2 or NT1.</para></listitem> </varlistentry> <varlistentry> <term>%d</term> <listitem><para>the process id of the current server - process.</para></listitem> + process.</para></listitem> </varlistentry> <varlistentry> <term>%a</term> <listitem><para>the architecture of the remote - machine. It currently recognizes Samba (<constant>Samba</constant>), - the Linux CIFS file system (<constant>CIFSFS</constant>), OS/2, (<constant>OS2</constant>), - Windows for Workgroups (<constant>WfWg</constant>), Windows 9x/ME - (<constant>Win95</constant>), Windows NT (<constant>WinNT</constant>), - Windows 2000 (<constant>Win2K</constant>), Windows XP (<constant>WinXP</constant>), - and Windows 2003 (<constant>Win2K3</constant>). Anything else will be known as - <constant>UNKNOWN</constant>.</para> + machine. It currently recognizes Samba (<constant>Samba</constant>), + the Linux CIFS file system (<constant>CIFSFS</constant>), OS/2, (<constant>OS2</constant>), + Windows for Workgroups (<constant>WfWg</constant>), Windows 9x/ME + (<constant>Win95</constant>), Windows NT (<constant>WinNT</constant>), + Windows 2000 (<constant>Win2K</constant>), Windows XP (<constant>WinXP</constant>), + and Windows 2003 (<constant>Win2K3</constant>). Anything else will be known as + <constant>UNKNOWN</constant>.</para> </listitem> </varlistentry> @@ -418,8 +426,10 @@ alias|alias|alias|alias... </varlistentry> </variablelist> - <para>The following substitutes apply only to some configuration options (only those - that are used when a connection has been established):</para> + <para> + The following substitutes apply only to some configuration options (only those that are + used when a connection has been established): + </para> <variablelist> <varlistentry> @@ -430,8 +440,7 @@ alias|alias|alias|alias... <varlistentry> <term>%P</term> - <listitem><para>the root directory of the current service, - if any.</para></listitem> + <listitem><para>the root directory of the current service, if any.</para></listitem> </varlistentry> <varlistentry> @@ -447,141 +456,147 @@ alias|alias|alias|alias... <varlistentry> <term>%H</term> - <listitem><para>the home directory of the user given - by %u.</para></listitem> + <listitem><para>the home directory of the user given by %u.</para></listitem> </varlistentry> <varlistentry> <term>%N</term> - <listitem><para>the name of your NIS home directory server. - This is obtained from your NIS auto.map entry. If you have - not compiled Samba with the <emphasis>--with-automount</emphasis> - option, this value will be the same as %L.</para> - </listitem> + <listitem><para> + the name of your NIS home directory server. This is obtained from your NIS auto.map entry. + If you have not compiled Samba with the <emphasis>--with-automount</emphasis> option, this + value will be the same as %L.</para></listitem> </varlistentry> <varlistentry> <term>%p</term> - <listitem><para>the path of the service's home directory, - obtained from your NIS auto.map entry. The NIS auto.map entry - is split up as <quote>%N:%p</quote>.</para></listitem> + <listitem><para> + the path of the service's home directory, obtained from your NIS auto.map entry. The NIS + auto.map entry is split up as <literal>%N:%p</literal>.</para></listitem> </varlistentry> </variablelist> - <para>There are some quite creative things that can be done - with these substitutions and other <filename moreinfo="none">smb.conf</filename> options.</para> + <para> + There are some quite creative things that can be done with these substitutions and other + <filename moreinfo="none">smb.conf</filename> options. + </para> </refsect1> <refsect1 id="NAMEMANGLINGSECT"> <title>NAME MANGLING</title> - <para>Samba supports <quote>name mangling</quote> so that DOS and - Windows clients can use files that don't conform to the 8.3 format. - It can also be set to adjust the case of 8.3 format filenames.</para> + <para> + Samba supports <literal>name mangling</literal> so that DOS and Windows clients can use files that don't + conform to the 8.3 format. It can also be set to adjust the case of 8.3 format filenames. + </para> - <para>There are several options that control the way mangling is - performed, and they are grouped here rather than listed separately. - For the defaults look at the output of the testparm program. </para> + <para> + There are several options that control the way mangling is performed, and they are grouped here rather + than listed separately. For the defaults look at the output of the testparm program. + </para> - <para>All of these options can be set separately for each service - (or globally, of course). </para> + <para> + All of these options can be set separately for each service (or globally, of course). + </para> - <para>The options are: </para> + <para> + The options are: + </para> <variablelist> <varlistentry> <term>case sensitive = yes/no/auto</term> - <listitem><para>controls whether filenames are case sensitive. If - they aren't, Samba must do a filename search and match on passed - names. The default setting of auto allows clients that support case - sensitive filenames (Linux CIFSVFS and smbclient 3.0.5 and above currently) - to tell the Samba server on a per-packet basis that they wish to access - the file system in a case-sensitive manner (to support UNIX case sensitive - semantics). No Windows or DOS system supports case-sensitive filename so - setting this option to auto is that same as setting it to no for them. - Default <emphasis>auto</emphasis>.</para></listitem> + <listitem><para> + controls whether filenames are case sensitive. If they aren't, Samba must do a filename search and match on + passed names. The default setting of auto allows clients that support case sensitive filenames (Linux CIFSVFS + and smbclient 3.0.5 and above currently) to tell the Samba server on a per-packet basis that they wish to + access the file system in a case-sensitive manner (to support UNIX case sensitive semantics). No Windows or + DOS system supports case-sensitive filename so setting this option to auto is that same as setting it to no + for them. Default <emphasis>auto</emphasis>. + </para></listitem> </varlistentry> <varlistentry> <term>default case = upper/lower</term> - <listitem><para>controls what the default case is for new - filenames. Default <emphasis>lower</emphasis>.</para></listitem> + <listitem><para> + controls what the default case is for new filenames. Default <emphasis>lower</emphasis>. + </para></listitem> </varlistentry> <varlistentry> <term>preserve case = yes/no</term> - <listitem><para>controls whether new files are created with the - case that the client passes, or if they are forced to be the - <quote>default</quote> case. Default <emphasis>yes</emphasis>. + <listitem><para> + controls whether new files are created with the case that the client passes, or if they are forced to be the + <literal>default</literal> case. Default <emphasis>yes</emphasis>. </para></listitem> </varlistentry> <varlistentry> <term>short preserve case = yes/no</term> - <listitem><para>controls if new files which conform to 8.3 syntax, - that is all in upper case and of suitable length, are created - upper case, or if they are forced to be the <quote>default</quote> - case. This option can be used with <quote>preserve case = yes</quote> - to permit long filenames to retain their case, while short names - are lowercased. Default <emphasis>yes</emphasis>.</para></listitem> + <listitem><para> + controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, + are created upper case, or if they are forced to be the <literal>default</literal> case. This option can be + used with <literal>preserve case = yes</literal> to permit long filenames to retain their case, while short + names are lowercased. Default <emphasis>yes</emphasis>. + </para></listitem> </varlistentry> </variablelist> - <para>By default, Samba 3.0 has the same semantics as a Windows - NT server, in that it is case insensitive but case preserving.</para> + <para> + By default, Samba 3.0 has the same semantics as a Windows NT server, in that it is case insensitive but case preserving. + </para> </refsect1> <refsect1 id="VALIDATIONSECT"> <title>NOTE ABOUT USERNAME/PASSWORD VALIDATION</title> - <para>There are a number of ways in which a user can connect - to a service. The server uses the following steps in determining - if it will allow a connection to a specified service. If all the - steps fail, the connection request is rejected. However, if one of the - steps succeeds, the following steps are not checked.</para> + <para> + There are a number of ways in which a user can connect to a service. The server uses the following steps + in determining if it will allow a connection to a specified service. If all the steps fail, the connection + request is rejected. However, if one of the steps succeeds, the following steps are not checked. + </para> - <para>If the service is marked <quote>guest only = yes</quote> and the - server is running with share-level security (<quote>security = share</quote>, - steps 1 to 5 are skipped.</para> + <para> + If the service is marked <quote>guest only = yes</quote> and the server is running with share-level + security (<quote>security = share</quote>, steps 1 to 5 are skipped. + </para> <orderedlist continuation="restarts" inheritnum="ignore" numeration="arabic"> - <listitem><para>If the client has passed a username/password - pair and that username/password pair is validated by the UNIX - system's password programs, the connection is made as that - username. This includes the - \\server\service%<replaceable>username</replaceable> method of passing - a username.</para></listitem> - - <listitem><para>If the client has previously registered a username - with the system and now supplies a correct password for that - username, the connection is allowed.</para></listitem> + <listitem><para> + If the client has passed a username/password pair and that username/password pair is validated by the UNIX + system's password programs, the connection is made as that username. This includes the + <literal>\\server\service%<replaceable>username</replaceable></literal> method of passing a username. + </para></listitem> + + <listitem><para> + If the client has previously registered a username with the system and now supplies a correct password for that + username, the connection is allowed. + </para></listitem> - <listitem><para>The client's NetBIOS name and any previously - used usernames are checked against the supplied password. If - they match, the connection is allowed as the corresponding - user.</para></listitem> + <listitem><para> + The client's NetBIOS name and any previously used usernames are checked against the supplied password. If + they match, the connection is allowed as the corresponding user. + </para></listitem> - <listitem><para>If the client has previously validated a - username/password pair with the server and the client has passed - the validation token, that username is used. </para></listitem> - - <listitem><para>If a <quote>user = </quote> field is given in the - <filename moreinfo="none">smb.conf</filename> file for the service and the client - has supplied a password, and that password matches (according to - the UNIX system's password checking) with one of the usernames - from the <quote>user =</quote> field, the connection is made as - the username in the <quote>user =</quote> line. If one - of the usernames in the <quote>user =</quote> list begins with a - <quote>@</quote>, that name expands to a list of names in - the group of the same name.</para></listitem> - - <listitem><para>If the service is a guest service, a - connection is made as the username given in the <quote>guest - account =</quote> for the service, irrespective of the - supplied password.</para></listitem> + <listitem><para> + If the client has previously validated a username/password pair with the server and the client has passed + the validation token, that username is used. + </para></listitem> + + <listitem><para> + If a <literal>user = </literal> field is given in the <filename moreinfo="none">smb.conf</filename> file for the + service and the client has supplied a password, and that password matches (according to the UNIX system's + password checking) with one of the usernames from the <literal>user =</literal> field, the connection is made as + the username in the <literal>user =</literal> line. If one of the usernames in the <literal>user =</literal> list + begins with a <literal>@</literal>, that name expands to a list of names in the group of the same name. + </para></listitem> + + <listitem><para> + If the service is a guest service, a connection is made as the username given in the <literal>guest account + =</literal> for the service, irrespective of the supplied password. + </para></listitem> </orderedlist> </refsect1> @@ -596,23 +611,25 @@ alias|alias|alias|alias... <refsect1> <title>WARNINGS</title> - <para>Although the configuration file permits service names - to contain spaces, your client software may not. Spaces will - be ignored in comparisons anyway, so it shouldn't be a - problem - but be aware of the possibility.</para> - - <para>On a similar note, many clients - especially DOS clients - - limit service names to eight characters. <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has no such limitation, but attempts to connect from such - clients will fail if they truncate the service names. For this reason - you should probably keep your service names down to eight characters - in length.</para> - - <para>Use of the [homes] and [printers] special sections make life - for an administrator easy, but the various combinations of default - attributes can be tricky. Take extreme care when designing these - sections. In particular, ensure that the permissions on spool - directories are correct.</para> + <para> + Although the configuration file permits service names to contain spaces, your client software may not. + Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility. + </para> + + <para> + On a similar note, many clients - especially DOS clients - limit service names to eight characters. + <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> has no such + limitation, but attempts to connect from such clients will fail if they truncate the service names. For this + reason you should probably keep your service names down to eight characters in length. + </para> + + <para> + Use of the <literal>[homes]</literal> and <literal>[printers]</literal> special sections make life + for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme + care when designing these sections. In particular, ensure that the permissions on spool directories are + correct. + </para> + </refsect1> <refsect1> @@ -639,18 +656,18 @@ alias|alias|alias|alias... <refsect1> <title>AUTHOR</title> - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> + <para> + The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. + </para> - <para>The original Samba man pages were written by Karl Auer. - The man page sources were converted to YODL format (another + <para> + The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/"> - ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 - release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion + to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by + Alexander Bokovoy. + </para> </refsect1> </refentry> |