summaryrefslogtreecommitdiff
path: root/docs-xml/smbdotconf/protocol
diff options
context:
space:
mode:
Diffstat (limited to 'docs-xml/smbdotconf/protocol')
-rw-r--r--docs-xml/smbdotconf/protocol/aclcheckpermissions.xml30
-rw-r--r--docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml17
-rw-r--r--docs-xml/smbdotconf/protocol/announceas.xml21
-rw-r--r--docs-xml/smbdotconf/protocol/announceversion.xml14
-rw-r--r--docs-xml/smbdotconf/protocol/clientusespnego.xml15
-rw-r--r--docs-xml/smbdotconf/protocol/defersharingviolations.xml26
-rw-r--r--docs-xml/smbdotconf/protocol/disablenetbios.xml16
-rw-r--r--docs-xml/smbdotconf/protocol/easupport.xml17
-rw-r--r--docs-xml/smbdotconf/protocol/enableasusupport.xml17
-rw-r--r--docs-xml/smbdotconf/protocol/eventloglist.xml22
-rw-r--r--docs-xml/smbdotconf/protocol/largereadwrite.xml18
-rw-r--r--docs-xml/smbdotconf/protocol/mapaclinherit.xml17
-rw-r--r--docs-xml/smbdotconf/protocol/maxmux.xml13
-rw-r--r--docs-xml/smbdotconf/protocol/maxprotocol.xml48
-rw-r--r--docs-xml/smbdotconf/protocol/maxttl.xml14
-rw-r--r--docs-xml/smbdotconf/protocol/maxwinsttl.xml17
-rw-r--r--docs-xml/smbdotconf/protocol/maxxmit.xml16
-rw-r--r--docs-xml/smbdotconf/protocol/minprotocol.xml22
-rw-r--r--docs-xml/smbdotconf/protocol/minreceivefilesize.xml22
-rw-r--r--docs-xml/smbdotconf/protocol/minwinsttl.xml16
-rw-r--r--docs-xml/smbdotconf/protocol/nameresolveorder.xml70
-rw-r--r--docs-xml/smbdotconf/protocol/ntaclsupport.xml17
-rw-r--r--docs-xml/smbdotconf/protocol/ntpipesupport.xml16
-rw-r--r--docs-xml/smbdotconf/protocol/ntstatussupport.xml18
-rw-r--r--docs-xml/smbdotconf/protocol/profileacls.xml41
-rw-r--r--docs-xml/smbdotconf/protocol/readraw.xml26
-rw-r--r--docs-xml/smbdotconf/protocol/smbports.xml11
-rw-r--r--docs-xml/smbdotconf/protocol/svcctllist.xml22
-rw-r--r--docs-xml/smbdotconf/protocol/timeserver.xml13
-rw-r--r--docs-xml/smbdotconf/protocol/unixextensions.xml16
-rw-r--r--docs-xml/smbdotconf/protocol/usespnego.xml19
-rw-r--r--docs-xml/smbdotconf/protocol/writeraw.xml13
32 files changed, 680 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml
new file mode 100644
index 0000000000..6916261759
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml
@@ -0,0 +1,30 @@
+<samba:parameter name="acl check permissions"
+ context="S"
+ type="boolean"
+ advanced="1" wizard="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls what <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>does on receiving a protocol request of "open for delete"
+ from a Windows client. If a Windows client doesn't have permissions to delete a file then they
+ expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by
+ actually attempting to delete the file or directory. As Windows clients can (and do) "back out" a
+ delete request by unsetting the "delete on close" bit Samba cannot delete the file immediately
+ on "open for delete" request as we cannot restore such a deleted file. With this parameter set to
+ true (the default) then smbd checks the file system permissions directly on "open for delete" and denies the
+ request without actually deleting the file if the file system permissions would seem to deny it.
+ This is not perfect, as it's possible a user could have deleted a file without Samba being able to
+ check the permissions correctly, but it is close enough to Windows semantics for mostly correct
+ behaviour. Samba will correctly check POSIX ACL semantics in this case.
+ </para>
+ <para>If this parameter is set to "false" Samba doesn't check permissions on "open for delete"
+ and allows the open. If the user doesn't have permission to delete the file this will only be
+ discovered at close time, which is too late for the Windows user tools to display an error message
+ to the user. The symptom of this is files that appear to have been deleted "magically" re-appearing
+ on a Windows explorer refersh. This is an extremely advanced protocol option which should not
+ need to be changed. This parameter was introduced in its final form in 3.0.21, an earlier version
+ with slightly different semantics was introduced in 3.0.20. That older version is not documented here.
+ </para>
+</description>
+<value type="default">True</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml b/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml
new file mode 100644
index 0000000000..c38ac3cfbf
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="acl map full control"
+ context="S"
+ type="boolean"
+ advanced="1" wizard="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum
+ allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX
+ ACE entry of "rwx" will be returned in a Windows ACL as "FULL CONTROL", is this parameter is set to false any
+ POSIX ACE entry of "rwx" will be returned as the specific Windows ACL bits representing read, write and
+ execute.
+ </para>
+</description>
+<value type="default">True</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/announceas.xml b/docs-xml/smbdotconf/protocol/announceas.xml
new file mode 100644
index 0000000000..8891496194
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/announceas.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="announce as"
+ context="G"
+ type="string"
+ developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This specifies what type of server <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will announce itself as, to a network neighborhood browse
+ list. By default this is set to Windows NT. The valid options
+ are : &quot;NT Server&quot; (which can also be written as &quot;NT&quot;),
+ &quot;NT Workstation&quot;, &quot;Win95&quot; or &quot;WfW&quot; meaning Windows NT Server,
+ Windows NT Workstation, Windows 95 and Windows for Workgroups
+ respectively. Do not change this parameter unless you have a
+ specific need to stop Samba appearing as an NT server as this
+ may prevent Samba servers from participating as browser servers
+ correctly.</para>
+</description>
+
+<value type="default">NT Server</value>
+<value type="example">Win95</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/announceversion.xml b/docs-xml/smbdotconf/protocol/announceversion.xml
new file mode 100644
index 0000000000..ecdcd4c734
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/announceversion.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="announce version"
+ context="G"
+ developer="1"
+ type="string"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This specifies the major and minor version numbers
+ that nmbd will use when announcing itself as a server. The default
+ is 4.9. Do not change this parameter unless you have a specific
+ need to set a Samba server to be a downlevel server.</para>
+</description>
+<value type="default">4.9</value>
+<value type="example">2.0</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/clientusespnego.xml b/docs-xml/smbdotconf/protocol/clientusespnego.xml
new file mode 100644
index 0000000000..c688a656f4
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/clientusespnego.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="client use spnego"
+ context="G"
+ type="boolean"
+ developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para> This variable controls whether Samba clients will try
+ to use Simple and Protected NEGOciation (as specified by rfc2478) with
+ supporting servers (including WindowsXP, Windows2000 and Samba
+ 3.0) to agree upon an authentication
+ mechanism. This enables Kerberos authentication in particular.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/defersharingviolations.xml b/docs-xml/smbdotconf/protocol/defersharingviolations.xml
new file mode 100644
index 0000000000..f54916c776
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/defersharingviolations.xml
@@ -0,0 +1,26 @@
+<samba:parameter name="defer sharing violations"
+ context="G"
+ type="boolean"
+ developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ Windows allows specifying how a file will be shared with
+ other processes when it is opened. Sharing violations occur when
+ a file is opened by a different process using options that violate
+ the share settings specified by other processes. This parameter causes
+ smbd to act as a Windows server does, and defer returning a "sharing
+ violation" error message for up to one second, allowing the client
+ to close the file causing the violation in the meantime.
+ </para>
+
+ <para>UNIX by default does not have this behaviour.</para>
+
+ <para>
+ There should be no reason to turn off this parameter, as it is
+ designed to enable Samba to more correctly emulate Windows.
+ </para>
+</description>
+
+<value type="default">True</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/disablenetbios.xml b/docs-xml/smbdotconf/protocol/disablenetbios.xml
new file mode 100644
index 0000000000..e78cb8c4f7
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/disablenetbios.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="disable netbios"
+ context="G"
+ type="boolean"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Enabling this parameter will disable netbios support
+ in Samba. Netbios is the only available form of browsing in
+ all windows versions except for 2000 and XP. </para>
+
+ <note><para>Clients that only support netbios won't be able to
+ see your samba server when netbios support is disabled.
+ </para></note>
+</description>
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/easupport.xml b/docs-xml/smbdotconf/protocol/easupport.xml
new file mode 100644
index 0000000000..ba210fdac7
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/easupport.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="ea support"
+ context="S"
+ type="boolean"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will allow clients to attempt to store OS/2 style Extended
+ attributes on a share. In order to enable this parameter the underlying filesystem exported by
+ the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the
+ correct kernel patches). On Linux the filesystem must have been mounted with the mount
+ option user_xattr in order for extended attributes to work, also
+ extended attributes must be compiled into the Linux kernel.</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/enableasusupport.xml b/docs-xml/smbdotconf/protocol/enableasusupport.xml
new file mode 100644
index 0000000000..cd4f30fb8d
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/enableasusupport.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="enable asu support"
+ context="G"
+ advanced="1" developer="1"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Hosts running the "Advanced Server for Unix (ASU)" product
+ require some special accomodations such as creating a builting [ADMIN$]
+ share that only supports IPC connections. The has been the default
+ behavior in smbd for many years. However, certain Microsoft applications
+ such as the Print Migrator tool require that the remote server support
+ an [ADMIN$} file share. Disabling this parameter allows for creating
+ an [ADMIN$] file share in smb.conf.</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/eventloglist.xml b/docs-xml/smbdotconf/protocol/eventloglist.xml
new file mode 100644
index 0000000000..e98559bc17
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/eventloglist.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="eventlog list"
+ type="string"
+ context="G"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option defines a list of log names that Samba will
+ report to the Microsoft EventViewer utility. The listed
+ eventlogs will be associated with tdb file on disk in the
+ <filename>$(lockdir)/eventlog</filename>.
+ </para>
+
+ <para>
+ The administrator must use an external process to parse the normal
+ Unix logs such as <filename>/var/log/messages</filename>
+ and write then entries to the eventlog tdb files. Refer to the
+ eventlogadm(8) utility for how to write eventlog entries.
+ </para>
+</description>
+
+<value type="default"/>
+<value type="example">Security Application Syslog Apache</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/largereadwrite.xml b/docs-xml/smbdotconf/protocol/largereadwrite.xml
new file mode 100644
index 0000000000..12be741322
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/largereadwrite.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="large readwrite"
+ context="G"
+ type="boolean"
+ developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter determines whether or not
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> supports the new 64k
+ streaming read and write varient SMB requests introduced with
+ Windows 2000. Note that due to Windows 2000 client redirector bugs
+ this requires Samba to be running on a 64-bit capable operating
+ system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve
+ performance by 10% with Windows 2000 clients. Defaults to on. Not as
+ tested as some other Samba code paths.</para>
+</description>
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/mapaclinherit.xml b/docs-xml/smbdotconf/protocol/mapaclinherit.xml
new file mode 100644
index 0000000000..ef0b4eb6d6
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/mapaclinherit.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="map acl inherit"
+ context="S"
+ type="boolean"
+ advanced="1" wizard="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will attempt to map the 'inherit' and 'protected'
+ access control entry flags stored in Windows ACLs into an extended attribute
+ called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
+ on a platform that supports extended attributes (Linux and IRIX so far) and
+ allows the Windows 2000 ACL editor to correctly use inheritance with the Samba
+ POSIX ACL mapping code.
+ </para>
+</description>
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/maxmux.xml b/docs-xml/smbdotconf/protocol/maxmux.xml
new file mode 100644
index 0000000000..71998c974f
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/maxmux.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="max mux"
+ context="G"
+ advanced="1" developer="1"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option controls the maximum number of
+ outstanding simultaneous SMB operations that Samba tells the client
+ it will allow. You should never need to set this parameter.</para>
+</description>
+
+<value type="default">50</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/maxprotocol.xml b/docs-xml/smbdotconf/protocol/maxprotocol.xml
new file mode 100644
index 0000000000..e785909147
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/maxprotocol.xml
@@ -0,0 +1,48 @@
+<samba:parameter name="max protocol"
+ context="G"
+ type="enum"
+ developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>The value of the parameter (a string) is the highest
+ protocol level that will be supported by the server.</para>
+
+ <para>Possible values are :</para>
+ <itemizedlist>
+ <listitem>
+ <para><constant>CORE</constant>: Earliest version. No
+ concept of user names.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>COREPLUS</constant>: Slight improvements on
+ CORE for efficiency.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>LANMAN1</constant>: First <emphasis>
+ modern</emphasis> version of the protocol. Long filename
+ support.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>LANMAN2</constant>: Updates to Lanman1 protocol.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>NT1</constant>: Current up to date version of the protocol.
+ Used by Windows NT. Known as CIFS.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Normally this option should not be set as the automatic
+ negotiation phase in the SMB protocol takes care of choosing
+ the appropriate protocol.</para>
+</description>
+
+<related>min protocol</related>
+<synonym>protocol</synonym>
+
+<value type="default">NT1</value>
+<value type="example">LANMAN1</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/maxttl.xml b/docs-xml/smbdotconf/protocol/maxttl.xml
new file mode 100644
index 0000000000..00f735d3a9
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/maxttl.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="max ttl"
+ context="G"
+ type="integer"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> what the default 'time to live'
+ of NetBIOS names should be (in seconds) when <command moreinfo="none">nmbd</command> is
+ requesting a name using either a broadcast packet or from a WINS server. You should
+ never need to change this parameter. The default is 3 days.</para>
+</description>
+<value type="default">259200</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/maxwinsttl.xml b/docs-xml/smbdotconf/protocol/maxwinsttl.xml
new file mode 100644
index 0000000000..09935cdd9b
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/maxwinsttl.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="max wins ttl"
+ type="integer"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option tells <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server
+ (<smbconfoption name="wins support">yes</smbconfoption>) what the maximum
+ 'time to live' of NetBIOS names that <command moreinfo="none">nmbd</command>
+ will grant will be (in seconds). You should never need to change this
+ parameter. The default is 6 days (518400 seconds).</para>
+</description>
+
+<related>min wins ttl</related>
+<value type="default">518400</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/maxxmit.xml b/docs-xml/smbdotconf/protocol/maxxmit.xml
new file mode 100644
index 0000000000..3804ae21e3
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/maxxmit.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="max xmit"
+ context="G"
+ type="integer"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option controls the maximum packet size
+ that will be negotiated by Samba. The default is 16644, which
+ matches the behavior of Windows 2000. A value below 2048 is likely to cause problems.
+ You should never need to change this parameter from its default value.
+</para>
+</description>
+
+<value type="default">16644</value>
+<value type="example">8192</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/minprotocol.xml b/docs-xml/smbdotconf/protocol/minprotocol.xml
new file mode 100644
index 0000000000..0bec282467
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/minprotocol.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="min protocol"
+ context="G"
+ type="string"
+ developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>The value of the parameter (a string) is the
+ lowest SMB protocol dialect than Samba will support. Please refer
+ to the <smbconfoption name="max protocol"/>
+ parameter for a list of valid protocol names and a brief description
+ of each. You may also wish to refer to the C source code in
+ <filename moreinfo="none">source/smbd/negprot.c</filename> for a listing of known protocol
+ dialects supported by clients.</para>
+
+ <para>If you are viewing this parameter as a security measure, you should
+ also refer to the <smbconfoption name="lanman auth"/> parameter. Otherwise, you should never need
+ to change this parameter.</para>
+</description>
+
+<value type="default">CORE</value>
+<value type="example">NT1</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/minreceivefilesize.xml b/docs-xml/smbdotconf/protocol/minreceivefilesize.xml
new file mode 100644
index 0000000000..2df6c178db
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/minreceivefilesize.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="min receivefile size"
+ type="integer"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+<para>This option changes the behavior of <citerefentry><refentrytitle>smbd</refentrytitle>
+<manvolnum>8</manvolnum></citerefentry> when processing SMBwriteX calls. Any incoming
+SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will
+be passed to any underlying kernel recvfile or splice system call (if there is no such
+call Samba will emulate in user space). This allows zero-copy writes directly from network
+socket buffers into the filesystem buffer cache, if available. It may improve performance
+but user testing is recommended. If set to zero Samba processes SMBwriteX calls in the
+normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be
+nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</para>
+<para>Note this option will have NO EFFECT if set on a SMB signed connection.</para>
+<para>The default is zero, which diables this option.</para>
+</description>
+
+<related>min receivefile size</related>
+<value type="default">0</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/minwinsttl.xml b/docs-xml/smbdotconf/protocol/minwinsttl.xml
new file mode 100644
index 0000000000..38fbd7b0eb
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/minwinsttl.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="min wins ttl"
+ context="G"
+ type="integer"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>
+ when acting as a WINS server (<smbconfoption name="wins support">yes</smbconfoption>) what the minimum 'time to live'
+ of NetBIOS names that <command moreinfo="none">nmbd</command> will grant will be (in
+ seconds). You should never need to change this parameter. The default
+ is 6 hours (21600 seconds).</para>
+</description>
+
+<value type="default">21600</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/nameresolveorder.xml b/docs-xml/smbdotconf/protocol/nameresolveorder.xml
new file mode 100644
index 0000000000..9b1ad075b1
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/nameresolveorder.xml
@@ -0,0 +1,70 @@
+<samba:parameter name="name resolve order"
+ context="G"
+ type="list"
+ advanced="1" wizard="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option is used by the programs in the Samba
+ suite to determine what naming services to use and in what order
+ to resolve host names to IP addresses. Its main purpose to is to
+ control how netbios name resolution is performed. The option takes a space
+ separated string of name resolution options.</para>
+
+ <para>The options are: &quot;lmhosts&quot;, &quot;host&quot;,
+ &quot;wins&quot; and &quot;bcast&quot;. They cause names to be
+ resolved as follows:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ <constant>lmhosts</constant> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has
+ no name type attached to the NetBIOS name (see the manpage for lmhosts for details) then
+ any name type matches for lookup.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <constant>host</constant> : Do a standard host name to IP address resolution, using the system
+ <filename moreinfo="none">/etc/hosts </filename>, NIS, or DNS lookups. This method of name resolution is
+ operating system depended for instance on IRIX or Solaris this may be controlled by the <filename
+ moreinfo="none">/etc/nsswitch.conf</filename> file. Note that this method is used only if the NetBIOS name
+ type being queried is the 0x20 (server) name type or 0x1c (domain controllers). The latter case is only
+ useful for active directory domains and results in a DNS query for the SRV RR entry matching
+ _ldap._tcp.domain.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para><constant>wins</constant> : Query a name with
+ the IP address listed in the <smbconfoption name="WINSSERVER"><parameter moreinfo="none">
+ wins server</parameter></smbconfoption> parameter. If no WINS server has
+ been specified this method will be ignored.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>bcast</constant> : Do a broadcast on
+ each of the known local interfaces listed in the <smbconfoption name="interfaces"/>
+ parameter. This is the least reliable of the name resolution
+ methods as it depends on the target host being on a locally
+ connected subnet.</para>
+ </listitem>
+</itemizedlist>
+
+ <para>The example below will cause the local lmhosts file to be examined
+ first, followed by a broadcast attempt, followed by a normal
+ system hostname lookup.</para>
+
+ <para>When Samba is functioning in ADS security mode (<command moreinfo="none">security = ads</command>)
+ it is advised to use following settings for <parameter moreinfo="none">name resolve order</parameter>:</para>
+
+ <para><command moreinfo="none">name resolve order = wins bcast</command></para>
+
+ <para>DC lookups will still be done via DNS, but fallbacks to netbios names will
+ not inundate your DNS servers with needless querys for DOMAIN&lt;0x1c&gt; lookups.</para>
+
+</description>
+
+<value type="default">lmhosts host wins bcast</value>
+<value type="example">lmhosts bcast host</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/ntaclsupport.xml b/docs-xml/smbdotconf/protocol/ntaclsupport.xml
new file mode 100644
index 0000000000..1e9cedf931
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/ntaclsupport.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="nt acl support"
+ context="S"
+ advanced="1" wizard="1"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will attempt to map
+ UNIX permissions into Windows NT access control lists. The UNIX
+ permissions considered are the the traditional UNIX owner and
+ group permissions, as well as POSIX ACLs set on any files or
+ directories. This parameter was formally a global parameter in
+ releases prior to 2.2.2.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/ntpipesupport.xml b/docs-xml/smbdotconf/protocol/ntpipesupport.xml
new file mode 100644
index 0000000000..7c310846b2
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/ntpipesupport.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="nt pipe support"
+ context="G"
+ advanced="1" developer="1"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will allow Windows NT
+ clients to connect to the NT SMB specific <constant>IPC$</constant>
+ pipes. This is a developer debugging option and can be left
+ alone.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/ntstatussupport.xml b/docs-xml/smbdotconf/protocol/ntstatussupport.xml
new file mode 100644
index 0000000000..4dfc142e2e
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/ntstatussupport.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="nt status support"
+ context="G"
+ type="boolean"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will negotiate NT specific status
+ support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone.
+ If this option is set to <constant>no</constant> then Samba offers
+ exactly the same DOS error codes that versions prior to Samba 2.2.3
+ reported.</para>
+
+ <para>You should not need to ever disable this parameter.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/profileacls.xml b/docs-xml/smbdotconf/protocol/profileacls.xml
new file mode 100644
index 0000000000..1c6f0c9ebf
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/profileacls.xml
@@ -0,0 +1,41 @@
+<samba:parameter name="profile acls"
+ context="S"
+ type="boolean"
+ advanced="1" wizard="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ This boolean parameter was added to fix the problems that people have been
+ having with storing user profiles on Samba shares from Windows 2000 or
+ Windows XP clients. New versions of Windows 2000 or Windows XP service
+ packs do security ACL checking on the owner and ability to write of the
+ profile directory stored on a local workstation when copied from a Samba
+ share.
+ </para>
+
+ <para>
+ When not in domain mode with winbindd then the security info copied
+ onto the local workstation has no meaning to the logged in user (SID) on
+ that workstation so the profile storing fails. Adding this parameter
+ onto a share used for profile storage changes two things about the
+ returned Windows ACL. Firstly it changes the owner and group owner
+ of all reported files and directories to be BUILTIN\\Administrators,
+ BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly
+ it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to
+ every returned ACL. This will allow any Windows 2000 or XP workstation
+ user to access the profile.
+ </para>
+
+ <para>
+ Note that if you have multiple users logging
+ on to a workstation then in order to prevent them from being able to access
+ each others profiles you must remove the "Bypass traverse checking" advanced
+ user right. This will prevent access to other users profile directories as
+ the top level profile directory (named after the user) is created by the
+ workstation profile code and has an ACL restricting entry to the directory
+ tree to the owning user.
+ </para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/readraw.xml b/docs-xml/smbdotconf/protocol/readraw.xml
new file mode 100644
index 0000000000..2ca23075ee
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/readraw.xml
@@ -0,0 +1,26 @@
+<samba:parameter name="read raw"
+ context="G"
+ type="boolean"
+ developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter controls whether or not the server
+ will support the raw read SMB requests when transferring data
+ to clients.</para>
+
+ <para>If enabled, raw reads allow reads of 65535 bytes in
+ one packet. This typically provides a major performance benefit.
+ </para>
+
+ <para>However, some clients either negotiate the allowable
+ block size incorrectly or are incapable of supporting larger block
+ sizes, and for these clients you may need to disable raw reads.</para>
+
+<para>In general this parameter should be viewed as a system tuning
+ tool and left severely alone.</para>
+</description>
+
+<value type="default">yes</value>
+
+<related>write raw</related>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smbports.xml b/docs-xml/smbdotconf/protocol/smbports.xml
new file mode 100644
index 0000000000..aaf4919db0
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/smbports.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="smb ports"
+ context="G"
+ type="list"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Specifies which ports the server should listen on for SMB traffic.</para>
+</description>
+
+<value type="default">445 139</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/svcctllist.xml b/docs-xml/smbdotconf/protocol/svcctllist.xml
new file mode 100644
index 0000000000..660a280088
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/svcctllist.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="svcctl list"
+ type="string"
+ context="G"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option defines a list of init scripts that smbd
+ will use for starting and stopping Unix services via the Win32
+ ServiceControl API. This allows Windows administrators to
+ utilize the MS Management Console plug-ins to manage a
+ Unix server running Samba.</para>
+
+ <para>The administrator must create a directory
+ name <filename>svcctl</filename> in Samba's $(libdir)
+ and create symbolic links to the init scripts in
+ <filename>/etc/init.d/</filename>. The name of the links
+ must match the names given as part of the <parameter>svcctl list</parameter>.
+ </para>
+</description>
+
+<value type="default"/>
+<value type="example">cups postfix portmap httpd</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/timeserver.xml b/docs-xml/smbdotconf/protocol/timeserver.xml
new file mode 100644
index 0000000000..93d89183b5
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/timeserver.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="time server"
+ context="G"
+ type="boolean"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> advertises itself as a time server to Windows
+clients.</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml
new file mode 100644
index 0000000000..5b4a36a401
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/unixextensions.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="unix extensions"
+ context="G"
+ type="boolean"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+ <description>
+ <para>This boolean parameter controls whether Samba
+ implments the CIFS UNIX extensions, as defined by HP.
+ These extensions enable Samba to better serve UNIX CIFS clients
+ by supporting features such as symbolic links, hard links, etc...
+ These extensions require a similarly enabled client, and are of
+ no current use to Windows clients.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/usespnego.xml b/docs-xml/smbdotconf/protocol/usespnego.xml
new file mode 100644
index 0000000000..8fb559c177
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/usespnego.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="use spnego"
+ context="G"
+ type="boolean"
+ developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This variable controls controls whether samba will try
+ to use Simple and Protected NEGOciation (as specified by rfc2478) with
+ WindowsXP and Windows2000 clients to agree upon an authentication mechanism.
+</para>
+
+<para>
+ Unless further issues are discovered with our SPNEGO
+ implementation, there is no reason this should ever be
+ disabled.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/writeraw.xml b/docs-xml/smbdotconf/protocol/writeraw.xml
new file mode 100644
index 0000000000..f299fa8483
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/writeraw.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="write raw"
+ context="G"
+ type="boolean"
+ developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter controls whether or not the server
+ will support raw write SMB's when transferring data from clients.
+ You should never need to change this parameter.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>