diff options
Diffstat (limited to 'docs/docbook/smbdotconf/smb.conf.5.xml')
-rw-r--r-- | docs/docbook/smbdotconf/smb.conf.5.xml | 685 |
1 files changed, 0 insertions, 685 deletions
diff --git a/docs/docbook/smbdotconf/smb.conf.5.xml b/docs/docbook/smbdotconf/smb.conf.5.xml deleted file mode 100644 index edb94573df..0000000000 --- a/docs/docbook/smbdotconf/smb.conf.5.xml +++ /dev/null @@ -1,685 +0,0 @@ -<?xml version="1.0" encoding="iso8859-1"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" - "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ - -<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; -]> -<refentry id="smb.conf.5"> - -<refmeta> - <refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum> -</refmeta> - - -<refnamediv> - <refname>smb.conf</refname> - <refpurpose>The configuration file for the Samba suite</refpurpose> -</refnamediv> - -<refsect1> - <title>SYNOPSIS</title> - - <para>The <filename moreinfo="none">smb.conf</filename> file is a configuration - file for the Samba suite. <filename moreinfo="none">smb.conf</filename> contains - runtime configuration information for the Samba programs. The <filename moreinfo="none">smb.conf</filename> file - is designed to be configured and administered by the <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> program. The complete - description of the file format and possible parameters held within - are here for reference purposes.</para> </refsect1> - -<refsect1> - <title id="FILEFORMATSECT">FILE FORMAT</title> - - <para>The file consists of sections and parameters. A section - begins with the name of the section in square brackets and continues - until the next section begins. Sections contain parameters of the - form</para> - - <para><replaceable>name</replaceable> = <replaceable>value - </replaceable></para> - - <para>The file is line-based - that is, each newline-terminated - line represents either a comment, a section name or a parameter.</para> - - <para>Section and parameter names are not case sensitive.</para> - - <para>Only the first equals sign in a parameter is significant. - Whitespace before or after the first equals sign is discarded. - Leading, trailing and internal whitespace in section and parameter - names is irrelevant. Leading and trailing whitespace in a parameter - value is discarded. Internal whitespace within a parameter value - is retained verbatim.</para> - - <para>Any line beginning with a semicolon (';') or a hash ('#') - character is ignored, as are lines containing only whitespace.</para> - - <para>Any line ending in a '\' is continued - on the next line in the customary UNIX fashion.</para> - - <para>The values following the equals sign in parameters are all - either a string (no quotes needed) or a boolean, which may be given - as yes/no, 0/1 or true/false. Case is not significant in boolean - values, but is preserved in string values. Some items such as - create modes are numeric.</para> -</refsect1> - -<refsect1> - <title>SECTION DESCRIPTIONS</title> - - <para>Each section in the configuration file (except for the - [global] section) describes a shared resource (known - as a "share"). The section name is the name of the - shared resource and the parameters within the section define - the shares attributes.</para> - - <para>There are three special sections, [global], - [homes] and [printers], which are - described under <emphasis>special sections</emphasis>. The - following notes apply to ordinary section descriptions.</para> - - <para>A share consists of a directory to which access is being - given plus a description of the access rights which are granted - to the user of the service. Some housekeeping options are - also specifiable.</para> - - <para>Sections are either file share services (used by the - client as an extension of their native file systems) or - printable services (used by the client to access print services - on the host running the server).</para> - - <para>Sections may be designated <emphasis>guest</emphasis> services, - in which case no password is required to access them. A specified - UNIX <emphasis>guest account</emphasis> is used to define access - privileges in this case.</para> - - <para>Sections other than guest services will require a password - to access them. The client provides the username. As older clients - only provide passwords and not usernames, you may specify a list - of usernames to check against the password using the "user =" - option in the share definition. For modern clients such as - Windows 95/98/ME/NT/2000, this should not be necessary.</para> - - <para>Note that the access rights granted by the server are - masked by the access rights granted to the specified or guest - UNIX user by the host system. The server does not grant more - access than the host system grants.</para> - - <para>The following sample section defines a file space share. - The user has write access to the path <filename moreinfo="none">/home/bar</filename>. - The share is accessed via the share name "foo":</para> - -<screen format="linespecific"> -<computeroutput moreinfo="none"> -[foo] - path = /home/bar - read only = no -</computeroutput> -</screen> - - <para>The following sample section defines a printable share. - The share is readonly, but printable. That is, the only write - access permitted is via calls to open, write to and close a - spool file. The <emphasis>guest ok</emphasis> parameter means - access will be permitted as the default guest user (specified - elsewhere):</para> - -<screen format="linespecific"> -<computeroutput moreinfo="none"> -[aprinter] - path = /usr/spool/public - read only = yes - printable = yes - guest ok = yes -</computeroutput> -</screen> -</refsect1> - -<refsect1> - <title>SPECIAL SECTIONS</title> - - <refsect2> - <title>The [global] section</title> - - <para>parameters in this section apply to the server - as a whole, or are defaults for sections which do not - specifically define certain items. See the notes - under PARAMETERS for more information.</para> - </refsect2> - - <refsect2> - <title id="HOMESECT">The [homes] section</title> - - <para>If a section called homes is included in the - configuration file, services connecting clients to their - home directories can be created on the fly by the server.</para> - - <para>When the connection request is made, the existing - sections are scanned. If a match is found, it is used. If no - match is found, the requested section name is treated as a - user name and looked up in the local password file. If the - name exists and the correct password has been given, a share is - created by cloning the [homes] section.</para> - - <para>Some modifications are then made to the newly - created share:</para> - - <itemizedlist> - <listitem><para>The share name is changed from homes to - the located username.</para></listitem> - - <listitem><para>If no path was given, the path is set to - the user's home directory.</para></listitem> - </itemizedlist> - - <para>If you decide to use a <emphasis>path =</emphasis> line - in your [homes] section then you may find it useful - to use the %S macro. For example :</para> - - <para><userinput moreinfo="none">path = /data/pchome/%S</userinput></para> - - <para>would be useful if you have different home directories - for your PCs than for UNIX access.</para> - - <para>This is a fast and simple way to give a large number - of clients access to their home directories with a minimum - of fuss.</para> - - <para>A similar process occurs if the requested section - name is "homes", except that the share name is not - changed to that of the requesting user. This method of using - the [homes] section works well if different users share - a client PC.</para> - - <para>The [homes] section can specify all the parameters - a normal service section can specify, though some make more sense - than others. The following is a typical and suitable [homes] - section:</para> - -<screen format="linespecific"> -<computeroutput moreinfo="none"> -[homes] - read only = no -</computeroutput> -</screen> - - <para>An important point is that if guest access is specified - in the [homes] section, all home directories will be - visible to all clients <emphasis>without a password</emphasis>. - In the very unlikely event that this is actually desirable, it - would be wise to also specify <emphasis>read only - access</emphasis>.</para> - - <para>Note that the <emphasis>browseable</emphasis> flag for - auto home directories will be inherited from the global browseable - flag, not the [homes] browseable flag. This is useful as - it means setting <emphasis>browseable = no</emphasis> in - the [homes] section will hide the [homes] share but make - any auto home directories visible.</para> - </refsect2> - - <refsect2> - <title id="PRINTERSSECT">The [printers] section</title> - - <para>This section works like [homes], - but for printers.</para> - - <para>If a [printers] section occurs in the - configuration file, users are able to connect to any printer - specified in the local host's printcap file.</para> - - <para>When a connection request is made, the existing sections - are scanned. If a match is found, it is used. If no match is found, - but a [homes] section exists, it is used as described - above. Otherwise, the requested section name is treated as a - printer name and the appropriate printcap file is scanned to see - if the requested section name is a valid printer share name. If - a match is found, a new printer share is created by cloning - the [printers] section.</para> - - <para>A few modifications are then made to the newly created - share:</para> - - <itemizedlist> - <listitem><para>The share name is set to the located printer - name</para></listitem> - - <listitem><para>If no printer name was given, the printer name - is set to the located printer name</para></listitem> - - <listitem><para>If the share does not permit guest access and - no username was given, the username is set to the located - printer name.</para></listitem> - </itemizedlist> - - <para>Note that the [printers] service MUST be - printable - if you specify otherwise, the server will refuse - to load the configuration file.</para> - - <para>Typically the path specified would be that of a - world-writeable spool directory with the sticky bit set on - it. A typical [printers] entry would look like - this:</para> - -<screen format="linespecific"><computeroutput moreinfo="none"> -[printers] - path = /usr/spool/public - guest ok = yes - printable = yes -</computeroutput></screen> - - <para>All aliases given for a printer in the printcap file - are legitimate printer names as far as the server is concerned. - If your printing subsystem doesn't work like that, you will have - to set up a pseudo-printcap. This is a file consisting of one or - more lines like this:</para> - -<screen format="linespecific"> -<computeroutput moreinfo="none"> -alias|alias|alias|alias... -</computeroutput> -</screen> - - <para>Each alias should be an acceptable printer name for - your printing subsystem. In the [global] section, specify - the new file as your printcap. The server will then only recognize - names found in your pseudo-printcap, which of course can contain - whatever aliases you like. The same technique could be used - simply to limit access to a subset of your local printers.</para> - - <para>An alias, by the way, is defined as any component of the - first entry of a printcap record. Records are separated by newlines, - components (if there are more than one) are separated by vertical - bar symbols ('|').</para> - - <note><para>On SYSV systems which use lpstat to determine what - printers are defined on the system you may be able to use - "printcap name = lpstat" to automatically obtain a list - of printers. See the "printcap name" option - for more details.</para></note> - </refsect2> -</refsect1> - -<refsect1> - <title>PARAMETERS</title> - - <para>parameters define the specific attributes of sections.</para> - - <para>Some parameters are specific to the [global] section - (e.g., <emphasis>security</emphasis>). Some parameters are usable - in all sections (e.g., <emphasis>create mode</emphasis>). All others - are permissible only in normal sections. For the purposes of the - following descriptions the [homes] and [printers] - sections will be considered normal. The letter <emphasis>G</emphasis> - in parentheses indicates that a parameter is specific to the - [global] section. The letter <emphasis>S</emphasis> - indicates that a parameter can be specified in a service specific - section. Note that all <emphasis>S</emphasis> parameters can also be specified in - the [global] section - in which case they will define - the default behavior for all services.</para> - - <para>parameters are arranged here in alphabetical order - this may - not create best bedfellows, but at least you can find them! Where - there are synonyms, the preferred synonym is described, others refer - to the preferred synonym.</para> -</refsect1> - -<refsect1> - <title>VARIABLE SUBSTITUTIONS</title> - - <para>Many of the strings that are settable in the config file - can take substitutions. For example the option "path = - /tmp/%u" would be interpreted as "path = - /tmp/john" if the user connected with the username john.</para> - - <para>These substitutions are mostly noted in the descriptions below, - but there are some general substitutions which apply whenever they - might be relevant. These are:</para> - - <variablelist> - <varlistentry> - <term>%U</term> - <listitem><para>session user name (the user name that the client - wanted, not necessarily the same as the one they got).</para></listitem> - </varlistentry> - - <varlistentry> - <term>%G</term> - <listitem><para>primary group name of %U.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%h</term> - <listitem><para>the Internet hostname that Samba is running - on.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%m</term> - <listitem><para>the NetBIOS name of the client machine - (very useful).</para></listitem> - </varlistentry> - - <varlistentry> - <term>%L</term> - <listitem><para>the NetBIOS name of the server. This allows you - to change your config based on what the client calls you. Your - server can have a "dual personality".</para> - - <para>Note that this parameter is not available when Samba listens - on port 445, as clients no longer send this information </para> - </listitem> - - </varlistentry> - - <varlistentry> - <term>%M</term> - <listitem><para>the Internet name of the client machine. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>%R</term> - <listitem><para>the selected protocol level after - protocol negotiation. It can be one of CORE, COREPLUS, - LANMAN1, LANMAN2 or NT1.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%d</term> - <listitem><para>The process id of the current server - process.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%a</term> - <listitem><para>the architecture of the remote - machine. Only some are recognized, and those may not be - 100% reliable. It currently recognizes Samba, WfWg, Win95, - WinNT and Win2k. Anything else will be known as - "UNKNOWN". If it gets it wrong then sending a level - 3 log to <ulink url="mailto:samba@samba.org">samba@samba.org - </ulink> should allow it to be fixed.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%I</term> - <listitem><para>The IP address of the client machine.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%T</term> - <listitem><para>the current date and time.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%D</term> - <listitem><para>Name of the domain or workgroup of the current user.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%$(<replaceable>envvar</replaceable>)</term> - <listitem><para>The value of the environment variable - <replaceable>envar</replaceable>.</para></listitem> - </varlistentry> - </variablelist> - - <para>The following substitutes apply only to some configuration options(only those - that are used when a connection has been established):</para> - - <variablelist> - <varlistentry> - <term>%S</term> - <listitem><para>the name of the current service, if any.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%P</term> - <listitem><para>the root directory of the current service, - if any.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%u</term> - <listitem><para>user name of the current service, if any.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%g</term> - <listitem><para>primary group name of %u.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%H</term> - <listitem><para>the home directory of the user given - by %u.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%N</term> - <listitem><para>the name of your NIS home directory server. - This is obtained from your NIS auto.map entry. If you have - not compiled Samba with the <emphasis>--with-automount</emphasis> - option then this value will be the same as %L.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%p</term> - <listitem><para>the path of the service's home directory, - obtained from your NIS auto.map entry. The NIS auto.map entry - is split up as "%N:%p".</para></listitem> - </varlistentry> - </variablelist> - - <para>There are some quite creative things that can be done - with these substitutions and other smb.conf options.</para> -</refsect1> - -<refsect1> - <title id="NAMEMANGLINGSECT">NAME MANGLING</title> - - <para>Samba supports "name mangling" so that DOS and - Windows clients can use files that don't conform to the 8.3 format. - It can also be set to adjust the case of 8.3 format filenames.</para> - - <para>There are several options that control the way mangling is - performed, and they are grouped here rather than listed separately. - For the defaults look at the output of the testparm program. </para> - - <para>All of these options can be set separately for each service - (or globally, of course). </para> - - <para>The options are: </para> - - <variablelist> - - <varlistentry> - <term>mangle case = yes/no</term> - <listitem><para> controls if names that have characters that - aren't of the "default" case are mangled. For example, - if this is yes then a name like "Mail" would be mangled. - Default <emphasis>no</emphasis>.</para></listitem> - </varlistentry> - - <varlistentry> - <term>case sensitive = yes/no</term> - <listitem><para>controls whether filenames are case sensitive. If - they aren't then Samba must do a filename search and match on passed - names. Default <emphasis>no</emphasis>.</para></listitem> - </varlistentry> - - <varlistentry> - <term>default case = upper/lower</term> - <listitem><para>controls what the default case is for new - filenames. Default <emphasis>lower</emphasis>.</para></listitem> - </varlistentry> - - <varlistentry> - <term>preserve case = yes/no</term> - <listitem><para>controls if new files are created with the - case that the client passes, or if they are forced to be the - "default" case. Default <emphasis>yes</emphasis>. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>short preserve case = yes/no</term> - <listitem><para>controls if new files which conform to 8.3 syntax, - that is all in upper case and of suitable length, are created - upper case, or if they are forced to be the "default" - case. This option can be use with "preserve case = yes" - to permit long filenames to retain their case, while short names - are lowercased. Default <emphasis>yes</emphasis>.</para></listitem> - </varlistentry> - </variablelist> - - <para>By default, Samba 3.0 has the same semantics as a Windows - NT server, in that it is case insensitive but case preserving.</para> - -</refsect1> - -<refsect1> - <title id="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</title> - - <para>There are a number of ways in which a user can connect - to a service. The server uses the following steps in determining - if it will allow a connection to a specified service. If all the - steps fail, then the connection request is rejected. However, if one of the - steps succeeds, then the following steps are not checked.</para> - - <para>If the service is marked "guest only = yes" and the - server is running with share-level security ("security = share") - then steps 1 to 5 are skipped.</para> - - - <orderedlist continuation="restarts" inheritnum="ignore" numeration="arabic"> - <listitem><para>If the client has passed a username/password - pair and that username/password pair is validated by the UNIX - system's password programs then the connection is made as that - username. Note that this includes the - \\server\service%<replaceable>username</replaceable> method of passing - a username.</para></listitem> - - <listitem><para>If the client has previously registered a username - with the system and now supplies a correct password for that - username then the connection is allowed.</para></listitem> - - <listitem><para>The client's NetBIOS name and any previously - used user names are checked against the supplied password, if - they match then the connection is allowed as the corresponding - user.</para></listitem> - - <listitem><para>If the client has previously validated a - username/password pair with the server and the client has passed - the validation token then that username is used. </para></listitem> - - <listitem><para>If a "user = " field is given in the - <filename moreinfo="none">smb.conf</filename> file for the service and the client - has supplied a password, and that password matches (according to - the UNIX system's password checking) with one of the usernames - from the "user =" field then the connection is made as - the username in the "user =" line. If one - of the username in the "user =" list begins with a - '@' then that name expands to a list of names in - the group of the same name.</para></listitem> - - <listitem><para>If the service is a guest service then a - connection is made as the username given in the "guest - account =" for the service, irrespective of the - supplied password.</para></listitem> - </orderedlist> - -</refsect1> - -<refsect1> - <title>COMPLETE LIST OF GLOBAL PARAMETERS</title> - - <para>Here is a list of all global parameters. See the section of - each parameter for details. Note that some are synonyms.</para> - - <xi:include href="parameters.global.xml" parse="xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - -</refsect1> - -<refsect1> - <title>COMPLETE LIST OF SERVICE PARAMETERS</title> - - <para>Here is a list of all service parameters. See the section on - each parameter for details. Note that some are synonyms.</para> - - <xi:include href="parameters.service.xml" parse="xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - -</refsect1> - -<refsect1> - <title>EXPLANATION OF EACH PARAMETER</title> - - <xi:include href="parameters.all.xml" parse="xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - -</refsect1> - -<refsect1> - <title>WARNINGS</title> - - <para>Although the configuration file permits service names - to contain spaces, your client software may not. Spaces will - be ignored in comparisons anyway, so it shouldn't be a - problem - but be aware of the possibility.</para> - - <para>On a similar note, many clients - especially DOS clients - - limit service names to eight characters. <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has no such limitation, but attempts to connect from such - clients will fail if they truncate the service names. For this reason - you should probably keep your service names down to eight characters - in length.</para> - - <para>Use of the [homes] and [printers] special sections make life - for an administrator easy, but the various combinations of default - attributes can be tricky. Take extreme care when designing these - sections. In particular, ensure that the permissions on spool - directories are correct.</para> -</refsect1> - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3.0 of the Samba suite.</para> -</refsect1> - -<refsect1> - <title>SEE ALSO</title> - <para> - <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmblookup</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>.</para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - - <para>The original Samba man pages were written by Karl Auer. - The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> - ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 - release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> -</refsect1> - -</refentry> |