summaryrefslogtreecommitdiff
path: root/docs/htmldocs/smb.conf.5.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/htmldocs/smb.conf.5.html')
-rw-r--r--docs/htmldocs/smb.conf.5.html1483
1 files changed, 603 insertions, 880 deletions
diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html
index 14820cb623..c6050a8762 100644
--- a/docs/htmldocs/smb.conf.5.html
+++ b/docs/htmldocs/smb.conf.5.html
@@ -1,11 +1,12 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<HTML
><HEAD
><TITLE
>smb.conf</TITLE
><META
NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@@ -124,12 +125,9 @@ NAME="AEN28"
><P
>There are three special sections, [global],
[homes] and [printers], which are
- described under <SPAN
-CLASS="emphasis"
-><I
+ described under <I
CLASS="EMPHASIS"
>special sections</I
-></SPAN
>. The
following notes apply to ordinary section descriptions.</P
><P
@@ -143,20 +141,14 @@ CLASS="EMPHASIS"
printable services (used by the client to access print services
on the host running the server).</P
><P
->Sections may be designated <SPAN
-CLASS="emphasis"
-><I
+>Sections may be designated <I
CLASS="EMPHASIS"
>guest</I
-></SPAN
> services,
in which case no password is required to access them. A specified
- UNIX <SPAN
-CLASS="emphasis"
-><I
+ UNIX <I
CLASS="EMPHASIS"
>guest account</I
-></SPAN
> is used to define access
privileges in this case.</P
><P
@@ -178,6 +170,12 @@ CLASS="FILENAME"
>/home/bar</TT
>.
The share is accessed via the share name "foo":</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
><PRE
CLASS="SCREEN"
> <TT
@@ -188,19 +186,25 @@ CLASS="COMPUTEROUTPUT"
</TT
>
</PRE
+></TD
+></TR
+></TABLE
><P
>The following sample section defines a printable share.
The share is readonly, but printable. That is, the only write
access permitted is via calls to open, write to and close a
- spool file. The <SPAN
-CLASS="emphasis"
-><I
+ spool file. The <I
CLASS="EMPHASIS"
>guest ok</I
-></SPAN
> parameter means
access will be permitted as the default guest user (specified
elsewhere):</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
><PRE
CLASS="SCREEN"
> <TT
@@ -213,6 +217,9 @@ CLASS="COMPUTEROUTPUT"
</TT
>
</PRE
+></TD
+></TR
+></TABLE
></DIV
><DIV
CLASS="REFSECT1"
@@ -270,12 +277,9 @@ NAME="AEN53"
></LI
></UL
><P
->If you decide to use a <SPAN
-CLASS="emphasis"
-><I
+>If you decide to use a <I
CLASS="EMPHASIS"
>path =</I
-></SPAN
> line
in your [homes] section then you may find it useful
to use the %S macro. For example :</P
@@ -304,6 +308,12 @@ CLASS="USERINPUT"
a normal service section can specify, though some make more sense
than others. The following is a typical and suitable [homes]
section:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
><PRE
CLASS="SCREEN"
> <TT
@@ -313,41 +323,32 @@ CLASS="COMPUTEROUTPUT"
</TT
>
</PRE
+></TD
+></TR
+></TABLE
><P
>An important point is that if guest access is specified
in the [homes] section, all home directories will be
- visible to all clients <SPAN
-CLASS="emphasis"
-><I
+ visible to all clients <I
CLASS="EMPHASIS"
>without a password</I
-></SPAN
>.
In the very unlikely event that this is actually desirable, it
- would be wise to also specify <SPAN
-CLASS="emphasis"
-><I
+ would be wise to also specify <I
CLASS="EMPHASIS"
>read only
access</I
-></SPAN
>.</P
><P
->Note that the <SPAN
-CLASS="emphasis"
-><I
+>Note that the <I
CLASS="EMPHASIS"
>browseable</I
-></SPAN
> flag for
auto home directories will be inherited from the global browseable
flag, not the [homes] browseable flag. This is useful as
- it means setting <SPAN
-CLASS="emphasis"
-><I
+ it means setting <I
CLASS="EMPHASIS"
>browseable = no</I
-></SPAN
> in
the [homes] section will hide the [homes] share but make
any auto home directories visible.</P
@@ -407,6 +408,12 @@ NAME="AEN79"
world-writeable spool directory with the sticky bit set on
it. A typical [printers] entry would look like
this:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
><PRE
CLASS="SCREEN"
><TT
@@ -417,12 +424,21 @@ CLASS="COMPUTEROUTPUT"
printable = yes
</TT
></PRE
+></TD
+></TR
+></TABLE
><P
>All aliases given for a printer in the printcap file
are legitimate printer names as far as the server is concerned.
If your printing subsystem doesn't work like that, you will have
to set up a pseudo-printcap. This is a file consisting of one or
more lines like this:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
><PRE
CLASS="SCREEN"
> <TT
@@ -431,6 +447,9 @@ CLASS="COMPUTEROUTPUT"
</TT
>
</PRE
+></TD
+></TR
+></TABLE
><P
>Each alias should be an acceptable printer name for
your printing subsystem. In the [global] section, specify
@@ -462,44 +481,29 @@ NAME="AEN102"
>parameters define the specific attributes of sections.</P
><P
>Some parameters are specific to the [global] section
- (e.g., <SPAN
-CLASS="emphasis"
-><I
+ (e.g., <I
CLASS="EMPHASIS"
>security</I
-></SPAN
>). Some parameters are usable
- in all sections (e.g., <SPAN
-CLASS="emphasis"
-><I
+ in all sections (e.g., <I
CLASS="EMPHASIS"
>create mode</I
-></SPAN
>). All others
are permissible only in normal sections. For the purposes of the
following descriptions the [homes] and [printers]
- sections will be considered normal. The letter <SPAN
-CLASS="emphasis"
-><I
+ sections will be considered normal. The letter <I
CLASS="EMPHASIS"
>G</I
-></SPAN
>
in parentheses indicates that a parameter is specific to the
- [global] section. The letter <SPAN
-CLASS="emphasis"
-><I
+ [global] section. The letter <I
CLASS="EMPHASIS"
>S</I
-></SPAN
>
indicates that a parameter can be specified in a service specific
- section. Note that all <SPAN
-CLASS="emphasis"
-><I
+ section. Note that all <I
CLASS="EMPHASIS"
>S</I
-></SPAN
> parameters can also be specified in
the [global] section - in which case they will define
the default behavior for all services.</P
@@ -531,31 +535,6 @@ NAME="AEN112"
CLASS="VARIABLELIST"
><DL
><DT
->%S</DT
-><DD
-><P
->the name of the current service, if any.</P
-></DD
-><DT
->%P</DT
-><DD
-><P
->the root directory of the current service,
- if any.</P
-></DD
-><DT
->%u</DT
-><DD
-><P
->user name of the current service, if any.</P
-></DD
-><DT
->%g</DT
-><DD
-><P
->primary group name of %u.</P
-></DD
-><DT
>%U</DT
><DD
><P
@@ -569,19 +548,6 @@ CLASS="VARIABLELIST"
>primary group name of %U.</P
></DD
><DT
->%H</DT
-><DD
-><P
->the home directory of the user given
- by %u.</P
-></DD
-><DT
->%v</DT
-><DD
-><P
->the Samba version.</P
-></DD
-><DT
>%h</DT
><DD
><P
@@ -614,29 +580,6 @@ CLASS="VARIABLELIST"
</P
></DD
><DT
->%N</DT
-><DD
-><P
->the name of your NIS home directory server.
- This is obtained from your NIS auto.map entry. If you have
- not compiled Samba with the <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->--with-automount</I
-></SPAN
->
- option then this value will be the same as %L.</P
-></DD
-><DT
->%p</DT
-><DD
-><P
->the path of the service's home directory,
- obtained from your NIS auto.map entry. The NIS auto.map entry
- is split up as "%N:%p".</P
-></DD
-><DT
>%R</DT
><DD
><P
@@ -680,6 +623,12 @@ TARGET="_top"
>the current date and time.</P
></DD
><DT
+>%D</DT
+><DD
+><P
+>Name of the domain or workgroup of the current user.</P
+></DD
+><DT
>%$(<TT
CLASS="REPLACEABLE"
><I
@@ -699,13 +648,75 @@ CLASS="REPLACEABLE"
></DL
></DIV
><P
+>The following substitutes apply only to some configuration options(only those
+ that are used when a connection has been established):</P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>%S</DT
+><DD
+><P
+>the name of the current service, if any.</P
+></DD
+><DT
+>%P</DT
+><DD
+><P
+>the root directory of the current service,
+ if any.</P
+></DD
+><DT
+>%u</DT
+><DD
+><P
+>user name of the current service, if any.</P
+></DD
+><DT
+>%g</DT
+><DD
+><P
+>primary group name of %u.</P
+></DD
+><DT
+>%H</DT
+><DD
+><P
+>the home directory of the user given
+ by %u.</P
+></DD
+><DT
+>%N</DT
+><DD
+><P
+>the name of your NIS home directory server.
+ This is obtained from your NIS auto.map entry. If you have
+ not compiled Samba with the <I
+CLASS="EMPHASIS"
+>--with-automount</I
+>
+ option then this value will be the same as %L.</P
+></DD
+><DT
+>%p</DT
+><DD
+><P
+>the path of the service's home directory,
+ obtained from your NIS auto.map entry. The NIS auto.map entry
+ is split up as "%N:%p".</P
+></DD
+></DL
+></DIV
+><P
>There are some quite creative things that can be done
with these substitutions and other smb.conf options.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN203"
+NAME="AEN205"
></A
><H2
>NAME MANGLING</H2
@@ -734,12 +745,9 @@ CLASS="VARIABLELIST"
> controls if names that have characters that
aren't of the "default" case are mangled. For example,
if this is yes then a name like "Mail" would be mangled.
- Default <SPAN
-CLASS="emphasis"
-><I
+ Default <I
CLASS="EMPHASIS"
>no</I
-></SPAN
>.</P
></DD
><DT
@@ -748,12 +756,9 @@ CLASS="EMPHASIS"
><P
>controls whether filenames are case sensitive. If
they aren't then Samba must do a filename search and match on passed
- names. Default <SPAN
-CLASS="emphasis"
-><I
+ names. Default <I
CLASS="EMPHASIS"
>no</I
-></SPAN
>.</P
></DD
><DT
@@ -761,12 +766,9 @@ CLASS="EMPHASIS"
><DD
><P
>controls what the default case is for new
- filenames. Default <SPAN
-CLASS="emphasis"
-><I
+ filenames. Default <I
CLASS="EMPHASIS"
>lower</I
-></SPAN
>.</P
></DD
><DT
@@ -775,12 +777,9 @@ CLASS="EMPHASIS"
><P
>controls if new files are created with the
case that the client passes, or if they are forced to be the
- "default" case. Default <SPAN
-CLASS="emphasis"
-><I
+ "default" case. Default <I
CLASS="EMPHASIS"
>yes</I
-></SPAN
>.
</P
></DD
@@ -793,24 +792,21 @@ CLASS="EMPHASIS"
upper case, or if they are forced to be the "default"
case. This option can be use with "preserve case = yes"
to permit long filenames to retain their case, while short names
- are lowercased. Default <SPAN
-CLASS="emphasis"
-><I
+ are lowercased. Default <I
CLASS="EMPHASIS"
>yes</I
-></SPAN
>.</P
></DD
></DL
></DIV
><P
->By default, Samba 2.2 has the same semantics as a Windows
+>By default, Samba 3.0 has the same semantics as a Windows
NT server, in that it is case insensitive but case preserving.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN236"
+NAME="AEN238"
></A
><H2
>NOTE ABOUT USERNAME/PASSWORD VALIDATION</H2
@@ -888,7 +884,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN255"
+NAME="AEN257"
></A
><H2
>COMPLETE LIST OF GLOBAL PARAMETERS</H2
@@ -1669,6 +1665,18 @@ CLASS="PARAMETER"
><LI
><P
><A
+HREF="#LDAPTRUSTIDS"
+><TT
+CLASS="PARAMETER"
+><I
+>ldap trust ids</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
HREF="#LMANNOUNCE"
><TT
CLASS="PARAMETER"
@@ -3147,7 +3155,7 @@ CLASS="PARAMETER"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN1007"
+NAME="AEN1013"
></A
><H2
>COMPLETE LIST OF SERVICE PARAMETERS</H2
@@ -3988,6 +3996,18 @@ CLASS="PARAMETER"
><LI
><P
><A
+HREF="#MSDFSPROXY"
+><TT
+CLASS="PARAMETER"
+><I
+>msdfs proxy</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
HREF="#MSDFSROOT"
><TT
CLASS="PARAMETER"
@@ -4650,7 +4670,7 @@ CLASS="PARAMETER"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN1507"
+NAME="AEN1517"
></A
><H2
>EXPLANATION OF EACH PARAMETER</H2
@@ -4666,12 +4686,9 @@ NAME="ABORTSHUTDOWNSCRIPT"
>abort shutdown script (G)</DT
><DD
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>This parameter only exists in the HEAD cvs branch</I
-></SPAN
>
This a full path name to a script called by
<A
@@ -4694,12 +4711,9 @@ CLASS="PARAMETER"
><P
>This command will be run as user.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>None</I
-></SPAN
>.</P
><P
>Example: <B
@@ -4866,12 +4880,9 @@ CLASS="PARAMETER"
></A
></P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>none</I
-></SPAN
></P
><P
>Example: <B
@@ -5010,12 +5021,9 @@ CLASS="PARAMETER"
>.
</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>none</I
-></SPAN
></P
><P
>Example: <B
@@ -5044,7 +5052,7 @@ TARGET="_top"
><P
>Default: <B
CLASS="COMMAND"
->add machine script = &lt;empty string&gt;
+>add machine script = &#60;empty string&#62;
</B
></P
><P
@@ -5084,12 +5092,9 @@ NAME="ADDUSERSCRIPT"
><DD
><P
>This is the full pathname to a script that will
- be run <SPAN
-CLASS="emphasis"
-><I
+ be run <I
CLASS="EMPHASIS"
>AS ROOT</I
-></SPAN
> by <A
HREF="smbd.8.html"
TARGET="_top"
@@ -5106,12 +5111,9 @@ HREF="smbd.8.html"
TARGET="_top"
>smbd</A
> to create the required UNIX users
- <SPAN
-CLASS="emphasis"
-><I
+ <I
CLASS="EMPHASIS"
>ON DEMAND</I
-></SPAN
> when a user accesses the Samba server.</P
><P
>In order to use this option, <A
@@ -5119,12 +5121,9 @@ HREF="smbd.8.html"
TARGET="_top"
>smbd</A
>
- must <SPAN
-CLASS="emphasis"
-><I
+ must <I
CLASS="EMPHASIS"
>NOT</I
-></SPAN
> be set to <TT
CLASS="PARAMETER"
><I
@@ -5173,12 +5172,9 @@ CLASS="PARAMETER"
CLASS="COMMAND"
>smbd</B
> will
- call the specified script <SPAN
-CLASS="emphasis"
-><I
+ call the specified script <I
CLASS="EMPHASIS"
>AS ROOT</I
-></SPAN
>, expanding
any <TT
CLASS="PARAMETER"
@@ -5225,7 +5221,7 @@ CLASS="PARAMETER"
><P
>Default: <B
CLASS="COMMAND"
->add user script = &lt;empty string&gt;
+>add user script = &#60;empty string&#62;
</B
></P
><P
@@ -5243,12 +5239,9 @@ NAME="ADDGROUPSCRIPT"
><DD
><P
>This is the full pathname to a script that will
- be run <SPAN
-CLASS="emphasis"
-><I
+ be run <I
CLASS="EMPHASIS"
>AS ROOT</I
-></SPAN
> by <A
HREF="smbd.8.html"
TARGET="_top"
@@ -5284,12 +5277,9 @@ NAME="ADMINUSERS"
this list will be able to do anything they like on the share,
irrespective of file permissions.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no admin users</I
-></SPAN
></P
><P
>Example: <B
@@ -5311,12 +5301,9 @@ HREF="smbd.8.html"
TARGET="_top"
>smbd(8)</A
>
- <SPAN
-CLASS="emphasis"
-><I
+ <I
CLASS="EMPHASIS"
>AS ROOT</I
-></SPAN
>. Any <TT
CLASS="PARAMETER"
><I
@@ -5482,12 +5469,12 @@ NAME="ANNOUNCEVERSION"
><P
>This specifies the major and minor version numbers
that nmbd will use when announcing itself as a server. The default
- is 4.2. Do not change this parameter unless you have a specific
+ is 4.9. Do not change this parameter unless you have a specific
need to set a Samba server to be a downlevel server.</P
><P
>Default: <B
CLASS="COMMAND"
->announce version = 4.5</B
+>announce version = 4.9</B
></P
><P
>Example: <B
@@ -5541,7 +5528,7 @@ CLASS="PARAMETER"
><P
>Default: <B
CLASS="COMMAND"
->auth methods = &lt;empty string&gt;</B
+>auth methods = &#60;empty string&#62;</B
></P
><P
>Example: <B
@@ -5562,12 +5549,9 @@ CLASS="PARAMETER"
><I
>available = no</I
></TT
->, then <SPAN
-CLASS="emphasis"
-><I
+>, then <I
CLASS="EMPHASIS"
>ALL</I
-></SPAN
>
attempts to connect to the service will fail. Such failures are
logged.</P
@@ -5585,7 +5569,7 @@ NAME="BINDINTERFACESONLY"
><DD
><P
>This global parameter allows the Samba admin
- to limit what interfaces on a machine will serve SMB requests. If
+ to limit what interfaces on a machine will serve SMB requests. It
affects file service <A
HREF="smbd.8.html"
TARGET="_top"
@@ -5645,7 +5629,7 @@ CLASS="PARAMETER"
>interfaces</I
></TT
> list. IP Source address spoofing
- does defeat this simple check, however so it must not be used
+ does defeat this simple check, however, so it must not be used
seriously as a security feature for <B
CLASS="COMMAND"
>nmbd</B
@@ -5674,12 +5658,9 @@ CLASS="PARAMETER"
>bind interfaces only</I
></TT
> is set then
- unless the network address <SPAN
-CLASS="emphasis"
-><I
+ unless the network address <I
CLASS="EMPHASIS"
>127.0.0.1</I
-></SPAN
> is added
to the <TT
CLASS="PARAMETER"
@@ -5708,12 +5689,9 @@ CLASS="COMMAND"
CLASS="COMMAND"
>smbpasswd</B
>
- by default connects to the <SPAN
-CLASS="emphasis"
-><I
+ by default connects to the <I
CLASS="EMPHASIS"
>localhost - 127.0.0.1</I
-></SPAN
>
address as an SMB client to issue the password change request. If
<TT
@@ -5722,12 +5700,9 @@ CLASS="PARAMETER"
>bind interfaces only</I
></TT
> is set then unless the
- network address <SPAN
-CLASS="emphasis"
-><I
+ network address <I
CLASS="EMPHASIS"
>127.0.0.1</I
-></SPAN
> is added to the
<TT
CLASS="PARAMETER"
@@ -5776,19 +5751,13 @@ CLASS="COMMAND"
CLASS="COMMAND"
>nmbd</B
> at the address
- <SPAN
-CLASS="emphasis"
-><I
+ <I
CLASS="EMPHASIS"
>127.0.0.1</I
-></SPAN
> to determine if they are running.
- Not adding <SPAN
-CLASS="emphasis"
-><I
+ Not adding <I
CLASS="EMPHASIS"
>127.0.0.1</I
-></SPAN
> will cause <B
CLASS="COMMAND"
> smbd</B
@@ -5829,7 +5798,7 @@ TARGET="_top"
request has a time limit associated with it.</P
><P
>If this parameter is set and the lock range requested
- cannot be immediately satisfied, Samba 2.2 will internally
+ cannot be immediately satisfied, samba will internally
queue the lock request, and periodically attempt to obtain
the lock until the timeout period expires.</P
><P
@@ -5837,7 +5806,7 @@ TARGET="_top"
CLASS="CONSTANT"
>no</TT
>, then
- Samba 2.2 will behave as previous versions of Samba would and
+ samba will behave as previous versions of Samba would and
will fail the lock request immediately if the lock range
cannot be obtained.</P
><P
@@ -5953,7 +5922,7 @@ NAME="CASESENSITIVE"
><DD
><P
>See the discussion in the section <A
-HREF="#AEN203"
+HREF="#AEN205"
>NAME MANGLING</A
>.</P
><P
@@ -6134,12 +6103,9 @@ CLASS="PARAMETER"
>.
</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>none</I
-></SPAN
></P
><P
>Example: <B
@@ -6173,12 +6139,9 @@ CLASS="PARAMETER"
></A
> parameter.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>No comment string</I
-></SPAN
></P
><P
>Example: <B
@@ -6235,12 +6198,9 @@ NAME="COPY"
copied must occur earlier in the configuration file than the
service doing the copying.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no value</I
-></SPAN
></P
><P
>Example: <B
@@ -6271,12 +6231,9 @@ CLASS="PARAMETER"
calculated according to the mapping from DOS modes to UNIX
permissions, and the resulting UNIX mode is then bit-wise 'AND'ed
with this parameter. This parameter may be thought of as a bit-wise
- MASK for the UNIX modes of a file. Any bit <SPAN
-CLASS="emphasis"
-><I
+ MASK for the UNIX modes of a file. Any bit <I
CLASS="EMPHASIS"
>not</I
-></SPAN
>
set here will be removed from the modes set on a file when it is
created.</P
@@ -6383,13 +6340,10 @@ NAME="CSCPOLICY"
>csc policy (S)</DT
><DD
><P
->This stands for <SPAN
-CLASS="emphasis"
-><I
+>This stands for <I
CLASS="EMPHASIS"
>client-side caching
policy</I
-></SPAN
>, and specifies how clients capable of offline
caching will cache the files in the share. The valid values
are: manual, documents, programs, disable.</P
@@ -6516,7 +6470,7 @@ NAME="DEBUGTIMESTAMP"
>debug timestamp (G)</DT
><DD
><P
->Samba 2.2 debug log messages are timestamped
+>Samba debug log messages are timestamped
by default. If you are running at a high <A
HREF="#DEBUGLEVEL"
> <TT
@@ -6604,7 +6558,7 @@ NAME="DEFAULTCASE"
><DD
><P
>See the section on <A
-HREF="#AEN203"
+HREF="#AEN205"
> NAME MANGLING</A
>. Also note the <A
HREF="#SHORTPRESERVECASE"
@@ -6681,12 +6635,9 @@ NAME="DEFAULTSERVICE"
><P
>This parameter specifies the name of a service
which will be connected to if the service actually requested cannot
- be found. Note that the square brackets are <SPAN
-CLASS="emphasis"
-><I
+ be found. Note that the square brackets are <I
CLASS="EMPHASIS"
>NOT</I
-></SPAN
>
given in the parameter value (see example below).</P
><P
@@ -6728,6 +6679,12 @@ CLASS="PARAMETER"
><P
>Example:</P
><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
><PRE
CLASS="PROGRAMLISTING"
>[global]
@@ -6736,6 +6693,9 @@ CLASS="PROGRAMLISTING"
[pub]
path = /%S
</PRE
+></TD
+></TR
+></TABLE
></P
></DD
><DT
@@ -6746,12 +6706,9 @@ NAME="DELETEGROUPSCRIPT"
><DD
><P
>This is the full pathname to a script that will
- be run <SPAN
-CLASS="emphasis"
-><I
+ be run <I
CLASS="EMPHASIS"
>AS ROOT</I
-></SPAN
> by <A
HREF="smbd.8.html"
TARGET="_top"
@@ -6850,12 +6807,9 @@ CLASS="PARAMETER"
></A
></P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>none</I
-></SPAN
></P
><P
>Example: <B
@@ -6991,12 +6945,9 @@ CLASS="PARAMETER"
>.
</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>none</I
-></SPAN
></P
><P
>Example: <B
@@ -7036,7 +6987,7 @@ CLASS="COMMAND"
><P
>Default: <B
CLASS="COMMAND"
->delete user script = &lt;empty string&gt;
+>delete user script = &#60;empty string&#62;
</B
></P
><P
@@ -7060,12 +7011,9 @@ HREF="smbd.8.html"
TARGET="_top"
>smbd(8)</A
>
- <SPAN
-CLASS="emphasis"
-><I
+ <I
CLASS="EMPHASIS"
>AS ROOT</I
-></SPAN
>. Any <TT
CLASS="PARAMETER"
><I
@@ -7205,23 +7153,17 @@ CLASS="FILENAME"
third return value can give the block size in bytes. The default
blocksize is 1024 bytes.</P
><P
->Note: Your script should <SPAN
-CLASS="emphasis"
-><I
+>Note: Your script should <I
CLASS="EMPHASIS"
>NOT</I
-></SPAN
> be setuid or
setgid and should be owned by (and writeable only by) root!</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>By default internal routines for
determining the disk capacity and remaining space will be used.
</I
-></SPAN
></P
><P
>Example: <B
@@ -7232,22 +7174,40 @@ CLASS="COMMAND"
><P
>Where the script dfree (which must be made executable) could be:</P
><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
><PRE
CLASS="PROGRAMLISTING"
>
#!/bin/sh
df $1 | tail -1 | awk '{print $2" "$4}'
</PRE
+></TD
+></TR
+></TABLE
></P
><P
>or perhaps (on Sys V based systems):</P
><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
><PRE
CLASS="PROGRAMLISTING"
>
#!/bin/sh
/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
</PRE
+></TD
+></TR
+></TABLE
></P
><P
>Note that you may have to replace the command names
@@ -7286,12 +7246,9 @@ NAME="DIRECTORYMASK"
calculated according to the mapping from DOS modes to UNIX permissions,
and the resulting UNIX mode is then bit-wise 'AND'ed with this
parameter. This parameter may be thought of as a bit-wise MASK for
- the UNIX modes of a directory. Any bit <SPAN
-CLASS="emphasis"
-><I
+ the UNIX modes of a directory. Any bit <I
CLASS="EMPHASIS"
>not</I
-></SPAN
> set
here will be removed from the modes set on a directory when it is
created.</P
@@ -7417,12 +7374,9 @@ NAME="DIRECTORYSECURITYMASK"
meaning a user is allowed to modify all the user/group/world
permissions on a directory.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
-></SPAN
> that users who can access the
Samba server through other means can easily bypass this restriction,
so it is primarily useful for standalone "appliance" systems.
@@ -7511,12 +7465,9 @@ NAME="DISABLESPOOLSS"
Wizard or by using the NT printer properties dialog window. It will
also disable the capability of Windows NT/2000 clients to download
print drivers from the Samba host upon demand.
- <SPAN
-CLASS="emphasis"
-><I
+ <I
CLASS="EMPHASIS"
>Be very careful about enabling this parameter.</I
-></SPAN
>
</P
><P
@@ -7618,7 +7569,7 @@ CLASS="PARAMETER"
>workgroup</I
></TT
></A
-> it is in. Samba 2.2 also
+> it is in. Samba 2.2
has limited capability to act as a domain controller for Windows
NT 4 Domains. For more details on setting up this feature see
the Samba-PDC-HOWTO included in the <TT
@@ -7770,13 +7721,10 @@ CLASS="FILENAME"
>.
Experimentation is the best policy :-) </P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>none (i.e., all directories are OK
to descend)</I
-></SPAN
></P
><P
>Example: <B
@@ -8020,12 +7968,9 @@ CLASS="PARAMETER"
to standard output. This listing will then be used in response
to the level 1 and 2 EnumPorts() RPC.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no enumports command</I
-></SPAN
></P
><P
>Example: <B
@@ -8191,12 +8136,9 @@ NAME="FORCECREATEMODE"
><DD
><P
>This parameter specifies a set of UNIX mode bit
- permissions that will <SPAN
-CLASS="emphasis"
-><I
+ permissions that will <I
CLASS="EMPHASIS"
>always</I
-></SPAN
> be set on a
file created by Samba. This is done by bitwise 'OR'ing these bits onto
the mode bits of a file that is being created or having its
@@ -8254,12 +8196,9 @@ NAME="FORCEDIRECTORYMODE"
><DD
><P
>This parameter specifies a set of UNIX mode bit
- permissions that will <SPAN
-CLASS="emphasis"
-><I
+ permissions that will <I
CLASS="EMPHASIS"
>always</I
-></SPAN
> be set on a directory
created by Samba. This is done by bitwise 'OR'ing these bits onto the
mode bits of a directory that is being created. The default for this
@@ -8329,12 +8268,9 @@ NAME="FORCEDIRECTORYSECURITYMODE"
allows a user to modify all the user/group/world permissions on a
directory without restrictions.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
-></SPAN
> that users who can access the
Samba server through other means can easily bypass this restriction,
so it is primarily useful for standalone "appliance" systems.
@@ -8444,12 +8380,9 @@ CLASS="PARAMETER"
></A
>.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no forced group</I
-></SPAN
></P
><P
>Example: <B
@@ -8479,12 +8412,9 @@ NAME="FORCESECURITYMODE"
and allows a user to modify all the user/group/world permissions on a file,
with no restrictions.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
-></SPAN
> that users who can access
the Samba server through other means can easily bypass this restriction,
so it is primarily useful for standalone "appliance" systems.
@@ -8563,12 +8493,9 @@ CLASS="PARAMETER"
></A
></P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no forced user</I
-></SPAN
></P
><P
>Example: <B
@@ -8703,17 +8630,14 @@ CLASS="COMMAND"
> lp(1)</B
>.</P
><P
->This paramater does not accept % macros, because
+>This parameter does not accept % macros, because
many parts of the system require this value to be
constant for correct operation.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>specified at compile time, usually
"nobody"</I
-></SPAN
></P
><P
>Example: <B
@@ -8865,12 +8789,9 @@ CLASS="PARAMETER"
></A
>.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no file are hidden</I
-></SPAN
></P
><P
>Example: <B
@@ -8999,12 +8920,9 @@ CLASS="COMMAND"
that copes with different map formats and also Amd (another
automounter) maps.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOTE :</I
-></SPAN
>A working NIS client is required on
the system for this option to work.</P
><P
@@ -9030,7 +8948,7 @@ CLASS="PARAMETER"
><P
>Default: <B
CLASS="COMMAND"
->homedir map = &lt;empty string&gt;</B
+>homedir map = &#60;empty string&#62;</B
></P
><P
>Example: <B
@@ -9156,12 +9074,9 @@ CLASS="PARAMETER"
><P
>You can also specify hosts by network/netmask pairs and
by netgroup names if your system supports netgroups. The
- <SPAN
-CLASS="emphasis"
-><I
+ <I
CLASS="EMPHASIS"
>EXCEPT</I
-></SPAN
> keyword can also be used to limit a
wildcard list. The following examples may provide some help:</P
><P
@@ -9212,13 +9127,10 @@ CLASS="COMMAND"
> for a way of testing your host access to see if it does
what you expect.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>none (i.e., all hosts permitted access)
</I
-></SPAN
></P
><P
>Example: <B
@@ -9240,12 +9152,9 @@ CLASS="PARAMETER"
>hosts allow</I
></TT
>
- - hosts listed here are <SPAN
-CLASS="emphasis"
-><I
+ - hosts listed here are <I
CLASS="EMPHASIS"
>NOT</I
-></SPAN
> permitted access to
services unless the specific services have their own lists to override
this one. Where the lists conflict, the <TT
@@ -9256,13 +9165,10 @@ CLASS="PARAMETER"
>
list takes precedence.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>none (i.e., no hosts specifically excluded)
</I
-></SPAN
></P
><P
>Example: <B
@@ -9300,12 +9206,9 @@ CLASS="PARAMETER"
> may be useful for NT clients which will
not supply passwords to Samba.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOTE :</I
-></SPAN
> The use of <TT
CLASS="PARAMETER"
><I
@@ -9322,21 +9225,15 @@ CLASS="PARAMETER"
></TT
> option be only used if you really
know what you are doing, or perhaps on a home network where you trust
- your spouse and kids. And only if you <SPAN
-CLASS="emphasis"
-><I
+ your spouse and kids. And only if you <I
CLASS="EMPHASIS"
>really</I
-></SPAN
> trust
them :-).</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no host equivalences</I
-></SPAN
></P
><P
>Example: <B
@@ -9374,12 +9271,9 @@ CLASS="PARAMETER"
>.
</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no file included</I
-></SPAN
></P
><P
>Example: <B
@@ -9489,12 +9383,9 @@ CLASS="PARAMETER"
</A
> as usual.</P
><P
->Note that the setuid bit is <SPAN
-CLASS="emphasis"
-><I
+>Note that the setuid bit is <I
CLASS="EMPHASIS"
>never</I
-></SPAN
> set via
inheritance (the code explicitly prohibits this).</P
><P
@@ -9614,13 +9505,10 @@ CLASS="PARAMETER"
></A
>.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>all active interfaces except 127.0.0.1
that are broadcast capable</I
-></SPAN
></P
></DD
><DT
@@ -9631,12 +9519,9 @@ NAME="INVALIDUSERS"
><DD
><P
>This is a list of users that should not be allowed
- to login to this service. This is really a <SPAN
-CLASS="emphasis"
-><I
+ to login to this service. This is really a <I
CLASS="EMPHASIS"
>paranoid</I
-></SPAN
>
check to absolutely ensure an improper setting does not breach
your security.</P
@@ -9653,7 +9538,7 @@ CLASS="EMPHASIS"
so the value <TT
CLASS="PARAMETER"
><I
->+&amp;group</I
+>+&#38;group</I
></TT
> means check the
UNIX group database, followed by the NIS netgroup database, and
@@ -9685,12 +9570,9 @@ CLASS="PARAMETER"
></A
>.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no invalid users</I
-></SPAN
></P
><P
>Example: <B
@@ -9774,12 +9656,9 @@ CLASS="COMMAND"
>
</A
> has oplocked. This allows complete data consistency between
- SMB/CIFS, NFS and local file access (and is a <SPAN
-CLASS="emphasis"
-><I
+ SMB/CIFS, NFS and local file access (and is a <I
CLASS="EMPHASIS"
>very</I
-></SPAN
>
cool feature :-).</P
><P
@@ -9898,12 +9777,9 @@ CLASS="COMMAND"
page for more information on how to accmplish this.
</P
><P
->Default : <SPAN
-CLASS="emphasis"
-><I
+>Default : <I
CLASS="EMPHASIS"
>none</I
-></SPAN
></P
></DD
><DT
@@ -9927,7 +9803,7 @@ CLASS="CONSTANT"
><P
>Default : <B
CLASS="COMMAND"
->ldap filter = (&amp;(uid=%u)(objectclass=sambaAccount))</B
+>ldap filter = (&#38;(uid=%u)(objectclass=sambaAccount))</B
></P
></DD
><DT
@@ -9939,12 +9815,9 @@ NAME="LDAPSSL"
><P
>This option is used to define whether or not Samba should
use SSL when connecting to the ldap server
- This is <SPAN
-CLASS="emphasis"
-><I
+ This is <I
CLASS="EMPHASIS"
>NOT</I
-></SPAN
> related to
Samba's previous SSL support which was enabled by specifying the
<B
@@ -9972,40 +9845,54 @@ CLASS="PARAMETER"
><TT
CLASS="PARAMETER"
><I
->On</I
-></TT
-> = Always use SSL when contacting the
- <TT
-CLASS="PARAMETER"
-><I
->ldap server</I
+>Off</I
></TT
->.</P
+> = Never use SSL when querying the directory.</P
></LI
><LI
><P
><TT
CLASS="PARAMETER"
><I
->Off</I
+>Start_tls</I
></TT
-> = Never use SSL when querying the directory.</P
+> = Use the LDAPv3 StartTLS extended operation
+ (RFC2830) for communicating with the directory server.</P
></LI
><LI
><P
><TT
CLASS="PARAMETER"
><I
->Start_tls</I
+>On</I
></TT
-> = Use the LDAPv3 StartTLS extended operation
- (RFC2830) for communicating with the directory server.</P
+> =
+ Use SSL on the ldaps port when contacting the
+ <TT
+CLASS="PARAMETER"
+><I
+>ldap server</I
+></TT
+>. Only
+ available when the backwards-compatiblity <B
+CLASS="COMMAND"
+> --with-ldapsam</B
+> option is specified
+ to configure. See <A
+HREF="#PASSDBBACKEND"
+><TT
+CLASS="PARAMETER"
+><I
+>passdb backend</I
+></TT
+></A
+></P
></LI
></UL
><P
>Default : <B
CLASS="COMMAND"
->ldap ssl = on</B
+>ldap ssl = start_tls</B
></P
></DD
><DT
@@ -10015,12 +9902,17 @@ NAME="LDAPSUFFIX"
>ldap suffix (G)</DT
><DD
><P
->Default : <SPAN
-CLASS="emphasis"
-><I
+>Specifies where user and machine accounts are added to the tree. Can be overriden by <B
+CLASS="COMMAND"
+>ldap user suffix</B
+> and <B
+CLASS="COMMAND"
+>ldap machine suffix</B
+>. It also used as the base dn for all ldap searches. </P
+><P
+>Default : <I
CLASS="EMPHASIS"
>none</I
-></SPAN
></P
></DD
><DT
@@ -10033,12 +9925,9 @@ NAME="LDAPUSERSUFFIX"
>It specifies where users are added to the tree.
</P
><P
->Default : <SPAN
-CLASS="emphasis"
-><I
+>Default : <I
CLASS="EMPHASIS"
>none</I
-></SPAN
></P
></DD
><DT
@@ -10052,12 +9941,9 @@ NAME="LDAPMACHINESUFFIX"
added to the ldap tree.
</P
><P
->Default : <SPAN
-CLASS="emphasis"
-><I
+>Default : <I
CLASS="EMPHASIS"
>none</I
-></SPAN
></P
></DD
><DT
@@ -10120,6 +10006,35 @@ CLASS="COMMAND"
></DD
><DT
><A
+NAME="LDAPTRUSTIDS"
+></A
+>ldap trust ids (G)</DT
+><DD
+><P
+>Normally, Samba validates each entry
+ in the LDAP server against getpwnam(). This allows
+ LDAP to be used for Samba with the unix system using
+ NIS (for example) and also ensures that Samba does not
+ present accounts that do not otherwise exist. </P
+><P
+>This option is used to disable this functionality, and
+ instead to rely on the presence of the appropriate
+ attributes in LDAP directly, which can result in a
+ significant performance boost in some situations.
+ Setting this option to yes effectivly assumes
+ that the local machine is running <B
+CLASS="COMMAND"
+>nss_ldap</B
+> against the
+ same LDAP server.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ldap trust ids = No</B
+></P
+></DD
+><DT
+><A
NAME="LEVEL2OPLOCKS"
></A
>level2 oplocks (S)</DT
@@ -10380,22 +10295,16 @@ CLASS="CONSTANT"
CLASS="CONSTANT"
>yes</TT
> doesn't
- mean that Samba will <SPAN
-CLASS="emphasis"
-><I
+ mean that Samba will <I
CLASS="EMPHASIS"
>become</I
-></SPAN
> the local master
browser on a subnet, just that <B
CLASS="COMMAND"
>nmbd</B
-> will <SPAN
-CLASS="emphasis"
-><I
+> will <I
CLASS="EMPHASIS"
> participate</I
-></SPAN
> in elections for local master browser.</P
><P
>Setting this value to <TT
@@ -10405,12 +10314,9 @@ CLASS="CONSTANT"
CLASS="COMMAND"
>nmbd</B
>
- <SPAN
-CLASS="emphasis"
-><I
+ <I
CLASS="EMPHASIS"
>never</I
-></SPAN
> to become a local master browser.</P
><P
>Default: <B
@@ -10540,19 +10446,13 @@ CLASS="COMMAND"
>, real locking will be performed
by the server.</P
><P
->This option <SPAN
-CLASS="emphasis"
-><I
+>This option <I
CLASS="EMPHASIS"
>may</I
-></SPAN
> be useful for read-only
- filesystems which <SPAN
-CLASS="emphasis"
-><I
+ filesystems which <I
CLASS="EMPHASIS"
>may</I
-></SPAN
> not need locking (such as
CDROM drives), although setting this parameter of <TT
CLASS="CONSTANT"
@@ -10601,7 +10501,7 @@ NAME="LOGLEVEL"
CLASS="FILENAME"
>smb.conf</TT
> file. This parameter has been
- extended since 2.2.x series, now it allow to specify the debug
+ extended since the 2.2.x series, now it allow to specify the debug
level for multiple debug classes. This is to give greater
flexibility in the configuration of the system.</P
><P
@@ -10777,12 +10677,9 @@ CLASS="FILENAME"
>Thereafter, the directories and any of the contents can,
if required, be made read-only. It is not advisable that the
NTuser.dat file be made read-only - rename it to NTuser.man to
- achieve the desired effect (a <SPAN
-CLASS="emphasis"
-><I
+ achieve the desired effect (a <I
CLASS="EMPHASIS"
>MAN</I
-></SPAN
>datory
profile). </P
><P
@@ -10872,12 +10769,9 @@ CLASS="COMMAND"
>This option is only useful if Samba is set up as a logon
server.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no logon script defined</I
-></SPAN
></P
><P
>Example: <B
@@ -11122,9 +11016,7 @@ CLASS="PARAMETER"
></A
> parameter.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>depends on the setting of <TT
CLASS="PARAMETER"
@@ -11132,7 +11024,6 @@ CLASS="PARAMETER"
> printing</I
></TT
></I
-></SPAN
></P
><P
>Example: <B
@@ -11284,9 +11175,7 @@ CLASS="PARAMETER"
></A
> parameter.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>depends on the setting of <TT
CLASS="PARAMETER"
@@ -11295,7 +11184,6 @@ CLASS="PARAMETER"
</I
></TT
></I
-></SPAN
></P
><P
>Example 1: <B
@@ -11384,7 +11272,7 @@ CLASS="PARAMETER"
><P
>Default: <B
CLASS="COMMAND"
->magic output = &lt;magic script name&gt;.out
+>magic output = &#60;magic script name&#62;.out
</B
></P
><P
@@ -11423,36 +11311,24 @@ CLASS="PARAMETER"
>Note that some shells are unable to interpret scripts
containing CR/LF instead of CR as
the end-of-line marker. Magic scripts must be executable
- <SPAN
-CLASS="emphasis"
-><I
+ <I
CLASS="EMPHASIS"
>as is</I
-></SPAN
> on the host, which for some hosts and
some shells will require filtering at the DOS end.</P
><P
->Magic scripts are <SPAN
-CLASS="emphasis"
-><I
+>Magic scripts are <I
CLASS="EMPHASIS"
>EXPERIMENTAL</I
-></SPAN
> and
- should <SPAN
-CLASS="emphasis"
-><I
+ should <I
CLASS="EMPHASIS"
>NOT</I
-></SPAN
> be relied upon.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>None. Magic scripts disabled.</I
-></SPAN
></P
><P
>Example: <B
@@ -11468,7 +11344,7 @@ NAME="MANGLECASE"
><DD
><P
>See the section on <A
-HREF="#AEN203"
+HREF="#AEN205"
> NAME MANGLING</A
></P
><P
@@ -11519,12 +11395,9 @@ CLASS="FILENAME"
> off the ends of filenames on some CDROMs (only visible
under some UNIXes). To do this use a map of (*;1 *;).</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no mangled map</I
-></SPAN
></P
><P
>Example: <B
@@ -11544,7 +11417,7 @@ NAME="MANGLEDNAMES"
or whether non-DOS names should simply be ignored.</P
><P
>See the section on <A
-HREF="#AEN203"
+HREF="#AEN205"
> NAME MANGLING</A
> for details on how to control the mangling process.</P
><P
@@ -11631,17 +11504,39 @@ NAME="MANGLINGMETHOD"
a better algorithm (generates less collisions) in the names.
However, many Win32 applications store the mangled names and so
changing to the new algorithm must not be done
- lightly as these applications may break unless reinstalled.
- New installations of Samba may set the default to hash2.</P
+ lightly as these applications may break unless reinstalled.</P
><P
>Default: <B
CLASS="COMMAND"
+>mangling method = hash2</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
>mangling method = hash</B
></P
+></DD
+><DT
+><A
+NAME="MANGLEPREFIX"
+></A
+>mangle prefix (G)</DT
+><DD
+><P
+> controls the number of prefix
+ characters from the original name used when generating
+ the mangled names. A larger value will give a weaker
+ hash and therefore more name collisions. The minimum
+ value is 1 and the maximum value is 6.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>mangle prefix = 1</B
+></P
><P
>Example: <B
CLASS="COMMAND"
->mangling method = hash2</B
+>mangle prefix = 4</B
></P
></DD
><DT
@@ -11689,14 +11584,11 @@ NAME="MANGLINGCHAR"
><DD
><P
>This controls what character is used as
- the <SPAN
-CLASS="emphasis"
-><I
+ the <I
CLASS="EMPHASIS"
>magic</I
-></SPAN
> character in <A
-HREF="#AEN203"
+HREF="#AEN205"
>name mangling</A
>. The default is a '~'
but this may interfere with some software. Use this option to set
@@ -11895,12 +11787,9 @@ HREF="#GUESTACCOUNT"
will not know the reason they cannot access files they think
they should - there will have been no message given to them
that they got their password wrong. Helpdesk services will
- <SPAN
-CLASS="emphasis"
-><I
+ <I
CLASS="EMPHASIS"
>hate</I
-></SPAN
> you if you set the <TT
CLASS="PARAMETER"
><I
@@ -11919,12 +11808,9 @@ CLASS="PARAMETER"
></TT
> modes other than
share. This is because in these modes the name of the resource being
- requested is <SPAN
-CLASS="emphasis"
-><I
+ requested is <I
CLASS="EMPHASIS"
>not</I
-></SPAN
> sent to the server until after
the server has successfully authenticated the client so the server
cannot make authentication decisions at the correct time (connection
@@ -12174,12 +12060,9 @@ CLASS="CONSTANT"
><TT
CLASS="CONSTANT"
>LANMAN1</TT
->: First <SPAN
-CLASS="emphasis"
-><I
+>: First <I
CLASS="EMPHASIS"
> modern</I
-></SPAN
> version of the protocol. Long filename
support.</P
></LI
@@ -12382,13 +12265,10 @@ CLASS="COMMAND"
CLASS="COMMAND"
>xedit</B
>, then
- removes it afterwards. <SPAN
-CLASS="emphasis"
-><I
+ removes it afterwards. <I
CLASS="EMPHASIS"
>NOTE THAT IT IS VERY IMPORTANT
THAT THIS COMMAND RETURN IMMEDIATELY</I
-></SPAN
>. That's why I
have the '&#38;' on the end. If it doesn't return immediately then
your PCs may freeze when sending messages (they should recover
@@ -12454,7 +12334,7 @@ CLASS="PARAMETER"
><B
CLASS="COMMAND"
>message command = /bin/mail -s 'message from %f on
- %m' root &lt; %s; rm %s</B
+ %m' root &#60; %s; rm %s</B
></P
><P
>If you don't have a message command then the message
@@ -12470,12 +12350,9 @@ CLASS="COMMAND"
>message command = rm %s</B
></P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no message command</I
-></SPAN
></P
><P
>Example: <B
@@ -12666,6 +12543,46 @@ CLASS="COMMAND"
></DD
><DT
><A
+NAME="MSDFSPROXY"
+></A
+>msdfs proxy (S)</DT
+><DD
+><P
+>This parameter indicates that the share is a
+ stand-in for another CIFS share whose location is specified by
+ the value of the parameter. When clients attempt to connect to
+ this share, they are redirected to the proxied share using
+ the SMB-Dfs protocol.</P
+><P
+>Only Dfs roots can act as proxy shares. Take a look at the
+ <A
+HREF="#MSDFSROOT"
+><TT
+CLASS="PARAMETER"
+><I
+>msdfs root</I
+></TT
+></A
+>
+ and
+ <A
+HREF="#HOSTMSDFS"
+><TT
+CLASS="PARAMETER"
+><I
+>host msdfs</I
+></TT
+></A
+>
+ options to find out how to set up a Dfs root share.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>msdfs proxy = \otherserver\someshare</B
+></P
+></DD
+><DT
+><A
NAME="MSDFSROOT"
></A
>msdfs root (S)</DT
@@ -12684,9 +12601,9 @@ CLASS="CONSTANT"
Dfs links are specified in the share directory by symbolic
links of the form <TT
CLASS="FILENAME"
->msdfs:serverA\shareA,serverB\shareB
- </TT
-> and so on. For more information on setting up a Dfs tree
+>msdfs:serverA\shareA,serverB\shareB</TT
+>
+ and so on. For more information on setting up a Dfs tree
on Samba, refer to <A
HREF="msdfs_setup.html"
TARGET="_top"
@@ -12867,12 +12784,9 @@ CLASS="PARAMETER"
></A
>.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>empty string (no additional names)</I
-></SPAN
></P
><P
>Example: <B
@@ -12905,12 +12819,9 @@ CLASS="PARAMETER"
></A
>.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>machine DNS name</I
-></SPAN
></P
><P
>Example: <B
@@ -12995,7 +12906,7 @@ NAME="NONUNIXACCOUNTRANGE"
><P
>Default: <B
CLASS="COMMAND"
->non unix account range = &lt;empty string&gt;
+>non unix account range = &#60;empty string&#62;
</B
></P
><P
@@ -13146,7 +13057,7 @@ CLASS="PARAMETER"
>
list will be allowed. By default this option is disabled so that a
client can supply a username to be used by the server. Enabling
- this parameter will force the server to only user the login
+ this parameter will force the server to only use the login
names from the <TT
CLASS="PARAMETER"
><I
@@ -13155,7 +13066,7 @@ CLASS="PARAMETER"
> list and is only really
useful in <A
HREF="#SECURITYEQUALSSHARE"
->shave level</A
+>share level</A
>
security.</P
><P
@@ -13222,13 +13133,10 @@ NAME="OPLOCKBREAKWAITTIME"
is the amount of time Samba will wait before sending an oplock break
request to such (broken) clients.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ
AND UNDERSTOOD THE SAMBA OPLOCK CODE</I
-></SPAN
>.</P
><P
>Default: <B
@@ -13243,12 +13151,9 @@ NAME="OPLOCKCONTENTIONLIMIT"
>oplock contention limit (S)</DT
><DD
><P
->This is a <SPAN
-CLASS="emphasis"
-><I
+>This is a <I
CLASS="EMPHASIS"
>very</I
-></SPAN
> advanced
<A
HREF="smbd.8.html"
@@ -13271,13 +13176,10 @@ CLASS="COMMAND"
> to behave in a similar
way to Windows NT.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ
AND UNDERSTOOD THE SAMBA OPLOCK CODE</I
-></SPAN
>.</P
><P
>Default: <B
@@ -13403,12 +13305,9 @@ CLASS="PARAMETER"
></TT
> in the local broadcast area.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note :</I
-></SPAN
>By default, Samba will win
a local master browsing election over all Microsoft operating
systems except a Windows NT 4.0/2000 Domain Controller. This
@@ -13444,8 +13343,8 @@ NAME="OS2DRIVERMAP"
path to a file containing a mapping of Windows NT printer driver
names to OS/2 printer driver names. The format is:</P
><P
->&lt;nt driver name&gt; = &lt;os2 driver
- name&gt;.&lt;device name&gt;</P
+>&#60;nt driver name&#62; = &#60;os2 driver
+ name&#62;.&#60;device name&#62;</P
><P
>For example, a valid entry using the HP LaserJet 5
printer driver would appear as <B
@@ -13470,7 +13369,7 @@ TARGET="_top"
><P
>Default: <B
CLASS="COMMAND"
->os2 driver map = &lt;empty string&gt;
+>os2 driver map = &#60;empty string&#62;
</B
></P
></DD
@@ -13534,7 +13433,7 @@ TARGET="_top"
><P
>Default: <B
CLASS="COMMAND"
->panic action = &lt;empty string&gt;</B
+>panic action = &#60;empty string&#62;</B
></P
><P
>Example: <B
@@ -13569,7 +13468,7 @@ NAME="PASSDBBACKEND"
><P
>This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both
smbpasswd and tdbsam to be used without a recompile.
- Multiple backends can be specified, seperated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified.
+ Multiple backends can be specified, separated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified.
Experimental backends must still be selected
(eg --with-tdbsam) at configure time.
</P
@@ -13677,15 +13576,39 @@ CLASS="COMMAND"
>ldap://localhost</B
>)</P
><P
+>Note: In this module, any account without a matching POSIX account is regarded
+ as 'non unix'. </P
+><P
>See also <A
HREF="#NONUNIXACCOUNTRANGE"
> <TT
CLASS="PARAMETER"
><I
->non unix account range</I
+>non unix account
+ range</I
></TT
></A
></P
+><P
+>LDAP connections should be secured where
+ possible. This may be done using either
+ Start-TLS (see <A
+HREF="#LDAPSSL"
+> <TT
+CLASS="PARAMETER"
+><I
+>ldap ssl</I
+></TT
+></A
+>) or by
+ specifying <TT
+CLASS="PARAMETER"
+><I
+>ldaps://</I
+></TT
+> in
+ the URL argument.
+ </P
></LI
><LI
><P
@@ -13755,12 +13678,9 @@ NAME="PASSWDCHAT"
>passwd chat (G)</DT
><DD
><P
->This string controls the <SPAN
-CLASS="emphasis"
-><I
+>This string controls the <I
CLASS="EMPHASIS"
>"chat"</I
-></SPAN
>
conversation that takes places between <A
HREF="smbd.8.html"
@@ -13802,12 +13722,9 @@ CLASS="PARAMETER"
CLASS="CONSTANT"
>yes</TT
>. This
- sequence is then called <SPAN
-CLASS="emphasis"
-><I
+ sequence is then called <I
CLASS="EMPHASIS"
>AS ROOT</I
-></SPAN
> when the SMB password
in the smbpasswd file is being changed, without access to the old
password cleartext. This means that root must be able to reset the user's password
@@ -13921,12 +13838,9 @@ NAME="PASSWDCHATDEBUG"
><DD
><P
>This boolean specifies if the passwd chat script
- parameter is run in <SPAN
-CLASS="emphasis"
-><I
+ parameter is run in <I
CLASS="EMPHASIS"
>debug</I
-></SPAN
> mode. In this mode the
strings passed to and received from the passwd chat are printed
in the <A
@@ -14023,24 +13937,18 @@ CLASS="PARAMETER"
will be replaced with the user name. The user name is checked for
existence before calling the password changing program.</P
><P
->Also note that many passwd programs insist in <SPAN
-CLASS="emphasis"
-><I
+>Also note that many passwd programs insist in <I
CLASS="EMPHASIS"
>reasonable
</I
-></SPAN
> passwords, such as a minimum length, or the inclusion
of mixed case chars and digits. This can pose a problem as some clients
(such as Windows for Workgroups) uppercase the password before sending
it.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
-></SPAN
> that if the <TT
CLASS="PARAMETER"
><I
@@ -14051,12 +13959,9 @@ CLASS="PARAMETER"
CLASS="CONSTANT"
>yes
</TT
-> then this program is called <SPAN
-CLASS="emphasis"
-><I
+> then this program is called <I
CLASS="EMPHASIS"
>AS ROOT</I
-></SPAN
>
before the SMB password in the <A
HREF="smbpasswd.5.html"
@@ -14076,19 +13981,13 @@ CLASS="PARAMETER"
>unix password sync</I
></TT
> parameter
- is set this parameter <SPAN
-CLASS="emphasis"
-><I
+ is set this parameter <I
CLASS="EMPHASIS"
>MUST USE ABSOLUTE PATHS</I
-></SPAN
>
- for <SPAN
-CLASS="emphasis"
-><I
+ for <I
CLASS="EMPHASIS"
>ALL</I
-></SPAN
> programs called, and must be examined
for security implications. Note that by default <TT
CLASS="PARAMETER"
@@ -14227,21 +14126,15 @@ CLASS="PARAMETER"
the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
user level security mode.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOTE:</I
-></SPAN
> Using a password server
means your UNIX box (running Samba) is only as secure as your
- password server. <SPAN
-CLASS="emphasis"
-><I
+ password server. <I
CLASS="EMPHASIS"
>DO NOT CHOOSE A PASSWORD SERVER THAT
YOU DON'T COMPLETELY TRUST</I
-></SPAN
>.</P
><P
>Never point a Samba server at itself for password
@@ -14298,11 +14191,17 @@ CLASS="PARAMETER"
Primary or Backup Domain controllers to authenticate against by
doing a query for the name <TT
CLASS="CONSTANT"
->WORKGROUP&lt;1C&gt;</TT
+>WORKGROUP&#60;1C&#62;</TT
>
and then contacting each server returned in the list of IP
addresses from the name resolution source. </P
><P
+>If the list of servers contains both names and the '*'
+ character, the list is treated as a list of preferred
+ domain controllers, but an auto lookup of all remaining DC's
+ will be added to the list as well. Samba will not attempt to optimize
+ this list by locating the closest DC.</P
+><P
>If the <TT
CLASS="PARAMETER"
><I
@@ -14370,13 +14269,13 @@ CLASS="PARAMETER"
><P
>Default: <B
CLASS="COMMAND"
->password server = &lt;empty string&gt;</B
+>password server = &#60;empty string&#62;</B
>
</P
><P
>Example: <B
CLASS="COMMAND"
->password server = NT-PDC, NT-BDC1, NT-BDC2
+>password server = NT-PDC, NT-BDC1, NT-BDC2, *
</B
></P
><P
@@ -14430,12 +14329,9 @@ CLASS="PARAMETER"
></A
> if one was specified.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>none</I
-></SPAN
></P
><P
>Example: <B
@@ -14522,19 +14418,16 @@ CLASS="PARAMETER"
</A
>.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>none (no command executed)</I
-></SPAN
>
</P
><P
>Example: <B
CLASS="COMMAND"
>postexec = echo \"%u disconnected from %S
- from %m (%I)\" &gt;&gt; /tmp/log</B
+ from %m (%I)\" &#62;&#62; /tmp/log</B
></P
></DD
><DT
@@ -14602,18 +14495,15 @@ CLASS="PARAMETER"
></A
>.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>none (no command executed)</I
-></SPAN
></P
><P
>Example: <B
CLASS="COMMAND"
>preexec = echo \"%u connected to %S from %m
- (%I)\" &gt;&gt; /tmp/log</B
+ (%I)\" &#62;&#62; /tmp/log</B
></P
></DD
><DT
@@ -14742,12 +14632,9 @@ CLASS="PARAMETER"
></A
> option is easier.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no preloaded services</I
-></SPAN
></P
><P
>Example: <B
@@ -14781,7 +14668,7 @@ CLASS="COMMAND"
></P
><P
>See the section on <A
-HREF="#AEN203"
+HREF="#AEN205"
>NAME
MANGLING</A
> for a fuller discussion.</P
@@ -14823,12 +14710,9 @@ CLASS="COMMAND"
>%z - the size of the spooled
print job (in bytes)</P
><P
->The print command <SPAN
-CLASS="emphasis"
-><I
+>The print command <I
CLASS="EMPHASIS"
>MUST</I
-></SPAN
> contain at least
one occurrence of <TT
CLASS="PARAMETER"
@@ -14886,7 +14770,7 @@ CLASS="PARAMETER"
><P
><B
CLASS="COMMAND"
->print command = echo Printing %s &gt;&gt;
+>print command = echo Printing %s &#62;&#62;
/tmp/print.log; lpr -P %p %s; rm %s</B
></P
><P
@@ -15086,6 +14970,12 @@ CLASS="COMMAND"
><P
>A minimal printcap file would look something like this:</P
><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
><PRE
CLASS="PROGRAMLISTING"
> print1|My Printer 1
@@ -15094,18 +14984,18 @@ CLASS="PROGRAMLISTING"
print4|My Printer 4
print5|My Printer 5
</PRE
+></TD
+></TR
+></TABLE
></P
><P
>where the '|' separates aliases of a printer. The fact
that the second alias has a space in it gives a hint to Samba
that it's a comment.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOTE</I
-></SPAN
>: Under AIX the default printcap
name is <TT
CLASS="FILENAME"
@@ -15144,7 +15034,7 @@ NAME="PRINTERADMIN"
><P
>Default: <B
CLASS="COMMAND"
->printer admin = &lt;empty string&gt;</B
+>printer admin = &#60;empty string&#62;</B
>
</P
><P
@@ -15160,12 +15050,9 @@ NAME="PRINTERDRIVER"
>printer driver (S)</DT
><DD
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note :</I
-></SPAN
>This is a deprecated
parameter and will be removed in the next major release
following version 2.2. Please see the instructions in
@@ -15222,12 +15109,9 @@ NAME="PRINTERDRIVERFILE"
>printer driver file (G)</DT
><DD
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note :</I
-></SPAN
>This is a deprecated
parameter and will be removed in the next major release
following version 2.2. Please see the instructions in
@@ -15280,12 +15164,9 @@ CLASS="PARAMETER"
></A
>.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>None (set in compile).</I
-></SPAN
></P
><P
>Example: <B
@@ -15301,12 +15182,9 @@ NAME="PRINTERDRIVERLOCATION"
>printer driver location (S)</DT
><DD
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note :</I
-></SPAN
>This is a deprecated
parameter and will be removed in the next major release
following version 2.2. Please see the instructions in
@@ -15375,16 +15253,13 @@ NAME="PRINTERNAME"
name given will be used for any printable service that does
not have its own printer name specified.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>none (but may be <TT
CLASS="CONSTANT"
>lp</TT
>
on many systems)</I
-></SPAN
></P
><P
>Example: <B
@@ -15586,9 +15461,7 @@ CLASS="PARAMETER"
path in the command as the PATH may not be available to the
server.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>depends on the setting of <TT
CLASS="PARAMETER"
@@ -15597,7 +15470,6 @@ CLASS="PARAMETER"
</I
></TT
></I
-></SPAN
></P
><P
>Example: <B
@@ -15646,9 +15518,7 @@ CLASS="PARAMETER"
path in the command as the PATH may not be available to the
server.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>depends on the setting of <A
HREF="#PRINTING"
@@ -15659,7 +15529,6 @@ CLASS="PARAMETER"
></TT
></A
></I
-></SPAN
>
</P
><P
@@ -15743,7 +15612,7 @@ CLASS="PARAMETER"
><P
>Default: <B
CLASS="COMMAND"
->read list = &lt;empty string&gt;</B
+>read list = &#60;empty string&#62;</B
></P
><P
>Example: <B
@@ -15779,12 +15648,9 @@ CLASS="CONSTANT"
CLASS="COMMAND"
>printable = yes</B
>)
- will <SPAN
-CLASS="emphasis"
-><I
+ will <I
CLASS="EMPHASIS"
>ALWAYS</I
-></SPAN
> allow writing to the directory
(user privileges permitting), but only via spooling operations.</P
><P
@@ -15953,7 +15819,7 @@ CLASS="FILENAME"
><P
>Default: <B
CLASS="COMMAND"
->remote announce = &lt;empty string&gt;
+>remote announce = &#60;empty string&#62;
</B
></P
></DD
@@ -16003,7 +15869,7 @@ CLASS="COMMAND"
><P
>Default: <B
CLASS="COMMAND"
->remote browse sync = &lt;empty string&gt;
+>remote browse sync = &#60;empty string&#62;
</B
></P
></DD
@@ -16014,41 +15880,17 @@ NAME="RESTRICTANONYMOUS"
>restrict anonymous (G)</DT
><DD
><P
->This is a boolean parameter. If it is <TT
-CLASS="CONSTANT"
->yes</TT
->, then
- anonymous access to the server will be restricted, namely in the
- case where the server is expecting the client to send a username,
- but it doesn't. Setting it to <TT
-CLASS="CONSTANT"
->yes</TT
-> will force these anonymous
- connections to be denied, and the client will be required to always
- supply a username and password when connecting. Use of this parameter
- is only recommended for homogeneous NT client environments.</P
-><P
->This parameter makes the use of macro expansions that rely
- on the username (%U, %G, etc) consistent. NT 4.0
- likes to use anonymous connections when refreshing the share list,
- and this is a way to work around that.</P
-><P
->When restrict anonymous is <TT
+>This is a integer parameter, and
+ mirrors as much as possible the functinality the
+ <TT
CLASS="CONSTANT"
->yes</TT
->, all anonymous connections
- are denied no matter what they are for. This can effect the ability
- of a machine to access the Samba Primary Domain Controller to revalidate
- its machine account after someone else has logged on the client
- interactively. The NT client will display a message saying that
- the machine's account in the domain doesn't exist or the password is
- bad. The best way to deal with this is to reboot NT client machines
- between interactive logons, using "Shutdown and Restart", rather
- than "Close all programs and logon as a different user".</P
+>RestrictAnonymous</TT
+>
+ registry key does on NT/Win2k. </P
><P
>Default: <B
CLASS="COMMAND"
->restrict anonymous = no</B
+>restrict anonymous = 0</B
></P
></DD
><DT
@@ -16126,12 +15968,9 @@ CLASS="PARAMETER"
>root directory</I
></TT
>
- option, <SPAN
-CLASS="emphasis"
-><I
+ option, <I
CLASS="EMPHASIS"
>including</I
-></SPAN
> some files needed for
complete operation of the server. To maintain full operability
of the server you will need to mirror some system files
@@ -16188,7 +16027,7 @@ CLASS="PARAMETER"
><P
>Default: <B
CLASS="COMMAND"
->root postexec = &lt;empty string&gt;
+>root postexec = &#60;empty string&#62;
</B
></P
></DD
@@ -16229,7 +16068,7 @@ CLASS="PARAMETER"
><P
>Default: <B
CLASS="COMMAND"
->root preexec = &lt;empty string&gt;
+>root preexec = &#60;empty string&#62;
</B
></P
></DD
@@ -16364,12 +16203,9 @@ CLASS="PARAMETER"
>It is possible to use <B
CLASS="COMMAND"
>smbd</B
-> in a <SPAN
-CLASS="emphasis"
-><I
+> in a <I
CLASS="EMPHASIS"
> hybrid mode</I
-></SPAN
> where it is offers both user and share
level security under different <A
HREF="#NETBIOSALIASES"
@@ -16386,13 +16222,10 @@ CLASS="PARAMETER"
><A
NAME="SECURITYEQUALSSHARE"
></A
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>SECURITY = SHARE
</I
-></SPAN
></P
><P
>When clients connect to a share level security server they
@@ -16410,12 +16243,9 @@ CLASS="COMMAND"
>Note that <B
CLASS="COMMAND"
>smbd</B
-> <SPAN
-CLASS="emphasis"
-><I
+> <I
CLASS="EMPHASIS"
>ALWAYS</I
-></SPAN
>
uses a valid UNIX user to act on behalf of the client, even in
<B
@@ -16475,13 +16305,10 @@ CLASS="PARAMETER"
></LI
><LI
><P
->If the client did a previous <SPAN
-CLASS="emphasis"
-><I
+>If the client did a previous <I
CLASS="EMPHASIS"
>logon
</I
-></SPAN
> request (the SessionSetup SMB call) then the
username sent in this SMB will be added as a potential username.
</P
@@ -16536,31 +16363,25 @@ CLASS="PARAMETER"
>, then this
guest user will be used, otherwise access is denied.</P
><P
->Note that it can be <SPAN
-CLASS="emphasis"
-><I
+>Note that it can be <I
CLASS="EMPHASIS"
>very</I
-></SPAN
> confusing
in share-level security as to which UNIX username will eventually
be used in granting access.</P
><P
>See also the section <A
-HREF="#AEN236"
+HREF="#AEN238"
> NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
>.</P
><P
><A
NAME="SECURITYEQUALSUSER"
></A
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>SECURITY = USER
</I
-></SPAN
></P
><P
>This is the default security setting in Samba 2.2.
@@ -16603,19 +16424,13 @@ CLASS="PARAMETER"
may change the UNIX user to use on this connection, but only after
the user has been successfully authenticated.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
-></SPAN
> that the name of the resource being
- requested is <SPAN
-CLASS="emphasis"
-><I
+ requested is <I
CLASS="EMPHASIS"
>not</I
-></SPAN
> sent to the server until after
the server has successfully authenticated the client. This is why
guest shares don't work in user level security without allowing
@@ -16640,20 +16455,17 @@ CLASS="PARAMETER"
> parameter for details on doing this.</P
><P
>See also the section <A
-HREF="#AEN236"
+HREF="#AEN238"
> NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
>.</P
><P
><A
NAME="SECURITYEQUALSSERVER"
></A
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>SECURITY = SERVER
</I
-></SPAN
></P
><P
>In this mode Samba will try to validate the username/password
@@ -16678,12 +16490,9 @@ CLASS="FILENAME"
> for details on how to set this
up.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
-></SPAN
> that from the client's point of
view <B
CLASS="COMMAND"
@@ -16695,19 +16504,13 @@ CLASS="COMMAND"
with the authentication, it does not in any way affect what the
client sees.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
-></SPAN
> that the name of the resource being
- requested is <SPAN
-CLASS="emphasis"
-><I
+ requested is <I
CLASS="EMPHASIS"
>not</I
-></SPAN
> sent to the server until after
the server has successfully authenticated the client. This is why
guest shares don't work in user level security without allowing
@@ -16732,7 +16535,7 @@ CLASS="PARAMETER"
> parameter for details on doing this.</P
><P
>See also the section <A
-HREF="#AEN236"
+HREF="#AEN238"
> NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
>.</P
><P
@@ -16759,13 +16562,10 @@ CLASS="PARAMETER"
><A
NAME="SECURITYEQUALSDOMAIN"
></A
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>SECURITY = DOMAIN
</I
-></SPAN
></P
><P
>This mode will only work correctly if <A
@@ -16790,22 +16590,16 @@ CLASS="CONSTANT"
it to a Windows NT Primary or Backup Domain Controller, in exactly
the same way that a Windows NT Server would do.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
-></SPAN
> that a valid UNIX user must still
exist as well as the account on the Domain Controller to allow
Samba to have a valid UNIX account to map file access to.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
-></SPAN
> that from the client's point
of view <B
CLASS="COMMAND"
@@ -16817,19 +16611,13 @@ CLASS="COMMAND"
>. It only affects how the server deals with the authentication,
it does not in any way affect what the client sees.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
-></SPAN
> that the name of the resource being
- requested is <SPAN
-CLASS="emphasis"
-><I
+ requested is <I
CLASS="EMPHASIS"
>not</I
-></SPAN
> sent to the server until after
the server has successfully authenticated the client. This is why
guest shares don't work in user level security without allowing
@@ -16853,12 +16641,9 @@ CLASS="PARAMETER"
</A
> parameter for details on doing this.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>BUG:</I
-></SPAN
> There is currently a bug in the
implementation of <B
CLASS="COMMAND"
@@ -16871,7 +16656,7 @@ CLASS="COMMAND"
Domain Controller. This issue will be addressed in a future release.</P
><P
>See also the section <A
-HREF="#AEN236"
+HREF="#AEN238"
> NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
>.</P
><P
@@ -16927,12 +16712,9 @@ NAME="SECURITYMASK"
a user to modify all the user/group/world permissions on a file.
</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
-></SPAN
> that users who can access the
Samba server through other means can easily bypass this
restriction, so it is primarily useful for standalone
@@ -17099,12 +16881,9 @@ CLASS="CONSTANT"
>This option gives full share compatibility and enabled
by default.</P
><P
->You should <SPAN
-CLASS="emphasis"
-><I
+>You should <I
CLASS="EMPHASIS"
>NEVER</I
-></SPAN
> turn this parameter
off as many Windows applications will break if you do so.</P
><P
@@ -17143,7 +16922,7 @@ CLASS="COMMAND"
names are lowered. </P
><P
>See the section on <A
-HREF="#AEN203"
+HREF="#AEN205"
> NAME MANGLING</A
>.</P
><P
@@ -17187,12 +16966,9 @@ CLASS="PARAMETER"
></TT
>
parameter will always cause the OpenPrinterEx() on the server
- to fail. Thus the APW icon will never be displayed. <SPAN
-CLASS="emphasis"
-><I
+ to fail. Thus the APW icon will never be displayed. <I
CLASS="EMPHASIS"
> Note :</I
-></SPAN
>This does not prevent the same user from having
administrative privilege on an individual printer.</P
><P
@@ -17235,12 +17011,9 @@ NAME="SHUTDOWNSCRIPT"
>shutdown script (G)</DT
><DD
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>This parameter only exists in the HEAD cvs branch</I
-></SPAN
>
This a full path name to a script called by
<A
@@ -17281,12 +17054,9 @@ CLASS="PARAMETER"
>%r</I
></TT
> will be substituted with the
- switch <SPAN
-CLASS="emphasis"
-><I
+ switch <I
CLASS="EMPHASIS"
>-r</I
-></SPAN
>. It means reboot after shutdown
for NT.
</P
@@ -17297,21 +17067,15 @@ CLASS="PARAMETER"
>%f</I
></TT
> will be substituted with the
- switch <SPAN
-CLASS="emphasis"
-><I
+ switch <I
CLASS="EMPHASIS"
>-f</I
-></SPAN
>. It means force the shutdown
even if applications do not respond for NT.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>None</I
-></SPAN
>.</P
><P
>Example: <B
@@ -17320,7 +17084,13 @@ CLASS="COMMAND"
></P
><P
>Shutdown script example:
- <PRE
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
CLASS="PROGRAMLISTING"
> #!/bin/bash
@@ -17330,6 +17100,9 @@ CLASS="PROGRAMLISTING"
/sbin/shutdown $3 $4 +$time $1 &#38;
</PRE
+></TD
+></TR
+></TABLE
>
Shutdown does not return so we need to launch it in background.
</P
@@ -17489,12 +17262,9 @@ TARGET="_top"
></LI
></UL
><P
->Those marked with a <SPAN
-CLASS="emphasis"
-><I
+>Those marked with a <I
CLASS="EMPHASIS"
>'*'</I
-></SPAN
> take an integer
argument. The others can optionally take a 1 or 0 argument to enable
or disable the option, by default they will be enabled if you
@@ -17566,12 +17336,9 @@ CLASS="COMMAND"
>SAMBA_NETBIOS_NAME = myhostname</B
></P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>No default value</I
-></SPAN
></P
><P
>Examples: <B
@@ -17595,12 +17362,9 @@ NAME="SPNEGO"
><P
> This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller. It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>use spnego = yes</I
-></SPAN
></P
></DD
><DT
@@ -18037,7 +17801,8 @@ NAME="UNICODE"
><DD
><P
>Specifies whether Samba should try
- to use unicode on the wire by default.
+ to use unicode on the wire by default. Note: This does NOT
+ mean that samba will assume that the unix machine uses unicode!
</P
><P
>Default: <B
@@ -18061,6 +17826,11 @@ NAME="UNIXCHARSET"
CLASS="COMMAND"
>unix charset = ASCII</B
></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>unix charset = UTF8</B
+></P
></DD
><DT
><A
@@ -18100,12 +17870,9 @@ CLASS="PARAMETER"
>passwd
program</I
></TT
->parameter is called <SPAN
-CLASS="emphasis"
-><I
+>parameter is called <I
CLASS="EMPHASIS"
>AS ROOT</I
-></SPAN
> -
to allow the new UNIX password to be set without access to the
old UNIX password (as the SMB password change code has no
@@ -18223,14 +17990,11 @@ CLASS="COMMAND"
>If this parameter is enabled for a printer, then any attempt
to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped
to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx()
- call to succeed. <SPAN
-CLASS="emphasis"
-><I
+ call to succeed. <I
CLASS="EMPHASIS"
>This parameter MUST not be able enabled
on a print share which has valid print driver installed on the Samba
server.</I
-></SPAN
></P
><P
>See also <A
@@ -18286,12 +18050,9 @@ CLASS="FILENAME"
will be read to find the names of hosts and users who will be allowed
access without specifying a password.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOTE:</I
-></SPAN
> The use of <TT
CLASS="PARAMETER"
><I
@@ -18427,7 +18188,7 @@ CLASS="PARAMETER"
search.</P
><P
>See the section <A
-HREF="#AEN236"
+HREF="#AEN238"
>NOTE ABOUT
USERNAME/PASSWORD VALIDATION</A
> for more information on how
@@ -18436,7 +18197,7 @@ HREF="#AEN236"
>Default: <B
CLASS="COMMAND"
>The guest account if a guest service,
- else &lt;empty string&gt;.</B
+ else &#60;empty string&#62;.</B
></P
><P
>Examples:<B
@@ -18573,11 +18334,20 @@ CLASS="COMMAND"
'!' to tell Samba to stop processing if it gets a match on
that line.</P
><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
><PRE
CLASS="PROGRAMLISTING"
> !sys = mary fred
guest = *
</PRE
+></TD
+></TR
+></TABLE
></P
><P
>Note that the remapping is applied to all occurrences
@@ -18614,12 +18384,9 @@ CLASS="PARAMETER"
trouble deleting print jobs as PrintManager under WfWg will think
they don't own the print job.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no username map</I
-></SPAN
></P
><P
>Example: <B
@@ -18721,12 +18488,9 @@ CLASS="FILENAME"
>/var/run/utmp</TT
> on Linux).</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no utmp directory</I
-></SPAN
></P
><P
>Example: <B
@@ -18767,12 +18531,9 @@ CLASS="FILENAME"
>/var/run/wtmp</TT
> on Linux).</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>no wtmp directory</I
-></SPAN
></P
><P
>Example: <B
@@ -18825,13 +18586,10 @@ CLASS="PARAMETER"
></A
></P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>No valid users list (anyone can login)
</I
-></SPAN
></P
><P
>Example: <B
@@ -18853,12 +18611,9 @@ NAME="VETOFILES"
or directories as in DOS wildcards.</P
><P
>Each entry must be a unix path, not a DOS path and
- must <SPAN
-CLASS="emphasis"
-><I
+ must <I
CLASS="EMPHASIS"
>not</I
-></SPAN
> include the unix directory
separator '/'.</P
><P
@@ -18874,12 +18629,9 @@ CLASS="PARAMETER"
is important to be aware of is Samba's behaviour when
trying to delete a directory. If a directory that is
to be deleted contains nothing but veto files this
- deletion will <SPAN
-CLASS="emphasis"
-><I
+ deletion will <I
CLASS="EMPHASIS"
>fail</I
-></SPAN
> unless you also set
the <TT
CLASS="PARAMETER"
@@ -18917,16 +18669,19 @@ CLASS="PARAMETER"
></A
>.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>No files or directories are vetoed.
</I
-></SPAN
></P
><P
->Examples:<PRE
+>Examples:<TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
CLASS="PROGRAMLISTING"
>; Veto any files containing the word Security,
; any ending in .tmp, and any directory containing the
@@ -18936,6 +18691,9 @@ veto files = /*Security*/*.tmp/*root*/
; Veto the Apple specific files that a NetAtalk server
; creates.
veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/</PRE
+></TD
+></TR
+></TABLE
></P
></DD
><DT
@@ -18968,13 +18726,10 @@ CLASS="PARAMETER"
>
parameter.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>No files are vetoed for oplock
grants</I
-></SPAN
></P
><P
>You might want to do this on files that you know will
@@ -19026,18 +18781,14 @@ NAME="VFSOBJECT"
>vfs object (S)</DT
><DD
><P
->This parameter specifies a shared object file that
- is used for Samba VFS I/O operations. By default, normal
+>This parameter specifies a shared object files that
+ are used for Samba VFS I/O operations. By default, normal
disk I/O operations are used but these can be overloaded
- with a VFS object. The Samba VFS layer is new to Samba 2.2 and
- must be enabled at compile time with --with-vfs.</P
+ with one or more VFS objects. </P
><P
->Default : <SPAN
-CLASS="emphasis"
-><I
+>Default : <I
CLASS="EMPHASIS"
>no value</I
-></SPAN
></P
></DD
><DT
@@ -19048,9 +18799,8 @@ NAME="VFSOPTIONS"
><DD
><P
>This parameter allows parameters to be passed
- to the vfs layer at initialization time. The Samba VFS layer
- is new to Samba 2.2 and must be enabled at compile time
- with --with-vfs. See also <A
+ to the vfs layer at initialization time.
+ See also <A
HREF="#VFSOBJECT"
><TT
CLASS="PARAMETER"
@@ -19060,12 +18810,9 @@ CLASS="PARAMETER"
></A
>.</P
><P
->Default : <SPAN
-CLASS="emphasis"
-><I
+>Default : <I
CLASS="EMPHASIS"
>no value</I
-></SPAN
></P
></DD
><DT
@@ -19079,12 +18826,9 @@ NAME="VOLUME"
returned for a share. Useful for CDROMs with installation programs
that insist on a particular volume label.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>the name of the share</I
-></SPAN
></P
></DD
><DT
@@ -19171,12 +18915,9 @@ CLASS="COMMAND"
> system call
will not return any data. </P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Warning:</I
-></SPAN
> Turning off user
enumeration may cause some programs to behave oddly. For
example, the finger program relies on having access to the
@@ -19229,12 +18970,9 @@ CLASS="COMMAND"
> system
call will not return any data. </P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Warning:</I
-></SPAN
> Turning off group
enumeration may cause some programs to behave oddly.
</P
@@ -19263,7 +19001,7 @@ TARGET="_top"
><P
>Default: <B
CLASS="COMMAND"
->winbind gid = &lt;empty string&gt;
+>winbind gid = &#60;empty string&#62;
</B
></P
><P
@@ -19334,7 +19072,7 @@ TARGET="_top"
><P
>Default: <B
CLASS="COMMAND"
->winbind uid = &lt;empty string&gt;
+>winbind uid = &#60;empty string&#62;
</B
></P
><P
@@ -19362,7 +19100,7 @@ TARGET="_top"
><P
>Default: <B
CLASS="COMMAND"
->winbind use default domain = &lt;no&gt;
+>winbind use default domain = &#60;no&#62;
</B
></P
><P
@@ -19477,12 +19215,9 @@ TARGET="_top"
>You should point this at your WINS server if you have a
multi-subnetted network.</P
><P
-><SPAN
-CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOTE</I
-></SPAN
>. You need to set up Samba to point
to a WINS server if you have multiple subnets and wish cross-subnet
browsing to work correctly.</P
@@ -19493,12 +19228,9 @@ CLASS="FILENAME"
>
in the docs/ directory of your Samba source distribution.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>not enabled</I
-></SPAN
></P
><P
>Example: <B
@@ -19527,12 +19259,9 @@ CLASS="CONSTANT"
CLASS="COMMAND"
>nmbd</B
> to be your WINS server.
- Note that you should <SPAN
-CLASS="emphasis"
-><I
+ Note that you should <I
CLASS="EMPHASIS"
>NEVER</I
-></SPAN
> set this to <TT
CLASS="CONSTANT"
>yes</TT
@@ -19562,12 +19291,9 @@ CLASS="COMMAND"
>
setting.</P
><P
->Default: <SPAN
-CLASS="emphasis"
-><I
+>Default: <I
CLASS="EMPHASIS"
>set at compile time to WORKGROUP</I
-></SPAN
></P
><P
>Example: <B
@@ -19601,12 +19327,9 @@ NAME="WRITECACHESIZE"
><P
>If this integer parameter is set to non-zero value,
Samba will create an in-memory cache for each oplocked file
- (it does <SPAN
-CLASS="emphasis"
-><I
+ (it does <I
CLASS="EMPHASIS"
>not</I
-></SPAN
> do this for
non-oplocked files). All writes that the client does not request
to be flushed directly to disk will be stored in this cache if possible.
@@ -19673,7 +19396,7 @@ CLASS="PARAMETER"
><P
>Default: <B
CLASS="COMMAND"
->write list = &lt;empty string&gt;
+>write list = &#60;empty string&#62;
</B
></P
><P
@@ -19763,7 +19486,7 @@ CLASS="PARAMETER"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN6113"
+NAME="AEN6163"
></A
><H2
>WARNINGS</H2
@@ -19793,18 +19516,18 @@ TARGET="_top"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN6119"
+NAME="AEN6169"
></A
><H2
>VERSION</H2
><P
->This man page is correct for version 2.2 of
+>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN6122"
+NAME="AEN6172"
></A
><H2
>SEE ALSO</H2
@@ -19883,7 +19606,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN6142"
+NAME="AEN6192"
></A
><H2
>AUTHOR</H2