From 7a959e81d42bdff1269589b7d17a12ab0b3243be Mon Sep 17 00:00:00 2001
From: Gerald Carter
As a result of these defeciencies, a more robust means of storing user attributes
used by smbd was developed. The API which defines access to user accounts
is commonly referred to as the samdb interface (previously this was called the passdb
-API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
+API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
for a samdb backend (e.g. This HOWTO describes how to get winbind services up and running
to control access and authenticate users on your Linux box using
the winbind services which come with SAMBA 2.2.2.
There is also some Solaris specific information in +docs/textdocs/Solaris-Winbind-HOWTO.txt. +Future revisions of this document will incorporate that +information.
The default log directory is compiled into Samba +> server. The default log directory is compiled into Samba as part of the build process. Common defaults are /usr/local/samba/var/log.nmb/var/log/log.nmb.
. Beware: + If the directory specified does not exist, nmbd + will log to the default debug log location defined at compile time. +UDP port number is a positive integer value. - This option changes the default UDP port number (normally 137) + This option changes the default UDP port number (normally 137) that nmbd responds to name queries on. Don't - use this option unless you are an expert, in which case you +> responds to name queries on. Don't + use this option unless you are an expert, in which case you won't need help!
The default configuration file name +>The default configuration file name is set at build time, typically as /usr/local/samba/lib/smb.conf, but this may be changed when Samba is autoconfigured.
The file specified contains the configuration details +>The file specified contains the configuration details required by the server. See - smb.conf(5)
If the server is to be run by the
+>If the server is to be run by the
inetd meta-daemon, this file
- must contain suitable startup information for the
+> meta-daemon, this file
+ must contain suitable startup information for the
meta-daemon. See the or whatever initialization script your
+>or whatever initialization script your
system uses). If running the server as a daemon at startup,
- this file will need to contain an appropriate startup
+>If running the server as a daemon at startup,
+ this file will need to contain an appropriate startup
sequence for the server. See the If running the server via the
+>If running the server via the
meta-daemon inetd, this file
- must contain a mapping of service name (e.g., netbios-ssn)
- to service port (e.g., 139) and protocol type (e.g., tcp).
+>, this file
+ must contain a mapping of service name (e.g., netbios-ssn)
+ to service port (e.g., 139) and protocol type (e.g., tcp).
See the This is the default location of the
+>This is the default location of the
smb.conf
- server configuration file. Other common places that systems
+ server configuration file. Other common places that systems
install this file are /usr/samba/lib/smb.conf
+>
and /etc/smb.conf. When run as a WINS server (see the
+>When run as a WINS server (see the
wins.dat
+>
in the var/locks directory configured under
+> directory configured under
wherever Samba was configured to install itself. If nmbd will accept SIGHUP, which will cause
+> will accept SIGHUP, which will cause
it to dump out its namelists into the file namelist.debug
@@ -562,12 +567,12 @@ CLASS="FILENAME"
> in the /usr/local/samba/var/locks
+>
directory (or the var/locks directory configured
- under wherever Samba was configured to install itself). This will also
+> directory configured
+ under wherever Samba was configured to install itself). This will also
cause nmbd If the service is marked "guest only = yes" then
- steps 1 to 5 are skipped. This parameter can be used to ensure
+ that if default acls exist on parent directories,
+ they are always honored when creating a subdirectory.
+ The default behavior is to use the mode specified
+ when creating the directory. Enabling this option
+ sets the mode to 0777, thus guaranteeing that
+ default directory acls are propagated.
+ Default: inherit acls = no
+ This parameter controls the number of times
+ that smbd should attempt to gain a byte range lock on the
+ behalf of a client request. Experiments have shown that
+ Windows 2k servers do not reply with a failure if the lock
+ could not be immediately granted, but try a few more times
+ in case the lock could later be aquired. This behavior
+ is used to support PC database formats such as MS Access
+ and FoxPro.
+ Default: lock spin count = 2
+ The time in microseconds that smbd should
+ pause before attempting to gain a failed lock. See
+ lock spin
+ count for more details.
+ Default: lock spin time = 10
+ Currently eight styles of printer status information
- are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ.
+>Currently nine styles of printer status information
+ are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ.
This covers most UNIX systems. You control which type is expected
using the $PATH
may not be available to the server. See also the This option specifies the directory where pid
+ files will be placed. Default: pid directory = ${prefix}/var/locks Example: pid directory = /var/run/
+ The print command is simply a text string. It will be used
- verbatim, with two exceptions: All occurrences of %s
- and %f will be replaced by the
- appropriate spool file name, and all occurrences of %p
- will be replaced by the appropriate printer name. The
- spool file name is generated automatically by the server. The
- %J macro can be used to access the job
+ verbatim after macro substitutions have been made: s, %p - the path to the spool
+ file name %p - the appropriate printer
+ name %J - the job
name as transmitted by the client. %c - The number of printed pages
+ of the spooled job (if known). %z - the size of the spooled
+ print job (in bytes) The print command MUST contain at least
@@ -14065,6 +14204,25 @@ CLASS="COMMAND"
>print command = lp -d%p -s %s; rm %s For printing = CUPS : If SAMBA is compiled against
+ libcups, then printcap = cups
+ uses the CUPS API to
+ submit jobs, etc. Otherwise it maps to the System V
+ commands with the -oraw option for printing, i.e. it
+ uses lp -c -d%p -oraw; rm %s.
+ With printing = cups,
+ and if SAMBA is compiled against libcups, any manually
+ set print command will be ignored. Example: print command = /usr/local/samba/bin/myprintscript
@@ -14159,7 +14317,18 @@ HREF="#AEN79"
CLASS="COMMAND"
>printcap name = cups
. On System V systems that use winbind cache timewinbind cache time (G) This parameter specifies the number of seconds the
@@ -18485,8 +18654,7 @@ CLASS="COMMAND"
>winbind enum
- userswinbind enum users (G) On large installations using
@@ -18537,8 +18705,7 @@ CLASS="COMMAND"
>winbind enum
- groupswinbind enum groups (G) On large installations using
@@ -18588,7 +18755,7 @@ CLASS="COMMAND"
>winbind gidwinbind gid (G) The winbind gid parameter specifies the range of group
@@ -18615,7 +18782,7 @@ CLASS="COMMAND"
>winbind separatorwinbind separator (G) This parameter allows an admin to define the character
@@ -18645,21 +18812,21 @@ CLASS="FILENAME"
with group membership at least on glibc systems, as the character +
is used as a special character for NIS in /etc/group. Example: Default: winbind separator = \\winbind separator = '\' Example: winbind separator = /winbind separator = + The winbind gid parameter specifies the range of group
@@ -19079,7 +19246,7 @@ CLASS="COMMAND"
> Override the default workgroup specified in the
- workgroup parameter of the Override the default workgroup (domain) specified
+ in the workgroup parameter of the smb.conf file
- for this connection. This may be needed to connect to some
+>
+ file for this connection. This may be needed to connect to some
servers. The client will request that the server return
+ the "alternate" name (the 8.3 name) for a file or directory.
+ The client will request that the server cancel
+ the printjobs identified by the given numeric print job ids.
+ This command depends on the server supporting the CIFS
+ UNIX extensions and will fail if the server does not. The client requests that the server
+ change the UNIX permissions to the given octal mode, in standard UNIX format.
+ This command depends on the server supporting the CIFS
+ UNIX extensions and will fail if the server does not. The client requests that the server
+ change the UNIX user and group ownership to the given decimal values. Note there is
+ currently no way to remotely look up the UNIX uid and gid values for a given name.
+ This may be addressed in future versions of the CIFS UNIX extensions.
+ This command depends on the server supporting the CIFS
+ UNIX extensions and will fail if the server does not. The client requests that the server
+ create a hard link between the source and destination files. The source file
+ must not exist.
+ A version of the DOS attrib command to set
+ file permissions. For example: setmode myfile +r would make myfile read only. This command depends on the server supporting the CIFS
+ UNIX extensions and will fail if the server does not. The client requests that the server
+ create a symbolic hard link between the source and destination files. The source file
+ must not exist. Note that the server will not create a link to any path that lies
+ outside the currently connected share. This is enforced by the Samba server.
+ A version of the DOS attrib command to set
- file permissions. For example: setmode myfile +r would make myfile read only. The message-type sends
a "request profile level" message. The current profile level
setting is returned by a "profilelevel" message. This can be sent
- to any of the destinations. The smbd. The close-share message-type sends a
- message to smbd which forces smbd to close the share that was
- specified as an argument. This may be useful if you made changes
- to the access controls on the share. The default log directory is specified at
@@ -354,7 +361,7 @@ CLASS="FILENAME"
> Override the default workgroup specified in the
+ workgroup parameter of the smb.conf file
+ for this session. This may be needed to connect to some
+ servers. Sets the SMB username or username and password.
+ If this option is not specified, the user will be prompted for
+ both the username and the password. If %pass is not specified,
+ the user will be prompted for the password.
+ This option allows
+ the user to set the directory prefix for SMB access. The
+ default value if this option is not specified is
+ smb.
+ This option is used to determine what naming
+ services and in what order to resolve
+ host names to IP addresses. The option takes a space-separated
+ string of different name resolution options. The options are :"lmhosts", "host", "wins" and "bcast".
+ They cause names to be resolved as follows : lmhosts :
+ Lookup an IP address in the Samba lmhosts file. If the
+ line in lmhosts has no name type attached to the
+ NetBIOS name
+ (see the lmhosts(5)
+ for details) then any name type matches for lookup.
+ host :
+ Do a standard host name to IP address resolution, using
+ the system /etc/hosts, NIS, or DNS
+ lookups. This method of name resolution is operating
+ system dependent, for instance on IRIX or Solaris this
+ may be controlled by the /etc/nsswitch.conf
+ file). Note that this method is only used
+ if the NetBIOS name type being queried is the 0x20
+ (server) name type, otherwise it is ignored.
+ wins :
+ Query a name with the IP address listed in the
+ wins server parameter. If no
+ WINS server has been specified this method will be
+ ignored.
+ bcast :
+ Do a broadcast on each of the known local interfaces
+ listed in the interfaces
+ parameter. This is the least reliable of the name
+ resolution methods as it depends on the target host
+ being on a locally connected subnet.
+ If this parameter is not set then the name resolve order
+ defined in the smb.conf file parameter
+ (name resolve order) will be used. The default order is lmhosts, host, wins, bcast. Without
+ this parameter or any entry in the name resolve order
+ parameter of the smb.conf
+ file, the name resolution methods will be attempted in this
+ order. debug level is an integer from 0 to 10. The default value if this parameter is not specified
+ is zero. The higher this value, the more detail will be logged
+ about the activities of nmblookup. At level
+ 0, only critical errors and serious warnings will be logged.
+ If specified causes all debug messages to be
+ written to the file specified by logfilename
+ . If not specified then all messages will be
+ written tostderr.
+ This parameter specifies the location of the
+ shared libraries used by smbsh. The default
+ value is specified at compile time.
+ To use the The -h option
+ queries winbindd(8) to query the WINS
+ server for the IP address associated with the NetBIOS name
+ specified by the name parameter.
+ The -i option
+ queries winbindd(8) to send a node status
+ request to get the NetBIOS name associated with the IP address
+ specified by the ip parameter.
+ Try to obtain the list of UNIX group ids
+ to which the user belongs. This only works for users
+ defined on a Domain Controller.
+ Attempt a simple 'ping' check that the winbindd
- is indeed alive.
+>Store username and password used by winbindd
+ during session setup to a domain controller. This enables
+ winbindd to operate in a Windows 2000 domain with Restrict
+ Anonymous turned on (a.k.a. Permissions compatiable with
+ Windows 2000 servers only).
User information traditionally stored in
+ the hosts(5) file and used by
+ gethostbyname(3) functions. Names are
+ resolved through the WINS server or by broadcast.
+ The following simple configuration in the
+ /etc/nsswitch.conf file can be used to initially
+ resolve hostnames from /etc/hosts and then from the
+ WINS server.SIGNALS
To shut down an nmbd process it is recommended
+> process it is recommended
that SIGKILL (-9) NOT be used, except as a last
- resort, as this may leave the name database in an inconsistent state.
+> be used, except as a last
+ resort, as this may leave the name database in an inconsistent state.
The correct way to terminate nmbd is to send it
+> is to send it
a SIGTERM (-15) signal and wait for it to die on its own.VERSION
SEE ALSO
AUTHOR
COMPLETE LIST OF SERVICE PARAMETERS
EXPLANATION OF EACH PARAMETER
WARNINGS
VERSION
SEE ALSO
AUTHOR
-W WORKGROUPNOTES
ENVIRONMENT VARIABLES
INSTALLATION
DIAGNOSTICS
OPTIONS
smbdVERSION
SEE ALSO
AUTHOR
smb.conf(5) file.
+> file. Beware:
+ If the directory specified does not exist, smbd
+ will log to the default debug log location defined at compile time.
FILES
LIMITATIONS
ENVIRONMENT VARIABLES
PAM INTERACTION
VERSION
DIAGNOSTICS
SIGNALS
SEE ALSO
OPTIONS
EXAMPLES
VERSION
BUGS
SEE ALSO
AUTHOR
wbinfo [-u] [-g] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-a user%password] [-p] [-u] [-g] [-h name] [-i ip] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-r user] [-a user%password] [-A user%password]DESCRIPTION
OPTIONS
. EXIT STATUS
VERSION
SEE ALSO
AUTHOR