From 82237a7e077ad79f3b55ae43150d86950bd47a99 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 22 Feb 2001 13:50:31 +0000 Subject: clean things up to fix HTML generation (This used to be commit be3a581de37edde555af8bb061c662f8f8e001a2) --- docs/docbook/smb.conf.5.sgml | 1087 +++++++++++++++++++++--------------------- 1 file changed, 543 insertions(+), 544 deletions(-) diff --git a/docs/docbook/smb.conf.5.sgml b/docs/docbook/smb.conf.5.sgml index 6e44a7a59a..a00ca178db 100644 --- a/docs/docbook/smb.conf.5.sgml +++ b/docs/docbook/smb.conf.5.sgml @@ -25,7 +25,7 @@ - FILE FORMAT + FILE FORMAT The file consists of sections and parameters. A section begins with the name of the section in square brackets and continues @@ -144,7 +144,7 @@ - The [homes] section + The [homes] section If a section called homes is included in the configuration file, services connecting clients to their @@ -215,7 +215,7 @@ - The [printers] section + The [printers] section This section works like [homes], but for printers. @@ -466,7 +466,7 @@ - NAME MANGLING + NAME MANGLING Samba supports "name mangling" so that DOS and Windows clients can use files that don't conform to the 8.3 format. @@ -529,7 +529,7 @@ - NOTE ABOUT USERNAME/PASSWORD VALIDATION + NOTE ABOUT USERNAME/PASSWORD VALIDATION There are a number of ways in which a user can connect to a service. The server follows the following steps in determining @@ -624,12 +624,6 @@ interfaces keepalive kernel oplocks - ldap filter - ldap port - ldap root - ldap root passwd - ldap server - ldap suffix lm announce lm interval load printers @@ -877,7 +871,7 @@ - add user script (G) + add user script (G) This is the full pathname to a script that will be run AS ROOT by smbd(8) under special circumstances decribed below. @@ -930,7 +924,7 @@ - admin users (S) + admin users (S) This is a list of users who will be granted administrative privileges on the share. This means that they will do all file operations as the super-user (root). @@ -948,7 +942,7 @@ - allow hosts (S) + allow hosts (S) Synonym for hosts allow. @@ -956,7 +950,7 @@ - allow trusted domains (G) + allow trusted domains (G) This option only takes effect when the security option is set to server or domain. @@ -982,7 +976,7 @@ - announce as (G) + announce as (G) This specifies what type of server nmbd will announce itself as, to a network neighborhood browse @@ -1004,7 +998,7 @@ - annouce version (G) + annouce version (G) This specifies the major and minor version numbers that nmbd will use when announcing itself as a server. The default is 4.2. Do not change this parameter unless you have a specific @@ -1019,7 +1013,7 @@ - auto services (G) + auto services (G) This is a list of services that you want to be automatically added to the browse lists. This is most useful for homes and printers services that would otherwise not be @@ -1038,7 +1032,7 @@ - available (S) + available (S) This parameter lets you "turn off" a service. If available = no, then ALL attempts to connect to the service will fail. Such failures are @@ -1052,7 +1046,7 @@ - bind interfaces only (G) + bind interfaces only (G) This global parameter allows the Samba admin to limit what interfaces on a machine will serve smb requests. If affects file service smbd(8) and @@ -1061,7 +1055,7 @@ For name service it causes nmbd to bind to ports 137 and 138 on the interfaces listed in the interfaces parameter. nmbd + linkend="INTERFACES">interfaces parameter. nmbd also binds to the "all addresses" interface (0.0.0.0) on ports 137 and 138 for the purposes of reading broadcast messages. If this option is not set then nmbd will service @@ -1078,7 +1072,7 @@ seriously as a security feature for nmbd. For file service it causes smbd(8) - to bind only to the interface list given in the + to bind only to the interface list given in the interfaces parameter. This restricts the networks that smbd will serve to packets coming in those interfaces. Note that you should not use this parameter for machines @@ -1122,7 +1116,7 @@ - blocking locks (S) + blocking locks (S) This parameter controls the behavior of smbd(8) when given a request by a client to obtain a byte range lock on a region of an open file, and the @@ -1146,15 +1140,15 @@ - browsable (S) - See the + browsable (S) + See the browseable. - browse list (G) + browse list (G) This controls whether smbd(8) will serve a browse list to a client doing a NetServerEnum call. Normally @@ -1167,7 +1161,7 @@ - browseable (S) + browseable (S) This controls whether this share is seen in the list of available shares in a net view and in the browse list. @@ -1178,23 +1172,23 @@ - case sensitive (S) + case sensitive (S) See the discussion in the section NAME MANGLING. + linkend="NAMEMANGLINGSECT">NAME MANGLING. - casesignames (S) - Synonym for case + casesignames (S) + Synonym for case sensitive. - change notify timeout (G) + change notify timeout (G) This SMB allows a client to tell a server to "watch" a particular directory for any changes and only reply to the SMB request when a change has occurred. Such constant scanning of @@ -1212,9 +1206,9 @@ - character set (G) + character set (G) This allows a smbd to map incoming filenames - from a DOS Code page (see the client + from a DOS Code page (see the client code page parameter) to several built in UNIX character sets. The built in code page translations are: @@ -1270,7 +1264,7 @@ - client code page (G) + client code page (G) This parameter specifies the DOS code page that the clients accessing Samba are using. To determine what code page a Windows or DOS client is using, open a DOS command prompt @@ -1322,7 +1316,7 @@ If not set, client code page defaults to 850. - See also : valid + See also : valid chars Default: client code page = 850 @@ -1332,10 +1326,10 @@ - codingsystem (G) + codingsystem (G) This parameter is used to determine how incoming Shift-JIS Japanese characters are mapped from the incoming client code page + linkend="CLIENTCODEPAGE">client code page used by the client, into file names in the UNIX filesystem. Only useful if client code page is set to 932 (Japanese Shift-JIS). The options are : @@ -1375,14 +1369,14 @@ - comment (S) + comment (S) This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via net view to list what shares are available. If you want to set the string that is displayed next to the - machine name then see the + machine name then see the server string parameter. Default: No comment string @@ -1392,7 +1386,7 @@ - config file (G) + config file (G) This allows you to override the config file to use, instead of the default (usually smb.conf). There is a chicken and egg problem here as this option is set @@ -1416,7 +1410,7 @@ - copy (S) + copy (S) This parameter allows you to "clone" service entries. The specified service is simply duplicated under the current service's name. Any parameters specified in the current @@ -1434,9 +1428,9 @@ - create mask (S) + create mask (S) A synonym for this parameter is - create mode + create mode . When a file is created, the necessary permissions are @@ -1452,18 +1446,18 @@ Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the force create mode + linkend="FORCECREATEMODE">force create mode parameter which is set to 000 by default. This parameter does not affect directory modes. See the - parameter directory mode + parameter directory mode for details. - See also the force + See also the force create mode parameter for forcing particular mode - bits to be set on created files. See also the + bits to be set on created files. See also the directory mode" parameter for masking - mode bits on created directories. See also the + mode bits on created directories. See also the inherit permissions parameter. Default: create mask = 0744 @@ -1473,15 +1467,15 @@ - create mode (S) - This is a synonym for + create mode (S) + This is a synonym for create mask. - deadtime (G) + deadtime (G) The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is considered dead, and it is disconnected. The deadtime only takes @@ -1507,13 +1501,13 @@ - debug hires timestamp (G) + debug hires timestamp (G) Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this boolean parameter adds microsecond resolution to the timestamp message header when turned on. - Note that the parameter + Note that the parameter debug timestamp must be on for this to have an effect. @@ -1524,9 +1518,9 @@ - debug timestamp (G) + debug timestamp (G) Samba 2.2 debug log messages are timestamped - by default. If you are running at a high + by default. If you are running at a high debug level these timestamps can be distracting. This boolean parameter allows timestamping to be turned off. @@ -1537,13 +1531,13 @@ - debug pid (G) + debug pid (G) When using only one log file for more then one forked smbd-process there may be hard to follow which process outputs which message. This boolean parameter is adds the process-id to the timestamp message headers in the logfile when turned on. - Note that the parameter + Note that the parameter debug timestamp must be on for this to have an effect. @@ -1553,13 +1547,13 @@ - debug uid (G) + debug uid (G) Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the current euid, egid, uid and gid to the timestamp message headers in the log file if turned on. - Note that the parameter + Note that the parameter debug timestamp must be on for this to have an effect. @@ -1569,7 +1563,7 @@ - debug level (G) + debug level (G) The value of the parameter (an integer) allows the debug level (logging level) to be specified in the smb.conf file. This is to give greater @@ -1584,17 +1578,17 @@ - default (G) - A synonym for + default (G) + A synonym for default service. - default case (S) - See the section on - NAME MANGLING". Also note the + default case (S) + See the section on + NAME MANGLING". Also note the short preserve case" parameter. @@ -1602,7 +1596,7 @@ - default service (G) + default service (G) This parameter specifies the name of a service which will be connected to if the service actually requested cannot be found. Note that the square brackets are NOT @@ -1612,8 +1606,8 @@ parameter is not given, attempting to connect to a nonexistent service results in an error. - Typically the default service would be a - guest ok, + Typically the default service would be a + guest ok, read-only service. Also note that the apparent service name will be changed @@ -1640,7 +1634,7 @@ - delete user script (G) + delete user script (G) This is the full pathname to a script that will be run AS ROOT by smbd(8) under special circumstances @@ -1661,7 +1655,7 @@ that will delete a UNIX user given one argument of %u , which expands into the UNIX user name to delete. NOTE that this is different to the add user script + linkend="ADDUSERSCRIPT">add user script which will work with the security=server option as well as security=domain. The reason for this is only when Samba is a domain member does it get the information @@ -1672,7 +1666,7 @@ When the Windows user attempts to access the Samba server, at login (session setup in the SMB protocol) - time, smbd contacts the + time, smbd contacts the password server and attempts to authenticate the given user with the given password. If the authentication fails with the specific Domain error code meaning that the user no longer @@ -1687,9 +1681,9 @@ UNIX users are dynamically deleted to match existing Windows NT accounts. - See also security=domain, - password server - , add user script + See also security=domain, + password server + , add user script . Default: delete user script = <empty string> @@ -1701,7 +1695,7 @@ - delete readonly (S) + delete readonly (S) This parameter allows readonly files to be deleted. This is not normal DOS semantics, but is allowed by UNIX. @@ -1715,10 +1709,10 @@ - delete veto files (S) + delete veto files (S) This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories - (see the veto files + (see the veto files option). If this option is set to False (the default) then if a vetoed directory contains any non-vetoed files or directories then the directory delete will fail. This is usually what you want. @@ -1734,7 +1728,7 @@ directories to be transparently deleted when the parent directory is deleted (so long as the user has permissions to do so). - See also the veto + See also the veto files parameter. Default: delete veto files = no @@ -1743,15 +1737,15 @@ - deny hosts (S) - Synonym for hosts + deny hosts (S) + Synonym for hosts deny. - dfree command (G) + dfree command (G) The dfree command setting should only be used on systems where a problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, @@ -1805,15 +1799,15 @@ - directory (S) - Synonym for path + directory (S) + Synonym for path . - directory mask (S) + directory mask (S) This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories. @@ -1832,20 +1826,20 @@ Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the force directory mode + linkend="FORCEDIRECTORYMODE">force directory mode parameter. This parameter is set to 000 by default (i.e. no extra mode bits are added). - See the force + See the force directory mode parameter to cause particular mode bits to always be set on created directories. - See also the create mode + See also the create mode parameter for masking mode bits on created files, - and the directory + and the directory security mask parameter. - Also refer to the + Also refer to the inherit permissions parameter. Default: directory mask = 0755 @@ -1856,15 +1850,15 @@ - directory mode (S) - Synonym for + directory mode (S) + Synonym for directory mask - directory security mask (S) + directory security mask (S) This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog @@ -1877,7 +1871,7 @@ to change. If not set explicitly this parameter is set to the same - value as the directory + value as the directory mask parameter. To allow a user to modify all the user/group/world permissions on a directory, set this parameter to 0777. @@ -1888,10 +1882,10 @@ Administrators of most normal systems will probably want to set it to 0777. - See also the + See also the force directory security mode, security mask, - force security mode + linkend="SECURITYMASK">security mask, + force security mode parameters. Default: directory security mask = <same as @@ -1903,7 +1897,7 @@ - dns proxy (G) + dns proxy (G) Specifies that nmbd(8) when acting as a WINS server and finding that a NetBIOS name has not been registered, should treat the NetBIOS name word-for-word as a DNS @@ -1918,7 +1912,7 @@ DNS name lookup requests, as doing a name lookup is a blocking action. - See also the parameter + See also the parameter wins support. Default: dns proxy = yes @@ -1927,7 +1921,7 @@ - domain admin group (G) + domain admin group (G) This is an EXPERIMENTAL parameter that is part of the unfinished Samba NT Domain Controller Code. It may be removed in a later release. To work with the latest code builds @@ -1940,7 +1934,7 @@ - domain admin users (G) + domain admin users (G) This is an EXPERIMENTAL parameter that is part of the unfinished Samba NT Domain Controller Code. It may be removed in a later release. To work with the latest code builds @@ -1953,7 +1947,7 @@ - domain groups (G) + domain groups (G) This is an EXPERIMENTAL parameter that is part of the unfinished Samba NT Domain Controller Code. It may be removed in a later release. To work with the latest code builds @@ -1967,7 +1961,7 @@ - domain guest group (G) + domain guest group (G) This is an EXPERIMENTAL parameter that is part of the unfinished Samba NT Domain Controller Code. It may be removed in a later release. To work with the latest code builds @@ -1980,7 +1974,7 @@ - domain guest users (G) + domain guest users (G) This is an EXPERIMENTAL parameter that is part of the unfinished Samba NT Domain Controller Code. It may be removed in a later release. To work with the latest code builds @@ -1993,9 +1987,9 @@ - domain logons (G) + domain logons (G) If set to true, the Samba server will serve - Windows 95/98 Domain logons for the + Windows 95/98 Domain logons for the workgroup it is in. Samba 2.2 also has limited capability to act as a domain controller for Windows NT 4 Domains. For more details on setting up this feature see @@ -2008,12 +2002,12 @@ - domain master (G) + domain master (G) Tell nmbd(8) to enable WAN-wide browse list collation. Setting this option causes nmbd to claim a special domain specific NetBIOS name that identifies - it as a domain master browser for its given + it as a domain master browser for its given workgroup. Local master browsers in the same workgroup on broadcast-isolated subnets will give this nmbd their local browse lists, @@ -2039,7 +2033,7 @@ - dont descend (S) + dont descend (S) There are certain directories on some systems (e.g., the /proc tree under Linux) that are either not of interest to clients or are infinitely deep (recursive). This @@ -2060,7 +2054,7 @@ - dos filetime resolution (S) + dos filetime resolution (S) Under the DOS and Windows FAT filesystem, the finest granularity on time resolution is two seconds. Setting this parameter for a share causes Samba to round the reported time down to the @@ -2086,7 +2080,7 @@ - dos filetimes (S) + dos filetimes (S) Under DOS and Windows, if a user can write to a file they can change the timestamp on it. Under POSIX semantics, only the owner of the file or root may change the timestamp. By @@ -2102,7 +2096,7 @@ - encrypt passwords (G) + encrypt passwords (G) This boolean controls whether encrypted passwords will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords @@ -2116,7 +2110,7 @@ file (see the smbpasswd(8) program for information on how to set up and maintain this file), or set the security=[serve|domain] parameter which + linkend="SECURITY">security=[serve|domain] parameter which causes smbd to authenticate against another server. @@ -2126,15 +2120,15 @@ - exec (S) - This is a synonym for + exec (S) + This is a synonym for preexec. - fake directory create times (S) + fake directory create times (S) NTFS and Windows VFAT file systems keep a create time for all files and directories. This is not the same as the ctime - status change time - that Unix keeps, so Samba by default @@ -2166,7 +2160,7 @@ - fake oplocks (S) + fake oplocks (S) Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an oplock (opportunistic lock) then the client is free to assume @@ -2181,7 +2175,7 @@ the file. It is generally much better to use the real oplocks support rather + linkend="OPLOCKS">oplocks support rather than this parameter. If you enable this option on all read-only shares or @@ -2198,7 +2192,7 @@ - follow symlinks (S) + follow symlinks (S) This parameter allows the Samba administrator to stop smbd(8) from following symbolic links in a particular share. Setting this @@ -2218,7 +2212,7 @@ - force create mode (S) + force create mode (S) This parameter specifies a set of UNIX mode bit permissions that will always be set on a file by Samba. This is done by bitwise 'OR'ing these bits onto @@ -2228,10 +2222,10 @@ mode after the mask set in the create mask parameter is applied. - See also the parameter create + See also the parameter create mask for details on masking mode bits on files. - See also the inherit + See also the inherit permissions parameter. Default: force create mode = 000 @@ -2246,7 +2240,7 @@ - force directory mode (S) + force directory mode (S) This parameter specifies a set of UNIX mode bit permissions that will always be set on a directory created by Samba. This is done by bitwise 'OR'ing these bits onto the @@ -2256,11 +2250,11 @@ mask in the parameter directory mask is applied. - See also the parameter + See also the parameter directory mask for details on masking mode bits on created directories. - See also the + See also the inherit permissions parameter. Default: force directory mode = 000 @@ -2275,7 +2269,7 @@ - force directory security mode (S) + force directory security mode (S) This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog box. @@ -2287,7 +2281,7 @@ on a directory, the user has always set to be 'on'. If not set explicitly this parameter is set to the same - value as the force + value as the force directory mode parameter. To allow a user to modify all the user/group/world permissions on a directory, with restrictions set this parameter to 000. @@ -2298,10 +2292,10 @@ Administrators of most normal systems will probably want to set it to 0000. - See also the - directory security mask, + See also the + directory security mask, security mask, - force security mode + force security mode parameters. Default: force directory security mode = <same as @@ -2314,7 +2308,7 @@ - force group (S) + force group (S) This specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service. This is useful for sharing files by ensuring @@ -2336,12 +2330,12 @@ primary group assigned to sys when accessing this Samba share. All other users will retain their ordinary primary group. - If the force user + If the force user parameter is also set the group specified in force group will override the primary group set in force user. - See also force + See also force user. Default: no forced group @@ -2352,7 +2346,7 @@ - force security mode (S) + force security mode (S) This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog @@ -2365,7 +2359,7 @@ on a file, the user has always set to be 'on'. If not set explicitly this parameter is set to the same - value as the force + value as the force create mode parameter. To allow a user to modify all the user/group/world permissions on a file, with no restrictions set this parameter to 000. @@ -2376,10 +2370,10 @@ Administrators of most normal systems will probably want to set it to 0000. - See also the + See also the force directory security mode, - directory security - mask, + directory security + mask, security mask parameters. Default: force security mode = <same as force @@ -2391,7 +2385,7 @@ - force user (S) + force user (S) This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully @@ -2410,7 +2404,7 @@ for all file activity. Prior to 2.0.5 the primary group was left as the primary group of the connecting user (this was a bug). - See also force group + See also force group Default: no forced user @@ -2421,7 +2415,7 @@ - fstype (S) + fstype (S) This parameter allows the administrator to configure the string that specifies the type of filesystem a share is using that is reported by smbd(8) @@ -2438,11 +2432,11 @@ - getwd cache (G) + getwd cache (G) This is a tuning option. When this is enabled a caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially - when the wide links + when the wide links parameter is set to False. Default: getwd cache = No @@ -2452,17 +2446,17 @@ - group (S) - Synonym for force + group (S) + Synonym for force group. - guest account (S) + guest account (S) This is a username which will be used for access - to services which are specified as + to services which are specified as guest ok (see below). Whatever privileges this ser has will be available to any client connecting to the guest service. Typically this user will exist in the password file, but will not @@ -2486,13 +2480,13 @@ - guest ok (S) + guest ok (S) If this parameter is yes for a service, then no password is equired to connect to the service. - Privileges will be those of the + Privileges will be those of the guest account. - See the section below on + See the section below on security for more information about this option. @@ -2502,13 +2496,13 @@ - guest only (S) + guest only (S) If this parameter is yes for a service, then only guest connections to the service are permitted. - This parameter will have no affect if + This parameter will have no affect if guest ok is not set for the service. - See the section below on + See the section below on security for more information about this option. @@ -2518,7 +2512,7 @@ - hide dot files (S) + hide dot files (S) This is a boolean parameter that controls whether files starting with a dot appear as hidden files. @@ -2528,7 +2522,7 @@ - hide files(S) + hide files(S) This is a list of files or directories that are not visible but are accessible. The DOS 'hidden' attribute is applied to any files or directories that match. @@ -2548,9 +2542,9 @@ as it will be forced to check all files and directories for a match as they are scanned. - See also hide - dot files, - veto files and + See also hide + dot files, + veto files and case sensitive. Default: no file are hidden @@ -2566,7 +2560,7 @@ - hide local users(G) + hide local users(G) This parameter toggles the hiding of local UNIX users (root, wheel, floppy, etc) from remote clients. @@ -2576,8 +2570,8 @@ - homedir map (G) - Ifnis homedir + homedir map (G) + Ifnis homedir is True, and smbd(8) is also acting as a Win95/98 logon server then this parameter @@ -2595,8 +2589,8 @@ NOTE :A working NIS client is required on the system for this option to work. - See also nis homedir - , domain logons + See also nis homedir + , domain logons . Default: homedir map = auto.home @@ -2607,7 +2601,7 @@ - hosts allow (S) + hosts allow (S) A synonym for this parameter is allow hosts. @@ -2628,7 +2622,7 @@ Note that the localhost address 127.0.0.1 will always be allowed access unless specifically denied by a hosts deny option. + linkend="HOSTSDENY">hosts deny option. You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The @@ -2671,7 +2665,7 @@ - hosts deny (S) + hosts deny (S) The opposite of hosts allow - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override @@ -2688,13 +2682,13 @@ - hosts equiv (G) + hosts equiv (G) If this global parameter is a non-null string, it specifies the name of a file to read for the names of hosts and users who will be allowed access without specifying a password. - This is not be confused with + This is not be confused with hosts allow which is about hosts access to services and is more useful for guest services. hosts equiv may be useful for NT clients which will @@ -2717,7 +2711,7 @@ - include (G) + include (G) This allows you to include one config file inside another. The file is included literally, as though typed in place. @@ -2734,13 +2728,13 @@ - inherit permissions (S) + inherit permissions (S) The permissions on new files and directories - are normally governed by - create mask, + are normally governed by + create mask, directory mask, force create mode - and force + linkend="FORCECREATEMODE">force create mode + and force directory mode but the boolean inherit permissions parameter overrides this. @@ -2749,9 +2743,9 @@ New files inherit their read/write bits from the parent directory. Their execute bits continue to be determined by - map archive - , map hidden - and map system + map archive + , map hidden + and map system as usual. Note that the setuid bit is never set via @@ -2761,11 +2755,11 @@ many users, perhaps several thousand,to allow a single [homes] share to be used flexibly by each user. - See also create mask - , - directory mask, + See also create mask + , + directory mask, force create mode and force directory mode + linkend="FORCEDIRECTORYMODE">force directory mode . Default: inherit permissions = no @@ -2775,7 +2769,7 @@ - interfaces (G) + interfaces (G) This option allows you to override the default network interfaces list that Samba will use for browsing, name registration and other NBT traffic. By default Samba will query @@ -2816,14 +2810,14 @@ to the eth0 device and IP addresses 192.168.2.10 and 192.168.3.10. The netmasks of the latter two interfaces would be set to 255.255.255.0. - See also bind + See also bind interfaces only. - invalid users (S) + invalid users (S) This is a list of users that should not be allowed to login to this service. This is really a paranoid check to absolutely ensure an improper setting does not breach @@ -2847,7 +2841,7 @@ The current servicename is substituted for %S. This is useful in the [homes] section. - See also valid users + See also valid users . Default: no invalid users @@ -2859,7 +2853,7 @@ - keepalive (G) + keepalive (G) The value of the parameter (an integer) represents the number of seconds between keepalive packets. If this parameter is zero, no keepalive packets will be @@ -2868,7 +2862,7 @@ Keepalives should, in general, not be needed if the socket being used has the SO_KEEPALIVE attribute set on it (see socket options). + linkend="SOCKETOPTIONS">socket options). Basically you should only use this option if you strike difficulties. Default: keepalive = 0 @@ -2879,9 +2873,9 @@ - kernel oplocks (G) + kernel oplocks (G) For UNIXs that support kernel based oplocks + linkend="OPLOCKS">oplocks (currently only IRIX and the Linux 2.4 kernel), this parameter allows the use of them to be turned on or off. @@ -2896,8 +2890,8 @@ that have the support, and off on systems that don't. You should never need to touch this parameter. - See also the oplocks - and level2 oplocks + See also the oplocks + and level2 oplocks parameters. Default: kernel oplocks = yes @@ -2907,7 +2901,7 @@ - level2 oplocks (S) + level2 oplocks (S) This parameter controls whether Samba supports level2 (read-only) oplocks on a share. @@ -2932,15 +2926,15 @@ For more discussions on level2 oplocks see the CIFS spec. - Currently, if kernel + Currently, if kernel oplocks are supported then level2 oplocks are not granted (even if this parameter is set to yes). - Note also, the oplocks + Note also, the oplocks parameter must be set to "true" on this share in order for this parameter to have any effect. - See also the oplocks - and kernel oplocks + See also the oplocks + and kernel oplocks parameters. Default: level2 oplocks = False @@ -2950,7 +2944,7 @@ - lm announce (G) + lm announce (G) This parameter determines if nmbd(8) will produce Lanman announce broadcasts that are needed by OS/2 clients in order for them to see @@ -2966,7 +2960,7 @@ then start sending them at a frequency set by the parameter lm interval. - See also lm interval + See also lm interval . Default: lm announce = auto @@ -2977,16 +2971,16 @@ - lm interval (G) + lm interval (G) If Samba is set to produce Lanman announce - broadcasts needed by OS/2 clients (see the + broadcasts needed by OS/2 clients (see the lm announce parameter) then this parameter defines the frequency in seconds with which they will be made. If this is set to zero then no Lanman announcements will be made despite the setting of the lm announce parameter. - See also lm + See also lm announce. Default: lm interval = 60 @@ -2997,10 +2991,10 @@ - load printers (G) + load printers (G) A boolean variable that controls whether all printers in the printcap will be loaded for browsing by default. - See the printers section for + See the printers section for more details. Default: load printers = yes @@ -3010,7 +3004,7 @@ - local master (G) + local master (G) This option allows nmbd(8) to try and become a local master browser on a subnet. If set to False then @@ -3031,18 +3025,18 @@ - lock dir (G) - Synonym for + lock dir (G) + Synonym for lock directory. - lock directory (G) + lock directory (G) This option specifies the directory where lock files will be placed. The lock files are used to implement the - max connections + max connections option. Default: lock directory = /tmp/samba @@ -3053,7 +3047,7 @@ - locking (S) + locking (S) This controls whether or not locking will be performed by the server in response to lock requests from the client. @@ -3081,7 +3075,7 @@ - log file (G) + log file (G) This options allows you to override the name of the Samba log file (also known as the debug file). @@ -3095,8 +3089,8 @@ - log level (G) - Synonym for + log level (G) + Synonym for debug level. @@ -3104,10 +3098,10 @@ - logon drive (G) + logon drive (G) This parameter specifies the local path to which the home directory will be connected (see logon home) + linkend="LOGONHOME">logon home) and is only used by NT Workstations. Note that this option is only useful if Samba is set up as a @@ -3121,7 +3115,7 @@ - logon home (G) + logon home (G) This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. It allows you to do @@ -3146,7 +3140,7 @@ \\server\share when a user does net use /home" but use the whole string when dealing with profiles. - Note that in prior versions of Samba, the + Note that in prior versions of Samba, the logon path was returned rather than logon home. This broke net use /home but allowed profiles outside the home directory. @@ -3163,12 +3157,12 @@ - logon path (G) + logon path (G) This parameter specifies the home directory where roaming profiles (NTuser.dat etc files for Windows NT) are stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming profiles. To find out how to - handle roaming profiles for Win 9X system, see the + handle roaming profiles for Win 9X system, see the logon home parameter. This option takes the standard substitutions, allowing you @@ -3211,7 +3205,7 @@ - logon script (G) + logon script (G) This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS @@ -3219,7 +3213,7 @@ file is recommended. The script must be a relative path to the [netlogon] - service. If the [netlogon] service specifies a + service. If the [netlogon] service specifies a path of /usr/local/samba/netlogon , and logon script = STARTUP.BAT, then the file that will be downloaded is: @@ -3253,7 +3247,7 @@ - lppause command (S) + lppause command (S) This parameter specifies the command to be executed on the server host in order to stop printing or spooling a specific print job. @@ -3275,7 +3269,7 @@ Note that it is good practice to include the absolute path in the lppause command as the PATH may not be available to the server. - See also the printing + See also the printing parameter. Default: Currently no default value is given to @@ -3297,7 +3291,7 @@ - lpq cache time (G) + lpq cache time (G) This controls how long lpq info will be cached for to prevent the lpq command being called too often. A separate cache is kept for each variation of the @@ -3315,7 +3309,7 @@ A value of 0 will disable caching completely. - See also the printing + See also the printing parameter. Default: lpq cache time = 10 @@ -3326,7 +3320,7 @@ - lpq command (S) + lpq command (S) This parameter specifies the command to be executed on the server host in order to obtain lpq -style printer status information. @@ -3354,7 +3348,7 @@ in the lpq command as the PATH may not be available to the server. - See also the printing + See also the printing parameter. Default: depends on the setting of @@ -3367,14 +3361,14 @@ - lpresume command (S) + lpresume command (S) This parameter specifies the command to be executed on the server host in order to restart or continue printing or spooling a specific print job. This command should be a program or script which takes a printer name and job number to resume the print job. See - also the lppause command + also the lppause command parameter. If a %p is given then the printername @@ -3385,7 +3379,7 @@ in the lpresume command as the PATH may not be available to the server. - See also the printing + See also the printing parameter. Default: Currently no default value is given @@ -3407,7 +3401,7 @@ - lprm command (S) + lprm command (S) This parameter specifies the command to be executed on the server host in order to delete a print job. @@ -3422,7 +3416,7 @@ path in the lprm command as the PATH may not be available to the server. - See also the printing + See also the printing parameter. Default: depends on the setting of printing @@ -3437,9 +3431,9 @@ - machine password timeout (G) + machine password timeout (G) If a Samba server is a member of an Windows - NT Domain (see the security=domain) + NT Domain (see the security=domain) parameter) then periodically a running smbd(8) process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called private/secrets.tdb @@ -3448,7 +3442,7 @@ seconds), the same as a Windows NT Domain member server. See also smbpasswd(8) - , and the + , and the security=domain) parameter. Default: machine password timeout = 604800 @@ -3457,10 +3451,10 @@ - magic output (S) + magic output (S) This parameter specifies the name of a file which will contain output created by a magic script (see the - magic script + magic script parameter below). Warning: If two clients use the same magic script @@ -3477,7 +3471,7 @@ - magic script (S) + magic script (S) This parameter specifies the name of a file which, if opened, will be executed by the server when the file is closed. This allows a UNIX script to be sent to the Samba host and @@ -3487,7 +3481,7 @@ completion, permissions permitting. If the script generates output, output will be sent to - the file specified by the + the file specified by the magic output parameter (see above). Note that some shells are unable to interpret scripts @@ -3507,15 +3501,15 @@ - mangle case (S) - See the section on + mangle case (S) + See the section on NAME MANGLING - mangled map (S) + mangled map (S) This is for those who want to directly map UNIX file names which can not be represented on Windows/DOS. The mangling of names is not always what is needed. In particular you may have @@ -3540,12 +3534,12 @@ - mangled names (S) + mangled names (S) This controls whether non-DOS names under UNIX should be mapped to DOS-compatible names ("mangled") and made visible, or whether non-DOS names should simply be ignored. - See the section on + See the section on NAME MANGLING for details on how to control the mangling process. If mangling is used then the mangling algorithm is as follows: @@ -3564,7 +3558,7 @@ characters. Note that the character to use may be specified using - the mangling char + the mangling char option, if you don't like '~'. The first three alphanumeric characters of the final @@ -3601,10 +3595,10 @@ - mangling char (S) + mangling char (S) This controls what character is used as the magic character in name mangling. The default is a '~' + linkend="NAMEMANGLINGSECT">name mangling. The default is a '~' but this may interfere with some software. Use this option to set it to whatever you prefer. @@ -3616,7 +3610,7 @@ - mangled stack (G) + mangled stack (G) This parameter controls the number of mangled names that should be cached in the Samba server smbd(8). @@ -3642,7 +3636,7 @@ - map archive (S) + map archive (S) This controls whether the DOS archive attribute should be mapped to the UNIX owner execute bit. The DOS archive bit is set when a file has been modified since its last backup. One @@ -3652,7 +3646,7 @@ Note that this requires the create mask parameter to be set such that owner execute bit is not masked out - (i.e. it must include 100). See the parameter + (i.e. it must include 100). See the parameter create mask for details. Default: map archive = yes @@ -3662,13 +3656,13 @@ - map hidden (S) + map hidden (S) This controls whether DOS style hidden files should be mapped to the UNIX world execute bit. Note that this requires the create mask to be set such that the world execute bit is not masked out (i.e. - it must include 001). See the parameter + it must include 001). See the parameter create mask for details. Default: map hidden = no @@ -3677,13 +3671,13 @@ - map system (S) + map system (S) This controls whether DOS style system files should be mapped to the UNIX group execute bit. Note that this requires the create mask to be set such that the group execute bit is not masked out (i.e. - it must include 010). See the parameter + it must include 010). See the parameter create mask for details. Default: map system = no @@ -3692,8 +3686,8 @@ - map to guest (G) - This parameter is only useful in + map to guest (G) + This parameter is only useful in security modes other than security=share - i.e. user, server, and domain. @@ -3712,12 +3706,12 @@ Bad User - Means user logins with an invalid password are rejected, unless the username does not exist, in which case it is treated as a guest login and - mapped into the + mapped into the guest account. Bad Password - Means user logins with an invalid password are treated as a guest login and mapped - into the guest account. Note that + into the guest account. Note that this can cause problems as it means that any user incorrectly typing their password will be silently logged on as a "guest" - and will not know the reason they cannot access files they think @@ -3747,7 +3741,7 @@ - max connections (S) + max connections (S) This option allows the number of simultaneous connections to a service to be limited. If max connections is greater than 0 then connections will be refused if @@ -3756,7 +3750,7 @@ Record lock files are used to implement this feature. The lock files will be stored in the directory specified by the lock directory + linkend="LOCKDIRECTORY">lock directory option. Default: max connections = 0 @@ -3767,7 +3761,7 @@ - max disk size (G) + max disk size (G) This option allows you to put an upper limit on the apparent size of disks. If you set this option to 100 then all shares will appear to be not larger than 100 MB in @@ -3794,7 +3788,7 @@ - max log size (G) + max log size (G) This option (an integer in kilobytes) specifies the max size the log file should grow to. Samba periodically checks the size and if it is exceeded it will rename the file, adding @@ -3810,7 +3804,7 @@ - max mux (G) + max mux (G) This option controls the maximum number of outstanding simultaneous SMB operations that samba tells the client it will allow. You should never need to set this parameter. @@ -3822,7 +3816,7 @@ - max open files (G) + max open files (G) This parameter limits the maximum number of open files that one smbd(8) file serving process may have open for a client at any one time. The @@ -3840,7 +3834,7 @@ - max ttl (G) + max ttl (G) This option tells nmbd(8) what the default 'time to live' of NetBIOS names should be (in seconds) when nmbd is requesting a name using either a @@ -3854,15 +3848,15 @@ - max wins ttl (G) + max wins ttl (G) This option tells nmbd(8) - when acting as a WINS server ( + when acting as a WINS server ( wins support=yes) what the maximum 'time to live' of NetBIOS names that nmbd will grant will be (in seconds). You should never need to change this parameter. The default is 6 days (518400 seconds). - See also the min + See also the min wins ttl" parameter. Default: max wins ttl = 518400 @@ -3872,7 +3866,7 @@ - max xmit (G) + max xmit (G) This option controls the maximum packet size that will be negotiated by Samba. The default is 65535, which is the maximum. In some cases you may find you get better performance @@ -3887,7 +3881,7 @@ - message command (G) + message command (G) This specifies what command to run when the server receives a WinPopup style message. @@ -3955,13 +3949,13 @@ - min print space (S) + min print space (S) This sets the minimum amount of free disk space that must be available before a user will be able to spool a print job. It is specified in kilobytes. The default is 0, which means a user can always spool a print job. - See also the printing + See also the printing parameter. Default: min print space = 0 @@ -3972,8 +3966,8 @@ - min passwd length (G) - Synonym for + min passwd length (G) + Synonym for min password length. @@ -3981,15 +3975,15 @@ - min password length (G) + min password length (G) This option sets the minimum length in characters of a plaintext password than smbd will accept when performing UNIX password changing. - See also unix - password sync, + See also unix + password sync, passwd program and passwd chat debug + linkend="PASSWDCHATDEBUG">passwd chat debug . Default: min password length = 5 @@ -3998,9 +3992,9 @@ - min wins ttl (G) + min wins ttl (G) This option tells nmbd(8) - when acting as a WINS server ( + when acting as a WINS server ( wins support = yes) what the minimum 'time to live' of NetBIOS names that nmbd will grant will be (in seconds). You should never need to change this parameter. The default @@ -4013,7 +4007,7 @@ - name resolve order (G) + name resolve order (G) This option is used by the programs in the Samba suite to determine what naming services and in what order to resolve host names to IP addresses. The option takes a space separated @@ -4039,13 +4033,13 @@ it is ignored. wins : Query a name with - the IP address listed in the + the IP address listed in the wins server parameter. If no WINS server has been specified this method will be ignored. bcast : Do a broadcast on each of the known local interfaces listed in the interfaces + linkend="INTERFACES">interfaces parameter. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet. @@ -4066,7 +4060,7 @@ - netbios aliases (G) + netbios aliases (G) This is a list of NetBIOS names that nmbd(8) will advertise as additional names by which the Samba server is known. This allows one machine @@ -4076,7 +4070,7 @@ servers, only the primary name of the machine will be advertised with these capabilities. - See also netbios + See also netbios name. Default: empty string (no additional names) @@ -4087,7 +4081,7 @@ - netbios name (G) + netbios name (G) This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component of the host's DNS name. If a machine is a browse server or @@ -4095,7 +4089,7 @@ of the hosts DNS name) will be the name that these services are advertised under. - See also netbios + See also netbios aliases. Default: machine DNS name @@ -4106,7 +4100,7 @@ - netbios scope (G) + netbios scope (G) This sets the NetBIOS scope that Samba will operate under. This should not be set unless every machine on your LAN also sets this value. @@ -4115,7 +4109,7 @@ - nis homedir (G) + nis homedir (G) Get the home share server from a NIS map. For UNIX systems that use an automounter, the user's home directory will often be mounted on a workstation on demand from a remote @@ -4133,7 +4127,7 @@ long as a Samba daemon is running on the home directory server, it will be mounted on the Samba client directly from the directory server. When Samba is returning the home share to the client, it - will consult the NIS map specified in + will consult the NIS map specified in homedir map and return the server listed there. @@ -4148,7 +4142,7 @@ - nt acl support (G) + nt acl support (G) This boolean parameter controls whether smbd(8) will attempt to map UNIX permissions into Windows NT access control lists. @@ -4160,7 +4154,7 @@ - nt pipe support (G) + nt pipe support (G) This boolean parameter controls whether smbd(8) will allow Windows NT clients to connect to the NT SMB specific IPC$ @@ -4174,7 +4168,7 @@ - nt smb support (G) + nt smb support (G) This boolean parameter controls whether smbd(8) will negotiate NT specific SMB support with Windows NT clients. Although this is a developer @@ -4193,7 +4187,7 @@ - null passwords (G) + null passwords (G) Allow or disallow client access to accounts that have null passwords. @@ -4205,7 +4199,7 @@ - ole locking compatibility (G) + ole locking compatibility (G) This parameter allows an administrator to turn off the byte range lock manipulation that is done within Samba to give compatibility for OLE applications. Windows OLE applications @@ -4222,8 +4216,8 @@ - only guest (S) - A synonym for + only guest (S) + A synonym for guest only. @@ -4231,7 +4225,7 @@ - only user (S) + only user (S) This is a boolean option that controls whether connections with usernames not in the user list will be allowed. By default this option is disabled so a client @@ -4244,7 +4238,7 @@ will be just the service name, which for home directories is the name of the user. - See also the user + See also the user parameter. Default: only user = no @@ -4254,7 +4248,7 @@ - oplocks (S) + oplocks (S) This boolean option tells smbd whether to issue oplocks (opportunistic locks) to file open requests on this share. The oplock code can dramatically (approx. 30% or more) improve @@ -4266,15 +4260,15 @@ directory. Oplocks may be selectively turned off on certain files on - a per share basis. See the + a per share basis. See the veto oplock files parameter. On some systems oplocks are recognized by the underlying operating system. This allows data synchronization between all access to oplocked files, whether it be via Samba or NFS or a local UNIX process. See the kernel oplocks parameter for details. - See also the kernel - oplocks and + See also the kernel + oplocks and level2 oplocks parameters. Default: oplocks = yes @@ -4284,7 +4278,7 @@ - oplock break wait time (G) + oplock break wait time (G) This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too quickly when that client issues an SMB that can cause an oplock @@ -4302,7 +4296,7 @@ - oplock contention limit (S) + oplock contention limit (S) This is a very advanced smbd(8) tuning option to improve the efficiency of the granting of oplocks under multiple @@ -4323,7 +4317,7 @@ - os level (G) + os level (G) This integer value controls what level Samba advertises itself as for browse elections. The value of this parameter determines whether nmbd(8) @@ -4341,7 +4335,7 @@ - panic action (G) + panic action (G) This is a Samba developer option that allows a system command to be called when either smbd(8) or nmbd(8) @@ -4355,14 +4349,14 @@ - passwd chat (G) + passwd chat (G) This string controls the "chat" conversation that takes places between smbd and the local password changing program to change the users password. The string describes a sequence of response-receive pairs that smbd(8) uses to determine what to send to the - passwd program + passwd program and what to expect back. If the expected output is not received then the password is not changed. @@ -4387,16 +4381,16 @@ is a fullstop ".", then no string is sent. Similarly, is the expect string is a fullstop then no string is expected. - Note that if the unix + Note that if the unix password sync parameter is set to true, then this sequence is called AS ROOT when the SMB password in the smbpasswd file is being changed, without access to the old password cleartext. In this case the old password cleartext is set to "" (the empty string). - See also unix password - sync, - passwd program and + See also unix password + sync, + passwd program and passwd chat debug. Default: passwd chat = *old*password* %o\n *new* @@ -4410,12 +4404,12 @@ - passwd chat debug (G) + passwd chat debug (G) This boolean specifies if the passwd chat script parameter is run in debug mode. In this mode the strings passed to and received from the passwd chat are printed in the smbd(8) log with a - debug level + debug level of 100. This is a dangerous option as it will allow plaintext passwords to be seen in the smbd log. It is available to help Samba admins debug their passwd chat scripts @@ -4423,8 +4417,8 @@ be turned off after this has been done. This parameter is off by default. - See also <passwd chat - , passwd program + See also <passwd chat + , passwd program . Default: passwd chat debug = no @@ -4435,7 +4429,7 @@ - passwd program (G) + passwd program (G) The name of a program that can be used to set UNIX user passwords. Any occurrences of %u will be replaced with the user name. The user name is checked for @@ -4461,7 +4455,7 @@ for security implications. Note that by default unix password sync is set to False. - See also unix + See also unix password sync. Default: passwd program = /bin/passwd @@ -4473,7 +4467,7 @@ - password level (G) + password level (G) Some client/server combinations have difficulty with mixed-case passwords. One offending client is Windows for Workgroups, which for some reason forces passwords to upper @@ -4513,7 +4507,7 @@ - password server (G) + password server (G) By specifying the name of another SMB server (such as a WinNT box) with this option, and using security = domain or security = server you can get Samba @@ -4526,7 +4520,7 @@ as the smb.conf file. The name of the password server is looked up using the - parameter name + parameter name resolve order and so may resolved by any method and order described in that parameter. @@ -4588,7 +4582,7 @@ come from there rather than from the users workstation. - See also the security + See also the security parameter. Default: password server = <empty string> @@ -4602,7 +4596,7 @@ - path (S) + path (S) This parameter specifies a directory to which the user of the service is to be given access. In the case of printable services, this is where print data will spool prior to @@ -4621,7 +4615,7 @@ connecting from. These replacements are very useful for setting up pseudo home directories for users. - Note that this path will be based on + Note that this path will be based on root dir if one was specified. Default: none @@ -4632,7 +4626,7 @@ - postexec (S) + postexec (S) This option specifies a command to be run whenever the service is disconnected. It takes the usual substitutions. The command may be run as the root on some @@ -4643,7 +4637,7 @@ postexec = /etc/umount /cdrom - See also preexec + See also preexec . Default: none (no command executed) @@ -4657,7 +4651,7 @@ - postscript (S) + postscript (S) This parameter forces a printer to interpret the print files as postscript. This is done by adding a %! to the start of print output. @@ -4673,7 +4667,7 @@ - preexec (S) + preexec (S) This option specifies a command to be run whenever the service is connected to. It takes the usual substitutions. @@ -4686,8 +4680,8 @@ Of course, this could get annoying after a while :-) - See also preexec close - and postexec + See also preexec close + and postexec . Default: none (no command executed) @@ -4699,9 +4693,9 @@ - preexec close (S) + preexec close (S) This boolean option controls whether a non-zero - return code from preexec + return code from preexec should close the service being connected to. Default: preexec close = no @@ -4710,7 +4704,7 @@ - preferred master (G) + preferred master (G) This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup. @@ -4718,7 +4712,7 @@ If this is set to true, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. It is recommended that this parameter is - used in conjunction with + used in conjunction with domain master = yes, so that nmbd can guarantee becoming a domain master. @@ -4729,7 +4723,7 @@ This will result in unnecessary broadcast traffic and reduced browsing capabilities. - See also os level + See also os level . Default: preferred master = no @@ -4739,8 +4733,8 @@ - prefered master (G) - Synonym for + prefered master (G) + Synonym for preferred master for people who cannot spell :-). @@ -4748,23 +4742,23 @@ - preload - Synonym for + preload + Synonym for auto services. - preserve case (S) + preserve case (S) This controls if new filenames are created with the case that the client passes, or if they are forced to - be the derault case + be the derault case . Default: preserve case = yes - See the section on NAME + See the section on NAME MANGLING" for a fuller discussion. @@ -4772,7 +4766,7 @@ - print command (S) + print command (S) After a print job has finished spooling to a service, this command will be used via a system() call to process the spool file. Typically the command specified will @@ -4807,7 +4801,7 @@ Note that printing may fail on some UNIXs from the nobody account. If this happens then create an alternative guest account that can print and set the guest account + linkend="GUESTACCOUNT">guest account in the [global] section. You can form quite complex print commands by realizing @@ -4820,7 +4814,7 @@ You may have to vary this command considerably depending on how you normally print files on your system. The default for - the parameter varies depending on the setting of the + the parameter varies depending on the setting of the printing parameter. Default: For printing= BSD, AIX, QNX, LPRNG @@ -4841,8 +4835,8 @@ - print ok (S) - Synonym for + print ok (S) + Synonym for printable. @@ -4851,14 +4845,14 @@ - printable (S) + printable (S) If this parameter is yes, then clients may open, write to and submit spool files on the directory specified for the service. Note that a printable service will ALWAYS allow writing to the service path (user privileges permitting) via the spooling - of print data. The writeable + of print data. The writeable parameter controls only non-printing access to the resource. @@ -4869,8 +4863,8 @@ - printcap (G) - Synonym for + printcap (G) + Synonym for printcap name. @@ -4879,7 +4873,7 @@ - printer admin (S) + printer admin (S) This is a list of users that can do anything to printers via the remote administration interfaces offered by MSRPC (usually using a NT workstation). Note that the root user always @@ -4897,11 +4891,11 @@ - printcap name (G) + printcap name (G) This parameter may be used to override the compiled-in default printcap name used by the server (usually /etc/printcap). See the discussion of the [printers] section above for reasons + linkend="PRINTERSSECT">[printers] section above for reasons why you might want to do this. On System V systems that use lpstat to @@ -4940,7 +4934,7 @@ - printer (S) + printer (S) This parameter specifies the name of the printer to which print jobs spooled through a printable service will be sent. @@ -4958,7 +4952,7 @@ - printer driver (S) + printer driver (S) This option allows you to control the string that clients receive when they ask the server for the printer driver associated with a printer. If you are using Windows95 or WindowsNT @@ -4968,12 +4962,12 @@ You need to set this parameter to the exact string (case sensitive) that describes the appropriate printer driver for your system. If you don't know the exact string to use then you should - first try with no + first try with no printer driver option set and the client will give you a list of printer drivers. The appropriate strings are shown in a scrollbox after you have chosen the printer manufacturer. - See also printer + See also printer driver file. Example: printer driver = HP LaserJet 4L @@ -4983,7 +4977,7 @@ - printer driver file (G) + printer driver file (G) This parameter tells Samba where the printer driver definition file, used when serving drivers to Windows 95 clients, is to be found. If this is not set, the default is : @@ -4997,7 +4991,7 @@ clients, see the documentation file in the docs/ directory, PRINTER_DRIVER.txt. - See also + See also printer driver location. Default: None (set in compile). @@ -5011,7 +5005,7 @@ - printer driver location (S) + printer driver location (S) This parameter tells clients of a particular printer share where to find the printer driver files for the automatic installation of drivers for Windows 95 machines. If Samba is set up @@ -5025,7 +5019,7 @@ file in the docs/ directory, PRINTER_DRIVER.txt. - See also + See also printer driver file. Default: none @@ -5037,8 +5031,8 @@ - printer name (S) - Synonym for + printer name (S) + Synonym for printer. @@ -5046,7 +5040,7 @@ - printing (S) + printing (S) This parameters controls how printer status information is interpreted on your system. It also affects the default values for the print command, @@ -5068,7 +5062,7 @@ This option can be set on a per printer basis - See also the discussion in the + See also the discussion in the [printers] section. @@ -5076,7 +5070,7 @@ - private dir(G) + private dir(G) The private dir parameter allows an administator to define a directory path used to hold the various databases Samba will use to store things like a the machine @@ -5094,7 +5088,7 @@ - protocol (G) + protocol (G) The value of the parameter (a string) is the highest protocol level that will be supported by the server. @@ -5128,8 +5122,8 @@ - public (S) - Synonym for guest + public (S) + Synonym for guest ok. @@ -5137,7 +5131,7 @@ - queuepause command (S) + queuepause command (S) This parameter specifies the command to be executed on the server host in order to pause the printerqueue. @@ -5166,11 +5160,11 @@ - queueresume command (S) + queueresume command (S) This parameter specifies the command to be executed on the server host in order to resume the printerqueue. It is the command to undo the behavior that is caused by the - previous parameter ( + previous parameter ( queuepause command). This command should be a program or script which takes @@ -5190,7 +5184,7 @@ server. Default: depends on the setting of printing + linkend="PRINTING">printing Example: queuepause command = enable %p @@ -5201,7 +5195,7 @@ - read bmpx (G) + read bmpx (G) This boolean parameter controls whether smbd(8) will support the "Read Block Multiplex" SMB. This is now rarely used and defaults to @@ -5216,18 +5210,18 @@ - read list (S) + read list (S) This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the writeable + linkend="WRITEABLE">writeable option is set to. The list can include group names using the - syntax described in the + syntax described in the invalid users parameter. - See also the + See also the write list parameter and the invalid users + linkend="INVALIDUSERS">invalid users parameter. Default: read list = <empty string> @@ -5238,16 +5232,16 @@ - read only (S) + read only (S) Note that this is an inverted synonym for writeable. + linkend="WRITEABLE">writeable. - read raw (G) + read raw (G) This parameter controls whether or not the server will support the raw read SMB requests when transferring data to clients. @@ -5261,7 +5255,7 @@ sizes, and for these clients you may need to disable raw reads. In general this parameter should be viewed as a system tuning - tool and left severely alone. See also + tool and left severely alone. See also write raw. Default: read raw = yes @@ -5270,7 +5264,7 @@ - read size (G) + read size (G) The option read size affects the overlap of disk reads/writes with network reads/writes. If the amount of data being transferred in several of the SMB @@ -5298,7 +5292,7 @@ - remote announce (G) + remote announce (G) This option allows you to setup nmbd(8) to periodically announce itself to arbitrary IP addresses with an arbitrary workgroup name. @@ -5316,7 +5310,7 @@ the above line would cause nmbd to announce itself to the two given IP addresses using the given workgroup names. If you leave out the workgroup name then the one given in - the workgroup + the workgroup parameter is used instead. The IP addresses you choose would normally be the broadcast @@ -5334,7 +5328,7 @@ - remote browse sync (G) + remote browse sync (G) This option allows you to setup nmbd(8) to periodically request synchronization of browse lists with the master browser of a samba @@ -5371,7 +5365,7 @@ - restrict anonymous (G) + restrict anonymous (G) This is a boolean parameter. If it is true, then anonymous access to the server will be restricted, namely in the case where the server is expecting the client to send a username, @@ -5402,8 +5396,8 @@ - root (G) - Synonym for + root (G) + Synonym for root directory". @@ -5411,15 +5405,15 @@ - root dir (G) - Synonym for + root dir (G) + Synonym for root directory". - root directory (G) + root directory (G) The server will chroot() (i.e. Change it's root directory) to this directory on startup. This is not strictly necessary for secure operation. Even without it the @@ -5427,7 +5421,7 @@ It may also check for, and deny access to, soft links to other parts of the filesystem, or attempts to use ".." in file names to access other directories (depending on the setting of the wide links + linkend="WIDELINKS">wide links parameter). Adding a root directory entry other @@ -5451,26 +5445,26 @@ - root postexec (S) + root postexec (S) This is the same as the postexec parameter except that the command is run as root. This is useful for unmounting filesystems (such as cdroms) after a connection is closed. - See also + See also postexec. - root preexec (S) + root preexec (S) This is the same as the preexec parameter except that the command is run as root. This is useful for mounting filesystems (such as cdroms) after a connection is closed. - See also - preexec and + See also + preexec and preexec close. @@ -5478,19 +5472,19 @@ - root preexec close (S) + root preexec close (S) This is the same as the preexec close parameter except that the command is run as root. - See also - preexec and + See also + preexec and preexec close. - security (G) + security (G) This option affects how clients respond to Samba and is one of the most important settings in the smb.conf file. @@ -5531,18 +5525,18 @@ want to mainly setup shares without a password (guest shares). This is commonly used for a shared printer server. It is more difficult to setup guest shares with security = user, see - the map to guest + the map to guest parameter for details. It is possible to use smbd in a hybrid mode where it is offers both user and share - level security under different + level security under different NetBIOS aliases. The different settings will now be explained. - SECURITY = SHARE + SECURITY = SHARE When clients connect to a share level security server then @@ -5567,15 +5561,15 @@ client password is constructed using the following methods : - If the guest + If the guest only parameter is set, then all the other - stages are missed and only the + stages are missed and only the guest account username is checked. Is a username is sent with the share connection request, then this username (after mapping - see username map), + linkend="USERNAMEMAP">username map), is added as a potential username. If the client did a previous logon @@ -5589,7 +5583,7 @@ The NetBIOS name of the client is added to the list as a potential username. - Any users on the + Any users on the user list are added as potential usernames. @@ -5608,20 +5602,20 @@ in share-level security as to which UNIX username will eventually be used in granting access. - See also the section + See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION. - SECURIYT = USER + SECURIYT = USER This is the default security setting in Samba 2.2. With user-level security a client must first "log=on" with a valid username and password (which can be mapped using the username map - parameter). Encrypted passwords (see the + linkend="USERNAMEMAP">username map + parameter). Encrypted passwords (see the encrypted passwords parameter) can also - be used in this security mode. Parameters such as - user and + be used in this security mode. Parameters such as + user and guest only if set are then applied and may change the UNIX user to use on this connection, but only after the user has been successfully authenticated. @@ -5631,14 +5625,14 @@ the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the guest account. - See the map to guest + linkend="GUESTACCOUNT">guest account. + See the map to guest parameter for details on doing this. - See also the section + See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION. - SECURITY = SERVER + SECURITY = SERVER In this mode Samba will try to validate the username/password @@ -5662,25 +5656,25 @@ the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the guest account. - See the map to guest + linkend="GUESTACCOUNT">guest account. + See the map to guest parameter for details on doing this. - See also the section + See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION. - See also the password + See also the password server parameter and the encrypted passwords + linkend="ENCRYPTPASSWORDS">encrypted passwords parameter. - SECURITY = DOMAIN + SECURITY = DOMAIN This mode will only work correctly if smbpasswd(8) has been used to add this machine into a Windows NT Domain. It expects the encrypted passwords + linkend="ENCRYPTPASSWORDS">encrypted passwords parameter to be set to true. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly @@ -5700,8 +5694,8 @@ the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the guest account. - See the map to guest + linkend="GUESTACCOUNT">guest account. + See the map to guest parameter for details on doing this. BUG: There is currently a bug in the @@ -5712,12 +5706,12 @@ a multi-byte username will not be recognized correctly at the Domain Controller. This issue will be addressed in a future release. - See also the section + See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION. - See also the password + See also the password server parameter and the encrypted passwords + linkend="ENCRYPTPASSWORDS">encrypted passwords parameter. Default: security = USER @@ -5728,7 +5722,7 @@ - security mask (S) + security mask (S) This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security @@ -5741,7 +5735,7 @@ to change. If not set explicitly this parameter is set to the same - value as the create mask + value as the create mask parameter. To allow a user to modify all the user/group/world permissions on a file, set this parameter to 0777. @@ -5752,10 +5746,10 @@ "appliance" systems. Administrators of most normal systems will probably want to set it to 0777. - See also the + See also the force directory security mode, - directory - security mask, + directory + security mask, force security mode parameters. Default: security mask = <same as create mask> @@ -5766,7 +5760,7 @@ - server string (G) + server string (G) This controls what string will show up in the printer comment box in print manager and next to the IPC connection in net view". It can be any string that you wish @@ -5791,7 +5785,7 @@ - set directory (S) + set directory (S) If set directory = no, then users of the service may not use the setdir command to change directory. @@ -5808,7 +5802,7 @@ - share modes (S) + share modes (S) This enables or disables the honoring of the share modes during a file open. These modes are used by clients to gain exclusive read or write access @@ -5837,7 +5831,7 @@ - shared mem size (G) + shared mem size (G) It specifies the size of the shared memory (in bytes) to use between smbd(8) processes. This parameter defaults to one megabyte of shared @@ -5861,17 +5855,17 @@ - short preserve case (S) + short preserve case (S) This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced - to be the default case + to be the default case . This option can be use with preserve case = yes + linkend="PRESERVECASE">preserve case = yes to permit long filenames to retain their case, while short names are lowered. - See the section on + See the section on NAME MANGLING. Default: short preserve case = yes @@ -5881,7 +5875,7 @@ - smb passwd file (G) + smb passwd file (G) This option sets the path to the encrypted smbpasswd file. By default the path to the smbpasswd file is compiled into Samba. @@ -5897,7 +5891,7 @@ - smbrun (G) + smbrun (G) This sets the full path to the smbrun binary. This defaults to the value in the Makefile. @@ -5919,7 +5913,7 @@ - socket address (G) + socket address (G) This option allows you to control what address Samba will listen for connections on. This is used to support multiple virtual interfaces on the one server, each @@ -5936,7 +5930,7 @@ - socket options (G) + socket options (G) This option allows you to set socket options to be used when talking with the client. @@ -6009,7 +6003,7 @@ - source environment (G) + source environment (G) This parameter causes Samba to set environment variables as per the content of the file named. @@ -6035,7 +6029,7 @@ - ssl (G) + ssl (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6048,8 +6042,8 @@ This variable enables or disables the entire SSL mode. If it is set to no, the SSL enabled samba behaves exactly like the non-SSL samba. If set to yes, - it depends on the variables - ssl hosts and + it depends on the variables + ssl hosts and ssl hosts resign whether an SSL connection will be required. @@ -6060,7 +6054,7 @@ - ssl CA certDir (G) + ssl CA certDir (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6086,7 +6080,7 @@ - ssl CA certFile (G) + ssl CA certFile (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6112,7 +6106,8 @@ - ssl ciphers (G) + + ssl ciphers (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6130,7 +6125,7 @@ - ssl client cert (G) + ssl client cert (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6152,7 +6147,7 @@ - ssl client key (G) + ssl client key (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6174,7 +6169,7 @@ - ssl compatibility (G) + ssl compatibility (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6194,15 +6189,16 @@ - ssl hosts (G) - See + + ssl hosts (G) + See ssl hosts resign. - ssl hosts resign (G) + ssl hosts resign (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6214,14 +6210,14 @@ These two variables define whether samba will go into SSL mode or not. If none of them is defined, samba will - allow only SSL connections. If the + allow only SSL connections. If the ssl hosts variable lists hosts (by IP-address, IP-address range, net group or name), only these hosts will be forced into SSL mode. If the ssl hosts resign variable lists hosts, only these hosts will NOT be forced into SSL mode. The syntax for these two - variables is the same as for the - hosts allow and + variables is the same as for the + hosts allow and hosts deny pair of variables, only that the subject of the decision is different: It's not the access right but whether SSL is used or not. @@ -6239,7 +6235,7 @@ - ssl require clientcert (G) + ssl require clientcert (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6252,8 +6248,8 @@ If this variable is set to yes, the server will not tolerate connections from clients that don't have a valid certificate. The directory/file given in ssl CA certDir - and ssl CA certFile + linkend="SSLCACERTDIR">ssl CA certDir + and ssl CA certFile will be used to look up the CAs that issued the client's certificate. If the certificate can't be verified positively, the connection will be terminated. If this variable @@ -6271,7 +6267,7 @@ - ssl require servercert (G) + ssl require servercert (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6284,7 +6280,7 @@ If this variable is set to yes, the smbclient(1) will request a certificate from the server. Same as - ssl require + ssl require clientcert for the server. Default: ssl require servercert = no @@ -6293,7 +6289,7 @@ - ssl server cert (G) + ssl server cert (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6315,7 +6311,7 @@ - ssl server key (G) + ssl server key (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6339,7 +6335,7 @@ - ssl version (G) + ssl version (G) This variable is part of SSL-enabled Samba. This is only available if the SSL libraries have been compiled on your system and the configure option --with-ssl was @@ -6363,7 +6359,7 @@ - stat cache (G) + stat cache (G) This parameter determines if smbd(8) will use a cache in order to speed up case insensitive name mappings. You should never need @@ -6374,7 +6370,7 @@ - stat cache size (G) + stat cache size (G) This parameter determines the number of entries in the stat cache. You should never need to change this parameter. @@ -6386,7 +6382,7 @@ - status (G) + status (G) This enables or disables logging of connections to a status file that smbstatus(1) can read. @@ -6402,7 +6398,7 @@ - strict locking (S) + strict locking (S) This is a boolean that controls the handling of file locking in the server. When this is set to yes the server will check every read and write access for file locks, and @@ -6422,7 +6418,7 @@ - strict sync (S) + strict sync (S) Many Windows applications (including the Windows 98 explorer shell) seem to confuse flushing buffer contents to disk with doing a sync to disk. Under UNIX, a sync call forces @@ -6437,7 +6433,7 @@ performance problems that people have reported with the new Windows98 explorer shell file copies. - See also the sync + See also the sync always> parameter. Default: strict sync = no @@ -6446,7 +6442,7 @@ - strip dot (G) + strip dot (G) This is a boolean that controls whether to strip trailing dots off UNIX filenames. This helps with some CDROMs that have filenames ending in a single dot. @@ -6458,7 +6454,7 @@ - sync always (S) + sync always (S) This is a boolean parameter that controls whether writes will always be written to stable storage before the write call returns. If this is false then the server will be @@ -6470,7 +6466,7 @@ yes in order for this parameter to have any affect. - See also the strict + See also the strict sync parameter. Default: sync always = no @@ -6480,7 +6476,7 @@ - syslog (G) + syslog (G) This parameter maps how Samba debug messages are logged onto the system syslog logging levels. Samba debug level zero maps onto syslog LOG_ERR, debug @@ -6500,7 +6496,7 @@ - syslog only (G) + syslog only (G) If this parameter is set then Samba debug messages are logged into the system syslog only, and not to the debug log files. @@ -6512,7 +6508,7 @@ - template homedir (G) + template homedir (G) NOTE: this parameter is only available in Samba 3.0. @@ -6531,7 +6527,7 @@ - template shell (G) + template shell (G) NOTE: this parameter is only available in Samba 3.0. @@ -6546,7 +6542,7 @@ - time offset (G) + time offset (G) This parameter is a setting in minutes to add to the normal GMT to local time conversion. This is useful if you are serving a lot of PCs that have incorrect daylight @@ -6560,7 +6556,7 @@ - time server (G) + time server (G) This parameter determines if nmbd(8) advertises itself as a time server to Windows clients. @@ -6571,8 +6567,8 @@ - timestamp logs (G) - Synonym for + timestamp logs (G) + Synonym for debug timestamp. @@ -6581,7 +6577,7 @@ - unix password sync (G) + unix password sync (G) This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. @@ -6591,8 +6587,8 @@ old UNIX password (as the SMB password has change code has no access to the old password cleartext, only the new). - See also passwd - program, + See also passwd + program, passwd chat. Default: unix password sync = no @@ -6602,7 +6598,7 @@ - unix realname (G) + unix realname (G) This boolean parameter when set causes samba to supply the real name field from the unix password file to the client. This isuseful for setting up mail clients and WWW @@ -6615,7 +6611,7 @@ - update encrypted (G) + update encrypted (G) This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) password in the smbpasswd file to be updated automatically as @@ -6631,7 +6627,7 @@ file this parameter should be set to no. In order for this parameter to work correctly the encrypt passwords + linkend="ENCRYPTPASSWORDS">encrypt passwords parameter must be set to no when this parameter is set to yes. @@ -6647,7 +6643,7 @@ - use rhosts (G) + use rhosts (G) If this global parameter is a true, it specifies that the UNIX users .rhosts file in their home directory will be read to find the names of hosts and users who will be allowed @@ -6667,8 +6663,8 @@ - user (S) - Synonym for + user (S) + Synonym for username. @@ -6676,15 +6672,15 @@ - users (S) - Synonym for + users (S) + Synonym for username. - username (S) + username (S) Multiple users may be specified in a comma-delimited list, in which case the supplied password will be tested against each username in turn (left to right). @@ -6712,7 +6708,7 @@ so they cannot do anything that user cannot do. To restrict a service to a particular set of users you - can use the valid users + can use the valid users parameter. If any of the usernames begin with a '@' then the name @@ -6734,7 +6730,7 @@ quite some time, snd some clients may time out during the search. - See the section NOTE ABOUT + See the section NOTE ABOUT USERNAME/PASSWORD VALIDATION for more information on how this parameter determines access to the services. @@ -6749,7 +6745,7 @@ - username level (G) + username level (G) This option helps Samba to try and 'guess' at the real UNIX username, as many DOS clients send an all-uppercase username. By default Samba tries all lowercase, followed by the @@ -6772,7 +6768,7 @@ - username map (G) + username map (G) This option allows you to specify a file containing a mapping of usernames from the clients to the server. This can be used for several purposes. The most common is to map usernames @@ -6846,7 +6842,7 @@ will actually be connecting to \\server\mary and will need to supply a password suitable for mary not fred. The only exception to this is the - username passed to the + username passed to the password server (if you have one). The password server will receive whatever username the client supplies without modification. @@ -6865,7 +6861,7 @@ - utmp (S) + utmp (S) This boolean parameter is only available if Samba has been configured and compiled with the option --with-utmp. If set to True then Samba will attempt @@ -6873,7 +6869,7 @@ connection is made to a Samba server. Sites may use this to record the user connecting to a Samba share. - See also the + See also the utmp directory parameter. Default: utmp = no @@ -6883,12 +6879,12 @@ - utmp directory(G) + utmp directory(G) This parameter is only available if Samba has been configured and compiled with the option --with-utmp. It specifies a directory pathname that is used to store the utmp or utmpx files (depending on the UNIX system) that - record user connections to a Samba server. See also the + record user connections to a Samba server. See also the utmp parameter. By default this is not set, meaning the system will use whatever utmp file the native system is set to use (usually @@ -6900,7 +6896,8 @@ - winbind cache time + + winbind cache time NOTE: this parameter is only available in Samba 3.0. @@ -6916,7 +6913,8 @@ - winbind gid + + winbind gid NOTE: this parameter is only available in Samba 3.0. @@ -6936,7 +6934,7 @@ - winbind uid + winbind uid NOTE: this parameter is only available in Samba 3.0. @@ -6956,7 +6954,7 @@ - valid chars (G) + valid chars (G) The option allows you to specify additional characters that should be considered valid by the server in filenames. This is particularly useful for national character @@ -6991,7 +6989,7 @@ the valid chars parameter the valid chars settings will be overwritten. - See also the client + See also the client code page parameter. Default: Samba defaults to using a reasonable set @@ -7018,7 +7016,7 @@ - valid users (S) + valid users (S) This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '&' are interpreted using the same rules as described in the @@ -7031,7 +7029,7 @@ The current servicename is substituted for %S . This is useful in the [homes] section. - See also invalid users + See also invalid users Default: No valid users list (anyone can login) @@ -7045,7 +7043,7 @@ - veto files(S) + veto files(S) This is a list of files and directories that are neither visible nor accessible. Each entry in the list must be separated by a '/', which allows spaces to be included @@ -7070,8 +7068,8 @@ of Samba, as it will be forced to check all files and directories for a match as they are scanned. - See also hide files - and + See also hide files + and case sensitive. Default: No files or directories are vetoed. @@ -7092,13 +7090,13 @@ - veto oplock files (S) + veto oplock files (S) This parameter is only valid when the oplocks + linkend="OPLOCKS">oplocks parameter is turned on for a share. It allows the Samba administrator to selectively turn off the granting of oplocks on selected files that match a wildcarded list, similar to the wildcarded list used in the - veto files + veto files parameter. Default: No files are vetoed for oplock @@ -7120,7 +7118,7 @@ - volume (S) + volume (S) This allows you to override the volume label returned for a share. Useful for CDROMs with installation programs that insist on a particular volume label. @@ -7132,7 +7130,7 @@ - wide links (S) + wide links (S) This parameter controls whether or not links in the UNIX file system may be followed by the server. Links that point to areas within the directory tree exported by the @@ -7150,7 +7148,7 @@ - wins proxy (G) + wins proxy (G) This is a boolean that controls if nmbd(8) will respond to broadcast name queries on behalf of other hosts. You may need to set this @@ -7164,7 +7162,7 @@ - wins server (G) + wins server (G) This specifies the IP address (or DNS name: IP address for preference) of the WINS server that nmbd(8) should register with. If you have a WINS server on @@ -7188,7 +7186,7 @@ - wins hook (G) + wins hook (G) When Samba is running as a WINS server this allows you to call an external program for all changes to the WINS database. The primary use for this option is to allow the @@ -7234,7 +7232,7 @@ - wins support (G) + wins support (G) This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should not set this to true unless you have a multi-subnetted network and @@ -7248,11 +7246,12 @@ - workgroup (G) + + workgroup (G) This controls what workgroup your server will appear to be in when queried by clients. Note that this parameter also controls the Domain name used with the security=domain + linkend="WORKGROUP">security=domain setting. Default: set at compile time to WORKGROUP @@ -7264,8 +7263,8 @@ - writable (S) - Synonym for + writable (S) + Synonym for writeable for people who can't spell :-). @@ -7273,18 +7272,18 @@ - write list (S) + write list (S) This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the writeable + linkend="WRITEABLE">writeable option is set to. The list can include group names using the @group syntax. Note that if a user is in both the read list and the write list then they will be given write access. - See also the read list + See also the read list option. Default: write list = <empty string> @@ -7298,7 +7297,7 @@ - write cache size (S) + write cache size (S) This integer parameter (new with Samba 2.0.7) if set to non-zero causes Samba to create an in-memory cache for each oplocked file (it does not do this for @@ -7331,8 +7330,8 @@ - write ok (S) - Synonym for + write ok (S) + Synonym for writeable. @@ -7340,7 +7339,7 @@ - write raw (G) + write raw (G) This parameter controls whether or not the server will support raw writes SMB's when transferring data from clients. You should never need to change this parameter. @@ -7352,8 +7351,8 @@ - writeable (S) - An inverted synonym is + writeable (S) + An inverted synonym is read only. If this parameter is no, then users -- cgit