diff options
Diffstat (limited to 'docs/htmldocs/smb.conf.5.html')
-rw-r--r-- | docs/htmldocs/smb.conf.5.html | 550 |
1 files changed, 288 insertions, 262 deletions
diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html index 926d8fcbb4..b6eb609bb0 100644 --- a/docs/htmldocs/smb.conf.5.html +++ b/docs/htmldocs/smb.conf.5.html @@ -21,7 +21,7 @@ values, but is preserved in string values. Some items such as create modes are numeric.</p></div><div class="refsect1" lang="en"><h2>SECTION DESCRIPTIONS</h2><p>Each section in the configuration file (except for the [global] section) describes a shared resource (known - as a "share"). The section name is the name of the + as a "share"). The section name is the name of the shared resource and the parameters within the section define the shares attributes.</p><p>There are three special sections, [global], [homes] and [printers], which are @@ -38,14 +38,14 @@ privileges in this case.</p><p>Sections other than guest services will require a password to access them. The client provides the username. As older clients only provide passwords and not usernames, you may specify a list - of usernames to check against the password using the "user =" + of usernames to check against the password using the "user =" option in the share definition. For modern clients such as Windows 95/98/ME/NT/2000, this should not be necessary.</p><p>Note that the access rights granted by the server are masked by the access rights granted to the specified or guest UNIX user by the host system. The server does not grant more access than the host system grants.</p><p>The following sample section defines a file space share. The user has write access to the path <tt class="filename">/home/bar</tt>. - The share is accessed via the share name "foo":</p><pre class="screen"> + The share is accessed via the share name "foo":</p><pre class="screen"> <tt class="computeroutput"> [foo] path = /home/bar @@ -83,7 +83,7 @@ for your PCs than for UNIX access.</p><p>This is a fast and simple way to give a large number of clients access to their home directories with a minimum of fuss.</p><p>A similar process occurs if the requested section - name is "homes", except that the share name is not + name is "homes", except that the share name is not changed to that of the requesting user. This method of using the [homes] section works well if different users share a client PC.</p><p>The [homes] section can specify all the parameters @@ -147,8 +147,8 @@ alias|alias|alias|alias... components (if there are more than one) are separated by vertical bar symbols ('|').</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use - "printcap name = lpstat" to automatically obtain a list - of printers. See the "printcap name" option + "printcap name = lpstat" to automatically obtain a list + of printers. See the "printcap name" option for more details.</p></div></div></div><div class="refsect1" lang="en"><h2>PARAMETERS</h2><p>parameters define the specific attributes of sections.</p><p>Some parameters are specific to the [global] section (e.g., <span class="emphasis"><em>security</em></span>). Some parameters are usable in all sections (e.g., <span class="emphasis"><em>create mode</em></span>). All others @@ -164,16 +164,16 @@ alias|alias|alias|alias... not create best bedfellows, but at least you can find them! Where there are synonyms, the preferred synonym is described, others refer to the preferred synonym.</p></div><div class="refsect1" lang="en"><h2>VARIABLE SUBSTITUTIONS</h2><p>Many of the strings that are settable in the config file - can take substitutions. For example the option "path = - /tmp/%u" would be interpreted as "path = - /tmp/john" if the user connected with the username john.</p><p>These substitutions are mostly noted in the descriptions below, + can take substitutions. For example the option "path = + /tmp/%u" would be interpreted as "path = + /tmp/john" if the user connected with the username john.</p><p>These substitutions are mostly noted in the descriptions below, but there are some general substitutions which apply whenever they might be relevant. These are:</p><div class="variablelist"><dl><dt><span class="term">%U</span></dt><dd><p>session user name (the user name that the client wanted, not necessarily the same as the one they got).</p></dd><dt><span class="term">%G</span></dt><dd><p>primary group name of %U.</p></dd><dt><span class="term">%h</span></dt><dd><p>the Internet hostname that Samba is running on.</p></dd><dt><span class="term">%m</span></dt><dd><p>the NetBIOS name of the client machine (very useful).</p></dd><dt><span class="term">%L</span></dt><dd><p>the NetBIOS name of the server. This allows you to change your config based on what the client calls you. Your - server can have a "dual personality".</p><p>Note that this parameter is not available when Samba listens + server can have a "dual personality".</p><p>Note that this parameter is not available when Samba listens on port 445, as clients no longer send this information </p></dd><dt><span class="term">%M</span></dt><dd><p>the Internet name of the client machine. </p></dd><dt><span class="term">%R</span></dt><dd><p>the selected protocol level after protocol negotiation. It can be one of CORE, COREPLUS, @@ -182,7 +182,7 @@ alias|alias|alias|alias... machine. Only some are recognized, and those may not be 100% reliable. It currently recognizes Samba, WfWg, Win95, WinNT and Win2k. Anything else will be known as - "UNKNOWN". If it gets it wrong then sending a level + "UNKNOWN". If it gets it wrong then sending a level 3 log to <a href="mailto:samba@samba.org" target="_top">samba@samba.org </a> should allow it to be fixed.</p></dd><dt><span class="term">%I</span></dt><dd><p>The IP address of the client machine.</p></dd><dt><span class="term">%T</span></dt><dd><p>the current date and time.</p></dd><dt><span class="term">%D</span></dt><dd><p>Name of the domain or workgroup of the current user.</p></dd><dt><span class="term">%$(<i class="replaceable"><tt>envvar</tt></i>)</span></dt><dd><p>The value of the environment variable <i class="replaceable"><tt>envar</tt></i>.</p></dd></dl></div><p>The following substitutes apply only to some configuration options(only those @@ -193,33 +193,33 @@ alias|alias|alias|alias... not compiled Samba with the <span class="emphasis"><em>--with-automount</em></span> option then this value will be the same as %L.</p></dd><dt><span class="term">%p</span></dt><dd><p>the path of the service's home directory, obtained from your NIS auto.map entry. The NIS auto.map entry - is split up as "%N:%p".</p></dd></dl></div><p>There are some quite creative things that can be done - with these substitutions and other smb.conf options.</p></div><div class="refsect1" lang="en"><a name="NAMEMANGLINGSECT"></a><h2>NAME MANGLING</h2><p>Samba supports "name mangling" so that DOS and + is split up as "%N:%p".</p></dd></dl></div><p>There are some quite creative things that can be done + with these substitutions and other smb.conf options.</p></div><div class="refsect1" lang="en"><a name="NAMEMANGLINGSECT"></a><h2>NAME MANGLING</h2><p>Samba supports "name mangling" so that DOS and Windows clients can use files that don't conform to the 8.3 format. It can also be set to adjust the case of 8.3 format filenames.</p><p>There are several options that control the way mangling is performed, and they are grouped here rather than listed separately. For the defaults look at the output of the testparm program. </p><p>All of these options can be set separately for each service (or globally, of course). </p><p>The options are: </p><div class="variablelist"><dl><dt><span class="term">mangle case = yes/no</span></dt><dd><p> controls if names that have characters that - aren't of the "default" case are mangled. For example, - if this is yes then a name like "Mail" would be mangled. + aren't of the "default" case are mangled. For example, + if this is yes then a name like "Mail" would be mangled. Default <span class="emphasis"><em>no</em></span>.</p></dd><dt><span class="term">case sensitive = yes/no</span></dt><dd><p>controls whether filenames are case sensitive. If they aren't then Samba must do a filename search and match on passed names. Default <span class="emphasis"><em>no</em></span>.</p></dd><dt><span class="term">default case = upper/lower</span></dt><dd><p>controls what the default case is for new filenames. Default <span class="emphasis"><em>lower</em></span>.</p></dd><dt><span class="term">preserve case = yes/no</span></dt><dd><p>controls if new files are created with the case that the client passes, or if they are forced to be the - "default" case. Default <span class="emphasis"><em>yes</em></span>. + "default" case. Default <span class="emphasis"><em>yes</em></span>. </p></dd><dt><span class="term">short preserve case = yes/no</span></dt><dd><p>controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created - upper case, or if they are forced to be the "default" - case. This option can be use with "preserve case = yes" + upper case, or if they are forced to be the "default" + case. This option can be use with "preserve case = yes" to permit long filenames to retain their case, while short names are lowercased. Default <span class="emphasis"><em>yes</em></span>.</p></dd></dl></div><p>By default, Samba 3.0 has the same semantics as a Windows NT server, in that it is case insensitive but case preserving.</p></div><div class="refsect1" lang="en"><a name="VALIDATIONSECT"></a><h2>NOTE ABOUT USERNAME/PASSWORD VALIDATION</h2><p>There are a number of ways in which a user can connect to a service. The server uses the following steps in determining if it will allow a connection to a specified service. If all the steps fail, then the connection request is rejected. However, if one of the - steps succeeds, then the following steps are not checked.</p><p>If the service is marked "guest only = yes" and the - server is running with share-level security ("security = share") + steps succeeds, then the following steps are not checked.</p><p>If the service is marked "guest only = yes" and the + server is running with share-level security ("security = share") then steps 1 to 5 are skipped.</p><div class="orderedlist"><ol type="1"><li><p>If the client has passed a username/password pair and that username/password pair is validated by the UNIX system's password programs then the connection is made as that @@ -232,23 +232,28 @@ alias|alias|alias|alias... they match then the connection is allowed as the corresponding user.</p></li><li><p>If the client has previously validated a username/password pair with the server and the client has passed - the validation token then that username is used. </p></li><li><p>If a "user = " field is given in the + the validation token then that username is used. </p></li><li><p>If a "user = " field is given in the <tt class="filename">smb.conf</tt> file for the service and the client has supplied a password, and that password matches (according to the UNIX system's password checking) with one of the usernames - from the "user =" field then the connection is made as - the username in the "user =" line. If one - of the username in the "user =" list begins with a + from the "user =" field then the connection is made as + the username in the "user =" line. If one + of the username in the "user =" list begins with a '@' then that name expands to a list of names in the group of the same name.</p></li><li><p>If the service is a guest service then a - connection is made as the username given in the "guest - account =" for the service, irrespective of the + connection is made as the username given in the "guest + account =" for the service, irrespective of the supplied password.</p></li></ol></div></div><div class="refsect1" lang="en"><h2>COMPLETE LIST OF GLOBAL PARAMETERS</h2><p>Here is a list of all global parameters. See the section of - each parameter for details. Note that some are synonyms.</p><div class="itemizedlist"><ul type="disc"><li><p><a href="#ABORTSHUTDOWNSCRIPT"><i class="parameter"><tt>abort shutdown script</tt></i></a></p></li><li><p><a href="#ADDGROUPSCRIPT"><i class="parameter"><tt>add group script</tt></i></a></p></li><li><p><a href="#ADDMACHINESCRIPT"><i class="parameter"><tt>add machine script</tt></i></a></p></li><li><p><a href="#ADDPRINTERCOMMAND"><i class="parameter"><tt>addprinter command</tt></i></a></p></li><li><p><a href="#ADDSHARECOMMAND"><i class="parameter"><tt>add share command</tt></i></a></p></li><li><p><a href="#ADDUSERSCRIPT"><i class="parameter"><tt>add user script</tt></i></a></p></li><li><p><a href="#ADDUSERTOGROUPSCRIPT"><i class="parameter"><tt>add user to group script</tt></i></a></p></li><li><p><a href="#ALGORITHMICRIDBASE"><i class="parameter"><tt>algorithmic rid base</tt></i></a></p></li><li><p><a href="#ALLOWTRUSTEDDOMAINS"><i class="parameter"><tt>allow trusted domains</tt></i></a></p></li><li><p><a href="#ANNOUNCEAS"><i class="parameter"><tt>announce as</tt></i></a></p></li><li><p><a href="#ANNOUNCEVERSION"><i class="parameter"><tt>announce version</tt></i></a></p></li><li><p><a href="#AUTHMETHODS"><i class="parameter"><tt>auth methods</tt></i></a></p></li><li><p><a href="#AUTOSERVICES"><i class="parameter"><tt>auto services</tt></i></a></p></li><li><p><a href="#BINDINTERFACESONLY"><i class="parameter"><tt>bind interfaces only</tt></i></a></p></li><li><p><a href="#BROWSELIST"><i class="parameter"><tt>browse list</tt></i></a></p></li><li><p><a href="#CHANGENOTIFYTIMEOUT"><i class="parameter"><tt>change notify timeout</tt></i></a></p></li><li><p><a href="#CHANGESHARECOMMAND"><i class="parameter"><tt>change share command</tt></i></a></p></li><li><p><a href="#CLIENTLANMANAUTH"><i class="parameter"><tt>client lanman auth</tt></i></a></p></li><li><p><a href="#CLIENTNTLMV2AUTH"><i class="parameter"><tt>client ntlmv2 auth</tt></i></a></p></li><li><p><a href="#CLIENTUSESPNEGO"><i class="parameter"><tt>client use spnego</tt></i></a></p></li><li><p><a href="#CONFIGFILE"><i class="parameter"><tt>config file</tt></i></a></p></li><li><p><a href="#DEADTIME"><i class="parameter"><tt>deadtime</tt></i></a></p></li><li><p><a href="#DEBUGHIRESTIMESTAMP"><i class="parameter"><tt>debug hires timestamp</tt></i></a></p></li><li><p><a href="#DEBUGLEVEL"><i class="parameter"><tt>debuglevel</tt></i></a></p></li><li><p><a href="#DEBUGPID"><i class="parameter"><tt>debug pid</tt></i></a></p></li><li><p><a href="#DEBUGTIMESTAMP"><i class="parameter"><tt>debug timestamp</tt></i></a></p></li><li><p><a href="#DEBUGUID"><i class="parameter"><tt>debug uid</tt></i></a></p></li><li><p><a href="#DEFAULTSERVICE"><i class="parameter"><tt>default service</tt></i></a></p></li><li><p><a href="#DEFAULT"><i class="parameter"><tt>default</tt></i></a></p></li><li><p><a href="#DELETEGROUPSCRIPT"><i class="parameter"><tt>delete group script</tt></i></a></p></li><li><p><a href="#DELETEPRINTERCOMMAND"><i class="parameter"><tt>deleteprinter command</tt></i></a></p></li><li><p><a href="#DELETESHARECOMMAND"><i class="parameter"><tt>delete share command</tt></i></a></p></li><li><p><a href="#DELETEUSERFROMGROUPSCRIPT"><i class="parameter"><tt>delete user from group script</tt></i></a></p></li><li><p><a href="#DELETEUSERSCRIPT"><i class="parameter"><tt>delete user script</tt></i></a></p></li><li><p><a href="#DFREECOMMAND"><i class="parameter"><tt>dfree command</tt></i></a></p></li><li><p><a href="#DISABLENETBIOS"><i class="parameter"><tt>disable netbios</tt></i></a></p></li><li><p><a href="#DISABLESPOOLSS"><i class="parameter"><tt>disable spoolss</tt></i></a></p></li><li><p><a href="#DISPLAYCHARSET"><i class="parameter"><tt>display charset</tt></i></a></p></li><li><p><a href="#DNSPROXY"><i class="parameter"><tt>dns proxy</tt></i></a></p></li><li><p><a href="#DOMAINLOGONS"><i class="parameter"><tt>domain logons</tt></i></a></p></li><li><p><a href="#DOMAINMASTER"><i class="parameter"><tt>domain master</tt></i></a></p></li><li><p><a href="#DOSCHARSET"><i class="parameter"><tt>dos charset</tt></i></a></p></li><li><p><a href="#ENABLERIDALGORITHM"><i class="parameter"><tt>enable rid algorithm</tt></i></a></p></li><li><p><a href="#ENCRYPTPASSWORDS"><i class="parameter"><tt>encrypt passwords</tt></i></a></p></li><li><p><a href="#ENHANCEDBROWSING"><i class="parameter"><tt>enhanced browsing</tt></i></a></p></li><li><p><a href="#ENUMPORTSCOMMAND"><i class="parameter"><tt>enumports command</tt></i></a></p></li><li><p><a href="#GETQUOTACOMMAND"><i class="parameter"><tt>get quota command</tt></i></a></p></li><li><p><a href="#GETWDCACHE"><i class="parameter"><tt>getwd cache</tt></i></a></p></li><li><p><a href="#GUESTACCOUNT"><i class="parameter"><tt>guest account</tt></i></a></p></li><li><p><a href="#HIDELOCALUSERS"><i class="parameter"><tt>hide local users</tt></i></a></p></li><li><p><a href="#HOMEDIRMAP"><i class="parameter"><tt>homedir map</tt></i></a></p></li><li><p><a href="#HOSTMSDFS"><i class="parameter"><tt>host msdfs</tt></i></a></p></li><li><p><a href="#HOSTNAMELOOKUPS"><i class="parameter"><tt>hostname lookups</tt></i></a></p></li><li><p><a href="#HOSTSEQUIV"><i class="parameter"><tt>hosts equiv</tt></i></a></p></li><li><p><a href="#IDMAPBACKEND"><i class="parameter"><tt>idmap backend</tt></i></a></p></li><li><p><a href="#IDMAPGID"><i class="parameter"><tt>idmap gid</tt></i></a></p></li><li><p><a href="#IDMAPUID"><i class="parameter"><tt>idmap uid</tt></i></a></p></li><li><p><a href="#INCLUDE"><i class="parameter"><tt>include</tt></i></a></p></li><li><p><a href="#INTERFACES"><i class="parameter"><tt>interfaces</tt></i></a></p></li><li><p><a href="#KEEPALIVE"><i class="parameter"><tt>keepalive</tt></i></a></p></li><li><p><a href="#KERNELOPLOCKS"><i class="parameter"><tt>kernel oplocks</tt></i></a></p></li><li><p><a href="#LANMANAUTH"><i class="parameter"><tt>lanman auth</tt></i></a></p></li><li><p><a href="#LARGEREADWRITE"><i class="parameter"><tt>large readwrite</tt></i></a></p></li><li><p><a href="#LDAPADMINDN"><i class="parameter"><tt>ldap admin dn</tt></i></a></p></li><li><p><a href="#LDAPDELETEDN"><i class="parameter"><tt>ldap delete dn</tt></i></a></p></li><li><p><a href="#LDAPFILTER"><i class="parameter"><tt>ldap filter</tt></i></a></p></li><li><p><a href="#LDAPMACHINESUFFIX"><i class="parameter"><tt>ldap machine suffix</tt></i></a></p></li><li><p><a href="#LDAPPASSWDSYNC"><i class="parameter"><tt>ldap passwd sync</tt></i></a></p></li><li><p><a href="#LDAPPORT"><i class="parameter"><tt>ldap port</tt></i></a></p></li><li><p><a href="#LDAPSERVER"><i class="parameter"><tt>ldap server</tt></i></a></p></li><li><p><a href="#LDAPSSL"><i class="parameter"><tt>ldap ssl</tt></i></a></p></li><li><p><a href="#LDAPSUFFIX"><i class="parameter"><tt>ldap suffix</tt></i></a></p></li><li><p><a href="#LDAPTRUSTIDS"><i class="parameter"><tt>ldap trust ids</tt></i></a></p></li><li><p><a href="#LDAPUSERSUFFIX"><i class="parameter"><tt>ldap user suffix</tt></i></a></p></li><li><p><a href="#LMANNOUNCE"><i class="parameter"><tt>lm announce</tt></i></a></p></li><li><p><a href="#LMINTERVAL"><i class="parameter"><tt>lm interval</tt></i></a></p></li><li><p><a href="#LOADPRINTERS"><i class="parameter"><tt>load printers</tt></i></a></p></li><li><p><a href="#LOCALMASTER"><i class="parameter"><tt>local master</tt></i></a></p></li><li><p><a href="#LOCKDIRECTORY"><i class="parameter"><tt>lock directory</tt></i></a></p></li><li><p><a href="#LOCKDIR"><i class="parameter"><tt>lock dir</tt></i></a></p></li><li><p><a href="#LOCKSPINCOUNT"><i class="parameter"><tt>lock spin count</tt></i></a></p></li><li><p><a href="#LOCKSPINTIME"><i class="parameter"><tt>lock spin time</tt></i></a></p></li><li><p><a href="#LOGFILE"><i class="parameter"><tt>log file</tt></i></a></p></li><li><p><a href="#LOGLEVEL"><i class="parameter"><tt>log level</tt></i></a></p></li><li><p><a href="#LOGONDRIVE"><i class="parameter"><tt>logon drive</tt></i></a></p></li><li><p><a href="#LOGONHOME"><i class="parameter"><tt>logon home</tt></i></a></p></li><li><p><a href="#LOGONPATH"><i class="parameter"><tt>logon path</tt></i></a></p></li><li><p><a href="#LOGONSCRIPT"><i class="parameter"><tt>logon script</tt></i></a></p></li><li><p><a href="#LPQCACHETIME"><i class="parameter"><tt>lpq cache time</tt></i></a></p></li><li><p><a href="#MACHINEPASSWORDTIMEOUT"><i class="parameter"><tt>machine password timeout</tt></i></a></p></li><li><p><a href="#MANGLEDSTACK"><i class="parameter"><tt>mangled stack</tt></i></a></p></li><li><p><a href="#MANGLEPREFIX"><i class="parameter"><tt>mangle prefix</tt></i></a></p></li><li><p><a href="#MANGLINGMETHOD"><i class="parameter"><tt>mangling method</tt></i></a></p></li><li><p><a href="#MAPTOGUEST"><i class="parameter"><tt>map to guest</tt></i></a></p></li><li><p><a href="#MAXDISKSIZE"><i class="parameter"><tt>max disk size</tt></i></a></p></li><li><p><a href="#MAXLOGSIZE"><i class="parameter"><tt>max log size</tt></i></a></p></li><li><p><a href="#MAXMUX"><i class="parameter"><tt>max mux</tt></i></a></p></li><li><p><a href="#MAXOPENFILES"><i class="parameter"><tt>max open files</tt></i></a></p></li><li><p><a href="#MAXPROTOCOL"><i class="parameter"><tt>max protocol</tt></i></a></p></li><li><p><a href="#MAXSMBDPROCESSES"><i class="parameter"><tt>max smbd processes</tt></i></a></p></li><li><p><a href="#MAXTTL"><i class="parameter"><tt>max ttl</tt></i></a></p></li><li><p><a href="#MAXWINSTTL"><i class="parameter"><tt>max wins ttl</tt></i></a></p></li><li><p><a href="#MAXXMIT"><i class="parameter"><tt>max xmit</tt></i></a></p></li><li><p><a href="#MESSAGECOMMAND"><i class="parameter"><tt>message command</tt></i></a></p></li><li><p><a href="#MINPASSWDLENGTH"><i class="parameter"><tt>min passwd length</tt></i></a></p></li><li><p><a href="#MINPASSWORDLENGTH"><i class="parameter"><tt>min password length</tt></i></a></p></li><li><p><a href="#MINPROTOCOL"><i class="parameter"><tt>min protocol</tt></i></a></p></li><li><p><a href="#MINWINSTTL"><i class="parameter"><tt>min wins ttl</tt></i></a></p></li><li><p><a href="#NAMECACHETIMEOUT"><i class="parameter"><tt>name cache timeout</tt></i></a></p></li><li><p><a href="#NAMERESOLVEORDER"><i class="parameter"><tt>name resolve order</tt></i></a></p></li><li><p><a href="#NETBIOSALIASES"><i class="parameter"><tt>netbios aliases</tt></i></a></p></li><li><p><a href="#NETBIOSNAME"><i class="parameter"><tt>netbios name</tt></i></a></p></li><li><p><a href="#NETBIOSSCOPE"><i class="parameter"><tt>netbios scope</tt></i></a></p></li><li><p><a href="#NISHOMEDIR"><i class="parameter"><tt>nis homedir</tt></i></a></p></li><li><p><a href="#NTLMAUTH"><i class="parameter"><tt>ntlm auth</tt></i></a></p></li><li><p><a href="#NTPIPESUPPORT"><i class="parameter"><tt>nt pipe support</tt></i></a></p></li><li><p><a href="#NTSTATUSSUPPORT"><i class="parameter"><tt>nt status support</tt></i></a></p></li><li><p><a href="#NULLPASSWORDS"><i class="parameter"><tt>null passwords</tt></i></a></p></li><li><p><a href="#OBEYPAMRESTRICTIONS"><i class="parameter"><tt>obey pam restrictions</tt></i></a></p></li><li><p><a href="#OPLOCKBREAKWAITTIME"><i class="parameter"><tt>oplock break wait time</tt></i></a></p></li><li><p><a href="#OS2DRIVERMAP"><i class="parameter"><tt>os2 driver map</tt></i></a></p></li><li><p><a href="#OSLEVEL"><i class="parameter"><tt>os level</tt></i></a></p></li><li><p><a href="#PAMPASSWORDCHANGE"><i class="parameter"><tt>pam password change</tt></i></a></p></li><li><p><a href="#PANICACTION"><i class="parameter"><tt>panic action</tt></i></a></p></li><li><p><a href="#PARANOIDSERVERSECURITY"><i class="parameter"><tt>paranoid server security</tt></i></a></p></li><li><p><a href="#PASSDBBACKEND"><i class="parameter"><tt>passdb backend</tt></i></a></p></li><li><p><a href="#PASSWDCHATDEBUG"><i class="parameter"><tt>passwd chat debug</tt></i></a></p></li><li><p><a href="#PASSWDCHAT"><i class="parameter"><tt>passwd chat</tt></i></a></p></li><li><p><a href="#PASSWDPROGRAM"><i class="parameter"><tt>passwd program</tt></i></a></p></li><li><p><a href="#PASSWORDLEVEL"><i class="parameter"><tt>password level</tt></i></a></p></li><li><p><a href="#PASSWORDSERVER"><i class="parameter"><tt>password server</tt></i></a></p></li><li><p><a href="#PIDDIRECTORY"><i class="parameter"><tt>pid directory</tt></i></a></p></li><li><p><a href="#PREFEREDMASTER"><i class="parameter"><tt>prefered master</tt></i></a></p></li><li><p><a href="#PREFERREDMASTER"><i class="parameter"><tt>preferred master</tt></i></a></p></li><li><p><a href="#PRELOADMODULES"><i class="parameter"><tt>preload modules</tt></i></a></p></li><li><p><a href="#PRELOAD"><i class="parameter"><tt>preload</tt></i></a></p></li><li><p><a href="#PRINTCAP"><i class="parameter"><tt>printcap</tt></i></a></p></li><li><p><a href="#PRIVATEDIR"><i class="parameter"><tt>private dir</tt></i></a></p></li><li><p><a href="#PROTOCOL"><i class="parameter"><tt>protocol</tt></i></a></p></li><li><p><a href="#READBMPX"><i class="parameter"><tt>read bmpx</tt></i></a></p></li><li><p><a href="#READRAW"><i class="parameter"><tt>read raw</tt></i></a></p></li><li><p><a href="#READSIZE"><i class="parameter"><tt>read size</tt></i></a></p></li><li><p><a href="#REALM"><i class="parameter"><tt>realm</tt></i></a></p></li><li><p><a href="#REMOTEANNOUNCE"><i class="parameter"><tt>remote announce</tt></i></a></p></li><li><p><a href="#REMOTEBROWSESYNC"><i class="parameter"><tt>remote browse sync</tt></i></a></p></li><li><p><a href="#RESTRICTANONYMOUS"><i class="parameter"><tt>restrict anonymous</tt></i></a></p></li><li><p><a href="#ROOTDIRECTORY"><i class="parameter"><tt>root directory</tt></i></a></p></li><li><p><a href="#ROOTDIR"><i class="parameter"><tt>root dir</tt></i></a></p></li><li><p><a href="#ROOT"><i class="parameter"><tt>root</tt></i></a></p></li><li><p><a href="#SECURITY"><i class="parameter"><tt>security</tt></i></a></p></li><li><p><a href="#SERVERSCHANNEL"><i class="parameter"><tt>server schannel</tt></i></a></p></li><li><p><a href="#SERVERSTRING"><i class="parameter"><tt>server string</tt></i></a></p></li><li><p><a href="#SETPRIMARYGROUPSCRIPT"><i class="parameter"><tt>set primary group script</tt></i></a></p></li><li><p><a href="#SETQUOTACOMMAND"><i class="parameter"><tt>set quota command</tt></i></a></p></li><li><p><a href="#SHOWADDPRINTERWIZARD"><i class="parameter"><tt>show add printer wizard</tt></i></a></p></li><li><p><a href="#SHUTDOWNSCRIPT"><i class="parameter"><tt>shutdown script</tt></i></a></p></li><li><p><a href="#SMBPASSWDFILE"><i class="parameter"><tt>smb passwd file</tt></i></a></p></li><li><p><a href="#SMBPORTS"><i class="parameter"><tt>smb ports</tt></i></a></p></li><li><p><a href="#SOCKETADDRESS"><i class="parameter"><tt>socket address</tt></i></a></p></li><li><p><a href="#SOCKETOPTIONS"><i class="parameter"><tt>socket options</tt></i></a></p></li><li><p><a href="#SOURCEENVIRONMENT"><i class="parameter"><tt>source environment</tt></i></a></p></li><li><p><a href="#STATCACHE"><i class="parameter"><tt>stat cache</tt></i></a></p></li><li><p><a href="#STRIPDOT"><i class="parameter"><tt>strip dot</tt></i></a></p></li><li><p><a href="#SYSLOGONLY"><i class="parameter"><tt>syslog only</tt></i></a></p></li><li><p><a href="#SYSLOG"><i class="parameter"><tt>syslog</tt></i></a></p></li><li><p><a href="#TEMPLATEHOMEDIR"><i class="parameter"><tt>template homedir</tt></i></a></p></li><li><p><a href="#TEMPLATEPRIMARYGROUP"><i class="parameter"><tt>template primary group</tt></i></a></p></li><li><p><a href="#TEMPLATESHELL"><i class="parameter"><tt>template shell</tt></i></a></p></li><li><p><a href="#TIMEOFFSET"><i class="parameter"><tt>time offset</tt></i></a></p></li><li><p><a href="#TIMESERVER"><i class="parameter"><tt>time server</tt></i></a></p></li><li><p><a href="#TIMESTAMPLOGS"><i class="parameter"><tt>timestamp logs</tt></i></a></p></li><li><p><a href="#UNICODE"><i class="parameter"><tt>unicode</tt></i></a></p></li><li><p><a href="#UNIXCHARSET"><i class="parameter"><tt>unix charset</tt></i></a></p></li><li><p><a href="#UNIXEXTENSIONS"><i class="parameter"><tt>unix extensions</tt></i></a></p></li><li><p><a href="#UNIXPASSWORDSYNC"><i class="parameter"><tt>unix password sync</tt></i></a></p></li><li><p><a href="#UPDATEENCRYPTED"><i class="parameter"><tt>update encrypted</tt></i></a></p></li><li><p><a href="#USEMMAP"><i class="parameter"><tt>use mmap</tt></i></a></p></li><li><p><a href="#USERNAMELEVEL"><i class="parameter"><tt>username level</tt></i></a></p></li><li><p><a href="#USERNAMEMAP"><i class="parameter"><tt>username map</tt></i></a></p></li><li><p><a href="#USESPNEGO"><i class="parameter"><tt>use spnego</tt></i></a></p></li><li><p><a href="#UTMPDIRECTORY"><i class="parameter"><tt>utmp directory</tt></i></a></p></li><li><p><a href="#UTMP"><i class="parameter"><tt>utmp</tt></i></a></p></li><li><p><a href="#WINBINDCACHETIME"><i class="parameter"><tt>winbind cache time</tt></i></a></p></li><li><p><a href="#WINBINDENABLELOCALACCOUNTS"><i class="parameter"><tt>winbind enable local accounts</tt></i></a></p></li><li><p><a href="#WINBINDENUMGROUPS"><i class="parameter"><tt>winbind enum groups</tt></i></a></p></li><li><p><a href="#WINBINDENUMUSERS"><i class="parameter"><tt>winbind enum users</tt></i></a></p></li><li><p><a href="#WINBINDGID"><i class="parameter"><tt>winbind gid</tt></i></a></p></li><li><p><a href="#WINBINDSEPARATOR"><i class="parameter"><tt>winbind separator</tt></i></a></p></li><li><p><a href="#WINBINDTRUSTEDDOMAINSONLY"><i class="parameter"><tt>winbind trusted domains only</tt></i></a></p></li><li><p><a href="#WINBINDUID"><i class="parameter"><tt>winbind uid</tt></i></a></p></li><li><p><a href="#WINBINDUSEDEFAULTDOMAIN"><i class="parameter"><tt>winbind use default domain</tt></i></a></p></li><li><p><a href="#WINSHOOK"><i class="parameter"><tt>wins hook</tt></i></a></p></li><li><p><a href="#WINSPARTNERS"><i class="parameter"><tt>wins partners</tt></i></a></p></li><li><p><a href="#WINSPROXY"><i class="parameter"><tt>wins proxy</tt></i></a></p></li><li><p><a href="#WINSSERVER"><i class="parameter"><tt>wins server</tt></i></a></p></li><li><p><a href="#WINSSUPPORT"><i class="parameter"><tt>wins support</tt></i></a></p></li><li><p><a href="#WORKGROUP"><i class="parameter"><tt>workgroup</tt></i></a></p></li><li><p><a href="#WRITERAW"><i class="parameter"><tt>write raw</tt></i></a></p></li><li><p><a href="#WTMPDIRECTORY"><i class="parameter"><tt>wtmp directory</tt></i></a></p></li></ul></div></div><div class="refsect1" lang="en"><h2>COMPLETE LIST OF SERVICE PARAMETERS</h2><p>Here is a list of all service parameters. See the section on - each parameter for details. Note that some are synonyms.</p><div class="itemizedlist"><ul type="disc"><li><p><a href="#ADMINUSERS"><i class="parameter"><tt>admin users</tt></i></a></p></li><li><p><a href="#ALLOWHOSTS"><i class="parameter"><tt>allow hosts</tt></i></a></p></li><li><p><a href="#AVAILABLE"><i class="parameter"><tt>available</tt></i></a></p></li><li><p><a href="#BLOCKINGLOCKS"><i class="parameter"><tt>blocking locks</tt></i></a></p></li><li><p><a href="#BLOCKSIZE"><i class="parameter"><tt>block size</tt></i></a></p></li><li><p><a href="#BROWSABLE"><i class="parameter"><tt>browsable</tt></i></a></p></li><li><p><a href="#BROWSEABLE"><i class="parameter"><tt>browseable</tt></i></a></p></li><li><p><a href="#CASESENSITIVE"><i class="parameter"><tt>case sensitive</tt></i></a></p></li><li><p><a href="#CASESIGNAMES"><i class="parameter"><tt>casesignames</tt></i></a></p></li><li><p><a href="#COMMENT"><i class="parameter"><tt>comment</tt></i></a></p></li><li><p><a href="#COPY"><i class="parameter"><tt>copy</tt></i></a></p></li><li><p><a href="#CREATEMASK"><i class="parameter"><tt>create mask</tt></i></a></p></li><li><p><a href="#CREATEMODE"><i class="parameter"><tt>create mode</tt></i></a></p></li><li><p><a href="#CSCPOLICY"><i class="parameter"><tt>csc policy</tt></i></a></p></li><li><p><a href="#DEFAULTCASE"><i class="parameter"><tt>default case</tt></i></a></p></li><li><p><a href="#DEFAULTDEVMODE"><i class="parameter"><tt>default devmode</tt></i></a></p></li><li><p><a href="#DELETEREADONLY"><i class="parameter"><tt>delete readonly</tt></i></a></p></li><li><p><a href="#DELETEVETOFILES"><i class="parameter"><tt>delete veto files</tt></i></a></p></li><li><p><a href="#DENYHOSTS"><i class="parameter"><tt>deny hosts</tt></i></a></p></li><li><p><a href="#DIRECTORYMASK"><i class="parameter"><tt>directory mask</tt></i></a></p></li><li><p><a href="#DIRECTORYMODE"><i class="parameter"><tt>directory mode</tt></i></a></p></li><li><p><a href="#DIRECTORYSECURITYMASK"><i class="parameter"><tt>directory security mask</tt></i></a></p></li><li><p><a href="#DIRECTORY"><i class="parameter"><tt>directory</tt></i></a></p></li><li><p><a href="#DONTDESCEND"><i class="parameter"><tt>dont descend</tt></i></a></p></li><li><p><a href="#DOSFILEMODE"><i class="parameter"><tt>dos filemode</tt></i></a></p></li><li><p><a href="#DOSFILETIMERESOLUTION"><i class="parameter"><tt>dos filetime resolution</tt></i></a></p></li><li><p><a href="#DOSFILETIMES"><i class="parameter"><tt>dos filetimes</tt></i></a></p></li><li><p><a href="#EXEC"><i class="parameter"><tt>exec</tt></i></a></p></li><li><p><a href="#FAKEDIRECTORYCREATETIMES"><i class="parameter"><tt>fake directory create times</tt></i></a></p></li><li><p><a href="#FAKEOPLOCKS"><i class="parameter"><tt>fake oplocks</tt></i></a></p></li><li><p><a href="#FOLLOWSYMLINKS"><i class="parameter"><tt>follow symlinks</tt></i></a></p></li><li><p><a href="#FORCECREATEMODE"><i class="parameter"><tt>force create mode</tt></i></a></p></li><li><p><a href="#FORCEDIRECTORYMODE"><i class="parameter"><tt>force directory mode</tt></i></a></p></li><li><p><a href="#FORCEDIRECTORYSECURITYMODE"><i class="parameter"><tt>force directory security mode</tt></i></a></p></li><li><p><a href="#FORCEGROUP"><i class="parameter"><tt>force group</tt></i></a></p></li><li><p><a href="#FORCESECURITYMODE"><i class="parameter"><tt>force security mode</tt></i></a></p></li><li><p><a href="#FORCEUSER"><i class="parameter"><tt>force user</tt></i></a></p></li><li><p><a href="#FSTYPE"><i class="parameter"><tt>fstype</tt></i></a></p></li><li><p><a href="#GROUP"><i class="parameter"><tt>group</tt></i></a></p></li><li><p><a href="#GUESTACCOUNT"><i class="parameter"><tt>guest account</tt></i></a></p></li><li><p><a href="#GUESTOK"><i class="parameter"><tt>guest ok</tt></i></a></p></li><li><p><a href="#GUESTONLY"><i class="parameter"><tt>guest only</tt></i></a></p></li><li><p><a href="#HIDEDOTFILES"><i class="parameter"><tt>hide dot files</tt></i></a></p></li><li><p><a href="#HIDEFILES"><i class="parameter"><tt>hide files</tt></i></a></p></li><li><p><a href="#HIDESPECIALFILES"><i class="parameter"><tt>hide special files</tt></i></a></p></li><li><p><a href="#HIDEUNREADABLE"><i class="parameter"><tt>hide unreadable</tt></i></a></p></li><li><p><a href="#HIDEUNWRITEABLEFILES"><i class="parameter"><tt>hide unwriteable files</tt></i></a></p></li><li><p><a href="#HOSTSALLOW"><i class="parameter"><tt>hosts allow</tt></i></a></p></li><li><p><a href="#HOSTSDENY"><i class="parameter"><tt>hosts deny</tt></i></a></p></li><li><p><a href="#INHERITACLS"><i class="parameter"><tt>inherit acls</tt></i></a></p></li><li><p><a href="#INHERITPERMISSIONS"><i class="parameter"><tt>inherit permissions</tt></i></a></p></li><li><p><a href="#INVALIDUSERS"><i class="parameter"><tt>invalid users</tt></i></a></p></li><li><p><a href="#LEVEL2OPLOCKS"><i class="parameter"><tt>level2 oplocks</tt></i></a></p></li><li><p><a href="#LOCKING"><i class="parameter"><tt>locking</tt></i></a></p></li><li><p><a href="#LPPAUSECOMMAND"><i class="parameter"><tt>lppause command</tt></i></a></p></li><li><p><a href="#LPQCOMMAND"><i class="parameter"><tt>lpq command</tt></i></a></p></li><li><p><a href="#LPRESUMECOMMAND"><i class="parameter"><tt>lpresume command</tt></i></a></p></li><li><p><a href="#LPRMCOMMAND"><i class="parameter"><tt>lprm command</tt></i></a></p></li><li><p><a href="#MAGICOUTPUT"><i class="parameter"><tt>magic output</tt></i></a></p></li><li><p><a href="#MAGICSCRIPT"><i class="parameter"><tt>magic script</tt></i></a></p></li><li><p><a href="#MANGLECASE"><i class="parameter"><tt>mangle case</tt></i></a></p></li><li><p><a href="#MANGLEDMAP"><i class="parameter"><tt>mangled map</tt></i></a></p></li><li><p><a href="#MANGLEDNAMES"><i class="parameter"><tt>mangled names</tt></i></a></p></li><li><p><a href="#MANGLINGCHAR"><i class="parameter"><tt>mangling char</tt></i></a></p></li><li><p><a href="#MAPACLINHERIT"><i class="parameter"><tt>map acl inherit</tt></i></a></p></li><li><p><a href="#MAPARCHIVE"><i class="parameter"><tt>map archive</tt></i></a></p></li><li><p><a href="#MAPHIDDEN"><i class="parameter"><tt>map hidden</tt></i></a></p></li><li><p><a href="#MAPSYSTEM"><i class="parameter"><tt>map system</tt></i></a></p></li><li><p><a href="#MAXCONNECTIONS"><i class="parameter"><tt>max connections</tt></i></a></p></li><li><p><a href="#MAXPRINTJOBS"><i class="parameter"><tt>max print jobs</tt></i></a></p></li><li><p><a href="#MAXREPORTEDPRINTJOBS"><i class="parameter"><tt>max reported print jobs</tt></i></a></p></li><li><p><a href="#MINPRINTSPACE"><i class="parameter"><tt>min print space</tt></i></a></p></li><li><p><a href="#MSDFSPROXY"><i class="parameter"><tt>msdfs proxy</tt></i></a></p></li><li><p><a href="#MSDFSROOT"><i class="parameter"><tt>msdfs root</tt></i></a></p></li><li><p><a href="#NTACLSUPPORT"><i class="parameter"><tt>nt acl support</tt></i></a></p></li><li><p><a href="#ONLYGUEST"><i class="parameter"><tt>only guest</tt></i></a></p></li><li><p><a href="#ONLYUSER"><i class="parameter"><tt>only user</tt></i></a></p></li><li><p><a href="#OPLOCKCONTENTIONLIMIT"><i class="parameter"><tt>oplock contention limit</tt></i></a></p></li><li><p><a href="#OPLOCKS"><i class="parameter"><tt>oplocks</tt></i></a></p></li><li><p><a href="#PATH"><i class="parameter"><tt>path</tt></i></a></p></li><li><p><a href="#POSIXLOCKING"><i class="parameter"><tt>posix locking</tt></i></a></p></li><li><p><a href="#POSTEXEC"><i class="parameter"><tt>postexec</tt></i></a></p></li><li><p><a href="#PREEXECCLOSE"><i class="parameter"><tt>preexec close</tt></i></a></p></li><li><p><a href="#PREEXEC"><i class="parameter"><tt>preexec</tt></i></a></p></li><li><p><a href="#PRESERVECASE"><i class="parameter"><tt>preserve case</tt></i></a></p></li><li><p><a href="#PRINTABLE"><i class="parameter"><tt>printable</tt></i></a></p></li><li><p><a href="#PRINTCAPNAME"><i class="parameter"><tt>printcap name</tt></i></a></p></li><li><p><a href="#PRINTCOMMAND"><i class="parameter"><tt>print command</tt></i></a></p></li><li><p><a href="#PRINTERADMIN"><i class="parameter"><tt>printer admin</tt></i></a></p></li><li><p><a href="#PRINTERNAME"><i class="parameter"><tt>printer name</tt></i></a></p></li><li><p><a href="#PRINTER"><i class="parameter"><tt>printer</tt></i></a></p></li><li><p><a href="#PRINTING"><i class="parameter"><tt>printing</tt></i></a></p></li><li><p><a href="#PRINTOK"><i class="parameter"><tt>print ok</tt></i></a></p></li><li><p><a href="#PROFILEACLS"><i class="parameter"><tt>profile acls</tt></i></a></p></li><li><p><a href="#PUBLIC"><i class="parameter"><tt>public</tt></i></a></p></li><li><p><a href="#QUEUEPAUSECOMMAND"><i class="parameter"><tt>queuepause command</tt></i></a></p></li><li><p><a href="#QUEUERESUMECOMMAND"><i class="parameter"><tt>queueresume command</tt></i></a></p></li><li><p><a href="#READLIST"><i class="parameter"><tt>read list</tt></i></a></p></li><li><p><a href="#READONLY"><i class="parameter"><tt>read only</tt></i></a></p></li><li><p><a href="#ROOTPOSTEXEC"><i class="parameter"><tt>root postexec</tt></i></a></p></li><li><p><a href="#ROOTPREEXECCLOSE"><i class="parameter"><tt>root preexec close</tt></i></a></p></li><li><p><a href="#ROOTPREEXEC"><i class="parameter"><tt>root preexec</tt></i></a></p></li><li><p><a href="#SECURITYMASK"><i class="parameter"><tt>security mask</tt></i></a></p></li><li><p><a href="#SETDIRECTORY"><i class="parameter"><tt>set directory</tt></i></a></p></li><li><p><a href="#SHAREMODES"><i class="parameter"><tt>share modes</tt></i></a></p></li><li><p><a href="#SHORTPRESERVECASE"><i class="parameter"><tt>short preserve case</tt></i></a></p></li><li><p><a href="#STRICTALLOCATE"><i class="parameter"><tt>strict allocate</tt></i></a></p></li><li><p><a href="#STRICTLOCKING"><i class="parameter"><tt>strict locking</tt></i></a></p></li><li><p><a href="#STRICTSYNC"><i class="parameter"><tt>strict sync</tt></i></a></p></li><li><p><a href="#SYNCALWAYS"><i class="parameter"><tt>sync always</tt></i></a></p></li><li><p><a href="#USECLIENTDRIVER"><i class="parameter"><tt>use client driver</tt></i></a></p></li><li><p><a href="#USERNAME"><i class="parameter"><tt>username</tt></i></a></p></li><li><p><a href="#USERS"><i class="parameter"><tt>users</tt></i></a></p></li><li><p><a href="#USER"><i class="parameter"><tt>user</tt></i></a></p></li><li><p><a href="#USESENDFILE"><i class="parameter"><tt>use sendfile</tt></i></a></p></li><li><p><a href="#VALIDUSERS"><i class="parameter"><tt>valid users</tt></i></a></p></li><li><p><a href="#-VALID"><i class="parameter"><tt>-valid</tt></i></a></p></li><li><p><a href="#VETOFILES"><i class="parameter"><tt>veto files</tt></i></a></p></li><li><p><a href="#VETOOPLOCKFILES"><i class="parameter"><tt>veto oplock files</tt></i></a></p></li><li><p><a href="#VFSOBJECTS"><i class="parameter"><tt>vfs objects</tt></i></a></p></li><li><p><a href="#VFSOBJECT"><i class="parameter"><tt>vfs object</tt></i></a></p></li><li><p><a href="#VOLUME"><i class="parameter"><tt>volume</tt></i></a></p></li><li><p><a href="#WIDELINKS"><i class="parameter"><tt>wide links</tt></i></a></p></li><li><p><a href="#WRITABLE"><i class="parameter"><tt>writable</tt></i></a></p></li><li><p><a href="#WRITEABLE"><i class="parameter"><tt>writeable</tt></i></a></p></li><li><p><a href="#WRITECACHESIZE"><i class="parameter"><tt>write cache size</tt></i></a></p></li><li><p><a href="#WRITELIST"><i class="parameter"><tt>write list</tt></i></a></p></li><li><p><a href="#WRITEOK"><i class="parameter"><tt>write ok</tt></i></a></p></li></ul></div></div><div class="refsect1" lang="en"><h2>EXPLANATION OF EACH PARAMETER</h2><div class="variablelist"><dl><dt><span class="term"><a name="ABORTSHUTDOWNSCRIPT"></a>abort shutdown script (G)</span></dt><dd><p><span class="emphasis"><em>This parameter only exists in the HEAD cvs branch</em></span> + each parameter for details. Note that some are synonyms.</p><div class="itemizedlist"><ul type="disc"><li><p><a href="#ABORTSHUTDOWNSCRIPT"><i class="parameter"><tt>abort shutdown script</tt></i></a></p></li><li><p><a href="#ADDGROUPSCRIPT"><i class="parameter"><tt>add group script</tt></i></a></p></li><li><p><a href="#ADDMACHINESCRIPT"><i class="parameter"><tt>add machine script</tt></i></a></p></li><li><p><a href="#ADDPRINTERCOMMAND"><i class="parameter"><tt>addprinter command</tt></i></a></p></li><li><p><a href="#ADDSHARECOMMAND"><i class="parameter"><tt>add share command</tt></i></a></p></li><li><p><a href="#ADDUSERSCRIPT"><i class="parameter"><tt>add user script</tt></i></a></p></li><li><p><a href="#ADDUSERTOGROUPSCRIPT"><i class="parameter"><tt>add user to group script</tt></i></a></p></li><li><p><a href="#ALGORITHMICRIDBASE"><i class="parameter"><tt>algorithmic rid base</tt></i></a></p></li><li><p><a href="#ALLOWTRUSTEDDOMAINS"><i class="parameter"><tt>allow trusted domains</tt></i></a></p></li><li><p><a href="#ANNOUNCEAS"><i class="parameter"><tt>announce as</tt></i></a></p></li><li><p><a href="#ANNOUNCEVERSION"><i class="parameter"><tt>announce version</tt></i></a></p></li><li><p><a href="#AUTHMETHODS"><i class="parameter"><tt>auth methods</tt></i></a></p></li><li><p><a href="#AUTOSERVICES"><i class="parameter"><tt>auto services</tt></i></a></p></li><li><p><a href="#BINDINTERFACESONLY"><i class="parameter"><tt>bind interfaces only</tt></i></a></p></li><li><p><a href="#BROWSELIST"><i class="parameter"><tt>browse list</tt></i></a></p></li><li><p><a href="#CHANGENOTIFYTIMEOUT"><i class="parameter"><tt>change notify timeout</tt></i></a></p></li><li><p><a href="#CHANGESHARECOMMAND"><i class="parameter"><tt>change share command</tt></i></a></p></li><li><p><a href="#CLIENTLANMANAUTH"><i class="parameter"><tt>client lanman auth</tt></i></a></p></li><li><p><a href="#CLIENTNTLMV2AUTH"><i class="parameter"><tt>client ntlmv2 auth</tt></i></a></p></li><li><p><a href="#CLIENTPLAINTEXTAUTH"><i class="parameter"><tt>client plaintext auth</tt></i></a></p></li><li><p><a href="#CLIENTSCHANNEL"><i class="parameter"><tt>client schannel</tt></i></a></p></li><li><p><a href="#CLIENTSIGNING"><i class="parameter"><tt>client signing</tt></i></a></p></li><li><p><a href="#CLIENTUSESPNEGO"><i class="parameter"><tt>client use spnego</tt></i></a></p></li><li><p><a href="#CONFIGFILE"><i class="parameter"><tt>config file</tt></i></a></p></li><li><p><a href="#DEADTIME"><i class="parameter"><tt>deadtime</tt></i></a></p></li><li><p><a href="#DEBUGHIRESTIMESTAMP"><i class="parameter"><tt>debug hires timestamp</tt></i></a></p></li><li><p><a href="#DEBUGLEVEL"><i class="parameter"><tt>debuglevel</tt></i></a></p></li><li><p><a href="#DEBUGPID"><i class="parameter"><tt>debug pid</tt></i></a></p></li><li><p><a href="#DEBUGTIMESTAMP"><i class="parameter"><tt>debug timestamp</tt></i></a></p></li><li><p><a href="#DEBUGUID"><i class="parameter"><tt>debug uid</tt></i></a></p></li><li><p><a href="#DEFAULT"><i class="parameter"><tt>default</tt></i></a></p></li><li><p><a href="#DEFAULTSERVICE"><i class="parameter"><tt>default service</tt></i></a></p></li><li><p><a href="#DELETEGROUPSCRIPT"><i class="parameter"><tt>delete group script</tt></i></a></p></li><li><p><a href="#DELETEPRINTERCOMMAND"><i class="parameter"><tt>deleteprinter command</tt></i></a></p></li><li><p><a href="#DELETESHARECOMMAND"><i class="parameter"><tt>delete share command</tt></i></a></p></li><li><p><a href="#DELETEUSERFROMGROUPSCRIPT"><i class="parameter"><tt>delete user from group script</tt></i></a></p></li><li><p><a href="#DELETEUSERSCRIPT"><i class="parameter"><tt>delete user script</tt></i></a></p></li><li><p><a href="#DFREECOMMAND"><i class="parameter"><tt>dfree command</tt></i></a></p></li><li><p><a href="#DISABLENETBIOS"><i class="parameter"><tt>disable netbios</tt></i></a></p></li><li><p><a href="#DISABLESPOOLSS"><i class="parameter"><tt>disable spoolss</tt></i></a></p></li><li><p><a href="#DISPLAYCHARSET"><i class="parameter"><tt>display charset</tt></i></a></p></li><li><p><a href="#DNSPROXY"><i class="parameter"><tt>dns proxy</tt></i></a></p></li><li><p><a href="#DOMAINLOGONS"><i class="parameter"><tt>domain logons</tt></i></a></p></li><li><p><a href="#DOMAINMASTER"><i class="parameter"><tt>domain master</tt></i></a></p></li><li><p><a href="#DOSCHARSET"><i class="parameter"><tt>dos charset</tt></i></a></p></li><li><p><a href="#ENABLERIDALGORITHM"><i class="parameter"><tt>enable rid algorithm</tt></i></a></p></li><li><p><a href="#ENCRYPTPASSWORDS"><i class="parameter"><tt>encrypt passwords</tt></i></a></p></li><li><p><a href="#ENHANCEDBROWSING"><i class="parameter"><tt>enhanced browsing</tt></i></a></p></li><li><p><a href="#ENUMPORTSCOMMAND"><i class="parameter"><tt>enumports command</tt></i></a></p></li><li><p><a href="#GETQUOTACOMMAND"><i class="parameter"><tt>get quota command</tt></i></a></p></li><li><p><a href="#GETWDCACHE"><i class="parameter"><tt>getwd cache</tt></i></a></p></li><li><p><a href="#GUESTACCOUNT"><i class="parameter"><tt>guest account</tt></i></a></p></li><li><p><a href="#HIDELOCALUSERS"><i class="parameter"><tt>hide local users</tt></i></a></p></li><li><p><a href="#HOMEDIRMAP"><i class="parameter"><tt>homedir map</tt></i></a></p></li><li><p><a href="#HOSTMSDFS"><i class="parameter"><tt>host msdfs</tt></i></a></p></li><li><p><a href="#HOSTNAMELOOKUPS"><i class="parameter"><tt>hostname lookups</tt></i></a></p></li><li><p><a href="#HOSTSEQUIV"><i class="parameter"><tt>hosts equiv</tt></i></a></p></li><li><p><a href="#IDMAPBACKEND"><i class="parameter"><tt>idmap backend</tt></i></a></p></li><li><p><a href="#IDMAPGID"><i class="parameter"><tt>idmap gid</tt></i></a></p></li><li><p><a href="#IDMAPUID"><i class="parameter"><tt>idmap uid</tt></i></a></p></li><li><p><a href="#INCLUDE"><i class="parameter"><tt>include</tt></i></a></p></li><li><p><a href="#INTERFACES"><i class="parameter"><tt>interfaces</tt></i></a></p></li><li><p><a href="#KEEPALIVE"><i class="parameter"><tt>keepalive</tt></i></a></p></li><li><p><a href="#KERNELCHANGENOTIFY"><i class="parameter"><tt>kernel change notify</tt></i></a></p></li><li><p><a href="#KERNELOPLOCKS"><i class="parameter"><tt>kernel oplocks</tt></i></a></p></li><li><p><a href="#LANMANAUTH"><i class="parameter"><tt>lanman auth</tt></i></a></p></li><li><p><a href="#LARGEREADWRITE"><i class="parameter"><tt>large readwrite</tt></i></a></p></li><li><p><a href="#LDAPADMINDN"><i class="parameter"><tt>ldap admin dn</tt></i></a></p></li><li><p><a href="#LDAPDELETEDN"><i class="parameter"><tt>ldap delete dn</tt></i></a></p></li><li><p><a href="#LDAPFILTER"><i class="parameter"><tt>ldap filter</tt></i></a></p></li><li><p><a href="#LDAPGROUPSUFFIX"><i class="parameter"><tt>ldap group suffix</tt></i></a></p></li><li><p><a href="#LDAPIDMAPSUFFIX"><i class="parameter"><tt>ldap idmap suffix</tt></i></a></p></li><li><p><a href="#LDAPMACHINESUFFIX"><i class="parameter"><tt>ldap machine suffix</tt></i></a></p></li><li><p><a href="#LDAPPASSWDSYNC"><i class="parameter"><tt>ldap passwd sync</tt></i></a></p></li><li><p><a href="#LDAPPORT"><i class="parameter"><tt>ldap port</tt></i></a></p></li><li><p><a href="#LDAPSERVER"><i class="parameter"><tt>ldap server</tt></i></a></p></li><li><p><a href="#LDAPSSL"><i class="parameter"><tt>ldap ssl</tt></i></a></p></li><li><p><a href="#LDAPSUFFIX"><i class="parameter"><tt>ldap suffix</tt></i></a></p></li><li><p><a href="#LDAPUSERSUFFIX"><i class="parameter"><tt>ldap user suffix</tt></i></a></p></li><li><p><a href="#LMANNOUNCE"><i class="parameter"><tt>lm announce</tt></i></a></p></li><li><p><a href="#LMINTERVAL"><i class="parameter"><tt>lm interval</tt></i></a></p></li><li><p><a href="#LOADPRINTERS"><i class="parameter"><tt>load printers</tt></i></a></p></li><li><p><a href="#LOCALMASTER"><i class="parameter"><tt>local master</tt></i></a></p></li><li><p><a href="#LOCKDIR"><i class="parameter"><tt>lock dir</tt></i></a></p></li><li><p><a href="#LOCKDIRECTORY"><i class="parameter"><tt>lock directory</tt></i></a></p></li><li><p><a href="#LOCKSPINCOUNT"><i class="parameter"><tt>lock spin count</tt></i></a></p></li><li><p><a href="#LOCKSPINTIME"><i class="parameter"><tt>lock spin time</tt></i></a></p></li><li><p><a href="#LOGFILE"><i class="parameter"><tt>log file</tt></i></a></p></li><li><p><a href="#LOGLEVEL"><i class="parameter"><tt>log level</tt></i></a></p></li><li><p><a href="#LOGONDRIVE"><i class="parameter"><tt>logon drive</tt></i></a></p></li><li><p><a href="#LOGONHOME"><i class="parameter"><tt>logon home</tt></i></a></p></li><li><p><a href="#LOGONPATH"><i class="parameter"><tt>logon path</tt></i></a></p></li><li><p><a href="#LOGONSCRIPT"><i class="parameter"><tt>logon script</tt></i></a></p></li><li><p><a href="#LPQCACHETIME"><i class="parameter"><tt>lpq cache time</tt></i></a></p></li><li><p><a href="#MACHINEPASSWORDTIMEOUT"><i class="parameter"><tt>machine password timeout</tt></i></a></p></li><li><p><a href="#MANGLEDSTACK"><i class="parameter"><tt>mangled stack</tt></i></a></p></li><li><p><a href="#MANGLEPREFIX"><i class="parameter"><tt>mangle prefix</tt></i></a></p></li><li><p><a href="#MANGLINGMETHOD"><i class="parameter"><tt>mangling method</tt></i></a></p></li><li><p><a href="#MAPTOGUEST"><i class="parameter"><tt>map to guest</tt></i></a></p></li><li><p><a href="#MAXDISKSIZE"><i class="parameter"><tt>max disk size</tt></i></a></p></li><li><p><a href="#MAXLOGSIZE"><i class="parameter"><tt>max log size</tt></i></a></p></li><li><p><a href="#MAXMUX"><i class="parameter"><tt>max mux</tt></i></a></p></li><li><p><a href="#MAXOPENFILES"><i class="parameter"><tt>max open files</tt></i></a></p></li><li><p><a href="#MAXPROTOCOL"><i class="parameter"><tt>max protocol</tt></i></a></p></li><li><p><a href="#MAXSMBDPROCESSES"><i class="parameter"><tt>max smbd processes</tt></i></a></p></li><li><p><a href="#MAXTTL"><i class="parameter"><tt>max ttl</tt></i></a></p></li><li><p><a href="#MAXWINSTTL"><i class="parameter"><tt>max wins ttl</tt></i></a></p></li><li><p><a href="#MAXXMIT"><i class="parameter"><tt>max xmit</tt></i></a></p></li><li><p><a href="#MESSAGECOMMAND"><i class="parameter"><tt>message command</tt></i></a></p></li><li><p><a href="#MINPASSWDLENGTH"><i class="parameter"><tt>min passwd length</tt></i></a></p></li><li><p><a href="#MINPASSWORDLENGTH"><i class="parameter"><tt>min password length</tt></i></a></p></li><li><p><a href="#MINPROTOCOL"><i class="parameter"><tt>min protocol</tt></i></a></p></li><li><p><a href="#MINWINSTTL"><i class="parameter"><tt>min wins ttl</tt></i></a></p></li><li><p><a href="#NAMECACHETIMEOUT"><i class="parameter"><tt>name cache timeout</tt></i></a></p></li><li><p><a href="#NAMERESOLVEORDER"><i class="parameter"><tt>name resolve order</tt></i></a></p></li><li><p><a href="#NETBIOSALIASES"><i class="parameter"><tt>netbios aliases</tt></i></a></p></li><li><p><a href="#NETBIOSNAME"><i class="parameter"><tt>netbios name</tt></i></a></p></li><li><p><a href="#NETBIOSSCOPE"><i class="parameter"><tt>netbios scope</tt></i></a></p></li><li><p><a href="#NISHOMEDIR"><i class="parameter"><tt>nis homedir</tt></i></a></p></li><li><p><a href="#NTLMAUTH"><i class="parameter"><tt>ntlm auth</tt></i></a></p></li><li><p><a href="#NTPIPESUPPORT"><i class="parameter"><tt>nt pipe support</tt></i></a></p></li><li><p><a href="#NTSTATUSSUPPORT"><i class="parameter"><tt>nt status support</tt></i></a></p></li><li><p><a href="#NULLPASSWORDS"><i class="parameter"><tt>null passwords</tt></i></a></p></li><li><p><a href="#OBEYPAMRESTRICTIONS"><i class="parameter"><tt>obey pam restrictions</tt></i></a></p></li><li><p><a href="#OPLOCKBREAKWAITTIME"><i class="parameter"><tt>oplock break wait time</tt></i></a></p></li><li><p><a href="#OS2DRIVERMAP"><i class="parameter"><tt>os2 driver map</tt></i></a></p></li><li><p><a href="#OSLEVEL"><i class="parameter"><tt>os level</tt></i></a></p></li><li><p><a href="#PAMPASSWORDCHANGE"><i class="parameter"><tt>pam password change</tt></i></a></p></li><li><p><a href="#PANICACTION"><i class="parameter"><tt>panic action</tt></i></a></p></li><li><p><a href="#PARANOIDSERVERSECURITY"><i class="parameter"><tt>paranoid server security</tt></i></a></p></li><li><p><a href="#PASSDBBACKEND"><i class="parameter"><tt>passdb backend</tt></i></a></p></li><li><p><a href="#PASSWDCHAT"><i class="parameter"><tt>passwd chat</tt></i></a></p></li><li><p><a href="#PASSWDCHATDEBUG"><i class="parameter"><tt>passwd chat debug</tt></i></a></p></li><li><p><a href="#PASSWDPROGRAM"><i class="parameter"><tt>passwd program</tt></i></a></p></li><li><p><a href="#PASSWORDLEVEL"><i class="parameter"><tt>password level</tt></i></a></p></li><li><p><a href="#PASSWORDSERVER"><i class="parameter"><tt>password server</tt></i></a></p></li><li><p><a href="#PIDDIRECTORY"><i class="parameter"><tt>pid directory</tt></i></a></p></li><li><p><a href="#PREFEREDMASTER"><i class="parameter"><tt>prefered master</tt></i></a></p></li><li><p><a href="#PREFERREDMASTER"><i class="parameter"><tt>preferred master</tt></i></a></p></li><li><p><a href="#PRELOAD"><i class="parameter"><tt>preload</tt></i></a></p></li><li><p><a href="#PRELOADMODULES"><i class="parameter"><tt>preload modules</tt></i></a></p></li><li><p><a href="#PRINTCAP"><i class="parameter"><tt>printcap</tt></i></a></p></li><li><p><a href="#PRIVATEDIR"><i class="parameter"><tt>private dir</tt></i></a></p></li><li><p><a href="#PROTOCOL"><i class="parameter"><tt>protocol</tt></i></a></p></li><li><p><a href="#READBMPX"><i class="parameter"><tt>read bmpx</tt></i></a></p></li><li><p><a href="#READRAW"><i class="parameter"><tt>read raw</tt></i></a></p></li><li><p><a href="#READSIZE"><i class="parameter"><tt>read size</tt></i></a></p></li><li><p><a href="#REALM"><i class="parameter"><tt>realm</tt></i></a></p></li><li><p><a href="#REMOTEANNOUNCE"><i class="parameter"><tt>remote announce</tt></i></a></p></li><li><p><a href="#REMOTEBROWSESYNC"><i class="parameter"><tt>remote browse sync</tt></i></a></p></li><li><p><a href="#RESTRICTANONYMOUS"><i class="parameter"><tt>restrict anonymous</tt></i></a></p></li><li><p><a href="#ROOT"><i class="parameter"><tt>root</tt></i></a></p></li><li><p><a href="#ROOTDIR"><i class="parameter"><tt>root dir</tt></i></a></p></li><li><p><a href="#ROOTDIRECTORY"><i class="parameter"><tt>root directory</tt></i></a></p></li><li><p><a href="#SECURITY"><i class="parameter"><tt>security</tt></i></a></p></li><li><p><a href="#SERVERSCHANNEL"><i class="parameter"><tt>server schannel</tt></i></a></p></li><li><p><a href="#SERVERSIGNING"><i class="parameter"><tt>server signing</tt></i></a></p></li><li><p><a href="#SERVERSTRING"><i class="parameter"><tt>server string</tt></i></a></p></li><li><p><a href="#SETPRIMARYGROUPSCRIPT"><i class="parameter"><tt>set primary group script</tt></i></a></p></li><li><p><a href="#SETQUOTACOMMAND"><i class="parameter"><tt>set quota command</tt></i></a></p></li><li><p><a href="#SHOWADDPRINTERWIZARD"><i class="parameter"><tt>show add printer wizard</tt></i></a></p></li><li><p><a href="#SHUTDOWNSCRIPT"><i class="parameter"><tt>shutdown script</tt></i></a></p></li><li><p><a href="#SMBPASSWDFILE"><i class="parameter"><tt>smb passwd file</tt></i></a></p></li><li><p><a href="#SMBPORTS"><i class="parameter"><tt>smb ports</tt></i></a></p></li><li><p><a href="#SOCKETADDRESS"><i class="parameter"><tt>socket address</tt></i></a></p></li><li><p><a href="#SOCKETOPTIONS"><i class="parameter"><tt>socket options</tt></i></a></p></li><li><p><a href="#SOURCEENVIRONMENT"><i class="parameter"><tt>source environment</tt></i></a></p></li><li><p><a href="#STATCACHE"><i class="parameter"><tt>stat cache</tt></i></a></p></li><li><p><a href="#STRIPDOT"><i class="parameter"><tt>strip dot</tt></i></a></p></li><li><p><a href="#SYSLOG"><i class="parameter"><tt>syslog</tt></i></a></p></li><li><p><a href="#SYSLOGONLY"><i class="parameter"><tt>syslog only</tt></i></a></p></li><li><p><a href="#TEMPLATEHOMEDIR"><i class="parameter"><tt>template homedir</tt></i></a></p></li><li><p><a href="#TEMPLATEPRIMARYGROUP"><i class="parameter"><tt>template primary group</tt></i></a></p></li><li><p><a href="#TEMPLATESHELL"><i class="parameter"><tt>template shell</tt></i></a></p></li><li><p><a href="#TIMEOFFSET"><i class="parameter"><tt>time offset</tt></i></a></p></li><li><p><a href="#TIMESERVER"><i class="parameter"><tt>time server</tt></i></a></p></li><li><p><a href="#TIMESTAMPLOGS"><i class="parameter"><tt>timestamp logs</tt></i></a></p></li><li><p><a href="#UNICODE"><i class="parameter"><tt>unicode</tt></i></a></p></li><li><p><a href="#UNIXCHARSET"><i class="parameter"><tt>unix charset</tt></i></a></p></li><li><p><a href="#UNIXEXTENSIONS"><i class="parameter"><tt>unix extensions</tt></i></a></p></li><li><p><a href="#UNIXPASSWORDSYNC"><i class="parameter"><tt>unix password sync</tt></i></a></p></li><li><p><a href="#UPDATEENCRYPTED"><i class="parameter"><tt>update encrypted</tt></i></a></p></li><li><p><a href="#USEMMAP"><i class="parameter"><tt>use mmap</tt></i></a></p></li><li><p><a href="#USERNAMELEVEL"><i class="parameter"><tt>username level</tt></i></a></p></li><li><p><a href="#USERNAMEMAP"><i class="parameter"><tt>username map</tt></i></a></p></li><li><p><a href="#USESPNEGO"><i class="parameter"><tt>use spnego</tt></i></a></p></li><li><p><a href="#UTMP"><i class="parameter"><tt>utmp</tt></i></a></p></li><li><p><a href="#UTMPDIRECTORY"><i class="parameter"><tt>utmp directory</tt></i></a></p></li><li><p><a href="#WINBINDCACHETIME"><i class="parameter"><tt>winbind cache time</tt></i></a></p></li><li><p><a href="#WINBINDENABLELOCALACCOUNTS"><i class="parameter"><tt>winbind enable local accounts</tt></i></a></p></li><li><p><a href="#WINBINDENUMGROUPS"><i class="parameter"><tt>winbind enum groups</tt></i></a></p></li><li><p><a href="#WINBINDENUMUSERS"><i class="parameter"><tt>winbind enum users</tt></i></a></p></li><li><p><a href="#WINBINDGID"><i class="parameter"><tt>winbind gid</tt></i></a></p></li><li><p><a href="#WINBINDSEPARATOR"><i class="parameter"><tt>winbind separator</tt></i></a></p></li><li><p><a href="#WINBINDTRUSTEDDOMAINSONLY"><i class="parameter"><tt>winbind trusted domains only</tt></i></a></p></li><li><p><a href="#WINBINDUID"><i class="parameter"><tt>winbind uid</tt></i></a></p></li><li><p><a href="#WINBINDUSEDEFAULTDOMAIN"><i class="parameter"><tt>winbind use default domain</tt></i></a></p></li><li><p><a href="#WINSHOOK"><i class="parameter"><tt>wins hook</tt></i></a></p></li><li><p><a href="#WINSPARTNERS"><i class="parameter"><tt>wins partners</tt></i></a></p></li><li><p><a href="#WINSPROXY"><i class="parameter"><tt>wins proxy</tt></i></a></p></li><li><p><a href="#WINSSERVER"><i class="parameter"><tt>wins server</tt></i></a></p></li><li><p><a href="#WINSSUPPORT"><i class="parameter"><tt>wins support</tt></i></a></p></li><li><p><a href="#WORKGROUP"><i class="parameter"><tt>workgroup</tt></i></a></p></li><li><p><a href="#WRITERAW"><i class="parameter"><tt>write raw</tt></i></a></p></li><li><p><a href="#WTMPDIRECTORY"><i class="parameter"><tt>wtmp directory</tt></i></a></p></li></ul></div></div><div class="refsect1" lang="en"><h2>COMPLETE LIST OF SERVICE PARAMETERS</h2><p>Here is a list of all service parameters. See the section on + each parameter for details. Note that some are synonyms.</p><div class="itemizedlist"><ul type="disc"><li><p><a href="#ACLCOMPATIBILITY"><i class="parameter"><tt>acl compatibility</tt></i></a></p></li><li><p><a href="#ADMINUSERS"><i class="parameter"><tt>admin users</tt></i></a></p></li><li><p><a href="#ALLOWHOSTS"><i class="parameter"><tt>allow hosts</tt></i></a></p></li><li><p><a href="#AVAILABLE"><i class="parameter"><tt>available</tt></i></a></p></li><li><p><a href="#BLOCKINGLOCKS"><i class="parameter"><tt>blocking locks</tt></i></a></p></li><li><p><a href="#BLOCKSIZE"><i class="parameter"><tt>block size</tt></i></a></p></li><li><p><a href="#BROWSABLE"><i class="parameter"><tt>browsable</tt></i></a></p></li><li><p><a href="#BROWSEABLE"><i class="parameter"><tt>browseable</tt></i></a></p></li><li><p><a href="#CASESENSITIVE"><i class="parameter"><tt>case sensitive</tt></i></a></p></li><li><p><a href="#CASESIGNAMES"><i class="parameter"><tt>casesignames</tt></i></a></p></li><li><p><a href="#COMMENT"><i class="parameter"><tt>comment</tt></i></a></p></li><li><p><a href="#COPY"><i class="parameter"><tt>copy</tt></i></a></p></li><li><p><a href="#CREATEMASK"><i class="parameter"><tt>create mask</tt></i></a></p></li><li><p><a href="#CREATEMODE"><i class="parameter"><tt>create mode</tt></i></a></p></li><li><p><a href="#CSCPOLICY"><i class="parameter"><tt>csc policy</tt></i></a></p></li><li><p><a href="#DEFAULTCASE"><i class="parameter"><tt>default case</tt></i></a></p></li><li><p><a href="#DEFAULTDEVMODE"><i class="parameter"><tt>default devmode</tt></i></a></p></li><li><p><a href="#DELETEREADONLY"><i class="parameter"><tt>delete readonly</tt></i></a></p></li><li><p><a href="#DELETEVETOFILES"><i class="parameter"><tt>delete veto files</tt></i></a></p></li><li><p><a href="#DENYHOSTS"><i class="parameter"><tt>deny hosts</tt></i></a></p></li><li><p><a href="#DIRECTORY"><i class="parameter"><tt>directory</tt></i></a></p></li><li><p><a href="#DIRECTORYMASK"><i class="parameter"><tt>directory mask</tt></i></a></p></li><li><p><a href="#DIRECTORYMODE"><i class="parameter"><tt>directory mode</tt></i></a></p></li><li><p><a href="#DIRECTORYSECURITYMASK"><i class="parameter"><tt>directory security mask</tt></i></a></p></li><li><p><a href="#DONTDESCEND"><i class="parameter"><tt>dont descend</tt></i></a></p></li><li><p><a href="#DOSFILEMODE"><i class="parameter"><tt>dos filemode</tt></i></a></p></li><li><p><a href="#DOSFILETIMERESOLUTION"><i class="parameter"><tt>dos filetime resolution</tt></i></a></p></li><li><p><a href="#DOSFILETIMES"><i class="parameter"><tt>dos filetimes</tt></i></a></p></li><li><p><a href="#EXEC"><i class="parameter"><tt>exec</tt></i></a></p></li><li><p><a href="#FAKEDIRECTORYCREATETIMES"><i class="parameter"><tt>fake directory create times</tt></i></a></p></li><li><p><a href="#FAKEOPLOCKS"><i class="parameter"><tt>fake oplocks</tt></i></a></p></li><li><p><a href="#FOLLOWSYMLINKS"><i class="parameter"><tt>follow symlinks</tt></i></a></p></li><li><p><a href="#FORCECREATEMODE"><i class="parameter"><tt>force create mode</tt></i></a></p></li><li><p><a href="#FORCEDIRECTORYMODE"><i class="parameter"><tt>force directory mode</tt></i></a></p></li><li><p><a href="#FORCEDIRECTORYSECURITYMODE"><i class="parameter"><tt>force directory security mode</tt></i></a></p></li><li><p><a href="#FORCEGROUP"><i class="parameter"><tt>force group</tt></i></a></p></li><li><p><a href="#FORCESECURITYMODE"><i class="parameter"><tt>force security mode</tt></i></a></p></li><li><p><a href="#FORCEUSER"><i class="parameter"><tt>force user</tt></i></a></p></li><li><p><a href="#FSTYPE"><i class="parameter"><tt>fstype</tt></i></a></p></li><li><p><a href="#GROUP"><i class="parameter"><tt>group</tt></i></a></p></li><li><p><a href="#GUESTACCOUNT"><i class="parameter"><tt>guest account</tt></i></a></p></li><li><p><a href="#GUESTOK"><i class="parameter"><tt>guest ok</tt></i></a></p></li><li><p><a href="#GUESTONLY"><i class="parameter"><tt>guest only</tt></i></a></p></li><li><p><a href="#HIDEDOTFILES"><i class="parameter"><tt>hide dot files</tt></i></a></p></li><li><p><a href="#HIDEFILES"><i class="parameter"><tt>hide files</tt></i></a></p></li><li><p><a href="#HIDESPECIALFILES"><i class="parameter"><tt>hide special files</tt></i></a></p></li><li><p><a href="#HIDEUNREADABLE"><i class="parameter"><tt>hide unreadable</tt></i></a></p></li><li><p><a href="#HIDEUNWRITEABLEFILES"><i class="parameter"><tt>hide unwriteable files</tt></i></a></p></li><li><p><a href="#HOSTSALLOW"><i class="parameter"><tt>hosts allow</tt></i></a></p></li><li><p><a href="#HOSTSDENY"><i class="parameter"><tt>hosts deny</tt></i></a></p></li><li><p><a href="#INHERITACLS"><i class="parameter"><tt>inherit acls</tt></i></a></p></li><li><p><a href="#INHERITPERMISSIONS"><i class="parameter"><tt>inherit permissions</tt></i></a></p></li><li><p><a href="#INVALIDUSERS"><i class="parameter"><tt>invalid users</tt></i></a></p></li><li><p><a href="#LEVEL2OPLOCKS"><i class="parameter"><tt>level2 oplocks</tt></i></a></p></li><li><p><a href="#LOCKING"><i class="parameter"><tt>locking</tt></i></a></p></li><li><p><a href="#LPPAUSECOMMAND"><i class="parameter"><tt>lppause command</tt></i></a></p></li><li><p><a href="#LPQCOMMAND"><i class="parameter"><tt>lpq command</tt></i></a></p></li><li><p><a href="#LPRESUMECOMMAND"><i class="parameter"><tt>lpresume command</tt></i></a></p></li><li><p><a href="#LPRMCOMMAND"><i class="parameter"><tt>lprm command</tt></i></a></p></li><li><p><a href="#MAGICOUTPUT"><i class="parameter"><tt>magic output</tt></i></a></p></li><li><p><a href="#MAGICSCRIPT"><i class="parameter"><tt>magic script</tt></i></a></p></li><li><p><a href="#MANGLECASE"><i class="parameter"><tt>mangle case</tt></i></a></p></li><li><p><a href="#MANGLEDMAP"><i class="parameter"><tt>mangled map</tt></i></a></p></li><li><p><a href="#MANGLEDNAMES"><i class="parameter"><tt>mangled names</tt></i></a></p></li><li><p><a href="#MANGLINGCHAR"><i class="parameter"><tt>mangling char</tt></i></a></p></li><li><p><a href="#MAPACLINHERIT"><i class="parameter"><tt>map acl inherit</tt></i></a></p></li><li><p><a href="#MAPARCHIVE"><i class="parameter"><tt>map archive</tt></i></a></p></li><li><p><a href="#MAPHIDDEN"><i class="parameter"><tt>map hidden</tt></i></a></p></li><li><p><a href="#MAPSYSTEM"><i class="parameter"><tt>map system</tt></i></a></p></li><li><p><a href="#MAXCONNECTIONS"><i class="parameter"><tt>max connections</tt></i></a></p></li><li><p><a href="#MAXPRINTJOBS"><i class="parameter"><tt>max print jobs</tt></i></a></p></li><li><p><a href="#MAXREPORTEDPRINTJOBS"><i class="parameter"><tt>max reported print jobs</tt></i></a></p></li><li><p><a href="#MINPRINTSPACE"><i class="parameter"><tt>min print space</tt></i></a></p></li><li><p><a href="#MSDFSPROXY"><i class="parameter"><tt>msdfs proxy</tt></i></a></p></li><li><p><a href="#MSDFSROOT"><i class="parameter"><tt>msdfs root</tt></i></a></p></li><li><p><a href="#NTACLSUPPORT"><i class="parameter"><tt>nt acl support</tt></i></a></p></li><li><p><a href="#ONLYGUEST"><i class="parameter"><tt>only guest</tt></i></a></p></li><li><p><a href="#ONLYUSER"><i class="parameter"><tt>only user</tt></i></a></p></li><li><p><a href="#OPLOCKCONTENTIONLIMIT"><i class="parameter"><tt>oplock contention limit</tt></i></a></p></li><li><p><a href="#OPLOCKS"><i class="parameter"><tt>oplocks</tt></i></a></p></li><li><p><a href="#PATH"><i class="parameter"><tt>path</tt></i></a></p></li><li><p><a href="#POSIXLOCKING"><i class="parameter"><tt>posix locking</tt></i></a></p></li><li><p><a href="#POSTEXEC"><i class="parameter"><tt>postexec</tt></i></a></p></li><li><p><a href="#PREEXEC"><i class="parameter"><tt>preexec</tt></i></a></p></li><li><p><a href="#PREEXECCLOSE"><i class="parameter"><tt>preexec close</tt></i></a></p></li><li><p><a href="#PRESERVECASE"><i class="parameter"><tt>preserve case</tt></i></a></p></li><li><p><a href="#PRINTABLE"><i class="parameter"><tt>printable</tt></i></a></p></li><li><p><a href="#PRINTCAPNAME"><i class="parameter"><tt>printcap name</tt></i></a></p></li><li><p><a href="#PRINTCOMMAND"><i class="parameter"><tt>print command</tt></i></a></p></li><li><p><a href="#PRINTER"><i class="parameter"><tt>printer</tt></i></a></p></li><li><p><a href="#PRINTERADMIN"><i class="parameter"><tt>printer admin</tt></i></a></p></li><li><p><a href="#PRINTERNAME"><i class="parameter"><tt>printer name</tt></i></a></p></li><li><p><a href="#PRINTING"><i class="parameter"><tt>printing</tt></i></a></p></li><li><p><a href="#PRINTOK"><i class="parameter"><tt>print ok</tt></i></a></p></li><li><p><a href="#PROFILEACLS"><i class="parameter"><tt>profile acls</tt></i></a></p></li><li><p><a href="#PUBLIC"><i class="parameter"><tt>public</tt></i></a></p></li><li><p><a href="#QUEUEPAUSECOMMAND"><i class="parameter"><tt>queuepause command</tt></i></a></p></li><li><p><a href="#QUEUERESUMECOMMAND"><i class="parameter"><tt>queueresume command</tt></i></a></p></li><li><p><a href="#READLIST"><i class="parameter"><tt>read list</tt></i></a></p></li><li><p><a href="#READONLY"><i class="parameter"><tt>read only</tt></i></a></p></li><li><p><a href="#ROOTPOSTEXEC"><i class="parameter"><tt>root postexec</tt></i></a></p></li><li><p><a href="#ROOTPREEXEC"><i class="parameter"><tt>root preexec</tt></i></a></p></li><li><p><a href="#ROOTPREEXECCLOSE"><i class="parameter"><tt>root preexec close</tt></i></a></p></li><li><p><a href="#SECURITYMASK"><i class="parameter"><tt>security mask</tt></i></a></p></li><li><p><a href="#SETDIRECTORY"><i class="parameter"><tt>set directory</tt></i></a></p></li><li><p><a href="#SHAREMODES"><i class="parameter"><tt>share modes</tt></i></a></p></li><li><p><a href="#SHORTPRESERVECASE"><i class="parameter"><tt>short preserve case</tt></i></a></p></li><li><p><a href="#STRICTALLOCATE"><i class="parameter"><tt>strict allocate</tt></i></a></p></li><li><p><a href="#STRICTLOCKING"><i class="parameter"><tt>strict locking</tt></i></a></p></li><li><p><a href="#STRICTSYNC"><i class="parameter"><tt>strict sync</tt></i></a></p></li><li><p><a href="#SYNCALWAYS"><i class="parameter"><tt>sync always</tt></i></a></p></li><li><p><a href="#USECLIENTDRIVER"><i class="parameter"><tt>use client driver</tt></i></a></p></li><li><p><a href="#USER"><i class="parameter"><tt>user</tt></i></a></p></li><li><p><a href="#USERNAME"><i class="parameter"><tt>username</tt></i></a></p></li><li><p><a href="#USERS"><i class="parameter"><tt>users</tt></i></a></p></li><li><p><a href="#USESENDFILE"><i class="parameter"><tt>use sendfile</tt></i></a></p></li><li><p><a href="#-VALID"><i class="parameter"><tt>-valid</tt></i></a></p></li><li><p><a href="#VALIDUSERS"><i class="parameter"><tt>valid users</tt></i></a></p></li><li><p><a href="#VETOFILES"><i class="parameter"><tt>veto files</tt></i></a></p></li><li><p><a href="#VETOOPLOCKFILES"><i class="parameter"><tt>veto oplock files</tt></i></a></p></li><li><p><a href="#VFSOBJECT"><i class="parameter"><tt>vfs object</tt></i></a></p></li><li><p><a href="#VFSOBJECTS"><i class="parameter"><tt>vfs objects</tt></i></a></p></li><li><p><a href="#VOLUME"><i class="parameter"><tt>volume</tt></i></a></p></li><li><p><a href="#WIDELINKS"><i class="parameter"><tt>wide links</tt></i></a></p></li><li><p><a href="#WRITABLE"><i class="parameter"><tt>writable</tt></i></a></p></li><li><p><a href="#WRITEABLE"><i class="parameter"><tt>writeable</tt></i></a></p></li><li><p><a href="#WRITECACHESIZE"><i class="parameter"><tt>write cache size</tt></i></a></p></li><li><p><a href="#WRITELIST"><i class="parameter"><tt>write list</tt></i></a></p></li><li><p><a href="#WRITEOK"><i class="parameter"><tt>write ok</tt></i></a></p></li></ul></div></div><div class="refsect1" lang="en"><h2>EXPLANATION OF EACH PARAMETER</h2><div class="variablelist"><dl><dt><span class="term"><a name="ABORTSHUTDOWNSCRIPT"></a>abort shutdown script (G)</span></dt><dd><p><span class="emphasis"><em>This parameter only exists in the HEAD cvs branch</em></span> This a full path name to a script called by <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that should stop a shutdown procedure issued by the <a href="#SHUTDOWNSCRIPT"> - <i class="parameter"><tt>shutdown script</tt></i></a>.</p><p>This command will be run as user.</p><p>Default: <span class="emphasis"><em>None</em></span>.</p><p>Example: <b class="command">abort shutdown script = /sbin/shutdown -c</b></p></dd><dt><span class="term"><a name="ADDGROUPSCRIPT"></a>add group script (G)</span></dt><dd><p>This is the full pathname to a script that will be run + <i class="parameter"><tt>shutdown script</tt></i></a>.</p><p>This command will be run as user.</p><p>Default: <span class="emphasis"><em>None</em></span>.</p><p>Example: <b class="command">abort shutdown script = /sbin/shutdown -c</b></p></dd><dt><span class="term"><a name="ACLCOMPATIBILITY"></a>acl compatibility (S)</span></dt><dd><p>This parameter specifies what OS ACL semantics should + be compatible with. Possible values are <span class="emphasis"><em>winnt</em></span> for Windows NT 4, + <span class="emphasis"><em>win2k</em></span> for Windows 2000 and above and <span class="emphasis"><em>auto</em></span>. + If you specify <span class="emphasis"><em>auto</em></span>, the value for this parameter + will be based upon the version of the client. There should + be no reason to change this parameter from the default.</p><p>Default: <b class="command">acl compatibility = Auto</b></p><p>Example: <b class="command">acl compatibility = win2k</b></p></dd><dt><span class="term"><a name="ADDGROUPSCRIPT"></a>add group script (G)</span></dt><dd><p>This is the full pathname to a script that will be run <span class="emphasis"><em>AS ROOT</em></span> by <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a new group is requested. It will expand any <i class="parameter"><tt>%g</tt></i> to the group name passed. This script is only useful for installations using the Windows NT @@ -264,7 +269,7 @@ alias|alias|alias|alias... machines -c Machine -d /dev/null -s /bin/false %u</b></p></dd><dt><span class="term"><a name="ADDPRINTERCOMMAND"></a>addprinter command (G)</span></dt><dd><p>With the introduction of MS-RPC based printing support for Windows NT/2000 clients in Samba 2.2, The MS Add Printer Wizard (APW) icon is now also available in the - "Printers..." folder displayed a share listing. The APW + "Printers..." folder displayed a share listing. The APW allows for printers to be add remotely to a Samba or Windows NT/2000 print server.</p><p>For a Samba host this means that the printer must be physically added to the underlying printing system. The <i class="parameter"><tt>add @@ -275,15 +280,15 @@ alias|alias|alias|alias... shared by <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>.</p><p>The <i class="parameter"><tt>addprinter command</tt></i> is automatically invoked with the following parameter (in order):</p><div class="itemizedlist"><ul type="disc"><li><p><i class="parameter"><tt>printer name</tt></i></p></li><li><p><i class="parameter"><tt>share name</tt></i></p></li><li><p><i class="parameter"><tt>port name</tt></i></p></li><li><p><i class="parameter"><tt>driver name</tt></i></p></li><li><p><i class="parameter"><tt>location</tt></i></p></li><li><p><i class="parameter"><tt>Windows 9x driver location</tt></i></p></li></ul></div><p>All parameters are filled in from the PRINTER_INFO_2 structure sent - by the Windows NT/2000 client with one exception. The "Windows 9x - driver location" parameter is included for backwards compatibility + by the Windows NT/2000 client with one exception. The "Windows 9x + driver location" parameter is included for backwards compatibility only. The remaining fields in the structure are generated from answers to the APW questions.</p><p>Once the <i class="parameter"><tt>addprinter command</tt></i> has been executed, <b class="command">smbd</b> will reparse the <tt class="filename"> smb.conf</tt> to determine if the share defined by the APW exists. If the sharename is still invalid, then <b class="command">smbd </b> will return an ACCESS_DENIED error to the client.</p><p> - The "add printer command" program can output a single line of text, + The "add printer command" program can output a single line of text, which Samba will set as the port the new printer is connected to. If this line isn't output, Samba won't reload its printer shares. </p><p>See also <a href="#DELETEPRINTERCOMMAND"><i class="parameter"><tt> @@ -378,8 +383,8 @@ alias|alias|alias|alias... Samba server even if they do not have an account in DOMA. This can make implementing a security boundary difficult.</p><p>Default: <b class="command">allow trusted domains = yes</b></p></dd><dt><span class="term"><a name="ANNOUNCEAS"></a>announce as (G)</span></dt><dd><p>This specifies what type of server <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse list. By default this is set to Windows NT. The valid options - are : "NT Server" (which can also be written as "NT"), - "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, + are : "NT Server" (which can also be written as "NT"), + "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, Windows NT Workstation, Windows 95 and Windows for Workgroups respectively. Do not change this parameter unless you have a specific need to stop Samba appearing as an NT server as this @@ -402,7 +407,7 @@ alias|alias|alias|alias... method of authentication for remote domain users; deprecated in favour of winbind method), <tt class="constant">trustdomain</tt> (authenticate trusted users by contacting the remote DC directly from smbd; deprecated in favour of winbind method).</p><p>Default: <b class="command">auth methods = <empty string></b></p><p>Example: <b class="command">auth methods = guest sam winbind</b></p></dd><dt><span class="term"><a name="AUTOSERVICES"></a>auto services (G)</span></dt><dd><p>This is a synonym for the <a href="#PRELOAD"> - <i class="parameter"><tt>preload</tt></i></a>.</p></dd><dt><span class="term"><a name="AVAILABLE"></a>available (S)</span></dt><dd><p>This parameter lets you "turn off" a service. If + <i class="parameter"><tt>preload</tt></i></a>.</p></dd><dt><span class="term"><a name="AVAILABLE"></a>available (S)</span></dt><dd><p>This parameter lets you "turn off" a service. If <i class="parameter"><tt>available = no</tt></i>, then <span class="emphasis"><em>ALL</em></span> attempts to connect to the service will fail. Such failures are logged.</p><p>Default: <b class="command">available = yes</b></p></dd><dt><span class="term"><a name="BINDINTERFACESONLY"></a>bind interfaces only (G)</span></dt><dd><p>This global parameter allows the Samba admin @@ -410,7 +415,7 @@ alias|alias|alias|alias... affects file service <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and name service <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> in a slightly different ways.</p><p>For name service it causes <b class="command">nmbd</b> to bind to ports 137 and 138 on the interfaces listed in the <a href="#INTERFACES">interfaces</a> parameter. <b class="command">nmbd</b> also - binds to the "all addresses" interface (0.0.0.0) + binds to the "all addresses" interface (0.0.0.0) on ports 137 and 138 for the purposes of reading broadcast messages. If this option is not set then <b class="command">nmbd</b> will service name requests on all of these sockets. If <i class="parameter"><tt>bind interfaces @@ -447,7 +452,7 @@ alias|alias|alias|alias... <span class="emphasis"><em>127.0.0.1</em></span> to determine if they are running. Not adding <span class="emphasis"><em>127.0.0.1</em></span> will cause <b class="command"> smbd</b> and <b class="command">nmbd</b> to always show - "not running" even if they really are. This can prevent <b class="command"> + "not running" even if they really are. This can prevent <b class="command"> swat</b> from starting/stopping/restarting <b class="command">smbd</b> and <b class="command">nmbd</b>.</p><p>Default: <b class="command">bind interfaces only = no</b></p></dd><dt><span class="term"><a name="BLOCKINGLOCKS"></a>blocking locks (S)</span></dt><dd><p>This parameter controls the behavior of <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when given a request by a client @@ -474,7 +479,7 @@ alias|alias|alias|alias... a client doing a <b class="command">NetServerEnum</b> call. Normally set to <tt class="constant">yes</tt>. You should never need to change this.</p><p>Default: <b class="command">browse list = yes</b></p></dd><dt><span class="term"><a name="CASESENSITIVE"></a>case sensitive (S)</span></dt><dd><p>See the discussion in the section <a href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a>.</p><p>Default: <b class="command">case sensitive = no</b></p></dd><dt><span class="term"><a name="CASESIGNAMES"></a>casesignames (S)</span></dt><dd><p>Synonym for <a href="#CASESENSITIVE">case sensitive</a>.</p></dd><dt><span class="term"><a name="CHANGENOTIFYTIMEOUT"></a>change notify timeout (G)</span></dt><dd><p>This SMB allows a client to tell a server to - "watch" a particular directory for any changes and only reply to + "watch" a particular directory for any changes and only reply to the SMB request when a change has occurred. Such constant scanning of a directory is expensive under UNIX, hence an <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> daemon only performs such a scan on each requested directory once every <i class="parameter"><tt>change notify @@ -499,7 +504,7 @@ alias|alias|alias|alias... with the new share. </p></li></ul></div><p> This parameter is only used modify existing file shares definitions. To modify - printer shares, use the "Printers..." folder as seen when browsing the Samba host. + printer shares, use the "Printers..." folder as seen when browsing the Samba host. </p><p> See also <a href="#ADDSHARECOMMAND"><i class="parameter"><tt>add share command</tt></i></a>, <a href="#DELETESHARECOMMAND"><i class="parameter"><tt>delete @@ -522,7 +527,21 @@ alias|alias|alias|alias... NTLMv2. </p><p>If disabled, an NTLM response (and possibly a LANMAN response) will be sent by the client, depending on the value of <b class="command">client lanman auth</b>. </p><p>Note that some sites (particularly those following 'best practice' security polices) only allow NTLMv2 - responses, and not the weaker LM or NTLM.</p><p>Default : <b class="command">client ntlmv2 auth = no</b></p></dd><dt><span class="term"><a name="CLIENTUSESPNEGO"></a>client use spnego (G)</span></dt><dd><p> This variable controls controls whether samba clients will try + responses, and not the weaker LM or NTLM.</p><p>Default : <b class="command">client ntlmv2 auth = no</b></p></dd><dt><span class="term"><a name="CLIENTPLAINTEXTAUTH"></a>client plaintext auth (G)</span></dt><dd><p>Specifies whether a client should send a plaintext + password if the server does not support encrypted passwords.</p><p>Default: <b class="command">client plaintext auth = yes</b></p></dd><dt><span class="term"><a name="CLIENTSCHANNEL"></a>client schannel (G)</span></dt><dd><p>This controls whether the client offers or even + demands the use of the netlogon schannel. + <i class="parameter"><tt>client schannel = no</tt></i> does not + offer the schannel, <i class="parameter"><tt>server schannel = + auto</tt></i> offers the schannel but does not + enforce it, and <i class="parameter"><tt>server schannel = + yes</tt></i> denies access if the server is not + able to speak netlogon schannel. </p><p>Default: <b class="command">client schannel = auto</b></p><p>Example: <b class="command">client schannel = yes</b></p></dd><dt><span class="term"><a name="CLIENTSIGNING"></a>client signing (G)</span></dt><dd><p>This controls whether the client offers or requires + the server it talks to to use SMB signing. Possible values + are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span> + and <span class="emphasis"><em>disabled</em></span>. + </p><p>When set to auto, SMB signing is offered, but not enforced. + When set to mandatory, SMB signing is required and if set + to disabled, SMB signing is not offered either.</p><p>Default: <b class="command">client signing = auto</b></p></dd><dt><span class="term"><a name="CLIENTUSESPNEGO"></a>client use spnego (G)</span></dt><dd><p> This variable controls controls whether samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 servers to agree upon an authentication mechanism. SPNEGO client support for SMB Signing is currently broken, so @@ -541,7 +560,7 @@ alias|alias|alias|alias... the new config file.</p><p>This option takes the usual substitutions, which can be very useful.</p><p>If the config file doesn't exist then it won't be loaded (allowing you to special case the config files of just a few - clients).</p><p>Example: <b class="command">config file = /usr/local/samba/lib/smb.conf.%m</b></p></dd><dt><span class="term"><a name="COPY"></a>copy (S)</span></dt><dd><p>This parameter allows you to "clone" service + clients).</p><p>Example: <b class="command">config file = /usr/local/samba/lib/smb.conf.%m</b></p></dd><dt><span class="term"><a name="COPY"></a>copy (S)</span></dt><dd><p>This parameter allows you to "clone" service entries. The specified service is simply duplicated under the current service's name. Any parameters specified in the current section will override those in the section being copied.</p><p>This feature lets you set up a 'template' service and @@ -603,7 +622,8 @@ alias|alias|alias|alias... current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.</p><p>Note that the parameter <a href="#DEBUGTIMESTAMP"><i class="parameter"><tt> debug timestamp</tt></i></a> must be on for this to have an - effect.</p><p>Default: <b class="command">debug uid = no</b></p></dd><dt><span class="term"><a name="DEFAULTCASE"></a>default case (S)</span></dt><dd><p>See the section on <a href="#NAMEMANGLINGSECT" title="NAME MANGLING"> + effect.</p><p>Default: <b class="command">debug uid = no</b></p></dd><dt><span class="term"><a name="DEFAULT"></a>default (G)</span></dt><dd><p>A synonym for <a href="#DEFAULTSERVICE"><i class="parameter"><tt> + default service</tt></i></a>.</p></dd><dt><span class="term"><a name="DEFAULTCASE"></a>default case (S)</span></dt><dd><p>See the section on <a href="#NAMEMANGLINGSECT" title="NAME MANGLING"> NAME MANGLING</a>. Also note the <a href="#SHORTPRESERVECASE"> <i class="parameter"><tt>short preserve case</tt></i></a> parameter.</p><p>Default: <b class="command">default case = lower</b></p></dd><dt><span class="term"><a name="DEFAULTDEVMODE"></a>default devmode (S)</span></dt><dd><p>This parameter is only applicable to <a href="#PRINTOK">printable</a> services. When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba @@ -636,16 +656,15 @@ alias|alias|alias|alias... <i class="parameter"><tt>read-only</tt></i></a> service.</p><p>Also note that the apparent service name will be changed to equal that of the requested service, this is very useful as it allows you to use macros like <i class="parameter"><tt>%S</tt></i> to make - a wildcard service.</p><p>Note also that any "_" characters in the name of the service - used in the default service will get mapped to a "/". This allows for + a wildcard service.</p><p>Note also that any "_" characters in the name of the service + used in the default service will get mapped to a "/". This allows for interesting things.</p><p>Example:</p><pre class="programlisting"> [global] default service = pub [pub] path = /%S -</pre></dd><dt><span class="term"><a name="DEFAULT"></a>default (G)</span></dt><dd><p>A synonym for <a href="#DEFAULTSERVICE"><i class="parameter"><tt> - default service</tt></i></a>.</p></dd><dt><span class="term"><a name="DELETEGROUPSCRIPT"></a>delete group script (G)</span></dt><dd><p>This is the full pathname to a script that will +</pre></dd><dt><span class="term"><a name="DELETEGROUPSCRIPT"></a>delete group script (G)</span></dt><dd><p>This is the full pathname to a script that will be run <span class="emphasis"><em>AS ROOT</em></span> <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a group is requested to be deleted. It will expand any <i class="parameter"><tt>%g</tt></i> to the group name passed. This script is only useful for installations using the Windows NT domain administration tools. @@ -659,7 +678,7 @@ alias|alias|alias|alias... from the print system and from <tt class="filename">smb.conf</tt>. </p><p>The <i class="parameter"><tt>deleteprinter command</tt></i> is automatically called with only one parameter: <i class="parameter"><tt> - "printer name"</tt></i>.</p><p>Once the <i class="parameter"><tt>deleteprinter command</tt></i> has + "printer name"</tt></i>.</p><p>Once the <i class="parameter"><tt>deleteprinter command</tt></i> has been executed, <b class="command">smbd</b> will reparse the <tt class="filename"> smb.conf</tt> to associated printer no longer exists. If the sharename is still valid, then <b class="command">smbd @@ -721,8 +740,8 @@ alias|alias|alias|alias... should only be used on systems where a problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur with other operating systems. The - symptom that was seen was an error of "Abort Retry - Ignore" at the end of each directory listing.</p><p>This setting allows the replacement of the internal routines to + symptom that was seen was an error of "Abort Retry + Ignore" at the end of each directory listing.</p><p>This setting allows the replacement of the internal routines to calculate the total disk space and amount available with an external routine. The example below gives a possible script that might fulfill this function.</p><p>The external program will be passed a single parameter indicating @@ -736,11 +755,11 @@ alias|alias|alias|alias... determining the disk capacity and remaining space will be used. </em></span></p><p>Example: <b class="command">dfree command = /usr/local/samba/bin/dfree</b></p><p>Where the script dfree (which must be made executable) could be:</p><pre class="programlisting"> #!/bin/sh -df $1 | tail -1 | awk '{print $2" "$4}' +df $1 | tail -1 | awk '{print $2" "$4}' </pre><p>or perhaps (on Sys V based systems):</p><pre class="programlisting"> #!/bin/sh -/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' -</pre><p>Note that you may have to replace the command names with full path names on some systems.</p></dd><dt><span class="term"><a name="DIRECTORYMASK"></a>directory mask (S)</span></dt><dd><p>This parameter is the octal modes which are +/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' +</pre><p>Note that you may have to replace the command names with full path names on some systems.</p></dd><dt><span class="term"><a name="DIRECTORY"></a>directory (S)</span></dt><dd><p>Synonym for <a href="#PATH"><i class="parameter"><tt>path</tt></i></a>.</p></dd><dt><span class="term"><a name="DIRECTORYMASK"></a>directory mask (S)</span></dt><dd><p>This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories.</p><p>When a directory is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, @@ -774,13 +793,13 @@ df $1 | tail -1 | awk '{print $2" "$4}' meaning a user is allowed to modify all the user/group/world permissions on a directory.</p><p><span class="emphasis"><em>Note</em></span> that users who can access the Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. + so it is primarily useful for standalone "appliance" systems. Administrators of most normal systems will probably want to leave it as the default of <tt class="constant">0777</tt>.</p><p>See also the <a href="#FORCEDIRECTORYSECURITYMODE"><i class="parameter"><tt> force directory security mode</tt></i></a>, <a href="#SECURITYMASK"> <i class="parameter"><tt>security mask</tt></i></a>, <a href="#FORCESECURITYMODE"><i class="parameter"><tt>force security mode - </tt></i></a> parameters.</p><p>Default: <b class="command">directory security mask = 0777</b></p><p>Example: <b class="command">directory security mask = 0700</b></p></dd><dt><span class="term"><a name="DIRECTORY"></a>directory (S)</span></dt><dd><p>Synonym for <a href="#PATH"><i class="parameter"><tt>path</tt></i></a>.</p></dd><dt><span class="term"><a name="DISABLENETBIOS"></a>disable netbios (G)</span></dt><dd><p>Enabling this parameter will disable netbios support + </tt></i></a> parameters.</p><p>Default: <b class="command">directory security mask = 0777</b></p><p>Example: <b class="command">directory security mask = 0700</b></p></dd><dt><span class="term"><a name="DISABLENETBIOS"></a>disable netbios (G)</span></dt><dd><p>Enabling this parameter will disable netbios support in Samba. Netbios is the only available form of browsing in all windows versions except for 2000 and XP. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Note that clients that only support netbios won't be able to see your samba server when netbios support is disabled. @@ -838,7 +857,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' of interest to clients or are infinitely deep (recursive). This parameter allows you to specify a comma-delimited list of directories that the server should always show as empty.</p><p>Note that Samba can be very fussy about the exact format - of the "dont descend" entries. For example you may need <tt class="filename"> + of the "dont descend" entries. For example you may need <tt class="filename"> ./proc</tt> instead of just <tt class="filename">/proc</tt>. Experimentation is the best policy :-) </p><p>Default: <span class="emphasis"><em>none (i.e., all directories are OK to descend)</em></span></p><p>Example: <b class="command">dont descend = /proc,/dev</b></p></dd><dt><span class="term"><a name="DOSCHARSET"></a>dos charset (G)</span></dt><dd><p>DOS SMB clients assume the server has @@ -886,7 +905,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed. To use encrypted passwords in - Samba see the chapter "User Database" in the Samba HOWTO Collection. </p><p>In order for encrypted passwords to work correctly + Samba see the chapter "User Database" in the Samba HOWTO Collection. </p><p>In order for encrypted passwords to work correctly <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> must either have access to a local <a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> file (see the <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a> program for information on how to set up and maintain this file), or set the <a href="#SECURITY">security = [server|domain|ads]</a> parameter which @@ -902,16 +921,16 @@ df $1 | tail -1 | awk '{print $2" "$4}' workgroups not disappearing from browse lists. Due to the restrictions of the browse protocols these enhancements can cause a empty workgroup to stay around forever which can be annoying.</p><p>In general you should leave this option enabled as it makes - cross-subnet browse propagation much more reliable.</p><p>Default: <b class="command">enhanced browsing = yes</b></p></dd><dt><span class="term"><a name="ENUMPORTSCOMMAND"></a>enumports command (G)</span></dt><dd><p>The concept of a "port" is fairly foreign + cross-subnet browse propagation much more reliable.</p><p>Default: <b class="command">enhanced browsing = yes</b></p></dd><dt><span class="term"><a name="ENUMPORTSCOMMAND"></a>enumports command (G)</span></dt><dd><p>The concept of a "port" is fairly foreign to UNIX hosts. Under Windows NT/2000 print servers, a port is associated with a port monitor and generally takes the form of a local port (i.e. LPT1:, COM1:, FILE:) or a remote port (i.e. LPD Port Monitor, etc...). By default, Samba has only one - port defined--<tt class="constant">"Samba Printer Port"</tt>. Under + port defined--<tt class="constant">"Samba Printer Port"</tt>. Under Windows NT/2000, all printers must have a valid port name. If you wish to have a list of ports displayed (<b class="command">smbd </b> does not use a port name for anything) other than - the default <tt class="constant">"Samba Printer Port"</tt>, you + the default <tt class="constant">"Samba Printer Port"</tt>, you can define <i class="parameter"><tt>enumports command</tt></i> to point to a program which should generate a list of ports, one per line, to standard output. This listing will then be used in response @@ -993,7 +1012,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' allows a user to modify all the user/group/world permissions on a directory without restrictions.</p><p><span class="emphasis"><em>Note</em></span> that users who can access the Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. + so it is primarily useful for standalone "appliance" systems. Administrators of most normal systems will probably want to leave it set as 0000.</p><p>See also the <a href="#DIRECTORYSECURITYMASK"><i class="parameter"><tt> directory security mask</tt></i></a>, <a href="#SECURITYMASK"> @@ -1030,7 +1049,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' and allows a user to modify all the user/group/world permissions on a file, with no restrictions.</p><p><span class="emphasis"><em>Note</em></span> that users who can access the Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. + so it is primarily useful for standalone "appliance" systems. Administrators of most normal systems will probably want to leave this set to 0000.</p><p>See also the <a href="#FORCEDIRECTORYSECURITYMODE"><i class="parameter"><tt> force directory security mode</tt></i></a>, @@ -1042,7 +1061,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' as using it incorrectly can cause security problems.</p><p>This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a valid password. Once connected, all file operations will be performed - as the "forced user", no matter what username the client connected + as the "forced user", no matter what username the client connected as. This can be very useful.</p><p>In Samba 2.0.5 and above this parameter also causes the primary group of the forced user to be used as the primary group for all file activity. Prior to 2.0.5 the primary group was left @@ -1068,17 +1087,17 @@ df $1 | tail -1 | awk '{print $2" "$4}' guest ok</tt></i></a> (see below). Whatever privileges this user has will be available to any client connecting to the guest service. Typically this user will exist in the password file, but will not - have a valid login. The user account "ftp" is often a good choice + have a valid login. The user account "ftp" is often a good choice for this parameter. If a username is specified in a given service, the specified username overrides this one. - </p><p>One some systems the default guest account "nobody" may not + </p><p>One some systems the default guest account "nobody" may not be able to print. Use another account in this case. You should test this by trying to log in as your guest user (perhaps by using the <b class="command">su -</b> command) and trying to print using the system print command such as <b class="command">lpr(1)</b> or <b class="command"> lp(1)</b>.</p><p>This parameter does not accept % macros, because many parts of the system require this value to be - constant for correct operation.</p><p>Default: <span class="emphasis"><em>specified at compile time, usually "nobody"</em></span></p><p>Example: <b class="command">guest account = ftp</b></p></dd><dt><span class="term"><a name="GUESTOK"></a>guest ok (S)</span></dt><dd><p>If this parameter is <tt class="constant">yes</tt> for + constant for correct operation.</p><p>Default: <span class="emphasis"><em>specified at compile time, usually "nobody"</em></span></p><p>Example: <b class="command">guest account = ftp</b></p></dd><dt><span class="term"><a name="GUESTOK"></a>guest ok (S)</span></dt><dd><p>If this parameter is <tt class="constant">yes</tt> for a service, then no password is required to connect to the service. Privileges will be those of the <a href="#GUESTACCOUNT"><i class="parameter"><tt> guest account</tt></i></a>.</p><p>This paramater nullifies the benifits of setting @@ -1153,7 +1172,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <i class="parameter"><tt>hosts deny</tt></i></a> option.</p><p>You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The <span class="emphasis"><em>EXCEPT</em></span> keyword can also be used to limit a - wildcard list. The following examples may provide some help:</p><p>Example 1: allow all IPs in 150.203.*.*; except one</p><p><b class="command">hosts allow = 150.203. EXCEPT 150.203.6.66</b></p><p>Example 2: allow hosts that match the given network/netmask</p><p><b class="command">hosts allow = 150.203.15.0/255.255.255.0</b></p><p>Example 3: allow a couple of hosts</p><p><b class="command">hosts allow = lapland, arvidsjaur</b></p><p>Example 4: allow only hosts in NIS netgroup "foonet", but + wildcard list. The following examples may provide some help:</p><p>Example 1: allow all IPs in 150.203.*.*; except one</p><p><b class="command">hosts allow = 150.203. EXCEPT 150.203.6.66</b></p><p>Example 2: allow hosts that match the given network/netmask</p><p><b class="command">hosts allow = 150.203.15.0/255.255.255.0</b></p><p>Example 3: allow a couple of hosts</p><p><b class="command">hosts allow = lapland, arvidsjaur</b></p><p>Example 4: allow only hosts in NIS netgroup "foonet", but deny access from one particular host</p><p><b class="command">hosts allow = @foonet</b></p><p><b class="command">hosts deny = pirate</b></p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Note that access still requires suitable user-level passwords.</p></div><p>See <a href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> for a way of testing your host access to see if it does what you expect.</p><p>Default: <span class="emphasis"><em>none (i.e., all hosts permitted access)</em></span></p><p>Example: <b class="command">allow hosts = 150.203.5. myhost.mynet.edu.au</b></p></dd><dt><span class="term"><a name="HOSTSDENY"></a>hosts deny (S)</span></dt><dd><p>The opposite of <i class="parameter"><tt>hosts allow</tt></i> - hosts listed here are <span class="emphasis"><em>NOT</em></span> permitted access to @@ -1179,7 +1198,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' LDAP backend. This way all domain members and controllers will have the same UID and GID to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux systems that are sharing information over protocols other than SMB/CIFS (ie: NFS). - </p><p>Default: <b class="command">idmap backend = <empty string></b></p><p>Example: <b class="command">idmap backend = ldapsam://ldapslave.example.com</b></p></dd><dt><span class="term"><a name="IDMAPGID"></a>idmap gid (G)</span></dt><dd><p>The idmap gid parameter specifies the range of group ids that are allocated for + </p><p>Default: <b class="command">idmap backend = <empty string></b></p><p>Example: <b class="command">idmap backend = ldap:ldap://ldapslave.example.com</b></p></dd><dt><span class="term"><a name="IDMAPGID"></a>idmap gid (G)</span></dt><dd><p>The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise.</p><p>The availability of an idmap gid range is essential for correct operation of all group mapping.</p><p>Default: <b class="command">idmap gid = <empty string></b></p><p>Example: <b class="command">idmap gid = 10000-20000</b></p></dd><dt><span class="term"><a name="IDMAPUID"></a>idmap uid (G)</span></dt><dd><p>The idmap uid parameter specifies the range of user ids that are allocated for use @@ -1222,11 +1241,11 @@ df $1 | tail -1 | awk '{print $2" "$4}' interfaces except 127.0.0.1 that are broadcast capable.</p><p>The option takes a list of interface strings. Each string can be in any of the following forms:</p><div class="itemizedlist"><ul type="disc"><li><p>a network interface name (such as eth0). This may include shell-like wildcards so eth* will match - any interface starting with the substring "eth"</p></li><li><p>an IP address. In this case the netmask is + any interface starting with the substring "eth"</p></li><li><p>an IP address. In this case the netmask is determined from the list of interfaces obtained from the - kernel</p></li><li><p>an IP/mask pair. </p></li><li><p>a broadcast/mask pair.</p></li></ul></div><p>The "mask" parameters can either be a bit length (such + kernel</p></li><li><p>an IP/mask pair. </p></li><li><p>a broadcast/mask pair.</p></li></ul></div><p>The "mask" parameters can either be a bit length (such as 24 for a C class network) or a full netmask in dotted - decimal form.</p><p>The "IP" parameters above can either be a full dotted + decimal form.</p><p>The "IP" parameters above can either be a full dotted decimal IP address or a hostname which will be looked up via the OS's normal hostname resolution mechanisms.</p><p>For example, the following line:</p><p><b class="command">interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0</b></p><p>would configure three network interfaces corresponding to the eth0 device and IP addresses 192.168.2.10 and 192.168.3.10. @@ -1255,7 +1274,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' a client is still present and responding.</p><p>Keepalives should, in general, not be needed if the socket being used has the SO_KEEPALIVE attribute set on it (see <a href="#SOCKETOPTIONS"> <i class="parameter"><tt>socket options</tt></i></a>). - Basically you should only use this option if you strike difficulties.</p><p>Default: <b class="command">keepalive = 300</b></p><p>Example: <b class="command">keepalive = 600</b></p></dd><dt><span class="term"><a name="KERNELOPLOCKS"></a>kernel oplocks (G)</span></dt><dd><p>For UNIXes that support kernel based <a href="#OPLOCKS"> + Basically you should only use this option if you strike difficulties.</p><p>Default: <b class="command">keepalive = 300</b></p><p>Example: <b class="command">keepalive = 600</b></p></dd><dt><span class="term"><a name="KERNELCHANGENOTIFY"></a>kernel change notify (G)</span></dt><dd><p>This parameter specifies whether Samba should ask the + kernel for change notifications in directories so that + SMB clients can refresh whenever the data on the server changes. + </p><p>This parameter is only usd when your kernel supports + change notification to user programs, using the F_NOTIFY fcntl. + </p><p>Default: <span class="emphasis"><em>Yes</em></span></p></dd><dt><span class="term"><a name="KERNELOPLOCKS"></a>kernel oplocks (G)</span></dt><dd><p>For UNIXes that support kernel based <a href="#OPLOCKS"> <i class="parameter"><tt>oplocks</tt></i></a> (currently only IRIX and the Linux 2.4 kernel), this parameter allows the use of them to be turned on or off.</p><p>Kernel oplocks support allows Samba <i class="parameter"><tt>oplocks @@ -1300,7 +1324,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' The default is to match the login name with the <tt class="constant">uid</tt> attribute for all entries matching the <tt class="constant">sambaAccount</tt> objectclass. Note that this filter should only return one entry. - </p><p>Default: <b class="command">ldap filter = (&(uid=%u)(objectclass=sambaAccount))</b></p></dd><dt><span class="term"><a name="LDAPMACHINESUFFIX"></a>ldap machine suffix (G)</span></dt><dd><p>It specifies where machines should be added to the ldap tree.</p><p>Default: <span class="emphasis"><em>none</em></span></p></dd><dt><span class="term"><a name="LDAPPASSWDSYNC"></a>ldap passwd sync (G)</span></dt><dd><p>This option is used to define whether + </p><p>Default: <b class="command">ldap filter = (&(uid=%u)(objectclass=sambaAccount))</b></p></dd><dt><span class="term"><a name="LDAPGROUPSUFFIX"></a>ldap group suffix (G)</span></dt><dd><p>This parameters specifies the suffix that is + used for groups when these are added to the LDAP directory. + If this parameter is unset, the value of <i class="parameter"><tt>ldap suffix</tt></i> will be used instead.</p><p>Default: <span class="emphasis"><em>none</em></span></p><p>Example: <span class="emphasis"><em>dc=samba,ou=Groups</em></span></p></dd><dt><span class="term"><a name="LDAPIDMAPSUFFIX"></a>ldap idmap suffix (G)</span></dt><dd><p>This parameters specifies the suffix that is + used when storing idmap mappings. If this parameter + is unset, the value of <i class="parameter"><tt>ldap suffix</tt></i> + will be used instead.</p><p>Default: <span class="emphasis"><em>none</em></span></p><p>Example: <span class="emphasis"><em>dc=samba,ou=Idmap</em></span></p></dd><dt><span class="term"><a name="LDAPMACHINESUFFIX"></a>ldap machine suffix (G)</span></dt><dd><p>It specifies where machines should be added to the ldap tree.</p><p>Default: <span class="emphasis"><em>none</em></span></p></dd><dt><span class="term"><a name="LDAPPASSWDSYNC"></a>ldap passwd sync (G)</span></dt><dd><p>This option is used to define whether or not Samba should sync the LDAP password with the NT and LM hashes for normal accounts (NOT for workstation, server or domain trusts) on a password @@ -1332,16 +1361,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' tree. Can be overriden by <b class="command">ldap user suffix</b> and <b class="command">ldap machine suffix</b>. It also used as the base dn for all ldap - searches. </p><p>Default: <span class="emphasis"><em>none</em></span></p></dd><dt><span class="term"><a name="LDAPTRUSTIDS"></a>ldap trust ids (G)</span></dt><dd><p>Normally, Samba validates each entry in the LDAP server - against getpwnam(). This allows LDAP to be used for Samba with - the unix system using NIS (for example) and also ensures that - Samba does not present accounts that do not otherwise exist. - </p><p>This option is used to disable this functionality, and - instead to rely on the presence of the appropriate attributes - in LDAP directly, which can result in a significant performance - boost in some situations. Setting this option to yes effectivly - assumes that the local machine is running <b class="command">nss_ldap</b> against the same LDAP - server.</p><p>Default: <b class="command">ldap trust ids = No</b></p></dd><dt><span class="term"><a name="LDAPUSERSUFFIX"></a>ldap user suffix (G)</span></dt><dd><p>It specifies where users are added to the tree.</p><p>Default: <span class="emphasis"><em>none</em></span></p></dd><dt><span class="term"><a name="LEVEL2OPLOCKS"></a>level2 oplocks (S)</span></dt><dd><p>This parameter controls whether Samba supports + searches. </p><p>Default: <span class="emphasis"><em>none</em></span></p></dd><dt><span class="term"><a name="LDAPUSERSUFFIX"></a>ldap user suffix (G)</span></dt><dd><p>This parameter specifies where users are added to the tree. + If this parameter is not specified, the value from <b class="command">ldap suffix</b>.</p><p>Default: <span class="emphasis"><em>none</em></span></p></dd><dt><span class="term"><a name="LEVEL2OPLOCKS"></a>level2 oplocks (S)</span></dt><dd><p>This parameter controls whether Samba supports level2 (read-only) oplocks on a share.</p><p>Level2, or read-only oplocks allow Windows NT clients that have an oplock on a file to downgrade from a read-write oplock to a read-only oplock once a second client opens the file (instead @@ -1352,7 +1373,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' for many accesses of files that are not commonly written (such as application .EXE files).</p><p>Once one of the clients which have a read-only oplock writes to the file all clients are notified (no reply is needed - or waited for) and told to break their oplocks to "none" and + or waited for) and told to break their oplocks to "none" and delete any read-ahead caches.</p><p>It is recommended that this parameter be turned on to speed access to shared executables.</p><p>For more discussions on level2 oplocks see the CIFS spec.</p><p>Currently, if <a href="#KERNELOPLOCKS"><i class="parameter"><tt>kernel oplocks</tt></i></a> are supported then level2 oplocks are @@ -1390,12 +1411,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' <tt class="constant">yes</tt> doesn't mean that Samba will <span class="emphasis"><em>become</em></span> the local master browser on a subnet, just that <b class="command">nmbd</b> will <span class="emphasis"><em>participate</em></span> in elections for local master browser.</p><p>Setting this value to <tt class="constant">no</tt> will cause <b class="command">nmbd</b> <span class="emphasis"><em>never</em></span> to become a local - master browser.</p><p>Default: <b class="command">local master = yes</b></p></dd><dt><span class="term"><a name="LOCKDIRECTORY"></a>lock directory (G)</span></dt><dd><p>This option specifies the directory where lock + master browser.</p><p>Default: <b class="command">local master = yes</b></p></dd><dt><span class="term"><a name="LOCKDIR"></a>lock dir (G)</span></dt><dd><p>Synonym for <a href="#LOCKDIRECTORY"><i class="parameter"><tt> + lock directory</tt></i></a>. +</p></dd><dt><span class="term"><a name="LOCKDIRECTORY"></a>lock directory (G)</span></dt><dd><p>This option specifies the directory where lock files will be placed. The lock files are used to implement the <a href="#MAXCONNECTIONS"><i class="parameter"><tt>max connections</tt></i> - </a> option.</p><p>Default: <b class="command">lock directory = ${prefix}/var/locks</b></p><p>Example: <b class="command">lock directory = /var/run/samba/locks</b></p></dd><dt><span class="term"><a name="LOCKDIR"></a>lock dir (G)</span></dt><dd><p>Synonym for <a href="#LOCKDIRECTORY"><i class="parameter"><tt> - lock directory</tt></i></a>. -</p></dd><dt><span class="term"><a name="LOCKING"></a>locking (S)</span></dt><dd><p>This controls whether or not locking will be + </a> option.</p><p>Default: <b class="command">lock directory = ${prefix}/var/locks</b></p><p>Example: <b class="command">lock directory = /var/run/samba/locks</b></p></dd><dt><span class="term"><a name="LOCKING"></a>locking (S)</span></dt><dd><p>This controls whether or not locking will be performed by the server in response to lock requests from the client.</p><p>If <b class="command">locking = no</b>, all lock and unlock requests will appear to succeed and all lock queries will report @@ -1444,14 +1465,14 @@ df $1 | tail -1 | awk '{print $2" "$4}' <i class="parameter"><tt>logon home</tt></i>. This broke <b class="command">net use /home</b> but allowed profiles outside the home directory. The current implementation is correct, and can be used for profiles if you use the above trick.</p><p>This option is only useful if Samba is set up as a logon - server.</p><p>Default: <b class="command">logon home = "\\%N\%U"</b></p><p>Example: <b class="command">logon home = "\\remote_smb_server\%U"</b></p></dd><dt><span class="term"><a name="LOGONPATH"></a>logon path (G)</span></dt><dd><p>This parameter specifies the home directory + server.</p><p>Default: <b class="command">logon home = "\\%N\%U"</b></p><p>Example: <b class="command">logon home = "\\remote_smb_server\%U"</b></p></dd><dt><span class="term"><a name="LOGONPATH"></a>logon path (G)</span></dt><dd><p>This parameter specifies the home directory where roaming profiles (NTuser.dat etc files for Windows NT) are stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming profiles. To find out how to handle roaming profiles for Win 9X system, see the <a href="#LOGONHOME"> <i class="parameter"><tt>logon home</tt></i></a> parameter.</p><p>This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine. It also - specifies the directory from which the "Application Data", + specifies the directory from which the "Application Data", (<tt class="filename">desktop</tt>, <tt class="filename">start menu</tt>, <tt class="filename">network neighborhood</tt>, <tt class="filename">programs</tt> and other folders, and their contents, are loaded and displayed on @@ -1589,12 +1610,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' you would use:</p><p><b class="command">mangled map = (*.html *.htm)</b></p><p>One very useful case is to remove the annoying <tt class="filename">;1 </tt> off the ends of filenames on some CDROMs (only visible under some UNIXes). To do this use a map of (*;1 *;).</p><p>Default: <span class="emphasis"><em>no mangled map</em></span></p><p>Example: <b class="command">mangled map = (*;1 *;)</b></p></dd><dt><span class="term"><a name="MANGLEDNAMES"></a>mangled names (S)</span></dt><dd><p>This controls whether non-DOS names under UNIX - should be mapped to DOS-compatible names ("mangled") and made visible, + should be mapped to DOS-compatible names ("mangled") and made visible, or whether non-DOS names should simply be ignored.</p><p>See the section on <a href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a> for details on how to control the mangling process.</p><p>If mangling is used then the mangling algorithm is as follows:</p><div class="itemizedlist"><ul type="disc"><li><p>The first (up to) five alphanumeric characters before the rightmost dot of the filename are preserved, forced to upper case, and appear as the first (up to) five characters - of the mangled name.</p></li><li><p>A tilde "~" is appended to the first part of the mangled + of the mangled name.</p></li><li><p>A tilde "~" is appended to the first part of the mangled name, followed by a two-character unique sequence, based on the original root name (i.e., the original filename minus its final extension). The final extension is included in the hash calculation @@ -1606,9 +1627,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' extension of the mangled name. The final extension is defined as that part of the original filename after the rightmost dot. If there are no dots in the filename, the mangled name will have no extension (except - in the case of "hidden files" - see below).</p></li><li><p>Files whose UNIX name begins with a dot will be + in the case of "hidden files" - see below).</p></li><li><p>Files whose UNIX name begins with a dot will be presented as DOS hidden files. The mangled name will be created as - for other filenames, but with the leading dot removed and "___" as + for other filenames, but with the leading dot removed and "___" as its extension regardless of actual original extension (that's three underscores).</p></li></ul></div><p>The two-digit hash value consists of upper case alphanumeric characters.</p><p>This algorithm can cause name collisions only if files in a directory share the same first five alphanumeric characters. @@ -1634,9 +1655,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' the <span class="emphasis"><em>magic</em></span> character in <a href="#NAMEMANGLINGSECT" title="NAME MANGLING">name mangling</a>. The default is a '~' but this may interfere with some software. Use this option to set it to whatever you prefer. This is effective only when mangling method is hash.</p><p>Default: <b class="command">mangling char = ~</b></p><p>Example: <b class="command">mangling char = ^</b></p></dd><dt><span class="term"><a name="MANGLINGMETHOD"></a>mangling method (G)</span></dt><dd><p> controls the algorithm used for the generating - the mangled names. Can take two different values, "hash" and - "hash2". "hash" is the default and is the algorithm that has been - used in Samba for many years. "hash2" is a newer and considered + the mangled names. Can take two different values, "hash" and + "hash2". "hash" is the default and is the algorithm that has been + used in Samba for many years. "hash2" is a newer and considered a better algorithm (generates less collisions) in the names. However, many Win32 applications store the mangled names and so changing to the new algorithm must not be done @@ -1677,18 +1698,18 @@ df $1 | tail -1 | awk '{print $2" "$4}' with an invalid password are treated as a guest login and mapped into the <a href="#GUESTACCOUNT">guest account</a>. Note that this can cause problems as it means that any user incorrectly typing - their password will be silently logged on as "guest" - and + their password will be silently logged on as "guest" - and will not know the reason they cannot access files they think they should - there will have been no message given to them that they got their password wrong. Helpdesk services will <span class="emphasis"><em>hate</em></span> you if you set the <i class="parameter"><tt>map to - guest</tt></i> parameter this way :-).</p></li></ul></div><p>Note that this parameter is needed to set up "Guest" + guest</tt></i> parameter this way :-).</p></li></ul></div><p>Note that this parameter is needed to set up "Guest" share services when using <i class="parameter"><tt>security</tt></i> modes other than share. This is because in these modes the name of the resource being requested is <span class="emphasis"><em>not</em></span> sent to the server until after the server has successfully authenticated the client so the server cannot make authentication decisions at the correct time (connection - to the share) for "Guest" shares.</p><p>For people familiar with the older Samba releases, this + to the share) for "Guest" shares.</p><p>For people familiar with the older Samba releases, this parameter maps to the old compile-time setting of the <tt class="constant"> GUEST_SESSSETUP</tt> value in local.h.</p><p>Default: <b class="command">map to guest = Never</b></p><p>Example: <b class="command">map to guest = Bad User</b></p></dd><dt><span class="term"><a name="MAXCONNECTIONS"></a>max connections (S)</span></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited. If <i class="parameter"><tt>max connections</tt></i> is greater than 0 then connections @@ -1718,7 +1739,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' by the UNIX per-process file descriptor limit rather than this parameter so you should never need to touch this parameter.</p><p>Default: <b class="command">max open files = 10000</b></p></dd><dt><span class="term"><a name="MAXPRINTJOBS"></a>max print jobs (S)</span></dt><dd><p>This parameter limits the maximum number of jobs allowable in a Samba printer queue at any given moment. - If this number is exceeded, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will remote "Out of Space" to the client. + If this number is exceeded, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will remote "Out of Space" to the client. See all <a href="#"><i class="parameter"><tt>total print jobs</tt></i></a>. </p><p>Default: <b class="command">max print jobs = 1000</b></p><p>Example: <b class="command">max print jobs = 5000</b></p></dd><dt><span class="term"><a name="MAXPROTOCOL"></a>max protocol (G)</span></dt><dd><p>The value of the parameter (a string) is the highest @@ -1825,8 +1846,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' suite to determine what naming services to use and in what order to resolve host names to IP addresses. Its main purpose to is to control how netbios name resolution is performed. The option takes a space - separated string of name resolution options.</p><p>The options are: "lmhosts", "host", - "wins" and "bcast". They cause names to be + separated string of name resolution options.</p><p>The options are: "lmhosts", "host", + "wins" and "bcast". They cause names to be resolved as follows:</p><div class="itemizedlist"><ul type="disc"><li><p><tt class="constant">lmhosts</tt> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has no name type attached to the NetBIOS name (see the <a href="lmhosts.5.html" target="_top">lmhosts(5)</a> for details) then @@ -1975,7 +1996,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <a href="#PASSWDCHAT"><i class="parameter"><tt>passwd chat</tt></i></a> parameter for most setups.</p><p>Default: <b class="command">pam password change = no</b></p></dd><dt><span class="term"><a name="PANICACTION"></a>panic action (G)</span></dt><dd><p>This is a Samba developer option that allows a system command to be called when either <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> or <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> crashes. This is usually used to - draw attention to the fact that a problem occurred.</p><p>Default: <b class="command">panic action = <empty string></b></p><p>Example: <b class="command">panic action = "/bin/sleep 90000"</b></p></dd><dt><span class="term"><a name="PARANOIDSERVERSECURITY"></a>paranoid server security (G)</span></dt><dd><p>Some version of NT 4.x allow non-guest + draw attention to the fact that a problem occurred.</p><p>Default: <b class="command">panic action = <empty string></b></p><p>Example: <b class="command">panic action = "/bin/sleep 90000"</b></p></dd><dt><span class="term"><a name="PARANOIDSERVERSECURITY"></a>paranoid server security (G)</span></dt><dd><p>Some version of NT 4.x allow non-guest users with a bad passowrd. When this option is enabled, samba will not use a broken NT 4.x server as password server, but instead complain to the logs and exit. @@ -2007,21 +2028,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' argument. Read the Samba HOWTO Collection for configuration details. </p></li></ul></div><p> - </p><p>Default: <b class="command">passdb backend = smbpasswd</b></p><p>Example: <b class="command">passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd</b></p><p>Example: <b class="command">passdb backend = ldapsam:ldaps://ldap.example.com</b></p><p>Example: <b class="command">passdb backend = mysql:my_plugin_args tdbsam</b></p></dd><dt><span class="term"><a name="PASSWDCHATDEBUG"></a>passwd chat debug (G)</span></dt><dd><p>This boolean specifies if the passwd chat script - parameter is run in <span class="emphasis"><em>debug</em></span> mode. In this mode the - strings passed to and received from the passwd chat are printed - in the <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> log with a - <a href="#DEBUGLEVEL"><i class="parameter"><tt>debug level</tt></i></a> - of 100. This is a dangerous option as it will allow plaintext passwords - to be seen in the <b class="command">smbd</b> log. It is available to help - Samba admins debug their <i class="parameter"><tt>passwd chat</tt></i> scripts - when calling the <i class="parameter"><tt>passwd program</tt></i> and should - be turned off after this has been done. This option has no effect if the - <a href="#PAMPASSWORDCHANGE"><i class="parameter"><tt>pam password change</tt></i></a> - paramter is set. This parameter is off by default.</p><p>See also <a href="#PASSWDCHAT"><i class="parameter"><tt>passwd chat</tt></i> - </a>, <a href="#PAMPASSWORDCHANGE"><i class="parameter"><tt>pam password change</tt></i> - </a>, <a href="#PASSWDPROGRAM"><i class="parameter"><tt>passwd program</tt></i> - </a>.</p><p>Default: <b class="command">passwd chat debug = no</b></p></dd><dt><span class="term"><a name="PASSWDCHAT"></a>passwd chat (G)</span></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span> + </p><p>Default: <b class="command">passdb backend = smbpasswd</b></p><p>Example: <b class="command">passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd</b></p><p>Example: <b class="command">passdb backend = ldapsam:ldaps://ldap.example.com</b></p><p>Example: <b class="command">passdb backend = mysql:my_plugin_args tdbsam</b></p></dd><dt><span class="term"><a name="PASSWDCHAT"></a>passwd chat (G)</span></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span> conversation that takes places between <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and the local password changing program to change the user's password. The string describes a sequence of response-receive pairs that <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> uses to determine what to send to the @@ -2043,7 +2050,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' give line-feed, carriage-return, tab and space. The chat sequence string can also contain a '*' which matches any sequence of characters. Double quotes can be used to collect strings with spaces in them into a single string.</p><p>If the send string in any part of the chat sequence is a full - stop ".", then no string is sent. Similarly, if the + stop ".", then no string is sent. Similarly, if the expect string is a full stop then no string is expected.</p><p>If the <a href="#PAMPASSWORDCHANGE"><i class="parameter"><tt>pam password change</tt></i></a> parameter is set to <tt class="constant">yes</tt>, the chat pairs may be matched in any order, and success is determined by the PAM result, @@ -2053,9 +2060,23 @@ df $1 | tail -1 | awk '{print $2" "$4}' passwd program</tt></i></a> ,<a href="#PASSWDCHATDEBUG"> <i class="parameter"><tt>passwd chat debug</tt></i></a> and <a href="#PAMPASSWORDCHANGE"> <i class="parameter"><tt>pam password change</tt></i></a>.</p><p>Default: <b class="command">passwd chat = *new*password* %n\\n - *new*password* %n\\n *changed*</b></p><p>Example: <b class="command">passwd chat = "*Enter OLD password*" %o\\n - "*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n - "*Password changed*"</b></p></dd><dt><span class="term"><a name="PASSWDPROGRAM"></a>passwd program (G)</span></dt><dd><p>The name of a program that can be used to set + *new*password* %n\\n *changed*</b></p><p>Example: <b class="command">passwd chat = "*Enter OLD password*" %o\\n + "*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n + "*Password changed*"</b></p></dd><dt><span class="term"><a name="PASSWDCHATDEBUG"></a>passwd chat debug (G)</span></dt><dd><p>This boolean specifies if the passwd chat script + parameter is run in <span class="emphasis"><em>debug</em></span> mode. In this mode the + strings passed to and received from the passwd chat are printed + in the <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> log with a + <a href="#DEBUGLEVEL"><i class="parameter"><tt>debug level</tt></i></a> + of 100. This is a dangerous option as it will allow plaintext passwords + to be seen in the <b class="command">smbd</b> log. It is available to help + Samba admins debug their <i class="parameter"><tt>passwd chat</tt></i> scripts + when calling the <i class="parameter"><tt>passwd program</tt></i> and should + be turned off after this has been done. This option has no effect if the + <a href="#PAMPASSWORDCHANGE"><i class="parameter"><tt>pam password change</tt></i></a> + paramter is set. This parameter is off by default.</p><p>See also <a href="#PASSWDCHAT"><i class="parameter"><tt>passwd chat</tt></i> + </a>, <a href="#PAMPASSWORDCHANGE"><i class="parameter"><tt>pam password change</tt></i> + </a>, <a href="#PASSWDPROGRAM"><i class="parameter"><tt>passwd program</tt></i> + </a>.</p><p>Default: <b class="command">passwd chat debug = no</b></p></dd><dt><span class="term"><a name="PASSWDPROGRAM"></a>passwd program (G)</span></dt><dd><p>The name of a program that can be used to set UNIX user passwords. Any occurrences of <i class="parameter"><tt>%u</tt></i> will be replaced with the user name. The user name is checked for existence before calling the password changing program.</p><p>Also note that many passwd programs insist in <span class="emphasis"><em>reasonable @@ -2081,10 +2102,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' family of operating systems. These clients upper case clear text passwords even when NT LM 0.12 selected by the protocol negotiation request/response.</p><p>This parameter defines the maximum number of characters - that may be upper case in passwords.</p><p>For example, say the password given was "FRED". If <i class="parameter"><tt> + that may be upper case in passwords.</p><p>For example, say the password given was "FRED". If <i class="parameter"><tt> password level</tt></i> is set to 1, the following combinations - would be tried if "FRED" failed:</p><p>"Fred", "fred", "fRed", "frEd","freD"</p><p>If <i class="parameter"><tt>password level</tt></i> was set to 2, - the following combinations would also be tried: </p><p>"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..</p><p>And so on.</p><p>The higher value this parameter is set to the more likely + would be tried if "FRED" failed:</p><p>"Fred", "fred", "fRed", "frEd","freD"</p><p>If <i class="parameter"><tt>password level</tt></i> was set to 2, + the following combinations would also be tried: </p><p>"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..</p><p>And so on.</p><p>The higher value this parameter is set to the more likely it is that a mixed case password will be matched against a single case password. However, you should be aware that use of this parameter reduces security and increases the time taken to @@ -2104,7 +2125,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' parameter <a href="#NAMERESOLVEORDER"><i class="parameter"><tt>name resolve order</tt></i></a> and so may resolved by any method and order described in that parameter.</p><p>The password server must be a machine capable of using - the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in + the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in user level security mode.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Using a password server means your UNIX box (running Samba) is only as secure as your password server. <span class="emphasis"><em>DO NOT CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST</em></span>. @@ -2169,13 +2190,13 @@ df $1 | tail -1 | awk '{print $2" "$4}' whenever the service is disconnected. It takes the usual substitutions. The command may be run as the root on some systems.</p><p>An interesting example may be to unmount server - resources:</p><p><b class="command">postexec = /etc/umount /cdrom</b></p><p>See also <a href="#PREEXEC"><i class="parameter"><tt>preexec</tt></i></a>.</p><p>Default: <span class="emphasis"><em>none (no command executed)</em></span></p><p>Example: <b class="command">postexec = echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log</b></p></dd><dt><span class="term"><a name="PREEXECCLOSE"></a>preexec close (S)</span></dt><dd><p>This boolean option controls whether a non-zero - return code from <a href="#PREEXEC"><i class="parameter"><tt>preexec - </tt></i></a> should close the service being connected to.</p><p>Default: <b class="command">preexec close = no</b></p></dd><dt><span class="term"><a name="PREEXEC"></a>preexec (S)</span></dt><dd><p>This option specifies a command to be run whenever + resources:</p><p><b class="command">postexec = /etc/umount /cdrom</b></p><p>See also <a href="#PREEXEC"><i class="parameter"><tt>preexec</tt></i></a>.</p><p>Default: <span class="emphasis"><em>none (no command executed)</em></span></p><p>Example: <b class="command">postexec = echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log</b></p></dd><dt><span class="term"><a name="PREEXEC"></a>preexec (S)</span></dt><dd><p>This option specifies a command to be run whenever the service is connected to. It takes the usual substitutions.</p><p>An interesting example is to send the users a welcome message every time they log in. Maybe a message of the day? Here - is an example:</p><p><b class="command">preexec = csh -c 'echo \"Welcome to %S!\" | /usr/local/samba/bin/smbclient -M %m -I %I' & </b></p><p>Of course, this could get annoying after a while :-)</p><p>See also <a href="#PREEXECCLOSE"><i class="parameter"><tt>preexec close</tt></i></a> and <a href="#POSTEXEC"><i class="parameter"><tt>postexec - </tt></i></a>.</p><p>Default: <span class="emphasis"><em>none (no command executed)</em></span></p><p>Example: <b class="command">preexec = echo \"%u connected to %S from %m (%I)\" >> /tmp/log</b></p></dd><dt><span class="term"><a name="PREFEREDMASTER"></a>prefered master (G)</span></dt><dd><p>Synonym for <a href="#PREFERREDMASTER"><i class="parameter"><tt> + is an example:</p><p><b class="command">preexec = csh -c 'echo \"Welcome to %S!\" | /usr/local/samba/bin/smbclient -M %m -I %I' & </b></p><p>Of course, this could get annoying after a while :-)</p><p>See also <a href="#PREEXECCLOSE"><i class="parameter"><tt>preexec close</tt></i></a> and <a href="#POSTEXEC"><i class="parameter"><tt>postexec + </tt></i></a>.</p><p>Default: <span class="emphasis"><em>none (no command executed)</em></span></p><p>Example: <b class="command">preexec = echo \"%u connected to %S from %m (%I)\" >> /tmp/log</b></p></dd><dt><span class="term"><a name="PREEXECCLOSE"></a>preexec close (S)</span></dt><dd><p>This boolean option controls whether a non-zero + return code from <a href="#PREEXEC"><i class="parameter"><tt>preexec + </tt></i></a> should close the service being connected to.</p><p>Default: <b class="command">preexec close = no</b></p></dd><dt><span class="term"><a name="PREFEREDMASTER"></a>prefered master (G)</span></dt><dd><p>Synonym for <a href="#PREFERREDMASTER"><i class="parameter"><tt> preferred master</tt></i></a> for people who cannot spell :-).</p></dd><dt><span class="term"><a name="PREFERREDMASTER"></a>preferred master (G)</span></dt><dd><p>This boolean parameter controls if <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> is a preferred master browser for its workgroup.</p><p>If this is set to <tt class="constant">yes</tt>, on startup, <b class="command">nmbd</b> @@ -2188,15 +2209,14 @@ df $1 | tail -1 | awk '{print $2" "$4}' preferred master browsers on the same subnet, they will each periodically and continuously attempt to become the local master browser. This will result in unnecessary broadcast - traffic and reduced browsing capabilities.</p><p>See also <a href="#OSLEVEL"><i class="parameter"><tt>os level</tt></i></a>.</p><p>Default: <b class="command">preferred master = auto</b></p></dd><dt><span class="term"><a name="PRELOADMODULES"></a>preload modules (G)</span></dt><dd><p>This is a list of paths to modules that should - be loaded into smbd before a client connects. This improves - the speed of smbd when reacting to new connections somewhat. </p><p>It is recommended to only use this option on heavy-performance - servers.</p><p>Default: <b class="command">preload modules = </b></p><p>Example: <b class="command">preload modules = /usr/lib/samba/passdb/mysql.so+++ </b></p></dd><dt><span class="term"><a name="PRELOAD"></a>preload (G)</span></dt><dd><p>This is a list of services that you want to be + traffic and reduced browsing capabilities.</p><p>See also <a href="#OSLEVEL"><i class="parameter"><tt>os level</tt></i></a>.</p><p>Default: <b class="command">preferred master = auto</b></p></dd><dt><span class="term"><a name="PRELOAD"></a>preload (G)</span></dt><dd><p>This is a list of services that you want to be automatically added to the browse lists. This is most useful for homes and printers services that would otherwise not be visible.</p><p>Note that if you just want all printers in your printcap file loaded then the <a href="#LOADPRINTERS"> - <i class="parameter"><tt>load printers</tt></i></a> option is easier.</p><p>Default: <span class="emphasis"><em>no preloaded services</em></span></p><p>Example: <b class="command">preload = fred lp colorlp</b></p></dd><dt><span class="term"><a name="PRESERVECASE"></a>preserve case (S)</span></dt><dd><p> This controls if new filenames are created + <i class="parameter"><tt>load printers</tt></i></a> option is easier.</p><p>Default: <span class="emphasis"><em>no preloaded services</em></span></p><p>Example: <b class="command">preload = fred lp colorlp</b></p></dd><dt><span class="term"><a name="PRELOADMODULES"></a>preload modules (G)</span></dt><dd><p>This is a list of paths to modules that should + be loaded into smbd before a client connects. This improves + the speed of smbd when reacting to new connections somewhat. </p><p>Default: <b class="command">preload modules = </b></p><p>Example: <b class="command">preload modules = /usr/lib/samba/passdb/mysql.so+++ </b></p></dd><dt><span class="term"><a name="PRESERVECASE"></a>preserve case (S)</span></dt><dd><p> This controls if new filenames are created with the case that the client passes, or if they are forced to be the <a href="#DEFAULTCASE"><i class="parameter"><tt>default case </tt></i></a>.</p><p>Default: <b class="command">preserve case = yes</b></p><p>See the section on <a href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a> for a fuller discussion.</p></dd><dt><span class="term"><a name="PRINTABLE"></a>printable (S)</span></dt><dd><p>If this parameter is <tt class="constant">yes</tt>, then @@ -2205,14 +2225,15 @@ df $1 | tail -1 | awk '{print $2" "$4}' to the service path (user privileges permitting) via the spooling of print data. The <a href="#READONLY"><i class="parameter"><tt>read only </tt></i></a> parameter controls only non-printing access to - the resource.</p><p>Default: <b class="command">printable = no</b></p></dd><dt><span class="term"><a name="PRINTCAPNAME"></a>printcap name (S)</span></dt><dd><p>This parameter may be used to override the + the resource.</p><p>Default: <b class="command">printable = no</b></p></dd><dt><span class="term"><a name="PRINTCAP"></a>printcap (G)</span></dt><dd><p>Synonym for <a href="#PRINTCAPNAME"><i class="parameter"><tt> + printcap name</tt></i></a>.</p></dd><dt><span class="term"><a name="PRINTCAPNAME"></a>printcap name (S)</span></dt><dd><p>This parameter may be used to override the compiled-in default printcap name used by the server (usually <tt class="filename"> /etc/printcap</tt>). See the discussion of the <a href="#PRINTERSSECT" title="The [printers] section">[printers]</a> section above for reasons why you might want to do this.</p><p>To use the CUPS printing interface set <b class="command">printcap name = cups </b>. This should be supplemented by an addtional setting <a href="#PRINTING">printing = cups</a> in the [global] section. <b class="command">printcap name = cups</b> will use the - "dummy" printcap created by CUPS, as specified in your CUPS + "dummy" printcap created by CUPS, as specified in your CUPS configuration file. </p><p>On System V systems that use <b class="command">lpstat</b> to list available printers you can use <b class="command">printcap name = lpstat @@ -2232,8 +2253,7 @@ print5|My Printer 5 that it's a comment.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Under AIX the default printcap name is <tt class="filename">/etc/qconfig</tt>. Samba will assume the file is in AIX <tt class="filename">qconfig</tt> format if the string - <tt class="filename">qconfig</tt> appears in the printcap filename.</p></div><p>Default: <b class="command">printcap name = /etc/printcap</b></p><p>Example: <b class="command">printcap name = /etc/myprintcap</b></p></dd><dt><span class="term"><a name="PRINTCAP"></a>printcap (G)</span></dt><dd><p>Synonym for <a href="#PRINTCAPNAME"><i class="parameter"><tt> - printcap name</tt></i></a>.</p></dd><dt><span class="term"><a name="PRINTCOMMAND"></a>print command (S)</span></dt><dd><p>After a print job has finished spooling to + <tt class="filename">qconfig</tt> appears in the printcap filename.</p></div><p>Default: <b class="command">printcap name = /etc/printcap</b></p><p>Example: <b class="command">printcap name = /etc/myprintcap</b></p></dd><dt><span class="term"><a name="PRINTCOMMAND"></a>print command (S)</span></dt><dd><p>After a print job has finished spooling to a service, this command will be used via a <b class="command">system()</b> call to process the spool file. Typically the command specified will submit the spool file to the host's printing subsystem, but there @@ -2274,15 +2294,15 @@ print5|My Printer 5 uses <b class="command">lp -c -d%p -oraw; rm %s</b>. With <b class="command">printing = cups</b>, and if SAMBA is compiled against libcups, any manually - set print command will be ignored.</p><p>Example: <b class="command">print command = /usr/local/samba/bin/myprintscript %p %s</b></p></dd><dt><span class="term"><a name="PRINTERADMIN"></a>printer admin (S)</span></dt><dd><p>This is a list of users that can do anything to + set print command will be ignored.</p><p>Example: <b class="command">print command = /usr/local/samba/bin/myprintscript %p %s</b></p></dd><dt><span class="term"><a name="PRINTER"></a>printer (S)</span></dt><dd><p>Synonym for <a href="#PRINTERNAME"><i class="parameter"><tt> + printer name</tt></i></a>.</p></dd><dt><span class="term"><a name="PRINTERADMIN"></a>printer admin (S)</span></dt><dd><p>This is a list of users that can do anything to printers via the remote administration interfaces offered by MS-RPC (usually using a NT workstation). Note that the root user always has admin rights.</p><p>Default: <b class="command">printer admin = <empty string></b></p><p>Example: <b class="command">printer admin = admin, @staff</b></p></dd><dt><span class="term"><a name="PRINTERNAME"></a>printer name (S)</span></dt><dd><p>This parameter specifies the name of the printer to which print jobs spooled through a printable service will be sent.</p><p>If specified in the [global] section, the printer name given will be used for any printable service that does not have its own printer name specified.</p><p>Default: <span class="emphasis"><em>none (but may be <tt class="constant">lp</tt> - on many systems)</em></span></p><p>Example: <b class="command">printer name = laserwriter</b></p></dd><dt><span class="term"><a name="PRINTER"></a>printer (S)</span></dt><dd><p>Synonym for <a href="#PRINTERNAME"><i class="parameter"><tt> - printer name</tt></i></a>.</p></dd><dt><span class="term"><a name="PRINTING"></a>printing (S)</span></dt><dd><p>This parameters controls how printer status information is + on many systems)</em></span></p><p>Example: <b class="command">printer name = laserwriter</b></p></dd><dt><span class="term"><a name="PRINTING"></a>printing (S)</span></dt><dd><p>This parameters controls how printer status information is interpreted on your system. It also affects the default values for the <i class="parameter"><tt>print command</tt></i>, <i class="parameter"><tt>lpq command</tt></i>, <i class="parameter"><tt>lppause command </tt></i>, <i class="parameter"><tt>lpresume command</tt></i>, and <i class="parameter"><tt>lprm command</tt></i> if specified in the [global] section.</p><p>Currently nine printing styles are supported. They are @@ -2310,11 +2330,11 @@ print5|My Printer 5 returned Windows ACL. Firstly it changes the owner and group owner of all reported files and directories to be BUILTIN\\Administrators, BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly - it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to + it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to every returned ACL. This will allow any Windows 2000 or XP workstation user to access the profile.</p><p>Note that if you have multiple users logging on to a workstation then in order to prevent them from being able to access - each others profiles you must remove the "Bypass traverse checking" advanced + each others profiles you must remove the "Bypass traverse checking" advanced user right. This will prevent access to other users profile directories as the top level profile directory (named after the user) is created by the workstation profile code and has an ACL restricting entry to the directory @@ -2344,8 +2364,8 @@ print5|My Printer 5 path in the command as the PATH may not be available to the server.</p><p>Default: <span class="emphasis"><em>depends on the setting of <a href="#PRINTING"> <i class="parameter"><tt>printing</tt></i></a></em></span></p><p>Example: <b class="command">queuepause command = enable %p</b></p></dd><dt><span class="term"><a name="READBMPX"></a>read bmpx (G)</span></dt><dd><p>This boolean parameter controls whether - <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will support the "Read - Block Multiplex" SMB. This is now rarely used and defaults to + <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will support the "Read + Block Multiplex" SMB. This is now rarely used and defaults to <tt class="constant">no</tt>. You should never need to set this parameter.</p><p>Default: <b class="command">read bmpx = no</b></p></dd><dt><span class="term"><a name="READLIST"></a>read list (S)</span></dt><dd><p>This is a list of users that are given read-only access to a service. If the connecting user is in this list then @@ -2429,17 +2449,21 @@ print5|My Printer 5 The security advantage of using restrict anonymous = 2 is removed by setting <a href="#GUESTOK"><i class="parameter"><tt>guest ok</tt></i> = yes</a> on any share. - </p></div><p>Default: <b class="command">restrict anonymous = 0</b></p></dd><dt><span class="term"><a name="ROOTDIRECTORY"></a>root directory (G)</span></dt><dd><p>The server will <b class="command">chroot()</b> (i.e. + </p></div><p>Default: <b class="command">restrict anonymous = 0</b></p></dd><dt><span class="term"><a name="ROOT"></a>root (G)</span></dt><dd><p>Synonym for <a href="#ROOTDIRECTORY"> + <i class="parameter"><tt>root directory"</tt></i></a>. + </p></dd><dt><span class="term"><a name="ROOTDIR"></a>root dir (G)</span></dt><dd><p>Synonym for <a href="#ROOTDIRECTORY"> + <i class="parameter"><tt>root directory"</tt></i></a>. + </p></dd><dt><span class="term"><a name="ROOTDIRECTORY"></a>root directory (G)</span></dt><dd><p>The server will <b class="command">chroot()</b> (i.e. Change its root directory) to this directory on startup. This is not strictly necessary for secure operation. Even without it the server will deny access to files not in one of the service entries. It may also check for, and deny access to, soft links to other - parts of the filesystem, or attempts to use ".." in file names + parts of the filesystem, or attempts to use ".." in file names to access other directories (depending on the setting of the <a href="#WIDELINKS"> <i class="parameter"><tt>wide links</tt></i></a> parameter). </p><p>Adding a <i class="parameter"><tt>root directory</tt></i> entry other - than "/" adds an extra level of security, but at a price. It + than "/" adds an extra level of security, but at a price. It absolutely ensures that no access is given to files not in the sub-tree specified in the <i class="parameter"><tt>root directory</tt></i> option, <span class="emphasis"><em>including</em></span> some files needed for @@ -2449,42 +2473,21 @@ print5|My Printer 5 you will need to mirror <tt class="filename">/etc/passwd</tt> (or a subset of it), and any binaries or configuration files needed for printing (if required). The set of files that must be mirrored is - operating system dependent.</p><p>Default: <b class="command">root directory = /</b></p><p>Example: <b class="command">root directory = /homes/smb</b></p></dd><dt><span class="term"><a name="ROOTDIR"></a>root dir (G)</span></dt><dd><p>Synonym for <a href="#ROOTDIRECTORY"> - <i class="parameter"><tt>root directory"</tt></i></a>. - </p></dd><dt><span class="term"><a name="ROOTPOSTEXEC"></a>root postexec (S)</span></dt><dd><p>This is the same as the <i class="parameter"><tt>postexec</tt></i> + operating system dependent.</p><p>Default: <b class="command">root directory = /</b></p><p>Example: <b class="command">root directory = /homes/smb</b></p></dd><dt><span class="term"><a name="ROOTPOSTEXEC"></a>root postexec (S)</span></dt><dd><p>This is the same as the <i class="parameter"><tt>postexec</tt></i> parameter except that the command is run as root. This is useful for unmounting filesystems (such as CDROMs) after a connection is closed.</p><p>See also <a href="#POSTEXEC"><i class="parameter"><tt> - postexec</tt></i></a>.</p><p>Default: <b class="command">root postexec = <empty string></b></p></dd><dt><span class="term"><a name="ROOTPREEXECCLOSE"></a>root preexec close (S)</span></dt><dd><p>This is the same as the <i class="parameter"><tt>preexec close - </tt></i> parameter except that the command is run as root.</p><p>See also <a href="#PREEXEC"><i class="parameter"><tt> - preexec</tt></i></a> and <a href="#PREEXECCLOSE"> - <i class="parameter"><tt>preexec close</tt></i></a>.</p><p>Default: <b class="command">root preexec close = no</b></p></dd><dt><span class="term"><a name="ROOTPREEXEC"></a>root preexec (S)</span></dt><dd><p>This is the same as the <i class="parameter"><tt>preexec</tt></i> + postexec</tt></i></a>.</p><p>Default: <b class="command">root postexec = <empty string></b></p></dd><dt><span class="term"><a name="ROOTPREEXEC"></a>root preexec (S)</span></dt><dd><p>This is the same as the <i class="parameter"><tt>preexec</tt></i> parameter except that the command is run as root. This is useful for mounting filesystems (such as CDROMs) when a connection is opened.</p><p>See also <a href="#PREEXEC"><i class="parameter"><tt> preexec</tt></i></a> and <a href="#PREEXECCLOSE"> - <i class="parameter"><tt>preexec close</tt></i></a>.</p><p>Default: <b class="command">root preexec = <empty string></b></p></dd><dt><span class="term"><a name="ROOT"></a>root (G)</span></dt><dd><p>Synonym for <a href="#ROOTDIRECTORY"> - <i class="parameter"><tt>root directory"</tt></i></a>. - </p></dd><dt><span class="term"><a name="SECURITYMASK"></a>security mask (S)</span></dt><dd><p>This parameter controls what UNIX permission - bits can be modified when a Windows NT client is manipulating - the UNIX permission on a file using the native NT security - dialog box.</p><p>This parameter is applied as a mask (AND'ed with) to - the changed permission bits, thus preventing any bits not in - this mask from being modified. Essentially, zero bits in this - mask may be treated as a set of bits the user is not allowed - to change.</p><p>If not set explicitly this parameter is 0777, allowing - a user to modify all the user/group/world permissions on a file. - </p><p><span class="emphasis"><em>Note</em></span> that users who can access the - Samba server through other means can easily bypass this - restriction, so it is primarily useful for standalone - "appliance" systems. Administrators of most normal systems will - probably want to leave it set to <tt class="constant">0777</tt>.</p><p>See also the <a href="#FORCEDIRECTORYSECURITYMODE"> - <i class="parameter"><tt>force directory security mode</tt></i></a>, - <a href="#DIRECTORYSECURITYMASK"><i class="parameter"><tt>directory - security mask</tt></i></a>, <a href="#FORCESECURITYMODE"> - <i class="parameter"><tt>force security mode</tt></i></a> parameters.</p><p>Default: <b class="command">security mask = 0777</b></p><p>Example: <b class="command">security mask = 0770</b></p></dd><dt><span class="term"><a name="SECURITY"></a>security (G)</span></dt><dd><p>This option affects how clients respond to + <i class="parameter"><tt>preexec close</tt></i></a>.</p><p>Default: <b class="command">root preexec = <empty string></b></p></dd><dt><span class="term"><a name="ROOTPREEXECCLOSE"></a>root preexec close (S)</span></dt><dd><p>This is the same as the <i class="parameter"><tt>preexec close + </tt></i> parameter except that the command is run as root.</p><p>See also <a href="#PREEXEC"><i class="parameter"><tt> + preexec</tt></i></a> and <a href="#PREEXECCLOSE"> + <i class="parameter"><tt>preexec close</tt></i></a>.</p><p>Default: <b class="command">root preexec close = no</b></p></dd><dt><span class="term"><a name="SECURITY"></a>security (G)</span></dt><dd><p>This option affects how clients respond to Samba and is one of the most important settings in the <tt class="filename"> - smb.conf</tt> file.</p><p>The option sets the "security mode bit" in replies to + smb.conf</tt> file.</p><p>The option sets the "security mode bit" in replies to protocol negotiations with <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to turn share level security on or off. Clients decide based on this bit whether (and how) to transfer user and password information to the server.</p><p>The default is <b class="command">security = user</b>, as this is @@ -2495,8 +2498,8 @@ print5|My Printer 5 <b class="command">security = share</b> mainly because that was the only option at one stage.</p><p>There is a bug in WfWg that has relevance to this setting. When in user or server level security a WfWg client - will totally ignore the password you type in the "connect - drive" dialog box. This makes it very difficult (if not impossible) + will totally ignore the password you type in the "connect + drive" dialog box. This makes it very difficult (if not impossible) to connect to a Samba service as anyone except the user that you are logged into WfWg as.</p><p>If your PCs use usernames that are the same as their usernames on the UNIX machine then you will want to use @@ -2550,7 +2553,7 @@ print5|My Printer 5 in share-level security as to which UNIX username will eventually be used in granting access.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION"> NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSUSER"></a><span class="emphasis"><em>SECURITY = USER</em></span></p><p>This is the default security setting in Samba 3.0. - With user-level security a client must first "log-on" with a + With user-level security a client must first "log-on" with a valid username and password (which can be mapped using the <a href="#USERNAMEMAP"> <i class="parameter"><tt>username map</tt></i></a> parameter). Encrypted passwords (see the <a href="#ENCRYPTPASSWORDS"> @@ -2628,7 +2631,24 @@ print5|My Printer 5 Controller. </p><p>Read the chapter about Domain Membership in the HOWTO for details.</p><p>See also the <a href="#"><i class="parameter"><tt>ads server </tt></i></a> parameter, the <a href="#REALM"><i class="parameter"><tt>realm </tt></i></a> paramter and the <a href="#ENCRYPTPASSWORDS"> - <i class="parameter"><tt>encrypted passwords</tt></i></a> parameter.</p><p>Default: <b class="command">security = USER</b></p><p>Example: <b class="command">security = DOMAIN</b></p></dd><dt><span class="term"><a name="SERVERSCHANNEL"></a>server schannel (G)</span></dt><dd><p>This controls whether the server offers or even + <i class="parameter"><tt>encrypted passwords</tt></i></a> parameter.</p><p>Default: <b class="command">security = USER</b></p><p>Example: <b class="command">security = DOMAIN</b></p></dd><dt><span class="term"><a name="SECURITYMASK"></a>security mask (S)</span></dt><dd><p>This parameter controls what UNIX permission + bits can be modified when a Windows NT client is manipulating + the UNIX permission on a file using the native NT security + dialog box.</p><p>This parameter is applied as a mask (AND'ed with) to + the changed permission bits, thus preventing any bits not in + this mask from being modified. Essentially, zero bits in this + mask may be treated as a set of bits the user is not allowed + to change.</p><p>If not set explicitly this parameter is 0777, allowing + a user to modify all the user/group/world permissions on a file. + </p><p><span class="emphasis"><em>Note</em></span> that users who can access the + Samba server through other means can easily bypass this + restriction, so it is primarily useful for standalone + "appliance" systems. Administrators of most normal systems will + probably want to leave it set to <tt class="constant">0777</tt>.</p><p>See also the <a href="#FORCEDIRECTORYSECURITYMODE"> + <i class="parameter"><tt>force directory security mode</tt></i></a>, + <a href="#DIRECTORYSECURITYMASK"><i class="parameter"><tt>directory + security mask</tt></i></a>, <a href="#FORCESECURITYMODE"> + <i class="parameter"><tt>force security mode</tt></i></a> parameters.</p><p>Default: <b class="command">security mask = 0777</b></p><p>Example: <b class="command">security mask = 0770</b></p></dd><dt><span class="term"><a name="SERVERSCHANNEL"></a>server schannel (G)</span></dt><dd><p>This controls whether the server offers or even demands the use of the netlogon schannel. <i class="parameter"><tt>server schannel = no</tt></i> does not offer the schannel, <i class="parameter"><tt>server schannel = @@ -2639,7 +2659,13 @@ print5|My Printer 5 for Windows NT4 before SP4.</p><p>Please note that with this set to <i class="parameter"><tt>no</tt></i> you will have to apply the WindowsXP requireSignOrSeal-Registry patch found in - the docs/Registry subdirectory.</p><p>Default: <b class="command">server schannel = auto</b></p><p>Example: <b class="command">server schannel = yes</b></p></dd><dt><span class="term"><a name="SERVERSTRING"></a>server string (G)</span></dt><dd><p>This controls what string will show up in the printer comment box in print + the docs/Registry subdirectory.</p><p>Default: <b class="command">server schannel = auto</b></p><p>Example: <b class="command">server schannel = yes</b></p></dd><dt><span class="term"><a name="SERVERSIGNING"></a>server signing (G)</span></dt><dd><p>This controls whether the server offers or requires + the client it talks to to use SMB signing. Possible values + are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span> + and <span class="emphasis"><em>disabled</em></span>. + </p><p>When set to auto, SMB signing is offered, but not enforced. + When set to mandatory, SMB signing is required and if set + to disabled, SMB signing is not offered either.</p><p>Default: <b class="command">client signing = False</b></p></dd><dt><span class="term"><a name="SERVERSTRING"></a>server string (G)</span></dt><dd><p>This controls what string will show up in the printer comment box in print manager and next to the IPC connection in <b class="command">net view</b>. It can be any string that you wish to show to your users.</p><p>It also sets what will appear in browse lists next to the machine name.</p><p>A <i class="parameter"><tt>%v</tt></i> will be replaced with the Samba @@ -2681,7 +2707,7 @@ print5|My Printer 5 </tt></i></a>. This option can be use with <a href="#PRESERVECASE"><b class="command">preserve case = yes</b> </a> to permit long filenames to retain their case, while short names are lowered. </p><p>See the section on <a href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a>.</p><p>Default: <b class="command">short preserve case = yes</b></p></dd><dt><span class="term"><a name="SHOWADDPRINTERWIZARD"></a>show add printer wizard (G)</span></dt><dd><p>With the introduction of MS-RPC based printing support - for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will + for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will appear on Samba hosts in the share listing. Normally this folder will contain an icon for the MS Add Printer Wizard (APW). However, it is possible to disable this feature regardless of the level of privilege @@ -2712,8 +2738,8 @@ print5|My Printer 5 #!/bin/bash $time=0 -let "time/60" -let "time++" +let "time/60" +let "time++" /sbin/shutdown $3 $4 +$time $1 & </pre><p> @@ -2734,7 +2760,7 @@ Shutdown does not return so we need to launch it in background. suggest you read the appropriate documentation for your operating system first (perhaps <b class="command">man setsockopt</b> will help).</p><p>You may find that on some systems Samba will say - "Unknown socket option" when you supply an option. This means you + "Unknown socket option" when you supply an option. This means you either incorrectly typed it or you need to add an include file to includes.h for your OS. If the latter is the case please send the patch to <a href="mailto:samba-technical@samba.org" target="_top"> @@ -2749,7 +2775,7 @@ Shutdown does not return so we need to launch it in background. might be:</p><p><b class="command">socket options = IPTOS_LOWDELAY</b></p><p>If you have a local network then you could try:</p><p><b class="command">socket options = IPTOS_LOWDELAY TCP_NODELAY</b></p><p>If you are on a wide area network then perhaps try setting IPTOS_THROUGHPUT. </p><p>Note that several of the options may cause your Samba server to fail completely. Use these options with caution!</p><p>Default: <b class="command">socket options = TCP_NODELAY</b></p><p>Example: <b class="command">socket options = IPTOS_LOWDELAY</b></p></dd><dt><span class="term"><a name="SOURCEENVIRONMENT"></a>source environment (G)</span></dt><dd><p>This parameter causes Samba to set environment - variables as per the content of the file named.</p><p>If the value of this parameter starts with a "|" character + variables as per the content of the file named.</p><p>If the value of this parameter starts with a "|" character then Samba will treat that value as a pipe command to open and will set the environment variables from the output of the pipe.</p><p>The contents of the file or the output of the pipe should be formatted as the output of the standard Unix <b class="command">env(1)</b> command. This is of the form:</p><p>Example environment entry:</p><p><b class="command">SAMBA_NETBIOS_NAME = myhostname</b></p><p>Default: <span class="emphasis"><em>No default value</em></span></p><p>Examples: <b class="command">source environment = |/etc/smb.conf.sh</b></p><p>Example: <b class="command">source environment = @@ -2796,9 +2822,7 @@ Shutdown does not return so we need to launch it in background. the <i class="parameter"><tt>strict sync</tt></i> parameter must be set to <tt class="constant">yes</tt> in order for this parameter to have any affect.</p><p>See also the <a href="#STRICTSYNC"><i class="parameter"><tt>strict - sync</tt></i></a> parameter.</p><p>Default: <b class="command">sync always = no</b></p></dd><dt><span class="term"><a name="SYSLOGONLY"></a>syslog only (G)</span></dt><dd><p>If this parameter is set then Samba debug - messages are logged into the system syslog only, and not to - the debug log files.</p><p>Default: <b class="command">syslog only = no</b></p></dd><dt><span class="term"><a name="SYSLOG"></a>syslog (G)</span></dt><dd><p>This parameter maps how Samba debug messages + sync</tt></i></a> parameter.</p><p>Default: <b class="command">sync always = no</b></p></dd><dt><span class="term"><a name="SYSLOG"></a>syslog (G)</span></dt><dd><p>This parameter maps how Samba debug messages are logged onto the system syslog logging levels. Samba debug level zero maps onto syslog <tt class="constant">LOG_ERR</tt>, debug level one maps onto <tt class="constant">LOG_WARNING</tt>, debug level @@ -2806,7 +2830,9 @@ Shutdown does not return so we need to launch it in background. maps onto LOG_INFO. All higher levels are mapped to <tt class="constant"> LOG_DEBUG</tt>.</p><p>This parameter sets the threshold for sending messages to syslog. Only messages with debug level less than this value - will be sent to syslog.</p><p>Default: <b class="command">syslog = 1</b></p></dd><dt><span class="term"><a name="TEMPLATEHOMEDIR"></a>template homedir (G)</span></dt><dd><p>When filling out the user information for a Windows NT + will be sent to syslog.</p><p>Default: <b class="command">syslog = 1</b></p></dd><dt><span class="term"><a name="SYSLOGONLY"></a>syslog only (G)</span></dt><dd><p>If this parameter is set then Samba debug + messages are logged into the system syslog only, and not to + the debug log files.</p><p>Default: <b class="command">syslog only = no</b></p></dd><dt><span class="term"><a name="TEMPLATEHOMEDIR"></a>template homedir (G)</span></dt><dd><p>When filling out the user information for a Windows NT user, the <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this parameter to fill in the home directory for that user. If the string <i class="parameter"><tt>%D</tt></i> is present it @@ -2833,7 +2859,7 @@ Shutdown does not return so we need to launch it in background. These extensions enable Samba to better serve UNIX CIFS clients by supporting features such as symbolic links, hard links, etc... These extensions require a similarly enabled client, and are of - no current use to Windows clients.</p><p>Default: <b class="command">unix extensions = no</b></p></dd><dt><span class="term"><a name="UNIXPASSWORDSYNC"></a>unix password sync (G)</span></dt><dd><p>This boolean parameter controls whether Samba + no current use to Windows clients.</p><p>Default: <b class="command">unix extensions = yes</b></p></dd><dt><span class="term"><a name="UNIXPASSWORDSYNC"></a>unix password sync (G)</span></dt><dd><p>This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. If this is set to <tt class="constant">yes</tt> the program specified in the <i class="parameter"><tt>passwd @@ -2877,7 +2903,7 @@ Shutdown does not return so we need to launch it in background. logged on user. If the user possesses local administator rights but not root privilegde on the Samba host (often the case), the OpenPrinterEx() call will fail. The result is that the client will - now display an "Access Denied; Unable to connect" message + now display an "Access Denied; Unable to connect" message in the printer queue window (even though jobs may successfully be printed). </p><p>If this parameter is enabled for a printer, then any attempt to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped @@ -2891,7 +2917,42 @@ Shutdown does not return so we need to launch it in background. default on HPUX. On all other systems this parameter should be left alone. This parameter is provided to help the Samba developers track down problems with the tdb internal code. - </p><p>Default: <b class="command">use mmap = yes</b></p></dd><dt><span class="term"><a name="USERNAMELEVEL"></a>username level (G)</span></dt><dd><p>This option helps Samba to try and 'guess' at + </p><p>Default: <b class="command">use mmap = yes</b></p></dd><dt><span class="term"><a name="USER"></a>user (S)</span></dt><dd><p>Synonym for <a href="#USERNAME"><i class="parameter"><tt>username</tt></i></a>.</p></dd><dt><span class="term"><a name="USERNAME"></a>username (S)</span></dt><dd><p>Multiple users may be specified in a comma-delimited + list, in which case the supplied password will be tested against + each username in turn (left to right).</p><p>The <i class="parameter"><tt>username</tt></i> line is needed only when + the PC is unable to supply its own username. This is the case + for the COREPLUS protocol or where your users have different WfWg + usernames to UNIX usernames. In both these cases you may also be + better using the \\server\share%user syntax instead.</p><p>The <i class="parameter"><tt>username</tt></i> line is not a great + solution in many cases as it means Samba will try to validate + the supplied password against each of the usernames in the + <i class="parameter"><tt>username</tt></i> line in turn. This is slow and + a bad idea for lots of users in case of duplicate passwords. + You may get timeouts or security breaches using this parameter + unwisely.</p><p>Samba relies on the underlying UNIX security. This + parameter does not restrict who can login, it just offers hints + to the Samba server as to what usernames might correspond to the + supplied password. Users can login as whoever they please and + they will be able to do no more damage than if they started a + telnet session. The daemon runs as the user that they log in as, + so they cannot do anything that user cannot do.</p><p>To restrict a service to a particular set of users you + can use the <a href="#VALIDUSERS"><i class="parameter"><tt>valid users + </tt></i></a> parameter.</p><p>If any of the usernames begin with a '@' then the name + will be looked up first in the NIS netgroups list (if Samba + is compiled with netgroup support), followed by a lookup in + the UNIX groups database and will expand to a list of all users + in the group of that name.</p><p>If any of the usernames begin with a '+' then the name + will be looked up only in the UNIX groups database and will + expand to a list of all users in the group of that name.</p><p>If any of the usernames begin with a '&' then the name + will be looked up only in the NIS netgroups database (if Samba + is compiled with netgroup support) and will expand to a list + of all users in the netgroup group of that name.</p><p>Note that searching though a groups database can take + quite some time, and some clients may time out during the + search.</p><p>See the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">NOTE ABOUT + USERNAME/PASSWORD VALIDATION</a> for more information on how + this parameter determines access to the services.</p><p>Default: <b class="command">The guest account if a guest service, + else <empty string>.</b></p><p>Examples:<b class="command">username = fred, mary, jack, jane, + @users, @pcgroup</b></p></dd><dt><span class="term"><a name="USERNAMELEVEL"></a>username level (G)</span></dt><dd><p>This option helps Samba to try and 'guess' at the real UNIX username, as many DOS clients send an all-uppercase username. By default Samba tries all lowercase, followed by the username with the first letter capitalized, and fails if the @@ -2926,8 +2987,8 @@ Shutdown does not return so we need to launch it in background. to the UNIX name <tt class="constant">sys</tt> you would use:</p><p><b class="command">sys = @system</b></p><p>You can have as many mappings as you like in a username map file.</p><p>If your system supports the NIS NETGROUP option then the netgroup database is checked before the <tt class="filename">/etc/group </tt> database for matching groups.</p><p>You can map Windows usernames that have spaces in them - by using double quotes around the name. For example:</p><p><b class="command">tridge = "Andrew Tridgell"</b></p><p>would map the windows username "Andrew Tridgell" to the - unix username "tridge".</p><p>The following example would map mary and fred to the + by using double quotes around the name. For example:</p><p><b class="command">tridge = "Andrew Tridgell"</b></p><p>would map the windows username "Andrew Tridgell" to the + unix username "tridge".</p><p>The following example would map mary and fred to the unix user sys, and map the rest to guest. Note the use of the '!' to tell Samba to stop processing if it gets a match on that line.</p><pre class="programlisting"> @@ -2945,43 +3006,8 @@ guest = * modification.</p><p>Also note that no reverse mapping is done. The main effect this has is with printing. Users who have been mapped may have trouble deleting print jobs as PrintManager under WfWg will think - they don't own the print job.</p><p>Default: <span class="emphasis"><em>no username map</em></span></p><p>Example: <b class="command">username map = /usr/local/samba/lib/users.map</b></p></dd><dt><span class="term"><a name="USERNAME"></a>username (S)</span></dt><dd><p>Multiple users may be specified in a comma-delimited - list, in which case the supplied password will be tested against - each username in turn (left to right).</p><p>The <i class="parameter"><tt>username</tt></i> line is needed only when - the PC is unable to supply its own username. This is the case - for the COREPLUS protocol or where your users have different WfWg - usernames to UNIX usernames. In both these cases you may also be - better using the \\server\share%user syntax instead.</p><p>The <i class="parameter"><tt>username</tt></i> line is not a great - solution in many cases as it means Samba will try to validate - the supplied password against each of the usernames in the - <i class="parameter"><tt>username</tt></i> line in turn. This is slow and - a bad idea for lots of users in case of duplicate passwords. - You may get timeouts or security breaches using this parameter - unwisely.</p><p>Samba relies on the underlying UNIX security. This - parameter does not restrict who can login, it just offers hints - to the Samba server as to what usernames might correspond to the - supplied password. Users can login as whoever they please and - they will be able to do no more damage than if they started a - telnet session. The daemon runs as the user that they log in as, - so they cannot do anything that user cannot do.</p><p>To restrict a service to a particular set of users you - can use the <a href="#VALIDUSERS"><i class="parameter"><tt>valid users - </tt></i></a> parameter.</p><p>If any of the usernames begin with a '@' then the name - will be looked up first in the NIS netgroups list (if Samba - is compiled with netgroup support), followed by a lookup in - the UNIX groups database and will expand to a list of all users - in the group of that name.</p><p>If any of the usernames begin with a '+' then the name - will be looked up only in the UNIX groups database and will - expand to a list of all users in the group of that name.</p><p>If any of the usernames begin with a '&' then the name - will be looked up only in the NIS netgroups database (if Samba - is compiled with netgroup support) and will expand to a list - of all users in the netgroup group of that name.</p><p>Note that searching though a groups database can take - quite some time, and some clients may time out during the - search.</p><p>See the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">NOTE ABOUT - USERNAME/PASSWORD VALIDATION</a> for more information on how - this parameter determines access to the services.</p><p>Default: <b class="command">The guest account if a guest service, - else <empty string>.</b></p><p>Examples:<b class="command">username = fred, mary, jack, jane, - @users, @pcgroup</b></p></dd><dt><span class="term"><a name="USERS"></a>users (S)</span></dt><dd><p>Synonym for <a href="#USERNAME"><i class="parameter"><tt> - username</tt></i></a>.</p></dd><dt><span class="term"><a name="USER"></a>user (S)</span></dt><dd><p>Synonym for <a href="#USERNAME"><i class="parameter"><tt>username</tt></i></a>.</p></dd><dt><span class="term"><a name="USESENDFILE"></a>use sendfile (S)</span></dt><dd><p>If this parameter is <tt class="constant">yes</tt>, and Samba + they don't own the print job.</p><p>Default: <span class="emphasis"><em>no username map</em></span></p><p>Example: <b class="command">username map = /usr/local/samba/lib/users.map</b></p></dd><dt><span class="term"><a name="USERS"></a>users (S)</span></dt><dd><p>Synonym for <a href="#USERNAME"><i class="parameter"><tt> + username</tt></i></a>.</p></dd><dt><span class="term"><a name="USESENDFILE"></a>use sendfile (S)</span></dt><dd><p>If this parameter is <tt class="constant">yes</tt>, and Samba was built with the --with-sendfile-support option, and the underlying operating system supports sendfile system call, then some SMB read calls (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that @@ -2992,15 +3018,7 @@ guest = * WindowsXP and Windows2000 clients to agree upon an authentication mechanism. Unless further issues are discovered with our SPNEGO implementation, there is no reason this should ever be - disabled.</p><p>Default: <span class="emphasis"><em>use spnego = yes</em></span></p></dd><dt><span class="term"><a name="UTMPDIRECTORY"></a>utmp directory (G)</span></dt><dd><p>This parameter is only available if Samba has - been configured and compiled with the option <b class="command"> - --with-utmp</b>. It specifies a directory pathname that is - used to store the utmp or utmpx files (depending on the UNIX system) that - record user connections to a Samba server. See also the <a href="#UTMP"> - <i class="parameter"><tt>utmp</tt></i></a> parameter. By default this is - not set, meaning the system will use whatever utmp file the - native system is set to use (usually - <tt class="filename">/var/run/utmp</tt> on Linux).</p><p>Default: <span class="emphasis"><em>no utmp directory</em></span></p><p>Example: <b class="command">utmp directory = /var/run/utmp</b></p></dd><dt><span class="term"><a name="UTMP"></a>utmp (G)</span></dt><dd><p>This boolean parameter is only available if + disabled.</p><p>Default: <span class="emphasis"><em>use spnego = yes</em></span></p></dd><dt><span class="term"><a name="UTMP"></a>utmp (G)</span></dt><dd><p>This boolean parameter is only available if Samba has been configured and compiled with the option <b class="command"> --with-utmp</b>. If set to <tt class="constant">yes</tt> then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a @@ -3010,7 +3028,22 @@ guest = * incoming user. Enabling this option creates an n^2 algorithm to find this number. This may impede performance on large installations. </p><p>See also the <a href="#UTMPDIRECTORY"><i class="parameter"><tt> - utmp directory</tt></i></a> parameter.</p><p>Default: <b class="command">utmp = no</b></p></dd><dt><span class="term"><a name="VALIDUSERS"></a>valid users (S)</span></dt><dd><p>This is a list of users that should be allowed + utmp directory</tt></i></a> parameter.</p><p>Default: <b class="command">utmp = no</b></p></dd><dt><span class="term"><a name="UTMPDIRECTORY"></a>utmp directory (G)</span></dt><dd><p>This parameter is only available if Samba has + been configured and compiled with the option <b class="command"> + --with-utmp</b>. It specifies a directory pathname that is + used to store the utmp or utmpx files (depending on the UNIX system) that + record user connections to a Samba server. See also the <a href="#UTMP"> + <i class="parameter"><tt>utmp</tt></i></a> parameter. By default this is + not set, meaning the system will use whatever utmp file the + native system is set to use (usually + <tt class="filename">/var/run/utmp</tt> on Linux).</p><p>Default: <span class="emphasis"><em>no utmp directory</em></span></p><p>Example: <b class="command">utmp directory = /var/run/utmp</b></p></dd><dt><span class="term"><a name="-VALID"></a>-valid (S)</span></dt><dd><p> This parameter indicates whether a share is + valid and thus can be used. When this parameter is set to false, + the share will be in no way visible nor accessible. + </p><p> + This option should not be + used by regular users but might be of help to developers. + Samba uses this option internally to mark shares as deleted. + </p><p>Default: <span class="emphasis"><em>True</em></span></p></dd><dt><span class="term"><a name="VALIDUSERS"></a>valid users (S)</span></dt><dd><p>This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '&' are interpreted using the same rules as described in the <i class="parameter"><tt>invalid users</tt></i> parameter.</p><p>If this is empty (the default) then any user can login. @@ -3018,14 +3051,7 @@ guest = * users</tt></i> list then access is denied for that user.</p><p>The current servicename is substituted for <i class="parameter"><tt>%S </tt></i>. This is useful in the [homes] section.</p><p>See also <a href="#INVALIDUSERS"><i class="parameter"><tt>invalid users </tt></i></a></p><p>Default: <span class="emphasis"><em>No valid users list (anyone can login) - </em></span></p><p>Example: <b class="command">valid users = greg, @pcusers</b></p></dd><dt><span class="term"><a name="-VALID"></a>-valid (S)</span></dt><dd><p> This parameter indicates whether a share is - valid and thus can be used. When this parameter is set to false, - the share will be in no way visible nor accessible. - </p><p> - This option should not be - used by regular users but might be of help to developers. - Samba uses this option internally to mark shares as deleted. - </p><p>Default: <span class="emphasis"><em>True</em></span></p></dd><dt><span class="term"><a name="VETOFILES"></a>veto files (S)</span></dt><dd><p>This is a list of files and directories that + </em></span></p><p>Example: <b class="command">valid users = greg, @pcusers</b></p></dd><dt><span class="term"><a name="VETOFILES"></a>veto files (S)</span></dt><dd><p>This is a list of files and directories that are neither visible nor accessible. Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' can be used to specify multiple files @@ -3065,14 +3091,14 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ client contention for files ending in <tt class="filename">.SEM</tt>. To cause Samba not to grant oplocks on these files you would use the line (either in the [global] section or in the section for - the particular NetBench share :</p><p>Example: <b class="command">veto oplock files = /*.SEM/</b></p></dd><dt><span class="term"><a name="VFSOBJECTS"></a>vfs objects (S)</span></dt><dd><p>This parameter specifies the backend names which - are used for Samba VFS I/O operations. By default, normal - disk I/O operations are used but these can be overloaded - with one or more VFS objects. </p><p>Default: <span class="emphasis"><em>no value</em></span></p><p>Example: <b class="command">vfs objects = extd_audit recycle</b></p></dd><dt><span class="term"><a name="VFSOBJECT"></a>vfs object (S)</span></dt><dd><p>Synonym for + the particular NetBench share :</p><p>Example: <b class="command">veto oplock files = /*.SEM/</b></p></dd><dt><span class="term"><a name="VFSOBJECT"></a>vfs object (S)</span></dt><dd><p>Synonym for <a href="#VFSOBJECTS"> <i class="parameter"><tt>vfs objects</tt></i> </a>. - </p></dd><dt><span class="term"><a name="VOLUME"></a>volume (S)</span></dt><dd><p> This allows you to override the volume label + </p></dd><dt><span class="term"><a name="VFSOBJECTS"></a>vfs objects (S)</span></dt><dd><p>This parameter specifies the backend names which + are used for Samba VFS I/O operations. By default, normal + disk I/O operations are used but these can be overloaded + with one or more VFS objects. </p><p>Default: <span class="emphasis"><em>no value</em></span></p><p>Example: <b class="command">vfs objects = extd_audit recycle</b></p></dd><dt><span class="term"><a name="VOLUME"></a>volume (S)</span></dt><dd><p> This allows you to override the volume label returned for a share. Useful for CDROMs with installation programs that insist on a particular volume label.</p><p>Default: <span class="emphasis"><em>the name of the share</em></span></p></dd><dt><span class="term"><a name="WIDELINKS"></a>wide links (S)</span></dt><dd><p>This parameter controls whether or not links in the UNIX file system may be followed by the server. Links @@ -3083,7 +3109,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ that Samba has to do in order to perform the link checks.</p><p>Default: <b class="command">wide links = yes</b></p></dd><dt><span class="term"><a name="WINBINDCACHETIME"></a>winbind cache time (G)</span></dt><dd><p>This parameter specifies the number of seconds the <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will cache user and group information before querying a Windows NT server - again.</p><p>Default: <b class="command">winbind cache type = 15</b></p></dd><dt><span class="term"><a name="WINBINDENABLELOCALACCOUNTS"></a>winbind enable local accounts (G)</span></dt><dd><p>This parameter controls whether or not winbindd + again.</p><p>Default: <b class="command">winbind cache type = 300</b></p></dd><dt><span class="term"><a name="WINBINDENABLELOCALACCOUNTS"></a>winbind enable local accounts (G)</span></dt><dd><p>This parameter controls whether or not winbindd will act as a stand in replacement for the various account management hooks in smb.conf (e.g. 'add user script'). If enabled, winbindd will support the creation of local @@ -3138,11 +3164,11 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ dynamic update of external name resolution databases such as dynamic DNS.</p><p>The wins hook parameter specifies the name of a script or executable that will be called as follows:</p><p><b class="command">wins_hook operation name nametype ttl IP_list</b></p><div class="itemizedlist"><ul type="disc"><li><p>The first argument is the operation and is - one of "add", "delete", or - "refresh". In most cases the operation + one of "add", "delete", or + "refresh". In most cases the operation can be ignored as the rest of the parameters provide sufficient information. Note that - "refresh" may sometimes be called when + "refresh" may sometimes be called when the name has not previously been added, in that case it should be treated as an add.</p></li><li><p>The second argument is the NetBIOS name. If the name is not a legal name then the wins hook is not called. |