From 6412277fa9947702898bc34b0a6ee57a0cfef6f2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Nov 1998 01:27:18 +0000 Subject: First versions of the man pages auto-generated from the YODL source. Jeremy. (This used to be commit 00241b15fa8ccd21e1b43726ea131a189c14074e) --- docs/manpages/make_smbcodepage.1 | 271 +- docs/manpages/nmbd.8 | 476 +- docs/manpages/nmblookup.1 | 271 +- docs/manpages/samba.7 | 344 +- docs/manpages/smb.conf.5 | 10225 ++++++++++++++++++++++--------------- docs/manpages/smbclient.1 | 1988 +++---- docs/manpages/smbd.8 | 842 ++- docs/manpages/smbpasswd.8 | 429 +- docs/manpages/smbrun.1 | 139 +- docs/manpages/smbstatus.1 | 153 +- docs/manpages/smbtar.1 | 302 +- docs/manpages/testparm.1 | 190 +- docs/manpages/testprns.1 | 197 +- 13 files changed, 8612 insertions(+), 7215 deletions(-) (limited to 'docs') diff --git a/docs/manpages/make_smbcodepage.1 b/docs/manpages/make_smbcodepage.1 index 049fa73a2a..93edd9322a 100644 --- a/docs/manpages/make_smbcodepage.1 +++ b/docs/manpages/make_smbcodepage.1 @@ -1,131 +1,142 @@ -.TH MAKE_SMBCODEPAGE 1 "09 Oct 1998" "make_smbcodepage 2.0.0-alpha11" -.SH NAME -make_smbcodepage \- create a binary codepage definition file from an ascii codepage definition source file, or reverse the process. -.SH SYNOPSIS -.B make_smbcodepage -.I c|d -.I codepage -.I inputfile -.I outputfile -.SH DESCRIPTION -This program is part of the Samba suite. - -.B make_smbcodepage -compiles or de-compiles codepage files for use with the internationalization -features of Samba 1.9.18. - -An ascii Samba codepage definition file is a description that tells Samba -how to map from upper to lower case for characters greater than ascii 127 -in the specified DOS code page. Note that for certain DOS codepages -(437 for example) mapping from lower to upper case may be asynchronous. -For example, in code page 437 lower case a acute maps to a plain upper -case A when going from lower to upper case, but maps from plain upper -case A to plain lower case a when lower casing a character. - -A binary Samba codepage definition file is a binary representation -of the same information, including a value that specifies what codepage -this file is describing. - -As Samba does not yet use UNICODE (current for Samba version 1.9.18) -you must specify the client code page that your DOS and Windows clients +.TH "make_smbcodepage" "1" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +make_codepage \- Construct a codepage file for Samba +.PP +.SH "SYNOPSIS" +.PP +\fBmake_smbcodepage\fP [c|d] codepage inputfile outputfile +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite\&. +.PP +\fBmake_smbcodepage\fP compiles or de-compiles codepage files for use +with the internationalization features of Samba 2\&.0 +.PP +.SH "OPTIONS" +.PP +.IP +.IP "c|d" +This tells make_smbcodepage if it is compiling (c) a text +format code page file to binary, or (d) de-compiling a binary codepage +file to text\&. +.IP +.IP "codepage" +This is the codepage we are processing (a number, eg\&. 850)\&. +.IP +.IP "inputfile" +This is the input file to process\&. In the \'c\' case this +will be a text codepage definition file such as the ones found in the +Samba \fIsource/codepages\fP directory\&. In the \'d\' case this will be the +binary format codepage definition file normally found in the +\fIlib/codepages\fP directory in the Samba install directory path\&. +.IP +.IP "outputfile" +This is the output file to produce\&. +.IP +.PP +.SH "Samba Codepage Files" +.PP +A text Samba codepage definition file is a description that tells +Samba how to map from upper to lower case for characters greater than +ascii 127 in the specified DOS code page\&. Note that for certain DOS +codepages (437 for example) mapping from lower to upper case may be +asynchronous\&. For example, in code page 437 lower case a acute maps to +a plain upper case A when going from lower to upper case, but maps +from plain upper case A to plain lower case a when lower casing a +character\&. +.PP +A binary Samba codepage definition file is a binary representation of +the same information, including a value that specifies what codepage +this file is describing\&. +.PP +As Samba does not yet use UNICODE (current for Samba version 2\&.0) you +must specify the client code page that your DOS and Windows clients are using if you wish to have case insensitivity done correctly for -your particular language. The default codepage Samba uses is 850 -(Western European). Ascii codepage definition sample files are provided -in the Samba distribution for codepages 437 (USA), 850 (Western European) -852 (MS-DOS Latin 2) and 932 (Kanji SJIS). Users are encouraged to -write ascii codepage definition files for their own code pages and -donate them to samba-bugs@samba.anu.edu.au. All codepage files in the -Samba source directory are compiled and installed when a 'make install' -command is issued there. - -An ascii codepage definition file consists of multiple lines containing -four fields. These fields are : -.B lower -which is the (hex) lower case character mapped on this line. -.B upper -which is the (hex) upper case character that the lower case character -will map to. -.B map upper to lower -which is a boolean value (put either True or False here) which tells -Samba if it is to map the given upper case character to the given -lower case character when lower casing a filename. -.B map lower to upper -which is a boolean value (put either True or False here) which tells -Samba if it is to map the given lower case character to the given -upper case character when upper casing a filename. - -.SH OPTIONS -.I c|d - -.RS 3 -This tells make_smbcodepage if it is compiling (c) an ascii code page file -to binary, or de-compiling a binary codepage file to ascii. -.RE - -.I codepage - -.RS 3 -This is the codepage we are processing (a number, eg. 850) -.RE - -.I inputfile - -.RS 3 -This is the input file to process. -.RE - -.I outputfile - -.RS 3 -This is the output file to produce. -.RE - -.SH FILES -.B codepage_def. -.RS 3 -These are the input (ascii) codepage files provided in the Samba -source/ directory. -.RE -.SH FILES -.B codepage. -.RS 3 -These are the output (binary) codepage files produced and placed in the Samba -destination lib/codepage/ directory. -.RE - -.SH ENVIRONMENT VARIABLES -Not applicable. -.SH INSTALLATION -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the -.B make_smbcodepage -program be installed under the /usr/local/samba hierarchy, in a directory readable -by all, writeable only by root. The program itself should be executable by all. -The program should NOT be setuid or setgid! -.SH VERSION -This man page is (mostly) correct for version 1.9.18 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the program has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.BR smb.conf (5), -.BR smbd (8) - -.SH BUGS -None known. -.SH CREDITS -The -.B make_smbcodepage -program was written by Jeremy Allison (jallison@whistle.com) as part of the -Internationalization effort of the Samba software. - -Please send bug reports to samba-bugs@samba.anu.edu.au. - -See -.BR samba (7) -for a full list of contributors and details on how to -submit bug reports, comments etc. +your particular language\&. The default codepage Samba uses is 850 +(Western European)\&. Text codepage definition sample files are +provided in the Samba distribution for codepages 437 (USA), 737 +(Greek), 850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), +866 (Cyrillic), 932 (Kanji SJIS), 936 (Simplified Chinese), 949 +(Hangul) and 950 (Traditional Chinese)\&. Users are encouraged to write +text codepage definition files for their own code pages and donate +them to \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. All codepage files in the +Samba \fIsource/codepages\fP directory are compiled and installed when a +\fI\'make install\'\fP command is issued there\&. +.PP +The client codepage used by the \fBsmbd\fP server is +configured using the \fBclient code +page\fP parameter in the +\fBsmb\&.conf\fP file\&. +.PP +.SH "FILES" +.PP +\fBcodepage_def\&.\fP +.PP +These are the input (text) codepage files provided in the Samba +\fIsource/codepages\fP directory\&. +.PP +A text codepage definition file consists of multiple lines +containing four fields\&. These fields are : +.PP +.IP +.IP o +\fBlower\fP: which is the (hex) lower case character mapped on this +line\&. +.IP +.IP o +\fBupper\fP: which is the (hex) upper case character that the lower +case character will map to\&. +.IP +.IP o +\fBmap upper to lower\fP which is a boolean value (put either True +or False here) which tells Samba if it is to map the given upper case +character to the given lower case character when lower casing a +filename\&. +.IP +.IP o +\fBmap lower to upper\fP which is a boolean value (put either True +or False here) which tells Samba if it is to map the given lower case +character to the given upper case character when upper casing a +filename\&. +.IP +.PP +\fBcodepage\&.\fP These are the output (binary) codepage files +produced and placed in the Samba destination \fIlib/codepage\fP +directory\&. +.PP +.SH "INSTALLATION" +.PP +The location of the server and its support files is a matter for +individual system administrators\&. The following are thus suggestions +only\&. +.PP +It is recommended that the \fBmake_smbcodepage\fP program be installed +under the \fI/usr/local/samba\fP hierarchy, in a directory readable by +all, writeable only by root\&. The program itself should be executable +by all\&. The program should NOT be setuid or setgid! +.PP +.SH "VERSION" +.PP +This man page is correct for version 2\&.0 of the Samba suite\&. +.PP +.SH "SEE ALSO" +.PP +\fBsmb\&.conf(5)\fP, \fBsmbd (8)\fP +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +See \fBsamba (7)\fP to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc\&. diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8 index 0922982f00..57ded0c54b 100644 --- a/docs/manpages/nmbd.8 +++ b/docs/manpages/nmbd.8 @@ -1,256 +1,220 @@ -.TH NMBD 8 "09 Oct 1998" "nmbd 2.0.0-alpha11" -.SH NAME -nmbd \- provide netbios nameserver support to clients -.SH SYNOPSIS -.B nmbd -[ -.B \-D -] [ -.B \-H -.I netbios hosts file -] [ -.B \-d -.I debuglevel -] [ -.B \-l -.I log basename -] [ -.B \-n -.I netbios name -] [ -.B \-p -.I port number -] [ -.B \-s -.I configuration file -] -.SH DESCRIPTION -This program is part of the Samba suite. - -.B nmbd -is a server that understands and can reply to netbios -name service requests, like those produced by LanManager -clients. It also controls browsing. - -LanManager clients, when they start up, may wish to locate a LanManager server. -That is, they wish to know what IP number a specified host is using. - -This program simply listens for such requests, and if its own name is specified -it will respond with the IP number of the host it is running on. -Its "own name" is by default the name of the host it is running on, -but this can be overriden with the -.B \-n -option (see "OPTIONS" below). - -.B nmbd -can also be used as a WINS (Windows Internet Name Server) server. -What this basically means is that it will respond to all name requests that -it receives that are not broadcasts, as long as it can resolve the name. -Resolvable names include all names in the netbios hosts file (if any, see -.B \-H -below), its own name, and any other names that it may have learned about -from other browsers on the network. -A change to previous versions is that nmbd will now no longer -do this automatically by default. -.SH OPTIONS -.B \-B - -.RS 3 -This option is obsolete. Please use the "interfaces" option in smb.conf instead. -.RE - -.B \-I - -.RS 3 -This option is obsolete. Please use the "interfaces" option in smb.conf instead. -.RE - -.B \-D - -.RS 3 -If specified, this parameter causes the server to operate as a daemon. That is, -it detaches itself and runs in the background, fielding requests on the -appropriate port. - -By default, the server will NOT operate as a daemon. -.RE - -.B \-C comment string - -.RS 3 -This option is obsolete. Please use the "server string" option in smb.conf -instead. -.RE - -.B \-G - -.RS 3 -This option is obsolete. Please use the "workgroup" option in smb.conf instead. -.RE - -.B \-H -.I netbios hosts file - -.RS 3 -It may be useful in some situations to be able to specify a list of -netbios names for which the server should send a reply if queried. -This option allows you to specify a file containing such a list. -The syntax of the hosts file is similar to the standard /etc/hosts file -format, but has some extensions. - -The file contains three columns. Lines beginning with a # are ignored -as comments. The first column is an IP address, or a hostname. If it -is a hostname then it is interpreted as the IP address returned by -gethostbyname() when read. An IP address of 0.0.0.0 will be -interpreted as the server's own IP address. - -The second column is a netbios name. This is the name that the server -will respond to. It must be less than 20 characters long. - -The third column is optional, and is intended for flags. Currently the -only flag supported is M, which means that this name is the default -netbios name for this machine. This has the same effect as specifying the -.B \-n -option to -.BR nmbd . - -NOTE: The G and S flags are now obsolete and are replaced by the -"interfaces" and "remote announce" options in smb.conf. - -The default hosts file name is set at compile time, typically as -.I /etc/lmhosts, -but this may be changed in the Samba Makefile. - -After startup the server waits for queries, and will answer queries for -any name known to it. This includes all names in the netbios hosts file, -its own name, and any other names it may have learned about from other -browsers on the network. - -The primary intention of the -.B \-H -option is to allow a mapping from netbios names to internet domain names. - -.B Example: - - # This is a sample netbios hosts file - - # DO NOT USE THIS FILE AS-IS - # YOU MAY INCONVENIENCE THE OWNERS OF THESE IPs - # if you want to include a name with a space in it then - # use double quotes. - - # next add a netbios alias for a faraway host - arvidsjaur.anu.edu.au ARVIDSJAUR - - # finally put in an IP for a hard to find host - 130.45.3.213 FREDDY - -.RE -.B \-N - -.RS 3 -This option is obsolete. Please use the "interfaces" option in smb.conf instead. -.RE - -.B \-d -.I debuglevel - -.RS 3 -This option sets the debug level. See -.BR smb.conf (5). -.RE - -.B \-l -.I log file - -.RS 3 -The -.I log file -parameter specifies a path and base filename into which operational data -from the running -.B nmbd -server will be logged. -The actual log file name is generated by appending the extension ".nmb" to -the specified base name. -For example, if the name specified was "log" then the file log.nmb would -contain the debugging data. - -The default log file is specified at compile time, typically as -.I /var/log/log.nmb. -.RE - -.B \-n -.I netbios name - -.RS 3 -This option allows you to override the Netbios name that Samba uses for itself. -.RE - -.B \-a - -.RS 3 -If this parameter is specified, the log files will be appended to with each -new connection. This is the default. -.RE - -.B \-o - -.RS 3 -Overwrite existing log files instead of appending to them. (This was the -default until version 2.0.0.) -.RE - -.B \-p -.I port number -.RS 3 - -port number is a positive integer value. - -Don't use this option unless you are an expert, in which case you -won't need help! -.RE - -.B \-s -.I configuration file - -.RS 3 -The default configuration file name is set at compile time, typically as -.I /etc/smb.conf, -but this may be changed in the Samba Makefile. - -The file specified contains the configuration details required by the server. -See -.BR smb.conf (5) -for more information. -.RE -.SH SIGNALS - -In version 1.9.18 and above, nmbd will accept SIGHUP, which will cause it to dump out -it's namelists into the file namelist.debug in the SAMBA/var/locks directory. This -will also cause nmbd to dump out it's server database in the log.nmb file. -Also new in version 1.9.18 and above is the ability to raise the debug log -level of nmbd by sending it a SIGUSR1 (kill -USR1 ) and to lower -the nmbd log level by sending it a SIGUSR2 (kill -USR2 ). This -is to allow transient problems to be diagnosed, whilst still running at -a normally low log level. - -.SH VERSION - -This man page is (mostly) correct for version 1.9.16 of the Samba -suite, plus some of the recent patches to it. These notes will -necessarily lag behind development of the software, so it is possible -that your version of the server has extensions or parameter semantics -that differ from or are not covered by this man page. Please notify -these to the address below for rectification. -.SH SEE ALSO -.BR inetd (8), -.BR smbd (8), -.BR smb.conf (5), -.BR smbclient (1), -.BR testparm (1), -.BR testprns (1) -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@samba.anu.edu.au). Andrew is also the Keeper -of the Source for this project. - +.TH "nmbd" "8" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +nmbd \- NetBIOS name server to provide NetBIOS over IP +naming services to clients +.PP +.SH "SYNOPSIS" +.PP +\fBnmbd\fP [-D] [-o] [-a] [-H lmhosts file] [-d debuglevel] [-l log file basename] [-n primary NetBIOS name] [-p port number] [-s configuration file] [-i NetBIOS scope] [-h] +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite\&. +.PP +\fBnmbd\fP is a server that understands and can reply to NetBIOS over IP +name service requests, like those produced by SMBD/CIFS clients such +as Windows 95/98, Windows NT and LanManager clients\&. It also +participates in the browsing protocols which make up the Windows +"Network Neighborhood" view\&. +.PP +SMB/CIFS clients, when they start up, may wish to locate an SMB/CIFS +server\&. That is, they wish to know what IP number a specified host is +using\&. +.PP +Amongst other services, this program will listen for such requests, +and if its own NetBIOS name is specified it will respond with the IP +number of the host it is running on\&. Its "own NetBIOS name" is by +default the primary DNS name of the host it is running on, but this +can be overriden with the \fB-n\fP option (see \fIOPTIONS\fP below)\&. Thus +nmbd will reply to broadcast queries for its own name(s)\&. Additional +names for nmbd to respond on can be set via parameters in the +\fBsmb\&.conf (5)\fP configuration file\&. +.PP +nmbd can also be used as a WINS (Windows Internet Name Server) +server\&. What this basically means is that it will act as a WINS +database server, creating a database from name registration requests +that it receives and replying to queries from clients for these names\&. +.PP +In addition, nmbd can act as a WINS proxy, relaying broadcast queries +from clients that do not understand how to talk the WINS protocol to a +WIN server\&. +.PP +.SH "OPTIONS" +.PP +.IP +.IP "\fB-D\fP" +If specified, this parameter causes the server to operate +as a daemon\&. That is, it detaches itself and runs in the background, +fielding requests on the appropriate port\&. By default, the server will +NOT operate as a daemon\&. nmbd can also be operated from the inetd +meta-daemon, although this is not recommended\&. +.IP +.IP "\fB-a\fP" +If this parameter is specified, each new connection will +append log messages to the log file\&. This is the default\&. +.IP +.IP "\fB-o\fP" +If this parameter is specified, the log files will be +overwritten when opened\&. By default, the log files will be appended +to\&. +.IP +.IP "\fB-H filename\fP" +NetBIOS lmhosts file\&. +.IP +The lmhosts file is a list of NetBIOS names to IP addresses that is +loaded by the nmbd server and used via the name resolution mechanism +\fIname resolve order\fP described in \fBsmbd\&.conf (5)\fP to resolve any +NetBIOS name queries needed by the server\&. Note that the contents of +this file are \fINOT\fP used by nmbd to answer any name queries, adding +a line to this file affects name NetBIOS resolution from this host +\fIONLY\fP\&. +.IP +The default path to this file is compiled into Samba as part of the +build process\&. Common defaults are \fI/usr/local/samba/lib/lmhosts\fP, +\fI/usr/samba/lib/lmhosts\fP or \fI/etc/lmhosts\fP\&. See the \fBlmhosts +(5)\fP man page for details on the contents of this file\&. +.IP +.IP "\fB-d debuglevel\fP" +debuglevel is an integer from 0 to 10\&. +.IP +The default value if this parameter is not specified is zero\&. +.IP +The higher this value, the more detail will be logged to the log files +about the activities of the server\&. At level 0, only critical errors +and serious warnings will be logged\&. Level 1 is a reasonable level for +day to day running - it generates a small amount of information about +operations carried out\&. +.IP +Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem\&. Levels above 3 are +designed for use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic\&. +.IP +Note that specifying this parameter here will override the \fBlog +level\fP parameter in the \fBsmb\&.conf +(5)\fP file\&. +.IP +.IP "\fB-l logfile\fP" +The \fB-l\fP parameter specifies a path and base +filename into which operational data from the running nmbd server will +be logged\&. The actual log file name is generated by appending the +extension "\&.nmb" to the specified base name\&. For example, if the name +specified was "log" then the file log\&.nmb would contain the debugging +data\&. +.IP +The default log file path is is compiled into Samba as part of the +build process\&. Common defaults are \fI/usr/local/samba/var/log\&.nmb\fP, +\fI/usr/samba/var/log\&.nmb\fP or \fI/var/log/log\&.nmb\fP\&. +.IP +.IP "\fB-n primary NetBIOS name\fP" +This option allows you to override +the NetBIOS name that Samba uses for itself\&. This is identical to +setting the \fBNetBIOS name\fP parameter +in the \fBsmb\&.conf\fP file +but will override the setting in the \fBsmb\&.conf\fP file\&. +.IP +.IP "\fB-p UDP port number\fP" +UDP port number is a positive integer value\&. +.IP +This option changes the default UDP port number (normally 137) that +nmbd responds to name queries on\&. Don\'t use this option unless you are +an expert, in which case you won\'t need help! +.IP +.IP "\fB-s configuration file\fP" +The default configuration file name is +set at build time, typically as \fI/usr/local/samba/lib/smb\&.conf\fP, but +this may be changed when Samba is autoconfigured\&. +.IP +The file specified contains the configuration details required by the +server\&. See \fBsmb\&.conf (5)\fP for more information\&. +.IP +.IP "\fB-i scope\fP" +This specifies a NetBIOS scope that the server will use +to communicate with when generating NetBIOS names\&. For details on the +use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes +are \fIvery\fP rarely used, only set this parameter if you are the +system administrator in charge of all the NetBIOS systems you +communicate with\&. +.IP +.IP "\fB-h\fP" +Prints the help information (usage) for nmbd\&. +.IP +.PP +.SH "FILES" +.PP +\fB/etc/inetd\&.conf\fP +.PP +If the server is to be run by the inetd meta-daemon, this file must +contain suitable startup information for the meta-daemon\&. +.PP +\fB/etc/rc\fP +.PP +(or whatever initialisation script your system uses)\&. +.PP +If running the server as a daemon at startup, this file will need to +contain an appropriate startup sequence for the server\&. +.PP +\fB/usr/local/samba/lib/smb\&.conf\fP +.PP +This is the default location of the \fIsmb\&.conf\fP server configuration +file\&. Other common places that systems install this file are +\fI/usr/samba/lib/smb\&.conf\fP and \fI/etc/smb\&.conf\fP\&. +.PP +When run as a \fBWINS\fP server (see the \fBwins support\fP +parameter in the \fBsmb\&.conf (5)\fP man page), \fBnmbd\fP will +store the WINS database in the file \f(CWwins\&.dat\fP in the \f(CWvar/locks\fP directory +configured under wherever Samba was configured to install itself\&. +.PP +If \fBnmbd\fP is acting as a \fBbrowse master\fP (see the \fBlocal master\fP +parameter in the \fBsmb\&.conf (5)\fP man page), \fBnmbd\fP will +store the browsing database in the file \f(CWbrowse\&.dat\fP in the \f(CWvar/locks\fP directory +configured under wherever Samba was configured to install itself\&. +.PP +.SH "SIGNALS" +.PP +To shut down an nmbd process it is recommended that SIGKILL (-9) +\fINOT\fP be used, except as a last resort, as this may leave the name +database in an inconsistant state\&. The correct way to terminate +nmbd is to send it a SIGTERM (-15) signal and wait for it to die on +its own\&. +.PP +nmbd will accept SIGHUP, which will cause it to dump out it\'s +namelists into the file namelist\&.debug in the +\fI/usr/local/samba/var/locks\fP directory (or the \fIvar/locks\fP +directory configured under wherever Samba was configured to install +itself)\&. This will also cause nmbd to dump out it\'s server database in +the log\&.nmb file\&. In addition, the the debug log level of nmbd may be raised +by sending it a SIGUSR1 (\f(CWkill -USR1 \fP) and lowered by sending it a +SIGUSR2 (\f(CWkill -USR2 \fP)\&. This is to allow transient +problems to be diagnosed, whilst still running at a normally low log +level\&. +.PP +.SH "VERSION" +.PP +This man page is correct for version 2\&.0 of the Samba suite\&. +.PP +.SH "SEE ALSO" +.PP +\fBinetd (8)\fP, \fBsmbd (8)\fP, \fBsmb\&.conf +(5)\fP, \fBsmbclient (1)\fP, +\fBtestparm (1)\fP, \fBtestprns +(1)\fP, and the Internet RFC\'s \fBrfc1001\&.txt\fP, +\fBrfc1002\&.txt\fP\&. In addition the CIFS (formerly SMB) specification is +available as a link from the Web page : +http://samba\&.anu\&.edu\&.au/cifs/\&. +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba\&.anu\&.edu\&.au)\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +See \fBsamba (7)\fP to find out how to get a full list of contributors +and details on how to submit bug reports, comments etc\&. diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1 index 50cbbe2c2d..c2b43bb8ea 100644 --- a/docs/manpages/nmblookup.1 +++ b/docs/manpages/nmblookup.1 @@ -1,126 +1,145 @@ -.TH NMBLOOKUP 1 "09 Oct 1998" "nmblookup 2.0.0-alpha11" -.SH NAME -nmblookup \- NBT client used to lookup netbios names -.SH SYNOPSIS -.B nmblookup -[ -.B \-M -] [ -.B \-R -] [ -.B \-S -] [ -.B \-r -] [ -.B \-A -] [ -.B \-B -.I broadcast address -] [ -.B \-U -.I unicast address -] [ -.B \-d -.I debuglevel -] -.B name -.SH DESCRIPTION -This program is part of the Samba suite. - -.B nmblookup -is used to find out NetBIOS names in a network. -.SH OPTIONS -.B \-d -.I debuglevel - -.RS 3 -This option sets the debug level. See -.BR smb.conf (5). -.RE - -.B \-B -.I broadcast address -.RS 3 - -Send the query to the broadcast address -.I broadcast address. -The default behavior of nmblookup is to send the query to the broadcast -address of the primary network interface. -.RE - -.B \-U -.I unicast address -.RS 3 - -Do a unicast query to the specified address or host -.I unicast address. -This is needed to query a WINS server. -.RE - -.B \-M - -.RS 3 -Searches for a master browser. -.RE - -.B \-R - -.RS 3 -Do a recursive lookup (needed to direct the query to the WINS portion -of the server rather than the broadcast portion.) - -.RE - -.B \-S - -.RS 3 -Lookup node status as well. -.RE - -.B \-r - -.RS 3 -Use root port 137 (Win95 only replies to this.) -.RE - -.B \-A - -.RS 3 -Do a node status on as an IP Address. -.RE - -.SH EXAMPLES - -.B nmblookup -can be used to query a WINS server (in the same way -.B nslookup -is used to query DNS servers). To query a WINS server, -.B nmblookup -must be called like this: - -.B nmblookup --U server -R 'query' - -For example, running ' -.B nmblookup --U samba.anu.edu.au -R IRIX#1B' would query the WINS server -samba.anu.edu.au for the domain master browser (1B name) for the -IRIX workgroup. - -.SH VERSION - -This man page is (mostly) correct for version 1.9.16 of the Samba -suite, plus some of the recent patches to it. These notes will -necessarily lag behind development of the software, so it is possible -that your version of the server has extensions or parameter semantics -that differ from or are not covered by this man page. Please notify -these to the address below for rectification. -.SH SEE ALSO -.BR samba (8), -.BR nmbd (8), -.BR smb.conf (5) -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@samba.anu.edu.au). Andrew is also the Keeper -of the Source for this project. - +.TH "nmblookup" "1" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names +.PP +.SH "SYNOPSIS" +.PP +\fBnmblookup\fP [-M] [-R] [-S] [-r] [-A] [-h] [-B broadcast address] [-U unicast address] [-d debuglevel] [-s smb config file] [-i NetBIOS scope] name +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite\&. +.PP +\fBnmblookup\fP is used to query NetBIOS names and map them to IP +addresses in a network using NetBIOS over TCP/IP queries\&. The options +allow the name queries to be directed at a particlar IP broadcast area +or to a particular machine\&. All queries are done over UDP\&. +.PP +.SH "OPTIONS" +.PP +.IP +.IP "\fB-M\fP" +Searches for a master browser\&. This is done by doing a +broadcast lookup on the special name \f(CW__MSBROWSE__\fP\&. +.IP +.IP "\fB-R\fP" +Set the recursion desired bit in the packet to do a +recursive lookup\&. This is used when sending a name query to a machine +running a WINS server and the user wishes to query the names in the +WINS server\&. If this bit is unset the normal (broadcast responding) +NetBIOS processing code on a machine is used instead\&. See rfc1001, +rfc1002 for details\&. +.IP +.IP "\fB-S\fP" +Once the name query has returned an IP address then do a +node status query as well\&. +.IP +.IP "\fB-r\fP" +Try and bind to UDP port 137 to send and receive UDP +datagrams\&. The reason for this option is a bug in Windows 95 where it +ignores the source port of the requesting packet and only replies to +UDP port 137\&. Unfortunately, on most UNIX systems root privillage is +needed to bind to this port, and in addition, if the +\fBnmbd\fP daemon is running on this machine it also +binds to this port\&. +.IP +.IP "\fB-A\fP" +Interpret as an IP Address and do a node status +query on this address\&. +.IP +.IP "\fB-h\fP" +Print a help (usage) message\&. +.IP +.IP "\fB-B broadcast address\fP" +Send the query to the given broadcast +address\&. Without this option the default behavior of nmblookup is to +send the query to the broadcast address of the primary network +interface as either auto-detected or defined in the +\fBinterfaces\fP parameter of the +\fBsmb\&.conf (5)\fP file\&. +.IP +.IP "\fB-U unicast address\fP" +Do a unicast query to the specified +address or host \f(CW"unicast address"\fP\&. This option (along with the +\fB-R\fP option) is needed to query a WINS server\&. +.IP +.IP "\fB-d debuglevel\fP" +debuglevel is an integer from 0 to 10\&. +.IP +The default value if this parameter is not specified is zero\&. +.IP +The higher this value, the more detail will be logged about the +activities of \fBnmblookup\fP\&. At level 0, only critical errors and +serious warnings will be logged\&. +.IP +Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem\&. Levels above 3 are +designed for use only by developers and generate HUGE amounts of +data, most of which is extremely cryptic\&. +.IP +Note that specifying this parameter here will override the \fBlog +level\fP parameter in the \fBsmb\&.conf +(5)\fP file\&. +.IP +.IP "\fB-s smb\&.conf\fP" +This parameter specifies the pathname to the +Samba configuration file, smb\&.conf\&. This file controls all aspects of +the Samba setup on the machine and smbclient also needs to read this +file\&. +.IP +.IP "\fB-i scope\fP" +This specifies a NetBIOS scope that smbclient will use +to communicate with when generating NetBIOS names\&. For details on the +use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes +are \fIvery\fP rarely used, only set this parameter if you are the +system administrator in charge of all the NetBIOS systems you +communicate with\&. +.IP +.IP "\fBname\fP" +This is the NetBIOS name being queried\&. Depending upon +the previous options this may be a NetBIOS name or IP address\&. If a +NetBIOS name then the different name types may be specified by +appending \f(CW#\fP to the name\&. +.IP +.PP +.SH "EXAMPLES" +.PP +\fBnmblookup\fP can be used to query a WINS server (in the same way \&.B +nslookup is used to query DNS servers)\&. To query a WINS server, +nmblookup must be called like this: +.PP +\f(CWnmblookup -U server -R \'name\'\fP +.PP +For example, running : +.PP +\f(CWnmblookup -U samba\&.anu\&.edu\&.au -R IRIX#1B\'\fP +.PP +would query the WINS server samba\&.anu\&.edu\&.au for the domain master +browser (1B name type) for the IRIX workgroup\&. +.PP +.SH "VERSION" +.PP +This man page is correct for version 2\&.0 of the Samba suite\&. +.PP +.SH "SEE ALSO" +.PP +\fBsamba (7)\fP, \fBnmbd (8)\fP, +\fBsmb\&.conf (5)\fP +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba\&.anu\&.edu\&.au)\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +See \fBsamba (7)\fP to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc\&. +.PP diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7 index c87dd4b856..6cb6883e27 100644 --- a/docs/manpages/samba.7 +++ b/docs/manpages/samba.7 @@ -1,202 +1,158 @@ -.TH SAMBA 7 "09 Oct 1998" "samba 2.0.0-alpha11" -.SH NAME -Samba \- a LanManager like fileserver for UNIX -.SH SYNOPSIS -.B Samba -.SH DESCRIPTION -The -.B Samba -software suite is a collection of programs that implements the SMB -protocol for UNIX systems. This protocol is sometimes also referred to -as the LanManager or Netbios protocol. -.SH COMPONENTS - -The Samba suite is made up of several components. Each component is -described in a separate manual page. It is strongly recommended that +.TH "Samba" "7" "23 Oct 1998" "Samba" "" +.PP +.SH "NAME" +Samba \- A Windows SMB/CIFS fileserver for UNIX +.PP +.SH "SYNOPSIS" +\fBSamba\fP +.PP +.SH "DESCRIPTION" +.PP +The Samba software suite is a collection of programs that implements +the Server Message Block(commenly abbreviated as SMB) protocol for +UNIX systems\&. This protocol is sometimes also referred to as the +Common Internet File System (CIFS), LanManager or NetBIOS protocol\&. +.PP +.SH "COMPONENTS" +.PP +The Samba suite is made up of several components\&. Each component is +described in a separate manual page\&. It is strongly recommended that you read the documentation that comes with Samba and the manual pages -of those components that you use. If the manual pages aren't clear -enough then please send me a patch! - -The -.BR smbd (8) -daemon provides the file and print services to SMB clients, -such as Windows for Workgroups, Windows NT or LanManager. The -configuration file for this daemon is described in -.BR smb.conf (5). - -The -.BR nmbd (8) -daemon provides Netbios nameserving and browsing -support. It can also be run interactively to query other name service -daemons. - -The -.BR smbclient (1) -program implements a simple ftp-like client. This is -useful for accessing SMB shares on other compatible servers (such as -WfWg), and can also be used to allow a UNIX box to print to a printer -attached to any SMB server (such as a PC running WfWg). - -The -.BR testparm (1) -utility allows you to test your -.BR smb.conf (5) -configuration file. - +of those components that you use\&. If the manual pages aren\'t clear +enough then please send a patch to \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +.IP +.IP "\fBsmbd\fP" +.br +.br +The \fBsmbd\fP +(8) daemon provides the file and print services to SMB +clients, such as Windows 95/98, Windows NT, Windows for Workgroups or +LanManager\&. The configuration file for this daemon is described in +\fBsmb\&.conf (5)\fP\&. +.IP +.IP "\fBnmbd\fP" +.br +.br +The \fBnmbd\fP +(8) daemon provides NetBIOS nameserving and browsing +support\&. The configuration file for this daemon is described in +\fBsmb\&.conf (5)\fP\&. +.IP +.IP "\fBsmbclient\fP" +.br +.br +The \fBsmbclient\fP +(1) program implements a simple ftp-like +client\&. This is useful for accessing SMB shares on other compatible +servers (such as Windows NT), and can also be used to allow a UNIX box +to print to a printer attached to any SMB server (such as a PC running +Windows NT)\&. +.IP +.IP "\fBtestparm\fP" +.br +.br +The \fBtestparm +(1)\fP utility allows you to test your \fBsmb\&.conf +(5)\fP configuration file\&. +.IP +.IP "\fBtestprns\fP" +.br +.br +the \fBtestprns +(1)\fP utility allows you to test the printers defined +in your printcap file\&. +.IP +.IP "\fBsmbstatus\fP" +.br +.br +The \fBsmbstatus\fP +(1) utility allows you to tell who is currently +using the \fBsmbd (8)\fP server\&. +.IP +.IP "\fBnmblookup\fP" +.br +.br +the +\fBnmblookup (1)\fP utility allows NetBIOS name +queries to be made from the UNIX machine\&. +.IP +.IP "\fBmake_smbcodepage\fP" +.br +.br The -.BR smbstatus (1) -utility allows you to tell who is currently using the -.BR smbd (8) -server. -.SH AVAILABILITY - -The Samba software suite is licensed under the Gnu Public License. A -copy of that license should have come with the package. You are -encouraged to distribute copies of the Samba suite, but please keep it -intact. - +\fBmake_smbcodepage (1)\fP utility allows +you to create SMB code page definition files for your \fBsmbd +(8)\fP server\&. +.IP +.IP "\fBsmbpasswd\fP" +.br +.br +The \fBsmbpasswd +(8)\fP utility allows you to change SMB encrypted +passwords on Samba and Windows NT(tm) servers\&. +.IP +.PP +.SH "AVAILABILITY" +.PP +The Samba software suite is licensed under the GNU Public License +(GPL)\&. A copy of that license should have come with the package in the +file COPYING\&. You are encouraged to distribute copies of the Samba +suite, but please keep obey the terms of this license\&. +.PP The latest version of the Samba suite can be obtained via anonymous -ftp from samba.anu.edu.au in the directory pub/samba/. It is -also available on several mirror sites worldwide. - +ftp from samba\&.anu\&.edu\&.au in the directory pub/samba/\&. It is +also available on several mirror sites worldwide\&. +.PP You may also find useful information about Samba on the newsgroup -comp.protocols.smb and the Samba mailing list. Details on how to join -the mailing list are given in the README file that comes with Samba. - +comp\&.protocols\&.smb and the Samba mailing list\&. Details on how to join +the mailing list are given in the README file that comes with Samba\&. +.PP If you have access to a WWW viewer (such as Netscape or Mosaic) then you will also find lots of useful information, including back issues -of the Samba mailing list, at http://samba.anu.edu.au/samba/ -.SH AUTHOR - -The main author of the Samba suite is Andrew Tridgell. He may be -contacted via e-mail at samba-bugs@samba.anu.edu.au. - -There have also been an enormous number of contributors to Samba from -all over the world. A partial list of these contributors is included -in the CREDITS section below. The list is, however, badly out of -date. More up to date info may be obtained from the change-log that -comes with the Samba source code. -.SH CONTRIBUTIONS - +of the Samba mailing list, at +http://samba\&.anu\&.edu\&.au/samba/\&. +.PP +.SH "VERSION" +.PP +This man page is correct for version 2\&.0 of the Samba suite\&. +.PP +.SH "CONTRIBUTIONS" +.PP If you wish to contribute to the Samba project, then I suggest you -join the Samba mailing list. - +join the Samba mailing list at \fIsamba@samba\&.anu\&.edu\&.au\fP\&. See the +Web page at +http://samba\&.anu\&.edu\&.au/listproc +for details on how to do this\&. +.PP If you have patches to submit or bugs to report then you may mail them -directly to samba-bugs@samba.anu.edu.au. Note, however, that due to the -enormous popularity of this package I may take some time to repond to -mail. I prefer patches in "diff \-u" format. -.SH CREDITS - -Contributors to the project are (in alphabetical order by email address): - -(NOTE: This list is very out of date) - - Adams, Graham - (gadams@ddrive.demon.co.uk) - Allison, Jeremy - (jeremy@netcom.com) - Andrus, Ross - (ross@augie.insci.com) - Auer, Karl - (Karl.Auer@anu.edu.au) - Bogstad, Bill - (bogstad@cs.jhu.edu) - Boreham, Bryan - (Bryan@alex.com) - Boreham, David - (davidb@ndl.co.uk) - Butler, Michael - (imb@asstdc.scgt.oz.au) - ??? - (charlie@edina.demon.co.uk) - Chua, Michael - (lpc@solomon.technet.sg) - Cochran, Marc - (mcochran@wellfleet.com) - Dey, Martin N - (mnd@netmgrs.co.uk) - Errath, Maximilian - (errath@balu.kfunigraz.ac.at) - Fisher, Lee - (leefi@microsoft.com) - Foderaro, Sean - (jkf@frisky.Franz.COM) - Greer, Brad - (brad@cac.washington.edu) - Griffith, Michael A - (grif@cs.ucr.edu) - Grosen, Mark - (MDGrosen@spectron.COM) - ???? - (gunjkoa@dep.sa.gov.au) - Haapanen, Tom - (tomh@metrics.com) - Hench, Mike - (hench@cae.uwm.edu) - Horstman, Mark A - (mh2620@sarek.sbc.com) - Hudson, Tim - (tim.hudson@gslmail.mincom.oz.au) - Hulthen, Erik Magnus - (magnus@axiom.se) - ??? - (imb@asstdc.scgt.oz.au) - Iversen, Per Steinar - (iversen@dsfys1.fi.uib.no) - Kaara, Pasi - (ppk@atk.tpo.fi) - Karman, Merik - (merik@blackadder.dsh.oz.au) - Kiff, Martin - (mgk@newton.npl.co.uk) - Kiick, Chris - (cjkiick@flinx.b11.ingr.com) - Kukulies, Christoph - (kuku@acds.physik.rwth-aachen.de) - ??? - (lance@fox.com) - Leighton, Luke - (lkcl@pires.co.uk) - Lendecke, Volker - (lendecke@namu01.gwdg.de) - ??? - (lonnie@itg.ti.com) - Mahoney, Paul Thomas - (ptm@xact1.xact.com) - Mauelshagen, Heinz - (mauelsha@ez.da.telekom.de) - Merrick, Barry G - (bgm@atml.co.uk) - Mol, Marcel - (marcel@fanout.et.tudeflt.nl) - ??? - (njw@cpsg.com.au) - ??? - (noses@oink.rhein.de) - Owens, John - (john@micros.com) - Pierson, Jacques - (pierson@ketje.enet.dec.com) - Powell, Mark - (mark@scot1.ucsalf.ac.uk) - Reiz, Steven - (sreiz@aie.nl) - Schlaeger, Joerg - (joergs@toppoint.de) - S{rkel{, Vesa - (vesku@rankki.kcl.fi) - Terpstra, John - (jht@aquasoft.com.au) - Tridgell, Andrew - (samba-bugs@samba.anu.edu.au) - Troyer, Dean - (troyer@saifr00.ateng.az.honeywell.com) - Wakelin, Ross - (rossw@march.co.uk) - Wessels, Stefan - (SWESSELS@dos-lan.cs.up.ac.za) - Young, Ian A - (iay@threel.co.uk) - van der Zwan, Paul - (paulzn@olivetti.nl) - +directly to \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. Note, however, that due to +the enormous popularity of this package the Samba Team may take some +time to repond to mail\&. We prefer patches in \fIdiff -u\fP format\&. +.PP +.SH "CREDITS" +.PP +Contributors to the project are now too numerous to mention here but +all deserve the thanks of all Samba users\&. To see a full list, look at +ftp://samba\&.anu\&.edu\&.au/pub/samba/alpha/change-log +for the pre-CVS changes and at +ftp://samba\&.anu\&.edu\&.au/pub/samba/alpha/cvs\&.log +for the contributors to Samba post-CVS\&. CVS is the Open Source source +code control system used by the Samba Team to develop Samba\&. The +project would have been unmanageable without it\&. +.PP +In addition, several commercial organisations now help fund the Samba +Team with money and equipment\&. For details see the Samba Web pages at +http://samba\&.anu\&.edu\&.au/samba/samba-thanks\&.html\&. +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index 569f262006..09ddd148d1 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -1,4300 +1,6241 @@ -.TH SMB.CONF 5 "13 Jun 1998" "smb.conf 1.9.18p8" -.SH NAME -smb.conf \- configuration file for smbd -.SH SYNOPSIS -.B smb.conf -.SH DESCRIPTION -The -.B smb.conf -file is a configuration file for the Samba suite. - -.B smb.conf -contains runtime configuration information for the -.B smbd -program. The -.B smbd -program provides LanManager-like services to clients -using the SMB protocol. -.SH FILE FORMAT -The file consists of sections and parameters. A section begins with the -name of the section in square brackets and continues until the next -section begins. Sections contain parameters of the form 'name = value'. - -The file is line-based - that is, each newline-terminated line represents -either a comment, a section name or a parameter. - -Section and parameter names are not case sensitive. - -Only the first equals sign in a parameter is significant. Whitespace before -or after the first equals sign is discarded. Leading, trailing and internal -whitespace in section and parameter names is irrelevant. Leading and -trailing whitespace in a parameter value is discarded. Internal whitespace -within a parameter value is retained verbatim. - -Any line beginning with a semicolon is ignored, as are lines containing -only whitespace. - -Any line ending in a \e is "continued" on the next line in the -customary UNIX fashion. - -The values following the equals sign in parameters are all either a string -(no quotes needed) or a boolean, which may be given as yes/no, 0/1 or -true/false. Case is not significant in boolean values, but is preserved -in string values. Some items such as create modes are numeric. -.SH SERVICE DESCRIPTIONS -Each section in the configuration file describes a service. The section name -is the service name and the parameters within the section define the service's -attributes. - -There are three special sections, [global], [homes] and [printers], which are -described under 'special sections'. The following notes apply to ordinary -service descriptions. - -A service consists of a directory to which access is being given plus a -description of the access rights which are granted to the user of the -service. Some housekeeping options are also specifiable. - -Services are either filespace services (used by the client as an extension of -their native file systems) or printable services (used by the client to access -print services on the host running the server). - -Services may be guest services, in which case no password is required to -access them. A specified guest account is used to define access privileges -in this case. - -Services other than guest services will require a password to access -them. The client provides the username. As many clients only provide +.TH "smb\&.conf" "5" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +smb\&.conf \- The configuration file for the Samba suite +.PP +.SH "SYNOPSIS" +.PP +\fBsmb\&.conf\fP The \fBsmb\&.conf\fP file is a configuration file for the +Samba suite\&. \fBsmb\&.conf\fP contains runtime configuration information +for the Samba programs\&. The \fBsmb\&.conf\fP file is designed to be +configured and administered by the \fBswat (8)\fP +program\&. The complete description of the file format and possible +parameters held within are here for reference purposes\&. +.PP +.SH "FILE FORMAT" +.PP +The file consists of sections and parameters\&. A section begins with +the name of the section in square brackets and continues until the +next section begins\&. Sections contain parameters of the form +.PP +\f(CW\'name = value\'\fP +.PP +The file is line-based - that is, each newline-terminated line +represents either a comment, a section name or a parameter\&. +.PP +Section and parameter names are not case sensitive\&. +.PP +Only the first equals sign in a parameter is significant\&. Whitespace +before or after the first equals sign is discarded\&. Leading, trailing +and internal whitespace in section and parameter names is +irrelevant\&. Leading and trailing whitespace in a parameter value is +discarded\&. Internal whitespace within a parameter value is retained +verbatim\&. +.PP +Any line beginning with a semicolon (\';\') or a hash (\'#\') character is +ignored, as are lines containing only whitespace\&. +.PP +Any line ending in a \f(CW\'\e\'\fP is "continued" on the next line in the +customary UNIX fashion\&. +.PP +The values following the equals sign in parameters are all either a +string (no quotes needed) or a boolean, which may be given as yes/no, +0/1 or true/false\&. Case is not significant in boolean values, but is +preserved in string values\&. Some items such as create modes are +numeric\&. +.PP +.SH "SECTION DESCRIPTIONS" +.PP +Each section in the configuration file (except for the +\fB[global]\fP section) describes a shared resource (known +as a \fI"share"\fP)\&. The section name is the name of the shared resource +and the parameters within the section define the shares attributes\&. +.PP +There are three special sections, \fB[global]\fP, +\fB[homes]\fP and \fB[printers]\fP, which are +described under \fB\'special sections\'\fP\&. The +following notes apply to ordinary section descriptions\&. +.PP +A share consists of a directory to which access is being given plus +a description of the access rights which are granted to the user of +the service\&. Some housekeeping options are also specifiable\&. +.PP +Sections are either filespace services (used by the client as an +extension of their native file systems) or printable services (used by +the client to access print services on the host running the server)\&. +.PP +Sections may be designated \fBguest\fP services, in which +case no password is required to access them\&. A specified UNIX +\fBguest account\fP is used to define access +privileges in this case\&. +.PP +Sections other than guest services will require a password to access +them\&. The client provides the username\&. As older clients only provide passwords and not usernames, you may specify a list of usernames to -check against the password using the "user=" option in the service -definition. - -Note that the access rights granted by the server are masked by the access -rights granted to the specified or guest user by the host system. The -server does not grant more access than the host system grants. +check against the password using the \fB"user="\fP option in +the share definition\&. For modern clients such as Windows 95/98 and +Windows NT, this should not be neccessary\&. +.PP +Note that the access rights granted by the server are masked by the +access rights granted to the specified or guest UNIX user by the host +system\&. The server does not grant more access than the host system +grants\&. +.PP +The following sample section defines a file space share\&. The user has +write access to the path \f(CW/home/bar\fP\&. The share is accessed via +the share name "foo": +.PP + +.DS + -The following sample section defines a file space service. The user has write -access to the path /home/bar. The service is accessed via the service name -"foo": [foo] path = /home/bar writable = true -The following sample section defines a printable service. The service is -readonly, but printable. That is, the only write access permitted is via -calls to open, write to and close a spool file. The 'guest ok' parameter -means access will be permitted as the default guest user (specified elsewhere): + +.DE + + +.PP +The following sample section defines a printable share\&. The share +is readonly, but printable\&. That is, the only write access permitted +is via calls to open, write to and close a spool file\&. The +\fB\'guest ok\'\fP parameter means access will be permitted +as the default guest user (specified elsewhere): +.PP + +.DS + [aprinter] path = /usr/spool/public read only = true printable = true - public = true -.SH SPECIAL SECTIONS - -.SS The [global] section -.RS 3 -Parameters in this section apply to the server as a whole, or are defaults -for services which do not specifically define certain items. See the notes -under 'Parameters' for more information. -.RE - -.SS The [homes] section -.RS 3 -If a section called 'homes' is included in the configuration file, services -connecting clients to their home directories can be created on the fly by the -server. - -When the connection request is made, the existing services are scanned. If a -match is found, it is used. If no match is found, the requested service name is -treated as a user name and looked up in the local passwords file. If the -name exists and the correct password has been given, a service is created -by cloning the [homes] section. - -Some modifications are then made to the newly created section: - -.RS 3 -The service name is changed from 'homes' to the located username + guest ok = true -If no path was given, the path is set to the user's home directory. -.RE +.DE + -If you decide to use a path= line in your [homes] section then you may -find it useful to use the %S macro. For example path=/data/pchome/%S +.PP +.SH "SPECIAL SECTIONS" +.PP +.IP +.IP "\fBThe [global] section\fP" +.IP +Parameters in this section apply to the server as a whole, or are +defaults for sections which do not specifically define certain +items\&. See the notes under \fB\'PARAMETERS\'\fP for more +information\&. +.IP +.IP "\fBThe [homes] section\fP" +.IP +If a section called \f(CW\'homes\'\fP is included in the configuration file, +services connecting clients to their home directories can be created +on the fly by the server\&. +.IP +When the connection request is made, the existing sections are +scanned\&. If a match is found, it is used\&. If no match is found, the +requested section name is treated as a user name and looked up in the +local password file\&. If the name exists and the correct password has +been given, a share is created by cloning the [homes] section\&. +.IP +Some modifications are then made to the newly created share: +.IP +.IP +.IP o +The share name is changed from \f(CW\'homes\'\fP to the located +username +.IP +.IP o +If no path was given, the path is set to the user\'s home +directory\&. +.IP +.IP +If you decide to use a \fBpath=\fP line in your [homes] +section then you may find it useful to use the \fB%S\fP +macro\&. For example : +.IP +\f(CWpath=/data/pchome/%S\fP +.IP would be useful if you have different home directories for your PCs -than for UNIX access. - -This is a fast and simple way to give a large number of clients access to -their home directories with a minimum of fuss. - -A similar process occurs if the requested service name is "homes", except that -the service name is not changed to that of the requesting user. This method -of using the [homes] section works well if different users share a client PC. - -The [homes] section can specify all the parameters a normal service section -can specify, though some make more sense than others. The following is a -typical and suitable [homes] section: +than for UNIX access\&. +.IP +This is a fast and simple way to give a large number of clients access +to their home directories with a minimum of fuss\&. +.IP +A similar process occurs if the requested section name is \f(CW"homes"\fP, +except that the share name is not changed to that of the requesting +user\&. This method of using the [homes] section works well if different +users share a client PC\&. +.IP +The [homes] section can specify all the parameters a normal service +section can specify, though some make more sense than others\&. The +following is a typical and suitable [homes] section: +.IP + +.DS + [homes] writable = yes -An important point: - -.RS 3 -If guest access is specified in the [homes] section, all home directories will -be accessible to all clients -.B without a password. -In the very unlikely event -that this is actually desirable, it would be wise to also specify read only -access. -.RE -.RE - -Note that the browseable flag for auto home directories will be -inherited from the global browseable flag, not the [homes] browseable -flag. This is useful as it means setting browseable=no in the [homes] -section will hide the [homes] service but make any auto home -directories visible. - -.SS The [printers] section -.RS 3 -This section works like [homes], but for printers. - -If a [printers] section occurs in the configuration file, users are able -to connect to any printer specified in the local host's printcap file. - -When a connection request is made, the existing services are scanned. If a -match is found, it is used. If no match is found, but a [homes] section -exists, it is used as described above. Otherwise, the requested service name is -treated as a printer name and the appropriate printcap file is scanned to -see if the requested service name is a valid printer name. If a match is -found, a new service is created by cloning the [printers] section. - -A few modifications are then made to the newly created section: - -.RS 3 -The service name is set to the located printer name - -If no printer name was given, the printer name is set to the located printer -name - -If the service does not permit guest access and no username was given, the -username is set to the located printer name. -.RE - -Note that the [printers] service MUST be printable - if you specify otherwise, -the server will refuse to load the configuration file. +.DE + -Typically the path specified would be that of a world-writable spool directory -with the sticky bit set on it. A typical [printers] entry would look like this: +.IP +An important point is that if guest access is specified in the [homes] +section, all home directories will be visible to all clients +\fBwithout a password\fP\&. In the very unlikely event that this is +actually desirable, it would be wise to also specify \fBread only +access\fP\&. +.IP +Note that the \fBbrowseable\fP flag for auto home +directories will be inherited from the global browseable flag, not the +[homes] browseable flag\&. This is useful as it means setting +browseable=no in the [homes] section will hide the [homes] share but +make any auto home directories visible\&. +.IP +.IP "\fBThe [printers] section\fP" +.IP +This section works like \fB[homes]\fP, but for printers\&. +.IP +If a [printers] section occurs in the configuration file, users are +able to connect to any printer specified in the local host\'s printcap +file\&. +.IP +When a connection request is made, the existing sections are +scanned\&. If a match is found, it is used\&. If no match is found, but a +\fB[homes]\fP section exists, it is used as described +above\&. Otherwise, the requested section name is treated as a printer +name and the appropriate printcap file is scanned to see if the +requested section name is a valid printer share name\&. If a match is +found, a new printer share is created by cloning the [printers] +section\&. +.IP +A few modifications are then made to the newly created share: +.IP +.IP +.IP o +The share name is set to the located printer name +.IP +.IP o +If no printer name was given, the printer name is set to the +located printer name +.IP +.IP o +If the share does not permit guest access and no username was +given, the username is set to the located printer name\&. +.IP +.IP +Note that the [printers] service MUST be printable - if you specify +otherwise, the server will refuse to load the configuration file\&. +.IP +Typically the path specified would be that of a world-writable spool +directory with the sticky bit set on it\&. A typical [printers] entry +would look like this: +.IP + +.DS + [printers] path = /usr/spool/public writable = no - public = yes + guest ok = yes printable = yes -All aliases given for a printer in the printcap file are legitimate printer -names as far as the server is concerned. If your printing subsystem doesn't -work like that, you will have to set up a pseudo-printcap. This is a file -consisting of one or more lines like this: - - alias|alias|alias|alias... +.DE + -Each alias should be an acceptable printer name for your printing -subsystem. In the [global] section, specify the new file as your printcap. -The server will then only recognise names found in your pseudo-printcap, -which of course can contain whatever aliases you like. The same technique -could be used simply to limit access to a subset of your local printers. +.IP +All aliases given for a printer in the printcap file are legitimate +printer names as far as the server is concerned\&. If your printing +subsystem doesn\'t work like that, you will have to set up a +pseudo-printcap\&. This is a file consisting of one or more lines like +this: +.IP -An alias, by the way, is defined as any component of the first entry of a -printcap record. Records are separated by newlines, components (if there are -more than one) are separated by vertical bar symbols ("|"). +.DS + + alias|alias|alias|alias\&.\&.\&. +.DE + +.IP +Each alias should be an acceptable printer name for your printing +subsystem\&. In the \fB[global]\fP section, specify the new +file as your printcap\&. The server will then only recognise names +found in your pseudo-printcap, which of course can contain whatever +aliases you like\&. The same technique could be used simply to limit +access to a subset of your local printers\&. +.IP +An alias, by the way, is defined as any component of the first entry +of a printcap record\&. Records are separated by newlines, components +(if there are more than one) are separated by vertical bar symbols +("|")\&. +.IP NOTE: On SYSV systems which use lpstat to determine what printers are -defined on the system you may be able to use "printcap name = lpstat" -to automatically obtain a list of printers. See the "printcap name" -option for more detils. - -.RE -.SH PARAMETERS -Parameters define the specific attributes of services. - -Some parameters are specific to the [global] section (eg., security). -Some parameters are usable in all sections (eg., create mode). All others are -permissible only in normal sections. For the purposes of the following -descriptions the [homes] and [printers] sections will be considered normal. -The letter 'G' in parentheses indicates that a parameter is specific to the -[global] section. The letter 'S' indicates that a parameter can be -specified in a service specific section. Note that all S parameters -can also be specified in the [global] section - in which case they -will define the default behaviour for all services. - -Parameters are arranged here in alphabetical order - this may not create -best bedfellows, but at least you can find them! Where there are synonyms, -the preferred synonym is described, others refer to the preferred synonym. - -.SS VARIABLE SUBSTITUTIONS - +defined on the system you may be able to use \fB"printcap name = +lpstat"\fP to automatically obtain a list of +printers\&. See the \fB"printcap name"\fP option for +more detils\&. +.IP +.PP +.SH "PARAMETERS" +.PP +Parameters define the specific attributes of sections\&. +.PP +Some parameters are specific to the \fB[global]\fP section +(eg\&., \fBsecurity\fP)\&. Some parameters are usable in +all sections (eg\&., \fBcreate mode\fP)\&. All others are +permissible only in normal sections\&. For the purposes of the following +descriptions the \fB[homes]\fP and +\fB[printers]\fP sections will be considered normal\&. +The letter \f(CW\'G\'\fP in parentheses indicates that a parameter is +specific to the \fB[global]\fP section\&. The letter \f(CW\'S\'\fP +indicates that a parameter can be specified in a service specific +section\&. Note that all \f(CW\'S\'\fP parameters can also be specified in the +\fB[global]\fP section - in which case they will define +the default behaviour for all services\&. +.PP +Parameters are arranged here in alphabetical order - this may not +create best bedfellows, but at least you can find them! Where there +are synonyms, the preferred synonym is described, others refer to the +preferred synonym\&. +.PP +.SH "VARIABLE SUBSTITUTIONS" +.PP Many of the strings that are settable in the config file can take -substitutions. For example the option "path = /tmp/%u" would be -interpreted as "path = /tmp/john" if the user connected with the -username john. - +substitutions\&. For example the option \fB\f(CW"path = +/tmp/%u"\fP\fP would be interpreted as \f(CW"path = /tmp/john"\fP if +the user connected with the username john\&. +.PP These substitutions are mostly noted in the descriptions below, but -there are some general substitutions which apply whenever they might be -relevant. These are: - -%S = the name of the current service, if any - -%P = the root directory of the current service, if any - -%u = user name of the current service, if any - -%g = primary group name of %u - -%U = session user name (the user name that the client wanted, not -necessarily the same as the one they got) - -%G = primary group name of %U - -%H = the home directory of the user given by %u - -%v = the Samba version - -%h = the hostname that Samba is running on - -%m = the netbios name of the client machine (very useful) - -%L = the netbios name of the server. This allows you to change your -config based on what the client calls you. Your server can have a "dual -personality". - -%M = the internet name of the client machine - -%N = the name of your NIS home directory server. This is obtained from -your NIS auto.map entry. If you have not compiled Samba with -DAUTOMOUNT -then this value will be the same as %L. - -%p = the path of the service's home directory, obtained from your NIS -auto.map entry. The NIS auto.map entry is split up as "%N:%p". - -%R = the selected protocol level after protocol negotiation. As of -Samba 1.9.18 it can be one of CORE, COREPLUS, LANMAN1, LANMAN2 or NT1. - -%d = The process id of the current server process - -%a = the architecture of the remote machine. Only some are recognised, -and those may not be 100% reliable. It currently recognises Samba, -WfWg, WinNT and Win95. Anything else will be known as "UNKNOWN". If it -gets it wrong then sending me a level 3 log should allow me to fix it. - -%I = The IP address of the client machine - -%T = the current date and time - +there are some general substitutions which apply whenever they might +be relevant\&. These are: +.PP +.IP +.IP o +\fB%S\fP = the name of the current service, if any\&. +.IP +.IP o +\fB%P\fP = the root directory of the current service, if any\&. +.IP +.IP o +\fB%u\fP = user name of the current service, if any\&. +.IP +.IP o +\fB%g\fP = primary group name of \fB%u\fP\&. +.IP +.IP o +\fB%U\fP = session user name (the user name that +the client wanted, not necessarily the same as the one they got)\&. +.IP +.IP o +\fB%G\fP = primary group name of \fB%U\fP\&. +.IP +.IP o +\fB%H\fP = the home directory of the user given by \fB%u\fP\&. +.IP +.IP o +\fB%v\fP = the Samba version\&. +.IP +.IP o +\fB%h\fP = the internet hostname that Samba is running on\&. +.IP +.IP o +\fB%m\fP = the NetBIOS name of the client machine (very useful)\&. +.IP +.IP o +\fB%L\fP = the NetBIOS name of the server\&. This allows you to change your +config based on what the client calls you\&. Your server can have a "dual +personality"\&. +.IP +.IP o +\fB%M\fP = the internet name of the client machine\&. +.IP +.IP o +\fB%N\fP = the name of your NIS home directory server\&. This is +obtained from your NIS auto\&.map entry\&. If you have not compiled Samba +with the \fB--with-automount\fP option then this value will be the same +as \fB%L\fP\&. +.IP +.IP o +\fB%p\fP = the path of the service\'s home directory, obtained from your NIS +auto\&.map entry\&. The NIS auto\&.map entry is split up as "%N:%p"\&. +.IP +.IP o +\fB%R\fP = the selected protocol level after protocol +negotiation\&. It can be one of CORE, COREPLUS, LANMAN1, LANMAN2 or NT1\&. +.IP +.IP o +\fB%d\fP = The process id of the current server process\&. +.IP +.IP o +\fB%a\fP = the architecture of the remote +machine\&. Only some are recognised, and those may not be 100% +reliable\&. It currently recognises Samba, WfWg, WinNT and +Win95\&. Anything else will be known as "UNKNOWN"\&. If it gets it wrong +then sending a level 3 log to \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP +should allow it to be fixed\&. +.IP +.IP o +\fB%I\fP = The IP address of the client machine\&. +.IP +.IP o +\fB%T\fP = the current date and time\&. +.IP +.PP There are some quite creative things that can be done with these -substitutions and other smb.conf options. - -.SS NAME MANGLING - -Samba supports "name mangling" so that DOS and Windows clients can use -files that don't conform to the 8.3 format. It can also be set to adjust -the case of 8.3 format filenames. - +substitutions and other smb\&.conf options\&. +.PP +.SH "NAME MANGLING" +.PP +Samba supports \fI"name mangling"\fP so that DOS and Windows clients can +use files that don\'t conform to the 8\&.3 format\&. It can also be set to +adjust the case of 8\&.3 format filenames\&. +.PP There are several options that control the way mangling is performed, -and they are grouped here rather than listed separately. For the -defaults look at the output of the testparm program. - +and they are grouped here rather than listed separately\&. For the +defaults look at the output of the testparm program\&. +.PP All of these options can be set separately for each service (or -globally, of course). - +globally, of course)\&. +.PP The options are: +.PP +\fB"mangle case = yes/no"\fP controls if names that have characters that +aren\'t of the "default" case are mangled\&. For example, if this is yes +then a name like \f(CW"Mail"\fP would be mangled\&. Default \fIno\fP\&. +.PP +\fB"case sensitive = yes/no"\fP controls whether filenames are case +sensitive\&. If they aren\'t then Samba must do a filename search and +match on passed names\&. Default \fIno\fP\&. +.PP +\fB"default case = upper/lower"\fP controls what the default case is for new +filenames\&. Default \fIlower\fP\&. +.PP +\fB"preserve case = yes/no"\fP controls if new files are created with the +case that the client passes, or if they are forced to be the \f(CW"default"\fP +case\&. Default \fIYes\fP\&. +.PP +.PP +\fB"short preserve case = yes/no"\fP controls if new files which conform +to 8\&.3 syntax, that is all in upper case and of suitable length, are +created upper case, or if they are forced to be the \f(CW"default"\fP +case\&. This option can be use with \fB"preserve case = +yes"\fP to permit long filenames to retain their +case, while short names are lowered\&. Default \fIYes\fP\&. +.PP +By default, Samba 2\&.0 has the same semantics as a Windows NT +server, in that it is case insensitive but case preserving\&. +.PP +.SH "NOTE ABOUT USERNAME/PASSWORD VALIDATION" +.PP +There are a number of ways in which a user can connect to a +service\&. The server follows the following steps in determining if it +will allow a connection to a specified service\&. If all the steps fail +then the connection request is rejected\&. If one of the steps pass then +the following steps are not checked\&. +.PP +If the service is marked \fB"guest only = yes"\fP then +steps 1 to 5 are skipped\&. +.PP +.IP +.IP 1\&. +Step 1: If the client has passed a username/password pair and +that username/password pair is validated by the UNIX system\'s password +programs then the connection is made as that username\&. Note that this +includes the \f(CW\e\eserver\eservice%username\fP method of passing a +username\&. +.IP +.IP 2\&. +Step 2: If the client has previously registered a username with +the system and now supplies a correct password for that username then +the connection is allowed\&. +.IP +.IP 3\&. +Step 3: The client\'s netbios name and any previously used user +names are checked against the supplied password, if they match then +the connection is allowed as the corresponding user\&. +.IP +.IP 4\&. +Step 4: If the client has previously validated a +username/password pair with the server and the client has passed the +validation token then that username is used\&. This step is skipped if +\fB"revalidate = yes"\fP for this service\&. +.IP +.IP 5\&. +Step 5: If a \fB"user = "\fP field is given in the +smb\&.conf file for the service and the client has supplied a password, +and that password matches (according to the UNIX system\'s password +checking) with one of the usernames from the \fBuser=\fP +field then the connection is made as the username in the +\fB"user="\fP line\&. If one of the username in the +\fBuser=\fP list begins with a \f(CW\'@\'\fP then that name +expands to a list of names in the group of the same name\&. +.IP +.IP 6\&. +Step 6: If the service is a guest service then a connection is +made as the username given in the \fB"guest account +="\fP for the service, irrespective of the supplied +password\&. +.IP +.PP +.SH "COMPLETE LIST OF GLOBAL PARAMETERS" +.PP +Here is a list of all global parameters\&. See the section of each +parameter for details\&. Note that some are synonyms\&. +.PP +.IP +.IP o +\fBannounce as\fP +.IP +.IP o +\fBannounce version\fP +.IP +.IP o +\fBauto services\fP +.IP +.IP o +\fBbind interfaces only\fP +.IP +.IP o +\fBbrowse list\fP +.IP +.IP o +\fBchange notify timeout\fP +.IP +.IP o +\fBcharacter set\fP +.IP +.IP o +\fBclient code page\fP +.IP +.IP o +\fBcoding system\fP +.IP +.IP o +\fBconfig file\fP +.IP +.IP o +\fBdeadtime\fP +.IP +.IP o +\fBdebug timestamp\fP +.IP +.IP o +\fBdebuglevel\fP +.IP +.IP o +\fBdefault\fP +.IP +.IP o +\fBdefault service\fP +.IP +.IP o +\fBdfree command\fP +.IP +.IP o +\fBdns proxy\fP +.IP +.IP o +\fBdomain admin group\fP +.IP +.IP o +\fBdomain admin users\fP +.IP +.IP o +\fBdomain controller\fP +.IP +.IP o +\fBdomain groups\fP +.IP +.IP o +\fBdomain guest group\fP +.IP +.IP o +\fBdomain guest users\fP +.IP +.IP o +\fBdomain logons\fP +.IP +.IP o +\fBdomain master\fP +.IP +.IP o +\fBencrypt passwords\fP +.IP +.IP o +\fBgetwd cache\fP +.IP +.IP o +\fBhomedir map\fP +.IP +.IP o +\fBhosts equiv\fP +.IP +.IP o +\fBinterfaces\fP +.IP +.IP o +\fBkeepalive\fP +.IP +.IP o +\fBkernel oplocks\fP +.IP +.IP o +\fBldap filter\fP +.IP +.IP o +\fBldap port\fP +.IP +.IP o +\fBldap root\fP +.IP +.IP o +\fBldap root passwd\fP +.IP +.IP o +\fBldap server\fP +.IP +.IP o +\fBldap suffix\fP +.IP +.IP o +\fBlm announce\fP +.IP +.IP o +\fBlm interval\fP +.IP +.IP o +\fBload printers\fP +.IP +.IP o +\fBlocal master\fP +.IP +.IP o +\fBlock dir\fP +.IP +.IP o +\fBlock directory\fP +.IP +.IP o +\fBlog file\fP +.IP +.IP o +\fBlog level\fP +.IP +.IP o +\fBlogon drive\fP +.IP +.IP o +\fBlogon home\fP +.IP +.IP o +\fBlogon path\fP +.IP +.IP o +\fBlogon script\fP +.IP +.IP o +\fBlpq cache time\fP +.IP +.IP o +\fBmachine password timeout\fP +.IP +.IP o +\fBmangled stack\fP +.IP +.IP o +\fBmax disk size\fP +.IP +.IP o +\fBmax log size\fP +.IP +.IP o +\fBmax mux\fP +.IP +.IP o +\fBmax open files\fP +.IP +.IP o +\fBmax packet\fP +.IP +.IP o +\fBmax ttl\fP +.IP +.IP o +\fBmax wins ttl\fP +.IP +.IP o +\fBmax xmit\fP +.IP +.IP o +\fBmessage command\fP +.IP +.IP o +\fBmin wins ttl\fP +.IP +.IP o +\fBname resolve order\fP +.IP +.IP o +\fBnetbios aliases\fP +.IP +.IP o +\fBnetbios name\fP +.IP +.IP o +\fBnis homedir\fP +.IP +.IP o +\fBnt pipe support\fP +.IP +.IP o +\fBnt smb support\fP +.IP +.IP o +\fBnull passwords\fP +.IP +.IP o +\fBole locking compatibility\fP +.IP +.IP o +\fBos level\fP +.IP +.IP o +\fBpacket size\fP +.IP +.IP o +\fBpanic action\fP +.IP +.IP o +\fBpasswd chat\fP +.IP +.IP o +\fBpasswd chat debug\fP +.IP +.IP o +\fBpasswd program\fP +.IP +.IP o +\fBpassword level\fP +.IP +.IP o +\fBpassword server\fP +.IP +.IP o +\fBprefered master\fP +.IP +.IP o +\fBpreferred master\fP +.IP +.IP o +\fBpreload\fP +.IP +.IP o +\fBprintcap\fP +.IP +.IP o +\fBprintcap name\fP +.IP +.IP o +\fBprinter driver file\fP +.IP +.IP o +\fBprotocol\fP +.IP +.IP o +\fBread bmpx\fP +.IP +.IP o +\fBread prediction\fP +.IP +.IP o +\fBread raw\fP +.IP +.IP o +\fBread size\fP +.IP +.IP o +\fBremote announce\fP +.IP +.IP o +\fBremote browse sync\fP +.IP +.IP o +\fBroot\fP +.IP +.IP o +\fBroot dir\fP +.IP +.IP o +\fBroot directory\fP +.IP +.IP o +\fBsecurity\fP +.IP +.IP o +\fBserver string\fP +.IP +.IP o +\fBshared mem size\fP +.IP +.IP o +\fBsmb passwd file\fP +.IP +.IP o +\fBsmbrun\fP +.IP +.IP o +\fBsocket address\fP +.IP +.IP o +\fBsocket options\fP +.IP +.IP o +\fBssl\fP +.IP +.IP o +\fBssl CA certDir\fP +.IP +.IP o +\fBssl CA certFile\fP +.IP +.IP o +\fBssl ciphers\fP +.IP +.IP o +\fBssl client cert\fP +.IP +.IP o +\fBssl client key\fP +.IP +.IP o +\fBssl compatibility\fP +.IP +.IP o +\fBssl hosts\fP +.IP +.IP o +\fBssl hosts resign\fP +.IP +.IP o +\fBssl require clientcert\fP +.IP +.IP o +\fBssl require servercert\fP +.IP +.IP o +\fBssl server cert\fP +.IP +.IP o +\fBssl server key\fP +.IP +.IP o +\fBssl version\fP +.IP +.IP o +\fBstat cache\fP +.IP +.IP o +\fBstat cache size\fP +.IP +.IP o +\fBstrip dot\fP +.IP +.IP o +\fBsyslog\fP +.IP +.IP o +\fBsyslog only\fP +.IP +.IP o +\fBtime offset\fP +.IP +.IP o +\fBtime server\fP +.IP +.IP o +\fBtimestamp logs\fP +.IP +.IP o +\fBunix password sync\fP +.IP +.IP o +\fBunix realname\fP +.IP +.IP o +\fBupdate encrypted\fP +.IP +.IP o +\fBuse rhosts\fP +.IP +.IP o +\fBusername level\fP +.IP +.IP o +\fBusername map\fP +.IP +.IP o +\fBvalid chars\fP +.IP +.IP o +\fBwins proxy\fP +.IP +.IP o +\fBwins server\fP +.IP +.IP o +\fBwins support\fP +.IP +.IP o +\fBworkgroup\fP +.IP +.IP o +\fBwrite raw\fP +.IP +.PP +.SH "COMPLETE LIST OF SERVICE PARAMETERS" +.PP +Here is a list of all service parameters\&. See the section of each +parameter for details\&. Note that some are synonyms\&. +.PP +.IP +.IP o +\fBadmin users\fP +.IP +.IP o +\fBallow hosts\fP +.IP +.IP o +\fBalternate permissions\fP +.IP +.IP o +\fBavailable\fP +.IP +.IP o +\fBblocking locks\fP +.IP +.IP o +\fBbrowsable\fP +.IP +.IP o +\fBbrowseable\fP +.IP +.IP o +\fBcase sensitive\fP +.IP +.IP o +\fBcasesignames\fP +.IP +.IP o +\fBcomment\fP +.IP +.IP o +\fBcopy\fP +.IP +.IP o +\fBcreate mask\fP +.IP +.IP o +\fBcreate mode\fP +.IP +.IP o +\fBdefault case\fP +.IP +.IP o +\fBdelete readonly\fP +.IP +.IP o +\fBdelete veto files\fP +.IP +.IP o +\fBdeny hosts\fP +.IP +.IP o +\fBdirectory\fP +.IP +.IP o +\fBdirectory mask\fP +.IP +.IP o +\fBdirectory mode\fP +.IP +.IP o +\fBdont descend\fP +.IP +.IP o +\fBdos filetime resolution\fP +.IP +.IP o +\fBdos filetimes\fP +.IP +.IP o +\fBexec\fP +.IP +.IP o +\fBfake directory create times\fP +.IP +.IP o +\fBfake oplocks\fP +.IP +.IP o +\fBfollow symlinks\fP +.IP +.IP o +\fBforce create mode\fP +.IP +.IP o +\fBforce directory mode\fP +.IP +.IP o +\fBforce group\fP +.IP +.IP o +\fBforce user\fP +.IP +.IP o +\fBfstype\fP +.IP +.IP o +\fBgroup\fP +.IP +.IP o +\fBguest account\fP +.IP +.IP o +\fBguest ok\fP +.IP +.IP o +\fBguest only\fP +.IP +.IP o +\fBhide dot files\fP +.IP +.IP o +\fBhide files\fP +.IP +.IP o +\fBhosts allow\fP +.IP +.IP o +\fBhosts deny\fP +.IP +.IP o +\fBinclude\fP +.IP +.IP o +\fBinvalid users\fP +.IP +.IP o +\fBlocking\fP +.IP +.IP o +\fBlppause command\fP +.IP +.IP o +\fBlpq command\fP +.IP +.IP o +\fBlpresume command\fP +.IP +.IP o +\fBlprm command\fP +.IP +.IP o +\fBmagic output\fP +.IP +.IP o +\fBmagic script\fP +.IP +.IP o +\fBmangle case\fP +.IP +.IP o +\fBmangled map\fP +.IP +.IP o +\fBmangled names\fP +.IP +.IP o +\fBmangling char\fP +.IP +.IP o +\fBmap archive\fP +.IP +.IP o +\fBmap hidden\fP +.IP +.IP o +\fBmap system\fP +.IP +.IP o +\fBmap to guest\fP +.IP +.IP o +\fBmax connections\fP +.IP +.IP o +\fBmin print space\fP +.IP +.IP o +\fBonly guest\fP +.IP +.IP o +\fBonly user\fP +.IP +.IP o +\fBoplocks\fP +.IP +.IP o +\fBpath\fP +.IP +.IP o +\fBpostexec\fP +.IP +.IP o +\fBpostscript\fP +.IP +.IP o +\fBpreexec\fP +.IP +.IP o +\fBpreserve case\fP +.IP +.IP o +\fBprint command\fP +.IP +.IP o +\fBprint ok\fP +.IP +.IP o +\fBprintable\fP +.IP +.IP o +\fBprinter\fP +.IP +.IP o +\fBprinter driver\fP +.IP +.IP o +\fBprinter driver location\fP +.IP +.IP o +\fBprinter name\fP +.IP +.IP o +\fBprinting\fP +.IP +.IP o +\fBpublic\fP +.IP +.IP o +\fBqueuepause command\fP +.IP +.IP o +\fBqueueresume command\fP +.IP +.IP o +\fBread list\fP +.IP +.IP o +\fBread only\fP +.IP +.IP o +\fBrevalidate\fP +.IP +.IP o +\fBroot postexec\fP +.IP +.IP o +\fBroot preexec\fP +.IP +.IP o +\fBset directory\fP +.IP +.IP o +\fBshare modes\fP +.IP +.IP o +\fBshort preserve case\fP +.IP +.IP o +\fBstatus\fP +.IP +.IP o +\fBstrict locking\fP +.IP +.IP o +\fBstrict sync\fP +.IP +.IP o +\fBsync always\fP +.IP +.IP o +\fBuser\fP +.IP +.IP o +\fBusername\fP +.IP +.IP o +\fBusers\fP +.IP +.IP o +\fBvalid users\fP +.IP +.IP o +\fBveto files\fP +.IP +.IP o +\fBveto oplock files\fP +.IP +.IP o +\fBvolume\fP +.IP +.IP o +\fBwide links\fP +.IP +.IP o +\fBwritable\fP +.IP +.IP o +\fBwrite list\fP +.IP +.IP o +\fBwrite ok\fP +.IP +.IP o +\fBwriteable\fP +.IP +.PP +.SH "EXPLANATION OF EACH PARAMETER" +.PP +.IP +.IP "\fBadmin users (S)\fP" +.IP +This is a list of users who will be granted administrative privileges +on the share\&. This means that they will do all file operations as the +super-user (root)\&. +.IP +You should use this option very carefully, as any user in this list +will be able to do anything they like on the share, irrespective of +file permissions\&. +.IP +\fBDefault:\fP +.br +\f(CW no admin users\fP +.IP +\fBExample:\fP +.br +\f(CW admin users = jason\fP +.IP +.IP "\fBallow hosts (S)\fP" +.IP +A synonym for this parameter is \fB\'hosts allow\'\fP +.IP +This parameter is a comma, space, or tab delimited set of hosts which +are permitted to access a service\&. +.IP +If specified in the \fB[global]\fP section then it will +apply to all services, regardless of whether the individual service +has a different setting\&. +.IP +You can specify the hosts by name or IP number\&. For example, you could +restrict access to only the hosts on a Class C subnet with something +like \f(CW"allow hosts = 150\&.203\&.5\&."\fP\&. The full syntax of the list is +described in the man page \fBhosts_access (5)\fP\&. Note that this man +page may not be present on your system, so a brief description will +be given here also\&. +.IP +\fINOTE:\fP IF you wish to allow the \fBsmbpasswd +(8)\fP program to be run by local users to change +their Samba passwords using the local \fBsmbd (8)\fP +daemon, then you \fIMUST\fP ensure that the localhost is listed in your +\fBallow hosts\fP list, as \fBsmbpasswd (8)\fP runs +in client-server mode and is seen by the local +\fBsmbd\fP process as just another client\&. +.IP +You can also specify hosts by network/netmask pairs and by netgroup +names if your system supports netgroups\&. The \fIEXCEPT\fP keyword can also +be used to limit a wildcard list\&. The following examples may provide +some help: +.IP +\fBExample 1\fP: allow localhost and all IPs in 150\&.203\&.*\&.* except one +.IP +\f(CW hosts allow = localhost, 150\&.203\&. EXCEPT 150\&.203\&.6\&.66\fP +.IP +\fBExample 2\fP: allow localhost and hosts that match the given network/netmask +.IP +\f(CW hosts allow = localhost, 150\&.203\&.15\&.0/255\&.255\&.255\&.0\fP +.IP +\fBExample 3\fP: allow a localhost plus a couple of hosts +.IP +\f(CW hosts allow = localhost, lapland, arvidsjaur\fP +.IP +\fBExample 4\fP: allow only hosts in NIS netgroup "foonet" or localhost, but +deny access from one particular host +.IP +\f(CW hosts allow = @foonet, localhost\fP +\f(CW hosts deny = pirate\fP +.IP +Note that access still requires suitable user-level passwords\&. +.IP +See \fBtestparm (1)\fP for a way of testing your +host access to see if it does what you expect\&. +.IP +\fBDefault:\fP +\f(CW none (i\&.e\&., all hosts permitted access)\fP +.IP +\fBExample:\fP +\f(CW allow hosts = 150\&.203\&.5\&. localhost myhost\&.mynet\&.edu\&.au\fP +.IP +.IP "\fBalternate permissions (S)\fP" +.IP +This is a deprecated parameter\&. It no longer has any effect in Samba2\&.0\&. +In previous versions of Samba it affected the way the DOS "read only" +attribute was mapped for a file\&. In Samba2\&.0 a file is marked "read only" +if the UNIX file does not have the \'w\' bit set for the owner of the file, +regardless if the owner of the file is the currently logged on user or not\&. +.IP +.IP "\fBannounce as (G)\fP" +.IP +This specifies what type of server \fBnmbd\fP will +announce itself as, to a network neighborhood browse list\&. By default +this is set to Windows NT\&. The valid options are : "NT", "Win95" or +"WfW" meaining Windows NT, Windows 95 and Windows for Workgroups +respectively\&. Do not change this parameter unless you have a specific +need to stop Samba appearing as an NT server as this may prevent Samba +servers from participating as browser servers correctly\&. +.IP +\fBDefault:\fP +\f(CW announce as = NT\fP +.IP +\fBExample\fP +\f(CW announce as = Win95\fP +.IP +.IP "\fBannounce version (G)\fP" +.IP +This specifies the major and minor version numbers that nmbd will use +when announcing itself as a server\&. The default is 4\&.2\&. Do not change +this parameter unless you have a specific need to set a Samba server +to be a downlevel server\&. +.IP +\fBDefault:\fP +\f(CW announce version = 4\&.2\fP +.IP +\fBExample:\fP +\f(CW announce version = 2\&.0\fP +.IP +.IP "\fBauto services (G)\fP" +.IP +This is a list of services that you want to be automatically added to +the browse lists\&. This is most useful for homes and printers services +that would otherwise not be visible\&. +.IP +Note that if you just want all printers in your printcap file loaded +then the \fB"load printers"\fP option is easier\&. +.IP +\fBDefault:\fP +\f(CW no auto services\fP +.IP +\fBExample:\fP +\f(CW auto services = fred lp colorlp\fP +.IP +.IP "\fBavailable (S)\fP" +.IP +This parameter lets you \fI\'turn off\'\fP a service\&. If \f(CW\'available = no\'\fP, +then \fIALL\fP attempts to connect to the service will fail\&. Such failures +are logged\&. +.IP +\fBDefault:\fP +\f(CW available = yes\fP +.IP +\fBExample:\fP +\f(CW available = no\fP +.IP +.IP "\fBbind interfaces only (G)\fP" +.IP +This global parameter allows the Samba admin to limit what interfaces +on a machine will serve smb requests\&. If affects file service +\fBsmbd\fP and name service \fBnmbd\fP +in slightly different ways\&. +.IP +For name service it causes \fBnmbd\fP to bind to ports +137 and 138 on the interfaces listed in the +\fB\'interfaces\'\fP +parameter\&. \fBnmbd\fP also binds to the \'all +addresses\' interface (0\&.0\&.0\&.0) on ports 137 and 138 for the purposes +of reading broadcast messages\&. If this option is not set then +\fBnmbd\fP will service name requests on all of these +sockets\&. If \fB"bind interfaces only"\fP is set then +\fBnmbd\fP will check the source address of any +packets coming in on the broadcast sockets and discard any that don\'t +match the broadcast addresses of the interfaces in the +\fB\'interfaces\'\fP parameter list\&. As unicast packets +are received on the other sockets it allows \fBnmbd\fP +to refuse to serve names to machines that send packets that arrive +through any interfaces not listed in the +\fB"interfaces"\fP list\&. IP Source address spoofing +does defeat this simple check, however so it must not be used +seriously as a security feature for \fBnmbd\fP\&. +.IP +For file service it causes \fBsmbd\fP to bind only to +the interface list given in the \fB\'interfaces\'\fP +parameter\&. This restricts the networks that \fBsmbd\fP +will serve to packets coming in those interfaces\&. Note that you +should not use this parameter for machines that are serving PPP or +other intermittant or non-broadcast network interfaces as it will not +cope with non-permanent interfaces\&. +.IP +In addition, to change a users SMB password, the +\fBsmbpasswd\fP by default connects to the +\fI"localhost" - 127\&.0\&.0\&.1\fP address as an SMB client to issue the +password change request\&. If \fB"bind interfaces only"\fP is set then +unless the network address \fI127\&.0\&.0\&.1\fP is added to the +\fB\'interfaces\'\fP parameter list then +\fBsmbpasswd\fP will fail to connect in it\'s +default mode\&. \fBsmbpasswd\fP can be forced to +use the primary IP interface of the local host by using its +\fB"-r remote machine"\fP parameter, with +\fB"remote machine"\fP set to the IP name of the primary interface +of the local host\&. +.IP +\fBDefault:\fP +\f(CW bind interfaces only = False\fP +.IP +\fBExample:\fP +\f(CW bind interfaces only = True\fP +.IP +.IP "\fBblocking locks (S)\fP" +.IP +This parameter controls the behavior of \fBsmbd\fP when +given a request by a client to obtain a byte range lock on a region +of an open file, and the request has a time limit associated with it\&. +.IP +If this parameter is set and the lock range requested cannot be +immediately satisfied, Samba 2\&.0 will internally queue the lock +request, and periodically attempt to obtain the lock until the +timeout period expires\&. +.IP +If this parameter is set to "False", then Samba 2\&.0 will behave +as previous versions of Samba would and will fail the lock +request immediately if the lock range cannot be obtained\&. +.IP +This parameter can be set per share\&. +.IP +\fBDefault:\fP +\f(CW blocking locks = True\fP +.IP +\fBExample:\fP +\f(CW blocking locks = False\fP +.IP +.IP "\fBbroweable (S)\fP" +.IP +This controls whether this share is seen in the list of available +shares in a net view and in the browse list\&. +.IP +\fBDefault:\fP +\f(CW browsable = Yes\fP +.IP +\fBExample:\fP +\f(CW browsable = No\fP +.IP +.IP "\fBbrowse list(G)\fP" +.IP +This controls whether \fBsmbd\fP will serve a browse +list to a client doing a NetServerEnum call\&. Normally set to true\&. You +should never need to change this\&. +.IP +\fBDefault:\fP +\f(CW browse list = Yes\fP +.IP +.IP "\fBbrowseable\fP" +.IP +Synonym for \fBbrowsable\fP\&. +.IP +.IP "\fBcase sensitive (G)\fP" +.IP +See the discussion in the section \fBNAME MANGLING\fP\&. +.IP +.IP "\fBcasesignames (G)\fP" +.IP +Synonym for \fB"case sensitive"\fP\&. +.IP +.IP "\fBchange notify timeout (G)\fP" +.IP +One of the new NT SMB requests that Samba 2\&.0 supports is the +"ChangeNotify" requests\&. This SMB allows a client to tell a server to +\fI"watch"\fP a particular directory for any changes and only reply to +the SMB request when a change has occurred\&. Such constant scanning of +a directory is expensive under UNIX, hence an +\fBsmbd\fP daemon only performs such a scan on each +requested directory once every \fBchange notify timeout\fP seconds\&. +.IP +\fBchange notify timeout\fP is specified in units of seconds\&. +.IP +\fBDefault:\fP +\f(CW change notify timeout = 60\fP +.IP +\fBExample:\fP +\f(CW change notify timeout = 300\fP +.IP +Would change the scan time to every 5 minutes\&. +.IP +.IP "\fBcharacter set (G)\fP" +.IP +This allows a smbd to map incoming filenames from a DOS Code page (see +the \fBclient code page\fP parameter) to several +built in UNIX character sets\&. The built in code page translations are: +.IP +.IP +.IP o +\fBISO8859-1\fP Western European UNIX character set\&. The parameter +\fBclient code page\fP \fIMUST\fP be set to code +page 850 if the \fBcharacter set\fP parameter is set to iso8859-1 +in order for the conversion to the UNIX character set to be done +correctly\&. +.IP +.IP o +\fBISO8859-2\fP Eastern European UNIX character set\&. The parameter +\fBclient code page\fP \fIMUST\fP be set to code +page 852 if the \fBcharacter set\fP parameter is set to ISO8859-2 +in order for the conversion to the UNIX character set to be done +correctly\&. +.IP +.IP o +\fBISO8859-5\fP Russian Cyrillic UNIX character set\&. The parameter +\fBclient code page\fP \fIMUST\fP be set to code +page 866 if the \fBcharacter set\fP parameter is set to ISO8859-2 +in order for the conversion to the UNIX character set to be done +correctly\&. +.IP +.IP o +\fBKOI8-R\fP Alternate mapping for Russian Cyrillic UNIX +character set\&. The parameter \fBclient code +page\fP \fIMUST\fP be set to code page 866 if the +\fBcharacter set\fP parameter is set to KOI8-R in order for the +conversion to the UNIX character set to be done correctly\&. +.IP +.IP +\fIBUG\fP\&. These MSDOS code page to UNIX character set mappings should +be dynamic, like the loading of MS DOS code pages, not static\&. +.IP +See also \fBclient code page\fP\&. Normally this +parameter is not set, meaning no filename translation is done\&. +.IP +\fBDefault:\fP +\f(CW character set = \fP +.IP +\fBExample:\fP +\f(CW character set = ISO8859-1\fP +.IP +.IP "\fBclient code page (G)\fP" +.IP +This parameter specifies the DOS code page that the clients accessing +Samba are using\&. To determine what code page a Windows or DOS client +is using, open a DOS command prompt and type the command "chcp"\&. This +will output the code page\&. The default for USA MS-DOS, Windows 95, and +Windows NT releases is code page 437\&. The default for western european +releases of the above operating systems is code page 850\&. +.IP +This parameter tells \fBsmbd\fP which of the +\f(CWcodepage\&.XXX\fP files to dynamically load on startup\&. These files, +described more fully in the manual page \fBmake_smbcodepage +(1)\fP, tell \fBsmbd\fP how +to map lower to upper case characters to provide the case insensitivity +of filenames that Windows clients expect\&. +.IP +Samba currenly ships with the following code page files : +.IP +.IP +.IP o +\fBCode Page 437 - MS-DOS Latin US\fP +.IP +.IP o +\fBCode Page 737 - Windows \'95 Greek\fP +.IP +.IP o +\fBCode Page 850 - MS-DOS Latin 1\fP +.IP +.IP o +\fBCode Page 852 - MS-DOS Latin 2\fP +.IP +.IP o +\fBCode Page 861 - MS-DOS Icelandic\fP +.IP +.IP o +\fBCode Page 866 - MS-DOS Cyrillic\fP +.IP +.IP o +\fBCode Page 932 - MS-DOS Japanese SJIS\fP +.IP +.IP o +\fBCode Page 936 - MS-DOS Simplified Chinese\fP +.IP +.IP o +\fBCode Page 949 - MS-DOS Korean Hangul\fP +.IP +.IP o +\fBCode Page 950 - MS-DOS Traditional Chinese\fP +.IP +.IP +Thus this parameter may have any of the values 437, 737, 850, 852, +861, 932, 936, 949, or 950\&. If you don\'t find the codepage you need, +read the comments in one of the other codepage files and the +\fBmake_smbcodepage (1)\fP man page and +write one\&. Please remember to donate it back to the Samba user +community\&. +.IP +This parameter co-operates with the \fB"valid +chars"\fP parameter in determining what characters are +valid in filenames and how capitalization is done\&. If you set both +this parameter and the \fB"valid chars"\fP parameter +the \fB"client code page"\fP parameter \fIMUST\fP be set before the +\fB"valid chars"\fP parameter in the \fBsmb\&.conf\fP +file\&. The \fB"valid chars"\fP string will then augment +the character settings in the "client code page" parameter\&. +.IP +If not set, \fB"client code page"\fP defaults to 850\&. +.IP +See also : \fB"valid chars"\fP +.IP +\fBDefault:\fP +\f(CW client code page = 850\fP +.IP +\fBExample:\fP +\f(CW client code page = 936\fP +.IP +.IP "\fBcodingsystem (G)\fP" +.IP +This parameter is used to determine how incoming Shift-JIS Japanese +characters are mapped from the incoming \fB"client code +page"\fP used by the client, into file names in the +UNIX filesystem\&. Only useful if \fB"client code +page"\fP is set to 932 (Japanese Shift-JIS)\&. +.IP +The options are : +.IP +.IP +.IP o +\fBSJIS\fP Shift-JIS\&. Does no conversion of the incoming filename\&. +.IP +.IP o +\fBJIS8, J8BB, J8BH, J8@B, J8@J, J8@H \fP Convert from incoming +Shift-JIS to eight bit JIS code with different shift-in, shift out +codes\&. +.IP +.IP o +\fBJIS7, J7BB, J7BH, J7@B, J7@J, J7@H \fP Convert from incoming +Shift-JIS to seven bit JIS code with different shift-in, shift out +codes\&. +.IP +.IP o +\fBJUNET, JUBB, JUBH, JU@B, JU@J, JU@H \fP Convert from incoming +Shift-JIS to JUNET code with different shift-in, shift out codes\&. +.IP +.IP o +\fBEUC\fP Convert an incoming Shift-JIS character to EUC code\&. +.IP +.IP o +\fBHEX\fP Convert an incoming Shift-JIS character to a 3 byte hex +representation, ie\&. \f(CW:AB\fP\&. +.IP +.IP o +\fBCAP\fP Convert an incoming Shift-JIS character to the 3 byte hex +representation used by the Columbia Appletalk Program (CAP), +ie\&. \f(CW:AB\fP\&. This is used for compatibility between Samba and CAP\&. +.IP +.IP +.IP "\fBcomment (S)\fP" +.IP +This is a text field that is seen next to a share when a client does a +queries the server, either via the network neighborhood or via "net +view" to list what shares are available\&. +.IP +If you want to set the string that is displayed next to the machine +name then see the server string command\&. +.IP +\fBDefault:\fP +\f(CW No comment string\fP +.IP +\fBExample:\fP +\f(CW comment = Fred\'s Files\fP +.IP +.IP "\fBconfig file (G)\fP" +.IP +This allows you to override the config file to use, instead of the +default (usually \fBsmb\&.conf\fP)\&. There is a chicken and egg problem +here as this option is set in the config file! +.IP +For this reason, if the name of the config file has changed when the +parameters are loaded then it will reload them from the new config +file\&. +.IP +This option takes the usual substitutions, which can be very useful\&. +.IP +If the config file doesn\'t exist then it won\'t be loaded (allowing you +to special case the config files of just a few clients)\&. +.IP +\fBExample:\fP +\f(CW config file = /usr/local/samba/lib/smb\&.conf\&.%m\fP +.IP +.IP "\fBcopy (S)\fP" +.IP +This parameter allows you to \fI\'clone\'\fP service entries\&. The specified +service is simply duplicated under the current service\'s name\&. Any +parameters specified in the current section will override those in the +section being copied\&. +.IP +This feature lets you set up a \'template\' service and create similar +services easily\&. Note that the service being copied must occur earlier +in the configuration file than the service doing the copying\&. +.IP +\fBDefault:\fP +\f(CW none\fP +.IP +\fBExample:\fP +\f(CW copy = otherservice\fP +.IP +.IP "\fBcreate mask (S)\fP" +.IP +A synonym for this parameter is \fB\'create mode\'\fP\&. +.IP +When a file is created, the neccessary permissions are calculated +according to the mapping from DOS modes to UNIX permissions, and the +resulting UNIX mode is then bit-wise \'AND\'ed with this parameter\&. +This parameter may be thought of as a bit-wise MASK for the UNIX modes +of a file\&. Any bit \fI*not*\fP set here will be removed from the modes set +on a file when it is created\&. +.IP +The default value of this parameter removes the \'group\' and \'other\' +write and execute bits from the UNIX modes\&. +.IP +Following this Samba will bit-wise \'OR\' the UNIX mode created from +this parameter with the value of the "force create mode" parameter +which is set to 000 by default\&. +.IP +This parameter does not affect directory modes\&. See the parameter +\fB\'directory mode\'\fP for details\&. +.IP +See also the \fB"force create mode"\fP parameter +for forcing particular mode bits to be set on created files\&. See also +the \fB"directory mode"\fP parameter for masking +mode bits on created directories\&. +.IP +\fBDefault:\fP +\f(CW create mask = 0744\fP +.IP +\fBExample:\fP +\f(CW create mask = 0775\fP +.IP +.IP "\fBcreate mode (S)\fP" +.IP +This is a synonym for \fBcreate mask\fP\&. +.IP +.IP "\fBdeadtime (G)\fP" +.IP +The value of the parameter (a decimal integer) represents the number +of minutes of inactivity before a connection is considered dead, and +it is disconnected\&. The deadtime only takes effect if the number of +open files is zero\&. +.IP +This is useful to stop a server\'s resources being exhausted by a large +number of inactive connections\&. +.IP +Most clients have an auto-reconnect feature when a connection is +broken so in most cases this parameter should be transparent to users\&. +.IP +Using this parameter with a timeout of a few minutes is recommended +for most systems\&. +.IP +A deadtime of zero indicates that no auto-disconnection should be +performed\&. +.IP +\fBDefault:\fP +\f(CW deadtime = 0\fP +.IP +\fBExample:\fP +\f(CW deadtime = 15\fP +.IP +.IP "\fBdebug timestamp (G)\fP" +.IP +Samba2\&.0 debug log messages are timestamped by default\&. If you are +running at a high \fB"debug level"\fP these timestamps +can be distracting\&. This boolean parameter allows them to be turned +off\&. +.IP +\fBDefault:\fP +\f(CW debug timestamp = Yes\fP +.IP +\fBExample:\fP +\f(CW debug timestamp = No\fP +.IP +.IP "\fBdebug level (G)\fP" +.IP +The value of the parameter (an integer) allows the debug level +(logging level) to be specified in the \fBsmb\&.conf\fP file\&. This is to +give greater flexibility in the configuration of the system\&. +.IP +The default will be the debug level specified on the command line +or level zero if none was specified\&. +.IP +\fBExample:\fP +\f(CW debug level = 3\fP +.IP +.IP "\fBdefault (G)\fP" +.IP +A synonym for \fBdefault service\fP\&. +.IP +.IP "\fBdefault case (S)\fP" +.IP +See the section on \fB"NAME MANGLING"\fP\&. Also note +the \fB"short preserve case"\fP parameter\&. +.IP +.IP "\fBdefault service (G)\fP" +.IP +This parameter specifies the name of a service which will be connected +to if the service actually requested cannot be found\&. Note that the +square brackets are \fINOT\fP given in the parameter value (see example +below)\&. +.IP +There is no default value for this parameter\&. If this parameter is not +given, attempting to connect to a nonexistent service results in an +error\&. +.IP +Typically the default service would be a \fBguest ok\fP, +\fBread-only\fP service\&. +.IP +Also note that the apparent service name will be changed to equal that +of the requested service, this is very useful as it allows you to use +macros like \fB%S\fP to make a wildcard service\&. +.IP +Note also that any \f(CW\'_\'\fP characters in the name of the service used +in the default service will get mapped to a \f(CW\'/\'\fP\&. This allows for +interesting things\&. +.IP +\fBExample:\fP + +.DS + -"mangle case = yes/no" controls if names that have characters that -aren't of the "default" case are mangled. For example, if this is yes -then a name like "Mail" would be mangled. Default no. - -"case sensitive = yes/no" controls whether filenames are case -sensitive. If they aren't then Samba must do a filename search and -match on passed names. Default no. - -"default case = upper/lower" controls what the default case is for new -filenames. Default lower. - -"preserve case = yes/no" controls if new files are created with the -case that the client passes, or if they are forced to be the "default" -case. Default no. - -"short preserve case = yes/no" controls if new files which conform to 8.3 -syntax, that is all in upper case and of suitable length, are created -upper case, or if they are forced to be the "default" case. This option can -be use with "preserve case = yes" to permit long filenames to retain their -case, while short names are lowered. Default no. - -.SS COMPLETE LIST OF GLOBAL PARAMETERS - -Here is a list of all global parameters. See the section of each -parameter for details. Note that some are synonyms. - -announce as - -announce version - -auto services - -bind interfaces only - -browse list - -character set - -client code page - -config file - -deadtime - -debuglevel - -default - -default service - -dfree command - -dns proxy - -domain controller - -domain logons - -domain master - -encrypt passwords - -getwd cache - -hide files - -hide dot files - -homedir map - -hosts equiv - -include - -interfaces - -keepalive - -lm announce - -lm interval - -lock dir - -load printers - -local master - -lock directory - -log file - -log level - -logon drive - -logon home - -logon path - -logon script - -lpq cache time - -mangled stack - -max log size - -max mux - -max packet - -max ttl - -max xmit - -max wins ttl - -message command - -min wins ttl - -name resolve order - -netbios aliases - -netbios name - -networkstation user login + default service = pub + + [pub] + path = /%S -nis homedir +.DE + -null passwords +.IP +.IP "\fBdelete readonly (S)\fP" +.IP +This parameter allows readonly files to be deleted\&. This is not +normal DOS semantics, but is allowed by UNIX\&. +.IP +This option may be useful for running applications such as rcs, where +UNIX file ownership prevents changing file permissions, and DOS +semantics prevent deletion of a read only file\&. +.IP +\fBDefault:\fP +\f(CW delete readonly = No\fP +.IP +\fBExample:\fP +\f(CW delete readonly = Yes\fP +.IP +.IP "\fBdelete veto files (S)\fP" +.IP +This option is used when Samba is attempting to delete a directory +that contains one or more vetoed directories (see the \fB\'veto +files\'\fP option)\&. If this option is set to False (the +default) then if a vetoed directory contains any non-vetoed files or +directories then the directory delete will fail\&. This is usually what +you want\&. +.IP +If this option is set to True, then Samba will attempt to recursively +delete any files and directories within the vetoed directory\&. This can +be useful for integration with file serving systems such as \fBNetAtalk\fP, +which create meta-files within directories you might normally veto +DOS/Windows users from seeing (eg\&. \f(CW\&.AppleDouble\fP) +.IP +Setting \f(CW\'delete veto files = True\'\fP allows these directories to be +transparently deleted when the parent directory is deleted (so long +as the user has permissions to do so)\&. +.IP +See also the \fBveto files\fP parameter\&. +.IP +\fBDefault:\fP +\f(CW delete veto files = False\fP +.IP +\fBExample:\fP +\f(CW delete veto files = True\fP +.IP +.IP "\fBdeny hosts (S)\fP" +.IP +The opposite of \fB\'allow hosts\'\fP - hosts listed +here are \fINOT\fP permitted access to services unless the specific +services have their own lists to override this one\&. Where the lists +conflict, the \fB\'allow\'\fP list takes precedence\&. +.IP +\fBDefault:\fP +\f(CW none (i\&.e\&., no hosts specifically excluded)\fP +.IP +\fBExample:\fP +\f(CW deny hosts = 150\&.203\&.4\&. badhost\&.mynet\&.edu\&.au\fP +.IP +.IP "\fBdfree command (G)\fP" +.IP +The dfree command setting should only be used on systems where a +problem occurs with the internal disk space calculations\&. This has +been known to happen with Ultrix, but may occur with other operating +systems\&. The symptom that was seen was an error of "Abort Retry +Ignore" at the end of each directory listing\&. +.IP +This setting allows the replacement of the internal routines to +calculate the total disk space and amount available with an external +routine\&. The example below gives a possible script that might fulfill +this function\&. +.IP +The external program will be passed a single parameter indicating a +directory in the filesystem being queried\&. This will typically consist +of the string \f(CW"\&./"\fP\&. The script should return two integers in +ascii\&. The first should be the total disk space in blocks, and the +second should be the number of available blocks\&. An optional third +return value can give the block size in bytes\&. The default blocksize +is 1024 bytes\&. +.IP +Note: Your script should \fINOT\fP be setuid or setgid and should be +owned by (and writable only by) root! +.IP +\fBDefault:\fP +\f(CW By default internal routines for determining the disk capacity +and remaining space will be used\&.\fP +.IP +\fBExample:\fP +\f(CW dfree command = /usr/local/samba/bin/dfree\fP +.IP +Where the script dfree (which must be made executable) could be: +.IP + +.DS + -ole locking compatibility + #!/bin/sh + df $1 | tail -1 | awk \'{print $2" "$4}\' -os level +.DE + -packet size +.IP +or perhaps (on Sys V based systems): +.IP -passwd chat +.DS + -passwd chat debug + #!/bin/sh + /usr/bin/df -k $1 | tail -1 | awk \'{print $3" "$5}\' -passwd program +.DE + -password level +.IP +Note that you may have to replace the command names with full +path names on some systems\&. +.IP +.IP "\fBdirectory (S)\fP" +.IP +Synonym for \fBpath\fP\&. +.IP +.IP "\fBdirectory mask (S)\fP" +.IP +This parameter is the octal modes which are used when converting DOS +modes to UNIX modes when creating UNIX directories\&. +.IP +When a directory is created, the neccessary permissions are calculated +according to the mapping from DOS modes to UNIX permissions, and the +resulting UNIX mode is then bit-wise \'AND\'ed with this parameter\&. +This parameter may be thought of as a bit-wise MASK for the UNIX modes +of a directory\&. Any bit \fI*not*\fP set here will be removed from the +modes set on a directory when it is created\&. +.IP +The default value of this parameter removes the \'group\' and \'other\' +write bits from the UNIX mode, allowing only the user who owns the +directory to modify it\&. +.IP +Following this Samba will bit-wise \'OR\' the UNIX mode created from +this parameter with the value of the "force directory mode" +parameter\&. This parameter is set to 000 by default (ie\&. no extra mode +bits are added)\&. +.IP +See the \fB"force directory mode"\fP parameter +to cause particular mode bits to always be set on created directories\&. +.IP +See also the \fB"create mode"\fP parameter for masking +mode bits on created files\&. +.IP +\fBDefault:\fP +\f(CW directory mask = 0755\fP +.IP +\fBExample:\fP +\f(CW directory mask = 0775\fP +.IP +.IP "\fBdirectory mode (S)\fP" +.IP +Synonym for \fBdirectory mask\fP\&. +.IP +.IP "\fBdns proxy (G)\fP" +.IP +Specifies that \fBnmbd\fP when acting as a WINS +server and finding that a NetBIOS name has not been registered, should +treat the NetBIOS name word-for-word as a DNS name and do a lookup +with the DNS server for that name on behalf of the name-querying +client\&. +.IP +Note that the maximum length for a NetBIOS name is 15 characters, so +the DNS name (or DNS alias) can likewise only be 15 characters, +maximum\&. +.IP +\fBnmbd\fP spawns a second copy of itself to do the +DNS name lookup requests, as doing a name lookup is a blocking action\&. +.IP +See also the parameter \fBwins support\fP\&. +.IP +\fBDefault:\fP +\f(CW dns proxy = yes\fP +.IP +\fBdomain admin group (G)\fP +.IP +This is an \fBEXPERIMENTAL\fP parameter that is part of the unfinished +Samba NT Domain Controller Code\&. It may be removed in a later release\&. +To work with the latest code builds that may have more support for +Samba NT Domain Controller functionality please subscibe to the +mailing list \fBSamba-ntdom\fP available by sending email to +\fIlistproc@samba\&.anu\&.edu\&.au\fP +.IP +.IP "\fBdomain admin users (G)\fP" +.IP +This is an \fBEXPERIMENTAL\fP parameter that is part of the unfinished +Samba NT Domain Controller Code\&. It may be removed in a later release\&. +To work with the latest code builds that may have more support for +Samba NT Domain Controller functionality please subscibe to the +mailing list \fBSamba-ntdom\fP available by sending email to +\fIlistproc@samba\&.anu\&.edu\&.au\fP +.IP +.IP "\fBdomain controller (G)\fP" +.IP +This is a \fBDEPRECATED\fP parameter\&. It is currently not used within +the Samba source and should be removed from all current smb\&.conf +files\&. It is left behind for compatibility reasons\&. +.IP +.IP "\fBdomain groups (G)\fP" +.IP +This is an \fBEXPERIMENTAL\fP parameter that is part of the unfinished +Samba NT Domain Controller Code\&. It may be removed in a later release\&. +To work with the latest code builds that may have more support for +Samba NT Domain Controller functionality please subscibe to the +mailing list \fBSamba-ntdom\fP available by sending email to +\fIlistproc@samba\&.anu\&.edu\&.au\fP +.IP +.IP "\fBdomain guest group (G)\fP" +.IP +This is an \fBEXPERIMENTAL\fP parameter that is part of the unfinished +Samba NT Domain Controller Code\&. It may be removed in a later release\&. +To work with the latest code builds that may have more support for +Samba NT Domain Controller functionality please subscibe to the +mailing list \fBSamba-ntdom\fP available by sending email to +\fIlistproc@samba\&.anu\&.edu\&.au\fP +.IP +.IP "\fBdomain guest users (G)\fP" +.IP +This is an \fBEXPERIMENTAL\fP parameter that is part of the unfinished +Samba NT Domain Controller Code\&. It may be removed in a later release\&. +To work with the latest code builds that may have more support for +Samba NT Domain Controller functionality please subscibe to the +mailing list \fBSamba-ntdom\fP available by sending email to +\fIlistproc@samba\&.anu\&.edu\&.au\fP +.IP +.IP "\fBdomain logons (G)\fP" +.IP +If set to true, the Samba server will serve Windows 95/98 Domain +logons for the \fBworkgroup\fP it is in\&. For more +details on setting up this feature see the file DOMAINS\&.txt in the +Samba documentation directory \f(CWdocs/\fP shipped with the source code\&. +.IP +Note that Win95/98 Domain logons are \fINOT\fP the same as Windows +NT Domain logons\&. NT Domain logons require a Primary Domain Controller +(PDC) for the Domain\&. It is inteded that in a future release Samba +will be able to provide this functionality for Windows NT clients +also\&. +.IP +\fBDefault:\fP +\f(CW domain logons = no\fP +.IP +.IP "\fBdomain master (G)\fP" +.IP +Tell \fBnmbd\fP to enable WAN-wide browse list +collation\&.Setting this option causes \fBnmbd\fP to +claim a special domain specific NetBIOS name that identifies it as a +domain master browser for its given +\fBworkgroup\fP\&. Local master browsers in the same +\fBworkgroup\fP on broadcast-isolated subnets will give +this \fBnmbd\fP their local browse lists, and then +ask \fBsmbd\fP for a complete copy of the browse list +for the whole wide area network\&. Browser clients will then contact +their local master browser, and will receive the domain-wide browse +list, instead of just the list for their broadcast-isolated subnet\&. +.IP +Note that Windows NT Primary Domain Controllers expect to be able to +claim this \fBworkgroup\fP specific special NetBIOS +name that identifies them as domain master browsers for that +\fBworkgroup\fP by default (ie\&. there is no way to +prevent a Windows NT PDC from attempting to do this)\&. This means that +if this parameter is set and \fBnmbd\fP claims the +special name for a \fBworkgroup\fP before a Windows NT +PDC is able to do so then cross subnet browsing will behave strangely +and may fail\&. +.IP +\fBDefault:\fP +\f(CW domain master = no\fP +.IP +.IP "\fBdont descend (S)\fP" +.IP +There are certain directories on some systems (eg\&., the \f(CW/proc\fP tree +under Linux) that are either not of interest to clients or are +infinitely deep (recursive)\&. This parameter allows you to specify a +comma-delimited list of directories that the server should always show +as empty\&. +.IP +Note that Samba can be very fussy about the exact format of the "dont +descend" entries\&. For example you may need \f(CW"\&./proc"\fP instead of +just \f(CW"/proc"\fP\&. Experimentation is the best policy :-) +.IP +\fBDefault:\fP +\f(CW none (i\&.e\&., all directories are OK to descend)\fP +.IP +\fBExample:\fP +\f(CW dont descend = /proc,/dev\fP +.IP +.IP "\fBdos filetime resolution (S)\fP" +.IP +Under the DOS and Windows FAT filesystem, the finest granulatity on +time resolution is two seconds\&. Setting this parameter for a share +causes Samba to round the reported time down to the nearest two second +boundary when a query call that requires one second resolution is made +to \fBsmbd\fP\&. +.IP +This option is mainly used as a compatibility option for Visual C++ +when used against Samba shares\&. If oplocks are enabled on a share, +Visual C++ uses two different time reading calls to check if a file +has changed since it was last read\&. One of these calls uses a +one-second granularity, the other uses a two second granularity\&. As +the two second call rounds any odd second down, then if the file has a +timestamp of an odd number of seconds then the two timestamps will not +match and Visual C++ will keep reporting the file has changed\&. Setting +this option causes the two timestamps to match, and Visual C++ is +happy\&. +.IP +\fBDefault:\fP +\f(CW dos filetime resolution = False\fP +.IP +\fBExample:\fP +\f(CW dos filetime resolution = True\fP +.IP +.IP "\fBdos filetimes (S)\fP" +.IP +Under DOS and Windows, if a user can write to a file they can change +the timestamp on it\&. Under POSIX semantics, only the owner of the file +or root may change the timestamp\&. By default, Samba runs with POSIX +semantics and refuses to change the timestamp on a file if the user +smbd is acting on behalf of is not the file owner\&. Setting this option +to True allows DOS semantics and smbd will change the file timstamp as +DOS requires\&. +.IP +\fBDefault:\fP +\f(CW dos filetimes = False\fP +.IP +\fBExample:\fP +\f(CW dos filetimes = True\fP +.IP +.IP "\fBencrypt passwords (G)\fP" +.IP +This boolean controls whether encrypted passwords will be negotiated +with the client\&. Note that Windows NT 4\&.0 SP3 and above and also +Windows 98 will by default expect encrypted passwords unless a +registry entry is changed\&. To use encrypted passwords in Samba see the +file ENCRYPTION\&.txt in the Samba documentation directory \f(CWdocs/\fP +shipped with the source code\&. +.IP +In order for encrypted passwords to work correctly +\fBsmbd\fP must either have access to a local +\fBsmbpasswd (5)\fP file (see the +\fBsmbpasswd (8)\fP program for information on +how to set up and maintain this file), or set the +\fBsecurity=\fP parameter to either +\fB"server"\fP or +\fB"domain"\fP which causes +\fBsmbd\fP to authenticate against another server\&. +.IP +.IP "\fBexec (S)\fP" +.IP +This is a synonym for \fBpreexec\fP\&. +.IP +.IP "\fBfake directory create times (S)\fP" +.IP +NTFS and Windows VFAT file systems keep a create time for all files +and directories\&. This is not the same as the ctime - status change +time - that Unix keeps, so Samba by default reports the earliest of +the various times Unix does keep\&. Setting this parameter for a share +causes Samba to always report midnight 1-1-1980 as the create time for +directories\&. +.IP +This option is mainly used as a compatibility option for Visual C++ +when used against Samba shares\&. Visual C++ generated makefiles have +the object directory as a dependency for each object file, and a make +rule to create the directory\&. Also, when NMAKE compares timestamps it +uses the creation time when examining a directory\&. Thus the object +directory will be created if it does not exist, but once it does exist +it will always have an earlier timestamp than the object files it +contains\&. +.IP +However, Unix time semantics mean that the create time reported by +Samba will be updated whenever a file is created or deleted in the +directory\&. NMAKE therefore finds all object files in the object +directory bar the last one built are out of date compared to the +directory and rebuilds them\&. Enabling this option ensures directories +always predate their contents and an NMAKE build will proceed as +expected\&. +.IP +\fBDefault:\fP +\f(CW fake directory create times = False\fP +.IP +\fBExample:\fP +\f(CW fake directory create times = True\fP +.IP +.IP "\fBfake oplocks (S)\fP" +.IP +Oplocks are the way that SMB clients get permission from a server to +locally cache file operations\&. If a server grants an oplock +(opportunistic lock) then the client is free to assume that it is the +only one accessing the file and it will aggressively cache file +data\&. With some oplock types the client may even cache file open/close +operations\&. This can give enormous performance benefits\&. +.IP +When you set \f(CW"fake oplocks = yes"\fP \fBsmbd\fP will +always grant oplock requests no matter how many clients are using the +file\&. +.IP +It is generally much better to use the real \fBoplocks\fP +support rather than this parameter\&. +.IP +If you enable this option on all read-only shares or shares that you +know will only be accessed from one client at a time such as +physically read-only media like CDROMs, you will see a big performance +improvement on many operations\&. If you enable this option on shares +where multiple clients may be accessing the files read-write at the +same time you can get data corruption\&. Use this option carefully! +.IP +This option is disabled by default\&. +.IP +.IP "\fBfollow symlinks (S)\fP" +.IP +This parameter allows the Samba administrator to stop +\fBsmbd\fP from following symbolic links in a +particular share\&. Setting this parameter to \fI"No"\fP prevents any file +or directory that is a symbolic link from being followed (the user +will get an error)\&. This option is very useful to stop users from +adding a symbolic link to \f(CW/etc/pasword\fP in their home directory for +instance\&. However it will slow filename lookups down slightly\&. +.IP +This option is enabled (ie\&. \fBsmbd\fP will follow +symbolic links) by default\&. +.IP +.IP "\fBforce create mode (S)\fP" +.IP +This parameter specifies a set of UNIX mode bit permissions that will +\fI*always*\fP be set on a file created by Samba\&. This is done by +bitwise \'OR\'ing these bits onto the mode bits of a file that is being +created\&. The default for this parameter is (in octel) 000\&. The modes +in this parameter are bitwise \'OR\'ed onto the file mode after the mask +set in the \fB"create mask"\fP parameter is applied\&. +.IP +See also the parameter \fB"create mask"\fP for details +on masking mode bits on created files\&. +.IP +\fBDefault:\fP +\f(CW force create mode = 000\fP +.IP +\fBExample:\fP +\f(CW force create mode = 0755\fP +.IP +would force all created files to have read and execute permissions set +for \'group\' and \'other\' as well as the read/write/execute bits set for +the \'user\'\&. +.IP +.IP "\fBforce directory mode (S)\fP" +.IP +This parameter specifies a set of UNIX mode bit permissions that will +\fI*always*\fP be set on a directory created by Samba\&. This is done by +bitwise \'OR\'ing these bits onto the mode bits of a directory that is +being created\&. The default for this parameter is (in octel) 0000 which +will not add any extra permission bits to a created directory\&. This +operation is done after the mode mask in the parameter +\fB"directory mask"\fP is applied\&. +.IP +See also the parameter \fB"directory mask"\fP for +details on masking mode bits on created directories\&. +.IP +\fBDefault:\fP +\f(CW force directory mode = 000\fP +.IP +\fBExample:\fP +\f(CW force directory mode = 0755\fP +.IP +would force all created directories to have read and execute +permissions set for \'group\' and \'other\' as well as the +read/write/execute bits set for the \'user\'\&. +.IP +.IP "\fBforce group (S)\fP" +.IP +This specifies a UNIX group name that will be assigned as the default +primary group for all users connecting to this service\&. This is useful +for sharing files by ensuring that all access to files on service will +use the named group for their permissions checking\&. Thus, by assigning +permissions for this group to the files and directories within this +service the Samba administrator can restrict or allow sharing of these +files\&. +.IP +\fBDefault:\fP +\f(CW no forced group\fP +.IP +\fBExample:\fP +\f(CW force group = agroup\fP +.IP +.IP "\fBforce user (S)\fP" +.IP +This specifies a UNIX user name that will be assigned as the default +user for all users connecting to this service\&. This is useful for +sharing files\&. You should also use it carefully as using it +incorrectly can cause security problems\&. +.IP +This user name only gets used once a connection is established\&. Thus +clients still need to connect as a valid user and supply a valid +password\&. Once connected, all file operations will be performed as the +\f(CW"forced user"\fP, no matter what username the client connected as\&. +.IP +This can be very useful\&. +.IP +\fBDefault:\fP +\f(CW no forced user\fP +.IP +\fBExample:\fP +\f(CW force user = auser\fP +.IP +.IP "\fBfstype (S)\fP" +.IP +This parameter allows the administrator to configure the string that +specifies the type of filesystem a share is using that is reported by +\fBsmbd\fP when a client queries the filesystem type +for a share\&. The default type is \fB"NTFS"\fP for compatibility with +Windows NT but this can be changed to other strings such as "Samba" or +"FAT" if required\&. +.IP +\fBDefault:\fP +\f(CW fstype = NTFS\fP +.IP +\fBExample:\fP +\f(CW fstype = Samba\fP +.IP +.IP "\fBgetwd cache (G)\fP" +.IP +This is a tuning option\&. When this is enabled a cacheing algorithm +will be used to reduce the time taken for getwd() calls\&. This can have +a significant impact on performance, especially when the +\fBwidelinks\fP parameter is set to False\&. +.IP +\fBDefault:\fP +\f(CW getwd cache = No\fP +.IP +\fBExample:\fP +\f(CW getwd cache = Yes\fP +.IP +.IP "\fBgroup (S)\fP" +.IP +Synonym for \fB"force group"\fP\&. +.IP +.IP "\fBguest account (S)\fP" +.IP +This is a username which will be used for access to services which are +specified as \fB\'guest ok\'\fP (see below)\&. Whatever +privileges this user has will be available to any client connecting to +the guest service\&. Typically this user will exist in the password +file, but will not have a valid login\&. The user account \fB"ftp"\fP is +often a good choice for this parameter\&. If a username is specified in +a given service, the specified username overrides this one\&. +.IP +One some systems the default guest account "nobody" may not be able to +print\&. Use another account in this case\&. You should test this by +trying to log in as your guest user (perhaps by using the \f(CW"su -"\fP +command) and trying to print using the system print command such as +\fBlpr (1)\fP or \fBlp (1)\fP\&. +.IP +\fBDefault:\fP +\f(CW specified at compile time, usually "nobody"\fP +.IP +\fBExample:\fP +\f(CW guest account = ftp\fP +.IP +.IP "\fBguest ok (S)\fP" +.IP +If this parameter is \fI\'yes\'\fP for a service, then no password is +required to connect to the service\&. Privileges will be those of the +\fBguest account\fP\&. +.IP +See the section below on \fBsecurity\fP for more +information about this option\&. +.IP +\fBDefault:\fP +\f(CW guest ok = no\fP +.IP +\fBExample:\fP +\f(CW guest ok = yes\fP +.IP +.IP "\fBguest only (S)\fP" +.IP +If this parameter is \fI\'yes\'\fP for a service, then only guest +connections to the service are permitted\&. This parameter will have no +affect if \fB"guest ok"\fP or \fB"public"\fP +is not set for the service\&. +.IP +See the section below on \fBsecurity\fP for more +information about this option\&. +.IP +\fBDefault:\fP +\f(CW guest only = no\fP +.IP +\fBExample:\fP +\f(CW guest only = yes\fP +.IP +.IP "\fBhide dot files (S)\fP" +.IP +This is a boolean parameter that controls whether files starting with +a dot appear as hidden files\&. +.IP +\fBDefault:\fP +\f(CW hide dot files = yes\fP +.IP +\fBExample:\fP +\f(CW hide dot files = no\fP +.IP +.IP "\fBhide files(S)\fP" +.IP +This is a list of files or directories that are not visible but are +accessible\&. The DOS \'hidden\' attribute is applied to any files or +directories that match\&. +.IP +Each entry in the list must be separated by a \f(CW\'/\'\fP, which allows +spaces to be included in the entry\&. \f(CW\'*\'\fP and \f(CW\'?\'\fP can be used +to specify multiple files or directories as in DOS wildcards\&. +.IP +Each entry must be a unix path, not a DOS path and must not include the +unix directory separator \f(CW\'/\'\fP\&. +.IP +Note that the case sensitivity option is applicable in hiding files\&. +.IP +Setting this parameter will affect the performance of Samba, as it +will be forced to check all files and directories for a match as they +are scanned\&. +.IP +See also \fB"hide dot files"\fP, \fB"veto +files"\fP and \fB"case sensitive"\fP\&. +.IP +\fBDefault\fP + +.DS + -password server + No files or directories are hidden by this option (dot files are + hidden by default because of the "hide dot files" option)\&. -preferred master +.DE + -preload +.IP +\fBExample\fP +\f(CW hide files = /\&.*/DesktopFolderDB/TrashFor%m/resource\&.frk/\fP +.IP +The above example is based on files that the Macintosh SMB client +(DAVE) available from \fBThursby\fP creates for +internal use, and also still hides all files beginning with a dot\&. +.IP +.IP "\fBhomedir map (G)\fP" +.IP +If \fB"nis homedir"\fP is true, and +\fBsmbd\fP is also acting as a Win95/98 \fBlogon +server\fP then this parameter specifies the NIS (or YP) +map from which the server for the user\'s home directory should be +extracted\&. At present, only the Sun auto\&.home map format is +understood\&. The form of the map is: +.IP +\f(CWusername server:/some/file/system\fP +.IP +and the program will extract the servername from before the first +\f(CW\':\'\fP\&. There should probably be a better parsing system that copes +with different map formats and also Amd (another automounter) maps\&. +.IP +NB: A working NIS is required on the system for this option to work\&. +.IP +See also \fB"nis homedir"\fP, \fBdomain +logons\fP\&. +.IP +\fBDefault:\fP +\f(CW homedir map = auto\&.home\fP +.IP +\fBExample:\fP +\f(CW homedir map = amd\&.homedir\fP +.IP +.IP "\fBhosts allow (S)\fP" +.IP +Synonym for \fBallow hosts\fP\&. +.IP +.IP "\fBhosts deny (S)\fP" +.IP +Synonym for \fBdenyhosts\fP\&. +.IP +.IP "\fBhosts equiv (G)\fP" +.IP +If this global parameter is a non-null string, it specifies the name +of a file to read for the names of hosts and users who will be allowed +access without specifying a password\&. +.IP +This is not be confused with \fBallow hosts\fP which +is about hosts access to services and is more useful for guest +services\&. \fBhosts equiv\fP may be useful for NT clients which will not +supply passwords to samba\&. +.IP +NOTE: The use of \fBhosts equiv\fP can be a major security hole\&. This is +because you are trusting the PC to supply the correct username\&. It is +very easy to get a PC to supply a false username\&. I recommend that the +\fBhosts equiv\fP option be only used if you really know what you are +doing, or perhaps on a home network where you trust your spouse and +kids\&. And only if you \fIreally\fP trust them :-)\&. +.IP +\fBDefault\fP +\f(CW No host equivalences\fP +.IP +\fBExample\fP +\f(CW hosts equiv = /etc/hosts\&.equiv\fP +.IP +.IP "\fBinclude (G)\fP" +.IP +This allows you to include one config file inside another\&. The file +is included literally, as though typed in place\&. +.IP +It takes the standard substitutions, except \fB%u\fP, +\fB%P\fP and \fB%S\fP\&. +.IP +.IP "\fBinterfaces (G)\fP" +.IP +This option allows you to setup multiple network interfaces, so that +Samba can properly handle browsing on all interfaces\&. +.IP +The option takes a list of ip/netmask pairs\&. The netmask may either be +a bitmask, or a bitlength\&. +.IP +For example, the following line: +.IP +\f(CWinterfaces = 192\&.168\&.2\&.10/24 192\&.168\&.3\&.10/24\fP +.IP +would configure two network interfaces with IP addresses 192\&.168\&.2\&.10 +and 192\&.168\&.3\&.10\&. The netmasks of both interfaces would be set to +255\&.255\&.255\&.0\&. +.IP +You could produce an equivalent result by using: +.IP +\f(CWinterfaces = 192\&.168\&.2\&.10/255\&.255\&.255\&.0 192\&.168\&.3\&.10/255\&.255\&.255\&.0\fP +.IP +if you prefer that format\&. +.IP +If this option is not set then Samba will attempt to find a primary +interface, but won\'t attempt to configure more than one interface\&. +.IP +See also \fB"bind interfaces only"\fP\&. +.IP +.IP "\fBinvalid users (S)\fP" +.IP +This is a list of users that should not be allowed to login to this +service\&. This is really a \fI"paranoid"\fP check to absolutely ensure an +improper setting does not breach your security\&. +.IP +A name starting with a \f(CW\'@\'\fP is interpreted as an NIS netgroup first +(if your system supports NIS), and then as a UNIX group if the name +was not found in the NIS netgroup database\&. +.IP +A name starting with \f(CW\'+\'\fP is interpreted only by looking in the +UNIX group database\&. A name starting with \f(CW\'&\'\fP is interpreted only +by looking in the NIS netgroup database (this requires NIS to be +working on your system)\&. The characters \f(CW\'+\'\fP and \f(CW\'&\'\fP may be +used at the start of the name in either order so the value +\f(CW"+&group"\fP means check the UNIX group database, followed by the NIS +netgroup database, and the value \f(CW"&+group"\fP means check the NIS +netgroup database, followed by the UNIX group database (the same as +the \f(CW\'@\'\fP prefix)\&. +.IP +The current servicename is substituted for +\fB%S\fP\&. This is useful in the \fB[homes]\fP +section\&. +.IP +See also \fB"valid users"\fP\&. +.IP +\fBDefault:\fP +\f(CW No invalid users\fP +.IP +\fBExample:\fP +\f(CW invalid users = root fred admin @wheel\fP +.IP +.IP "\fBkeepalive (G)\fP" +.IP +The value of the parameter (an integer) represents the number of +seconds between \fB\'keepalive\'\fP packets\&. If this parameter is zero, no +keepalive packets will be sent\&. Keepalive packets, if sent, allow the +server to tell whether a client is still present and responding\&. +.IP +Keepalives should, in general, not be needed if the socket being used +has the SO_KEEPALIVE attribute set on it (see \fB"socket +options"\fP)\&. Basically you should only use this option +if you strike difficulties\&. +.IP +\fBDefault:\fP +\f(CW keep alive = 0\fP +.IP +\fBExample:\fP +\f(CW keep alive = 60\fP +.IP +.IP "\fBkernel oplocks (G)\fP" +.IP +For UNIXs that support kernel based \fBoplocks\fP +(currently only IRIX but hopefully also Linux and FreeBSD soon) this +parameter allows the use of them to be turned on or off\&. +.IP +Kernel oplocks support allows Samba \fBoplocks\fP to be +broken whenever a local UNIX process or NFS operation accesses a file +that \fBsmbd\fP has oplocked\&. This allows complete +data consistancy between SMB/CIFS, NFS and local file access (and is a +\fIvery\fP cool feature :-)\&. +.IP +This parameter defaults to \fI"On"\fP on systems that have the support, +and \fI"off"\fP on systems that don\'t\&. You should never need to touch +this parameter\&. +.IP +.IP "\fBldap filter (G)\fP" +.IP +This parameter is part of the \fIEXPERIMENTAL\fP Samba support for a +password database stored on an LDAP server back-end\&. These options +are only available if your version of Samba was configured with +the \fB--with-ldap\fP option\&. +.IP +This parameter specifies an LDAP search filter used to search for a +user name in the LDAP database\&. It must contain the string +\fB%u\fP which will be replaced with the user being +searched for\&. +.IP +\fBDefault:\fP +\f(CW empty string\&.\fP +.IP +.IP "\fBldap port (G)\fP" +.IP +This parameter is part of the \fIEXPERIMENTAL\fP Samba support for a +password database stored on an LDAP server back-end\&. These options +are only available if your version of Samba was configured with +the \fB--with-ldap\fP option\&. +.IP +This parameter specifies the TCP port number to use to contact +the LDAP server on\&. +.IP +\fBDefault:\fP +\f(CW ldap port = 389\&.\fP +.IP +.IP "\fBldap root (G)\fP" +.IP +This parameter is part of the \fIEXPERIMENTAL\fP Samba support for a +password database stored on an LDAP server back-end\&. These options +are only available if your version of Samba was configured with +the \fB--with-ldap\fP option\&. +.IP +This parameter specifies the entity to bind to the LDAP server +as (essentially the LDAP username) in order to be able to perform +queries and modifications on the LDAP database\&. +.IP +See also \fBldap root passwd\fP\&. +.IP +\fBDefault:\fP +\f(CW empty string (no user defined)\fP +.IP +.IP "\fBldap root passwd (G)\fP" +.IP +This parameter is part of the \fIEXPERIMENTAL\fP Samba support for a +password database stored on an LDAP server back-end\&. These options +are only available if your version of Samba was configured with +the \fB--with-ldap\fP option\&. +.IP +This parameter specifies the password for the entity to bind to the +LDAP server as (the password for this LDAP username) in order to be +able to perform queries and modifications on the LDAP database\&. +.IP +\fIBUGS:\fP This parameter should \fINOT\fP be a readable parameter +in the \fBsmb\&.conf\fP file and will be removed once a correct +storage place is found\&. +.IP +See also \fBldap root\fP\&. +.IP +\fBDefault:\fP +\f(CW empty string\&.\fP +.IP +.IP "\fBldap server (G)\fP" +.IP +This parameter is part of the \fIEXPERIMENTAL\fP Samba support for a +password database stored on an LDAP server back-end\&. These options +are only available if your version of Samba was configured with +the \fB--with-ldap\fP option\&. +.IP +This parameter specifies the DNS name of the LDAP server to use +for SMB/CIFS authentication purposes\&. +.IP +\fBDefault:\fP +\f(CW ldap server = localhost\fP +.IP +.IP "\fBldap suffix (G)\fP" +.IP +This parameter is part of the \fIEXPERIMENTAL\fP Samba support for a +password database stored on an LDAP server back-end\&. These options +are only available if your version of Samba was configured with +the \fB--with-ldap\fP option\&. +.IP +This parameter specifies the \f(CW"dn"\fP or LDAP \fI"distinguished name"\fP +that tells \fBsmbd\fP to start from when searching +for an entry in the LDAP password database\&. +.IP +\fBDefault:\fP +\f(CW empty string\&.\fP +.IP +.IP "\fBlm announce (G)\fP" +.IP +This parameter determines if \fBnmbd\fP will produce +Lanman announce broadcasts that are needed by \fBOS/2\fP clients in order +for them to see the Samba server in their browse list\&. This parameter +can have three values, \f(CW"true"\fP, \f(CW"false"\fP, or \f(CW"auto"\fP\&. The +default is \f(CW"auto"\fP\&. If set to \f(CW"false"\fP Samba will never produce +these broadcasts\&. If set to \f(CW"true"\fP Samba will produce Lanman +announce broadcasts at a frequency set by the parameter \fB"lm +interval"\fP\&. If set to \f(CW"auto"\fP Samba will not send Lanman +announce broadcasts by default but will listen for them\&. If it hears +such a broadcast on the wire it will then start sending them at a +frequency set by the parameter \fB"lm interval"\fP\&. +.IP +See also \fB"lm interval"\fP\&. +.IP +\fBDefault:\fP +\f(CW lm announce = auto\fP +.IP +\fBExample:\fP +\f(CW lm announce = true\fP +.IP +.IP "\fBlm interval (G)\fP" +.IP +If Samba is set to produce Lanman announce broadcasts needed by +\fBOS/2\fP clients (see the \fB"lm announce"\fP +parameter) then this parameter defines the frequency in seconds with +which they will be made\&. If this is set to zero then no Lanman +announcements will be made despite the setting of the \fB"lm +announce"\fP parameter\&. +.IP +See also \fB"lm announce"\fP\&. +.IP +\fBDefault:\fP +\f(CW lm interval = 60\fP +.IP +\fBExample:\fP +\f(CW lm interval = 120\fP +.IP +.IP "\fBload printers (G)\fP" +.IP +A boolean variable that controls whether all printers in the printcap +will be loaded for browsing by default\&. See the +\fB"printers"\fP section for more details\&. +.IP +\fBDefault:\fP +\f(CW load printers = yes\fP +.IP +bg(Example:) +\f(CW load printers = no\fP +.IP +.IP "\fBlocal master (G)\fP" +.IP +This option allows \fBnmbd\fP to try and become a +local master browser on a subnet\&. If set to False then +\fBnmbd\fP will not attempt to become a local master +browser on a subnet and will also lose in all browsing elections\&. By +default this value is set to true\&. Setting this value to true doesn\'t +mean that Samba will \fIbecome\fP the local master browser on a subnet, +just that \fBnmbd\fP will \fIparticipate\fP in +elections for local master browser\&. +.IP +Setting this value to False will cause \fBnmbd\fP +\fInever\fP to become a local master browser\&. +.IP +\fBDefault:\fP +\f(CW local master = yes\fP +.IP +.IP "\fBlock dir (G)\fP" +.IP +Synonym for \fB"lock directory"\fP\&. +.IP +.IP "\fBlock directory (G)\fP" +.IP +This option specifies the directory where lock files will be placed\&. +The lock files are used to implement the \fB"max +connections"\fP option\&. +.IP +\fBDefault:\fP +\f(CW lock directory = /tmp/samba\fP +.IP +\fBExample:\fP +\f(CW lock directory = /usr/local/samba/var/locks\fP +.IP +.IP "\fBlocking (S)\fP" +.IP +This controls whether or not locking will be performed by the server +in response to lock requests from the client\&. +.IP +If \f(CW"locking = no"\fP, all lock and unlock requests will appear to +succeed and all lock queries will indicate that the queried lock is +clear\&. +.IP +If \f(CW"locking = yes"\fP, real locking will be performed by the server\&. +.IP +This option \fImay\fP be useful for read-only filesystems which \fImay\fP +not need locking (such as cdrom drives), although setting this +parameter of \f(CW"no"\fP is not really recommended even in this case\&. +.IP +Be careful about disabling locking either globally or in a specific +service, as lack of locking may result in data corruption\&. You should +never need to set this parameter\&. +.IP +\fBDefault:\fP +\f(CW locking = yes\fP +.IP +\fBExample:\fP +\f(CW locking = no\fP +.IP +.IP "\fBlog file (G)\fP" +.IP +This options allows you to override the name of the Samba log file +(also known as the debug file)\&. +.IP +This option takes the standard substitutions, allowing you to have +separate log files for each user or machine\&. +.IP +\fBExample:\fP +\f(CW log file = /usr/local/samba/var/log\&.%m\fP +.IP +.IP "\fBlog level (G)\fP" +.IP +Synonym for \fB"debug level"\fP\&. +.IP +.IP "\fBlogon drive (G)\fP" +.IP +This parameter specifies the local path to which the home directory +will be connected (see \fB"logon home"\fP) and is only +used by NT Workstations\&. +.IP +Note that this option is only useful if Samba is set up as a +\fBlogon server\fP\&. +.IP +\fBExample:\fP +\f(CW logon drive = h:\fP +.IP +.IP "\fBlogon home (G)\fP" +.IP +This parameter specifies the home directory location when a Win95/98 or +NT Workstation logs into a Samba PDC\&. It allows you to do +.IP +\f(CW"NET USE H: /HOME"\fP +.IP +from a command prompt, for example\&. +.IP +This option takes the standard substitutions, allowing you to have +separate logon scripts for each user or machine\&. +.IP +Note that this option is only useful if Samba is set up as a +\fBlogon server\fP\&. +.IP +\fBExample:\fP +\f(CW logon home = "\e\eremote_smb_server\e%U"\fP +.IP +\fBDefault:\fP +\f(CW logon home = "\e\e%N\e%U"\fP +.IP +.IP "\fBlogon path (G)\fP" +.IP +This parameter specifies the home directory where roaming profiles +(USER\&.DAT / USER\&.MAN files for Windows 95/98) are stored\&. +.IP +This option takes the standard substitutions, allowing you to have +separate logon scripts for each user or machine\&. It also specifies +the directory from which the \f(CW"desktop"\fP, \f(CW"start menu"\fP, +\f(CW"network neighborhood"\fP and \f(CW"programs"\fP folders, and their +contents, are loaded and displayed on your Windows 95/98 client\&. +.IP +The share and the path must be readable by the user for the +preferences and directories to be loaded onto the Windows 95/98 +client\&. The share must be writeable when the logs in for the first +time, in order that the Windows 95/98 client can create the user\&.dat +and other directories\&. +.IP +Thereafter, the directories and any of contents can, if required, be +made read-only\&. It is not adviseable that the USER\&.DAT file be made +read-only - rename it to USER\&.MAN to achieve the desired effect (a +\fIMAN\fPdatory profile)\&. +.IP +Windows clients can sometimes maintain a connection to the [homes] +share, even though there is no user logged in\&. Therefore, it is vital +that the logon path does not include a reference to the homes share +(i\&.e setting this parameter to \f(CW\e\e%N\eHOMES\eprofile_path\fP will cause +problems)\&. +.IP +This option takes the standard substitutions, allowing you to have +separate logon scripts for each user or machine\&. +.IP +Note that this option is only useful if Samba is set up as a +\fBlogon server\fP\&. +.IP +\fBDefault:\fP +\f(CW logon path = \e\e%N\e%U\eprofile\fP +.IP +\fBExample:\fP +\f(CW logon path = \e\ePROFILESERVER\eHOME_DIR\e%U\ePROFILE\fP +.IP +.IP "\fBlogon script (G)\fP" +.IP +This parameter specifies the batch file (\&.bat) or NT command file +(\&.cmd) to be downloaded and run on a machine when a user successfully +logs in\&. The file must contain the DOS style cr/lf line endings\&. +Using a DOS-style editor to create the file is recommended\&. +.IP +The script must be a relative path to the \f(CW[netlogon]\fP service\&. If +the \f(CW[netlogon]\fP service specifies a \fBpath\fP of +/usr/local/samba/netlogon, and logon script = STARTUP\&.BAT, then the +file that will be downloaded is: +.IP +\f(CW/usr/local/samba/netlogon/STARTUP\&.BAT\fP +.IP +The contents of the batch file is entirely your choice\&. A suggested +command would be to add \f(CWNET TIME \e\eSERVER /SET /YES\fP, to force every +machine to synchronise clocks with the same time server\&. Another use +would be to add \f(CWNET USE U: \e\eSERVER\eUTILS\fP for commonly used +utilities, or \f(CWNET USE Q: \e\eSERVER\eISO9001_QA\fP for example\&. +.IP +Note that it is particularly important not to allow write access to +the \f(CW[netlogon]\fP share, or to grant users write permission on the +batch files in a secure environment, as this would allow the batch +files to be arbitrarily modified and security to be breached\&. +.IP +This option takes the standard substitutions, allowing you to have +separate logon scripts for each user or machine\&. +.IP +Note that this option is only useful if Samba is set up as a +\fBlogon server\fP\&. +.IP +\fBExample:\fP +\f(CW logon script = scripts\e%U\&.bat\fP +.IP +.IP "\fBlppause command (S)\fP" +.IP +This parameter specifies the command to be executed on the server host +in order to stop printing or spooling a specific print job\&. +.IP +This command should be a program or script which takes a printer name +and job number to pause the print job\&. One way of implementing this is +by using job priorities, where jobs having a too low priority won\'t be +sent to the printer\&. +.IP +If a \f(CW"%p"\fP is given then the printername is put in its place\&. A +\f(CW"%j"\fP is replaced with the job number (an integer)\&. On HPUX (see +\fBprinting=hpux\fP), if the \f(CW"-p%p"\fP option is added +to the lpq command, the job will show up with the correct status, +i\&.e\&. if the job priority is lower than the set fence priority it will +have the PAUSED status, whereas if the priority is equal or higher it +will have the SPOOLED or PRINTING status\&. +.IP +Note that it is good practice to include the absolute path in the +lppause command as the PATH may not be available to the server\&. +.IP +See also the \fB"printing"\fP parameter\&. +.IP +\fBDefault:\fP +Currently no default value is given to this string, unless the +value of the \fB"printing"\fP parameter is \f(CWSYSV\fP, in +which case the default is : +.IP +\f(CW lp -i %p-%j -H hold\fP +.IP +or if the value of the \fB"printing"\fP parameter is \f(CWsoftq\fP, +then the default is: +.IP +\f(CW qstat -s -j%j -h\fP +.IP +\fBExample for HPUX:\fP +lppause command = /usr/bin/lpalt %p-%j -p0 +.IP +.IP "\fBlpq cache time (G)\fP" +.IP +This controls how long lpq info will be cached for to prevent the +\fBlpq\fP command being called too often\&. A separate cache is kept for +each variation of the \fBlpq\fP command used by the system, so if you +use different \fBlpq\fP commands for different users then they won\'t +share cache information\&. +.IP +The cache files are stored in \f(CW/tmp/lpq\&.xxxx\fP where xxxx is a hash of +the \fBlpq\fP command in use\&. +.IP +The default is 10 seconds, meaning that the cached results of a +previous identical \fBlpq\fP command will be used if the cached data is +less than 10 seconds old\&. A large value may be advisable if your +\fBlpq\fP command is very slow\&. +.IP +A value of 0 will disable cacheing completely\&. +.IP +See also the \fB"printing"\fP parameter\&. +.IP +\fBDefault:\fP +\f(CW lpq cache time = 10\fP +.IP +\fBExample:\fP +\f(CW lpq cache time = 30\fP +.IP +.IP "\fBlpq command (S)\fP" +.IP +This parameter specifies the command to be executed on the server host +in order to obtain \f(CW"lpq"\fP-style printer status information\&. +.IP +This command should be a program or script which takes a printer name +as its only parameter and outputs printer status information\&. +.IP +Currently eight styles of printer status information are supported; +BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ\&. This covers most UNIX +systems\&. You control which type is expected using the +\fB"printing ="\fP option\&. +.IP +Some clients (notably Windows for Workgroups) may not correctly send +the connection number for the printer they are requesting status +information about\&. To get around this, the server reports on the first +printer service connected to by the client\&. This only happens if the +connection number sent is invalid\&. +.IP +If a \f(CW%p\fP is given then the printername is put in its place\&. Otherwise +it is placed at the end of the command\&. +.IP +Note that it is good practice to include the absolute path in the \fBlpq +command\fP as the PATH may not be available to the server\&. +.IP +See also the \fB"printing"\fP parameter\&. +.IP +\fBDefault:\fP +\f(CW depends on the setting of printing =\fP +.IP +\fBExample:\fP +\f(CW lpq command = /usr/bin/lpq %p\fP +.IP +.IP "\fBlpresume command (S)\fP" +.IP +This parameter specifies the command to be executed on the server host +in order to restart or continue printing or spooling a specific print +job\&. +.IP +This command should be a program or script which takes a printer name +and job number to resume the print job\&. See also the \fB"lppause +command"\fP parameter\&. +.IP +If a \f(CW%p\fP is given then the printername is put in its place\&. A +\f(CW%j\fP is replaced with the job number (an integer)\&. +.IP +Note that it is good practice to include the absolute path in the \fBlpresume +command\fP as the PATH may not be available to the server\&. +.IP +See also the \fB"printing"\fP parameter\&. +.IP +\fBDefault:\fP +.IP +Currently no default value is given to this string, unless the +value of the \fB"printing"\fP parameter is \f(CWSYSV\fP, in +which case the default is : +.IP +\f(CW lp -i %p-%j -H resume\fP +.IP +or if the value of the \fB"printing"\fP parameter is \f(CWsoftq\fP, +then the default is: +.IP +\f(CW qstat -s -j%j -r\fP +.IP +\fBExample for HPUX:\fP +\f(CW lpresume command = /usr/bin/lpalt %p-%j -p2\fP +.IP +.IP "\fBlprm command (S)\fP" +.IP +This parameter specifies the command to be executed on the server host +in order to delete a print job\&. +.IP +This command should be a program or script which takes a printer name +and job number, and deletes the print job\&. +.IP +If a \f(CW%p\fP is given then the printername is put in its place\&. A +\f(CW%j\fP is replaced with the job number (an integer)\&. +.IP +Note that it is good practice to include the absolute path in the +\fBlprm command\fP as the PATH may not be available to the server\&. +.IP +See also the \fB"printing"\fP parameter\&. +.IP +\fBDefault:\fP +\f(CW depends on the setting of "printing ="\fP +.IP +\fBExample 1:\fP +\f(CW lprm command = /usr/bin/lprm -P%p %j\fP +.IP +\fBExample 2:\fP +\f(CW lprm command = /usr/bin/cancel %p-%j\fP +.IP +.IP "\fBmachine password timeout (G)\fP" +.IP +If a Samba server is a member of an Windows NT Domain (see the +\fB"security=domain"\fP) parameter) then +periodically a running \fBsmbd\fP process will try and +change the \fBMACHINE ACCOUNT PASWORD\fP stored in the file called +\f(CW\&.\&.mac\fP where \f(CW\fP is the name of the +Domain we are a member of and tt is the primary +\fB"NetBIOS name"\fP of the machine +\fBsmbd\fP is running on\&. This parameter specifies how +often this password will be changed, in seconds\&. The default is one +week (expressed in seconds), the same as a Windows NT Domain member +server\&. +.IP +See also \fBsmbpasswd (8)\fP, and the +\fB"security=domain"\fP) parameter\&. +.IP +\fBDefault:\fP +\f(CW machine password timeout = 604800\fP +.IP +.IP "\fBmagic output (S)\fP" +.IP +This parameter specifies the name of a file which will contain output +created by a magic script (see the \fB"magic +script"\fP parameter below)\&. +.IP +Warning: If two clients use the same \fB"magic +script"\fP in the same directory the output file content +is undefined\&. +.IP +\fBDefault:\fP +\f(CW magic output = \&.out\fP +.IP +\fBExample:\fP +\f(CW magic output = myfile\&.txt\fP +.IP +.IP "\fBmagic script (S)\fP" +.IP +This parameter specifies the name of a file which, if opened, will be +executed by the server when the file is closed\&. This allows a UNIX +script to be sent to the Samba host and executed on behalf of the +connected user\&. +.IP +Scripts executed in this way will be deleted upon completion, +permissions permitting\&. +.IP +If the script generates output, output will be sent to the file +specified by the \fB"magic output"\fP parameter (see +above)\&. +.IP +Note that some shells are unable to interpret scripts containing +carriage-return-linefeed instead of linefeed as the end-of-line +marker\&. Magic scripts must be executable \fI"as is"\fP on the host, +which for some hosts and some shells will require filtering at the DOS +end\&. +.IP +Magic scripts are \fIEXPERIMENTAL\fP and should \fINOT\fP be relied upon\&. +.IP +\fBDefault:\fP +\f(CW None\&. Magic scripts disabled\&.\fP +.IP +\fBExample:\fP +\f(CW magic script = user\&.csh\fP +.IP +.IP "\fBmangle case (S)\fP" +.IP +See the section on \fB"NAME MANGLING"\fP\&. +.IP +.IP "\fBmangled map (S)\fP" +.IP +This is for those who want to directly map UNIX file names which are +not representable on Windows/DOS\&. The mangling of names is not always +what is needed\&. In particular you may have documents with file +extensions that differ between DOS and UNIX\&. For example, under UNIX +it is common to use \f(CW"\&.html"\fP for HTML files, whereas under +Windows/DOS \f(CW"\&.htm"\fP is more commonly used\&. +.IP +So to map \f(CW"html"\fP to \f(CW"htm"\fP you would use: +.IP +\f(CW mangled map = (*\&.html *\&.htm)\fP +.IP +One very useful case is to remove the annoying \f(CW";1"\fP off the ends +of filenames on some CDROMS (only visible under some UNIXes)\&. To do +this use a map of (*;1 *)\&. +.IP +\fBdefault:\fP +\f(CW no mangled map\fP +.IP +\fBExample:\fP +\f(CW mangled map = (*;1 *)\fP +.IP +.IP "\fBmangled names (S)\fP" +.IP +This controls whether non-DOS names under UNIX should be mapped to +DOS-compatible names ("mangled") and made visible, or whether non-DOS +names should simply be ignored\&. +.IP +See the section on \fB"NAME MANGLING"\fP for details +on how to control the mangling process\&. +.IP +If mangling is used then the mangling algorithm is as follows: +.IP +.IP +.IP o +The first (up to) five alphanumeric characters before the +rightmost dot of the filename are preserved, forced to upper case, and +appear as the first (up to) five characters of the mangled name\&. +.IP +.IP o +A tilde \f(CW"~"\fP is appended to the first part of the mangled +name, followed by a two-character unique sequence, based on the +original root name (i\&.e\&., the original filename minus its final +extension)\&. The final extension is included in the hash calculation +only if it contains any upper case characters or is longer than three +characters\&. +.IP +Note that the character to use may be specified using the +\fB"mangling char"\fP option, if you don\'t like +\f(CW\'~\'\fP\&. +.IP +.IP o +The first three alphanumeric characters of the final extension +are preserved, forced to upper case and appear as the extension of the +mangled name\&. The final extension is defined as that part of the +original filename after the rightmost dot\&. If there are no dots in the +filename, the mangled name will have no extension (except in the case +of \fB"hidden files"\fP - see below)\&. +.IP +.IP o +Files whose UNIX name begins with a dot will be presented as DOS +hidden files\&. The mangled name will be created as for other filenames, +but with the leading dot removed and \f(CW"___"\fP as its extension regardless +of actual original extension (that\'s three underscores)\&. +.IP +.IP +The two-digit hash value consists of upper case alphanumeric +characters\&. +.IP +This algorithm can cause name collisions only if files in a directory +share the same first five alphanumeric characters\&. The probability of +such a clash is 1/1300\&. +.IP +The name mangling (if enabled) allows a file to be copied between UNIX +directories from Windows/DOS while retaining the long UNIX +filename\&. UNIX files can be renamed to a new extension from +Windows/DOS and will retain the same basename\&. Mangled names do not +change between sessions\&. +.IP +\fBDefault:\fP +\f(CW mangled names = yes\fP +.IP +\fBExample:\fP +\f(CW mangled names = no\fP +.IP +.IP "\fBmangling char (S)\fP" +.IP +This controls what character is used as the \fI"magic"\fP character in +\fBname mangling\fP\&. The default is a \f(CW\'~\'\fP but +this may interfere with some software\&. Use this option to set it to +whatever you prefer\&. +.IP +\fBDefault:\fP +\f(CW mangling char = ~\fP +.IP +\fBExample:\fP +\f(CW mangling char = ^\fP +.IP +.IP "\fBmangled stack (G)\fP" +.IP +This parameter controls the number of mangled names that should be +cached in the Samba server \fBsmbd\fP\&. +.IP +This stack is a list of recently mangled base names (extensions are +only maintained if they are longer than 3 characters or contains upper +case characters)\&. +.IP +The larger this value, the more likely it is that mangled names can be +successfully converted to correct long UNIX names\&. However, large +stack sizes will slow most directory access\&. Smaller stacks save +memory in the server (each stack element costs 256 bytes)\&. +.IP +It is not possible to absolutely guarantee correct long file names, so +be prepared for some surprises! +.IP +\fBDefault:\fP +\f(CW mangled stack = 50\fP +.IP +\fBExample:\fP +\f(CW mangled stack = 100\fP +.IP +.IP "\fBmap archive (S)\fP" +.IP +This controls whether the DOS archive attribute should be mapped to +the UNIX owner execute bit\&. The DOS archive bit is set when a file +has been modified since its last backup\&. One motivation for this +option it to keep Samba/your PC from making any file it touches from +becoming executable under UNIX\&. This can be quite annoying for shared +source code, documents, etc\&.\&.\&. +.IP +Note that this requires the \fB"create mask"\fP +parameter to be set such that owner execute bit is not masked out +(ie\&. it must include 100)\&. See the parameter \fB"create +mask"\fP for details\&. +.IP +\fBDefault:\fP +\f(CW map archive = yes\fP +.IP +\fBExample:\fP +\f(CW map archive = no\fP +.IP +.IP "\fBmap hidden (S)\fP" +.IP +This controls whether DOS style hidden files should be mapped to the +UNIX world execute bit\&. +.IP +Note that this requires the \fB"create mask"\fP to be +set such that the world execute bit is not masked out (ie\&. it must +include 001)\&. See the parameter \fB"create mask"\fP +for details\&. +.IP +\fBDefault:\fP +\f(CW map hidden = no\fP +.IP +\fBExample:\fP +\f(CW map hidden = yes\fP +.IP +.IP "\fBmap system (S)\fP" +.IP +This controls whether DOS style system files should be mapped to the +UNIX group execute bit\&. +.IP +Note that this requires the \fB"create mask"\fP to be +set such that the group execute bit is not masked out (ie\&. it must +include 010)\&. See the parameter \fB"create mask"\fP +for details\&. +.IP +\fBDefault:\fP +\f(CW map system = no\fP +.IP +\fBExample:\fP +\f(CW map system = yes\fP +.IP +.IP "\fBmap to guest (G)\fP" +.IP +This parameter is only useful in \fBsecurity\fP modes +other than \fB"security=share"\fP - ie\&. user, +server, and domain\&. +.IP +This parameter can take three different values, which tell +\fBsmbd\fP what to do with user login requests that +don\'t match a valid UNIX user in some way\&. +.IP +The three settings are : +.IP +.IP +.IP o +\fB"Never"\fP - Means user login requests with an invalid password +are rejected\&. This is the default\&. +.IP +.IP o +\fB"Bad User"\fP - Means user logins with an invalid password are +rejected, unless the username does not exist, in which case it is +treated as a guest login and mapped into the \fB"guest +account"\fP\&. +.IP +.IP o +\fB"Bad Password"\fP - Means user logins with an invalid +password are treated as a guest login and mapped into the +\fB"guest account"\fP\&. Note that this can +cause problems as it means that any user mistyping their +password will be silently logged on a \fB"guest"\fP - and +will not know the reason they cannot access files they think +they should - there will have been no message given to them +that they got their password wrong\&. Helpdesk services will +\fI*hate*\fP you if you set the \fB"map to guest"\fP parameter +this way :-)\&. +.IP +.IP +Note that this parameter is needed to set up \fB"Guest"\fP share +services when using \fBsecurity\fP modes other than +share\&. This is because in these modes the name of the resource being +requested is \fI*not*\fP sent to the server until after the server has +successfully authenticated the client so the server cannot make +authentication decisions at the correct time (connection to the +share) for \fB"Guest"\fP shares\&. +.IP +For people familiar with the older Samba releases, this parameter +maps to the old compile-time setting of the GUEST_SESSSETUP value +in local\&.h\&. +.IP +\fBDefault:\fP +\f(CW map to guest = Never\fP +\fBExample\fP: +\f(CW map to guest = Bad User\fP +.IP +.IP "\fBmax connections (S)\fP" +.IP +This option allows the number of simultaneous connections to a service +to be limited\&. If \fB"max connections"\fP is greater than 0 then +connections will be refused if this number of connections to the +service are already open\&. A value of zero mean an unlimited number of +connections may be made\&. +.IP +Record lock files are used to implement this feature\&. The lock files +will be stored in the directory specified by the \fB"lock +directory"\fP option\&. +.IP +\fBDefault:\fP +\f(CW max connections = 0\fP +.IP +\fBExample:\fP +\f(CW max connections = 10\fP +.IP +.IP "\fBmax disk size (G)\fP" +.IP +This option allows you to put an upper limit on the apparent size of +disks\&. If you set this option to 100 then all shares will appear to be +not larger than 100 MB in size\&. +.IP +Note that this option does not limit the amount of data you can put on +the disk\&. In the above case you could still store much more than 100 +MB on the disk, but if a client ever asks for the amount of free disk +space or the total disk size then the result will be bounded by the +amount specified in \fB"max disk size"\fP\&. +.IP +This option is primarily useful to work around bugs in some pieces of +software that can\'t handle very large disks, particularly disks over +1GB in size\&. +.IP +A \fB"max disk size"\fP of 0 means no limit\&. +.IP +\fBDefault:\fP +\f(CW max disk size = 0\fP +.IP +\fBExample:\fP +\f(CW max disk size = 1000\fP +.IP +.IP "\fBmax log size (G)\fP" +.IP +This option (an integer in kilobytes) specifies the max size the log +file should grow to\&. Samba periodically checks the size and if it is +exceeded it will rename the file, adding a \f(CW"\&.old"\fP extension\&. +.IP +A size of 0 means no limit\&. +.IP +\fBDefault:\fP +\f(CW max log size = 5000\fP +.IP +\fBExample:\fP +\f(CW max log size = 1000\fP +.IP +.IP "\fBmax mux (G)\fP" +.IP +This option controls the maximum number of outstanding simultaneous +SMB operations that samba tells the client it will allow\&. You should +never need to set this parameter\&. +.IP +\fBDefault:\fP +\f(CW max mux = 50\fP +.IP +.IP "\fBmaxopenfiles (G)\fP" +.IP +This parameter limits the maximum number of open files that one +\fBsmbd\fP file serving process may have open for +a client at any one time\&. The default for this parameter is set +very high (10,000) as Samba uses only one bit per un-opened file\&. +.IP +The limit of the number of open files is usually set by the +UNIX per-process file descriptor limit rather than this parameter +so you should never need to touch this parameter\&. +.IP +\fBDefault:\fP +\f(CW max open files = 10000\fP +.IP +.IP "\fBmax packet (G)\fP" +.IP +Synonym for (packetsize)\&. +.IP +.IP "\fBmax ttl (G)\fP" +.IP +This option tells \fBnmbd\fP what the default \'time +to live\' of NetBIOS names should be (in seconds) when +\fBnmbd\fP is requesting a name using either a +broadcast packet or from a WINS server\&. You should never need to +change this parameter\&. The default is 3 days\&. +.IP +\fBDefault:\fP +\f(CW max ttl = 259200\fP +.IP +.IP "\fBmax wins ttl (G)\fP" +.IP +This option tells \fBnmbd\fP when acting as a WINS +server \fB(wins support =true)\fP what the maximum +\'time to live\' of NetBIOS names that \fBnmbd\fP will +grant will be (in seconds)\&. You should never need to change this +parameter\&. The default is 6 days (518400 seconds)\&. +.IP +See also the \fB"min wins ttl"\fP parameter\&. +.IP +\fBDefault:\fP +\f(CW max wins ttl = 518400\fP +.IP +.IP "\fBmax xmit (G)\fP" +.IP +This option controls the maximum packet size that will be negotiated +by Samba\&. The default is 65535, which is the maximum\&. In some cases +you may find you get better performance with a smaller value\&. A value +below 2048 is likely to cause problems\&. +.IP +\fBDefault:\fP +\f(CW max xmit = 65535\fP +.IP +\fBExample:\fP +\f(CW max xmit = 8192\fP +.IP +.IP "\fBmessage command (G)\fP" +.IP +This specifies what command to run when the server receives a WinPopup +style message\&. +.IP +This would normally be a command that would deliver the message +somehow\&. How this is to be done is up to your imagination\&. +.IP +An example is: +.IP +\f(CW message command = csh -c \'xedit %s;rm %s\' &\fP +.IP +This delivers the message using \fBxedit\fP, then removes it +afterwards\&. \fINOTE THAT IT IS VERY IMPORTANT THAT THIS COMMAND RETURN +IMMEDIATELY\fP\&. That\'s why I have the \f(CW\'&\'\fP on the end\&. If it doesn\'t +return immediately then your PCs may freeze when sending messages +(they should recover after 30secs, hopefully)\&. +.IP +All messages are delivered as the global guest user\&. The command takes +the standard substitutions, although \fB%u\fP won\'t work +(\fB%U\fP may be better in this case)\&. +.IP +Apart from the standard substitutions, some additional ones apply\&. In +particular: +.IP +.IP +.IP o +\f(CW"%s"\fP = the filename containing the message\&. +.IP +.IP o +\f(CW"%t"\fP = the destination that the message was sent to (probably the server +name)\&. +.IP +.IP o +\f(CW"%f"\fP = who the message is from\&. +.IP +.IP +You could make this command send mail, or whatever else takes your +fancy\&. Please let us know of any really interesting ideas you have\&. +.IP +Here\'s a way of sending the messages as mail to root: +.IP +\f(CWmessage command = /bin/mail -s \'message from %f on %m\' root < %s; rm %s\fP +.IP +If you don\'t have a message command then the message won\'t be +delivered and Samba will tell the sender there was an +error\&. Unfortunately WfWg totally ignores the error code and carries +on regardless, saying that the message was delivered\&. +.IP +If you want to silently delete it then try: +.IP +\f(CW"message command = rm %s"\fP\&. +.IP +For the really adventurous, try something like this: +.IP +\f(CWmessage command = csh -c \'csh < %s |& /usr/local/samba/bin/smbclient -M %m; rm %s\' &\fP +.IP +this would execute the command as a script on the server, then give +them the result in a WinPopup message\&. Note that this could cause a +loop if you send a message from the server using smbclient! You better +wrap the above in a script that checks for this :-) +.IP +\fBDefault:\fP +\f(CW no message command\fP +.IP +\fBExample:\fP +\f(CW message command = csh -c \'xedit %s;rm %s\' &\fP +.IP +.IP "\fBmin print space (S)\fP" +.IP +This sets the minimum amount of free disk space that must be available +before a user will be able to spool a print job\&. It is specified in +kilobytes\&. The default is 0, which means a user can always spool a print +job\&. +.IP +See also the \fBprinting\fP parameter\&. +.IP +\fBDefault:\fP +\f(CW min print space = 0\fP +.IP +\fBExample:\fP +\f(CW min print space = 2000\fP +.IP +.IP "\fBmin wins ttl (G)\fP" +.IP +This option tells \fBnmbd\fP when acting as a WINS +server \fB(wins support = true)\fP what the minimum +\'time to live\' of NetBIOS names that \fBnmbd\fP will +grant will be (in seconds)\&. You should never need to change this +parameter\&. The default is 6 hours (21600 seconds)\&. +.IP +\fBDefault:\fP +\f(CW min wins ttl = 21600\fP +.IP +.IP "\fBname resolve order (G)\fP" +.IP +This option is used by the programs in the Samba suite to determine +what naming services and in what order to resolve host names to IP +addresses\&. The option takes a space separated string of different name +resolution options\&. +.IP +The options are :"lmhosts", "host", "wins" and "bcast"\&. They cause +names to be resolved as follows : +.IP +.IP +.IP o +\fBlmhosts\fP : Lookup an IP address in the Samba lmhosts file\&. +.IP +.IP o +\fBhost\fP : Do a standard host name to IP address resolution, +using the system /etc/hosts, NIS, or DNS lookups\&. This method of name +resolution is operating system depended for instance on IRIX or +Solaris this may be controlled by the \fI/etc/nsswitch\&.conf\fP file)\&. +.IP +.IP o +\fBwins\fP : Query a name with the IP address listed in the +\fBwins server\fP parameter\&. If no WINS server has +been specified this method will be ignored\&. +.IP +.IP o +\fBbcast\fP : Do a broadcast on each of the known local interfaces +listed in the \fBinterfaces\fP parameter\&. This is the +least reliable of the name resolution methods as it depends on the +target host being on a locally connected subnet\&. +.IP +.IP +\fBDefault:\fP +\f(CW name resolve order = lmhosts host wins bcast\fP +.IP +\fBExample:\fP +\f(CW name resolve order = lmhosts bcast host\fP +.IP +This will cause the local lmhosts file to be examined first, followed +by a broadcast attempt, followed by a normal system hostname lookup\&. +.IP +.IP "\fBnetbios aliases (G)\fP" +.IP +This is a list of NetBIOS names that \fBnmbd\fP will +advertise as additional names by which the Samba server is known\&. This +allows one machine to appear in browse lists under multiple names\&. If +a machine is acting as a \fBbrowse server\fP or +\fBlogon server\fP none of these names will be +advertised as either browse server or logon servers, only the primary +name of the machine will be advertised with these capabilities\&. +.IP +See also \fB"netbios name"\fP\&. +.IP +\fBDefault:\fP +\f(CW empty string (no additional names)\fP +.IP +\fBExample:\fP +\f(CW netbios aliases = TEST TEST1 TEST2\fP +.IP +.IP "\fBnetbios name (G)\fP" +.IP +This sets the NetBIOS name by which a Samba server is known\&. By +default it is the same as the first component of the host\'s DNS name\&. +If a machine is a \fBbrowse server\fP or +\fBlogon server\fP this name (or the first component +of the hosts DNS name) will be the name that these services are +advertised under\&. +.IP +See also \fB"netbios aliases"\fP\&. +.IP +\fBDefault:\fP +\f(CW Machine DNS name\&.\fP +.IP +\fBExample:\fP +\f(CW netbios name = MYNAME\fP +.IP +.IP "\fBnis homedir (G)\fP" +.IP +Get the home share server from a NIS map\&. For UNIX systems that use an +automounter, the user\'s home directory will often be mounted on a +workstation on demand from a remote server\&. +.IP +When the Samba logon server is not the actual home directory server, +but is mounting the home directories via NFS then two network hops +would be required to access the users home directory if the logon +server told the client to use itself as the SMB server for home +directories (one over SMB and one over NFS)\&. This can be very +slow\&. +.IP +This option allows Samba to return the home share as being on a +different server to the logon server and as long as a Samba daemon is +running on the home directory server, it will be mounted on the Samba +client directly from the directory server\&. When Samba is returning the +home share to the client, it will consult the NIS map specified in +\fB"homedir map"\fP and return the server listed +there\&. +.IP +Note that for this option to work there must be a working NIS +system and the Samba server with this option must also be a +\fBlogon server\fP\&. +.IP +\fBDefault:\fP +\f(CW nis homedir = false\fP +.IP +\fBExample:\fP +\f(CW nis homedir = true\fP +.IP +.IP "\fBnt pipe support (G)\fP" +.IP +This boolean parameter controlls whether \fBsmbd\fP +will allow Windows NT clients to connect to the NT SMB specific +\f(CWIPC$\fP pipes\&. This is a developer debugging option and can be left +alone\&. +.IP +\fBDefault:\fP +\f(CW nt pipe support = yes\fP +.IP +.IP "\fBnt smb support (G)\fP" +.IP +This boolean parameter controlls whether \fBsmbd\fP +will negotiate NT specific SMB support with Windows NT +clients\&. Although this is a developer debugging option and should be +left alone, benchmarking has discovered that Windows NT clients give +faster performance with this option set to \f(CW"no"\fP\&. This is still +being investigated\&. If this option is set to \f(CW"no"\fP then Samba +offers exactly the same SMB calls that versions prior to Samba2\&.0 +offered\&. This information may be of use if any users are having +problems with NT SMB support\&. +.IP +\fBDefault:\fP +\f(CW nt support = yes\fP +.IP +.IP "\fBnull passwords (G)\fP" +.IP +Allow or disallow client access to accounts that have null passwords\&. +.IP +See also \fBsmbpasswd (5)\fP\&. +.IP +\fBDefault:\fP +\f(CW null passwords = no\fP +.IP +\fBExample:\fP +\f(CW null passwords = yes\fP +.IP +.IP "\fBole locking compatibility (G)\fP" +.IP +This parameter allows an administrator to turn off the byte range lock +manipulation that is done within Samba to give compatibility for OLE +applications\&. Windows OLE applications use byte range locking as a +form of inter-process communication, by locking ranges of bytes around +the 2^32 region of a file range\&. This can cause certain UNIX lock +managers to crash or otherwise cause problems\&. Setting this parameter +to \f(CW"no"\fP means you trust your UNIX lock manager to handle such cases +correctly\&. +.IP +\fBDefault:\fP +\f(CW ole locking compatibility = yes\fP +.IP +\fBExample:\fP +\f(CW ole locking compatibility = no\fP +.IP +.IP "\fBonly guest (S)\fP" +.IP +A synonym for \fB"guest only"\fP\&. +.IP +.IP "\fBonly user (S)\fP" +.IP +This is a boolean option that controls whether connections with +usernames not in the \fBuser=\fP list will be allowed\&. By +default this option is disabled so a client can supply a username to +be used by the server\&. +.IP +Note that this also means Samba won\'t try to deduce usernames from the +service name\&. This can be annoying for the \fB[homes]\fP +section\&. To get around this you could use "\fBuser\fP = +\fB%S\fP" which means your \fB"user"\fP list +will be just the service name, which for home directories is the name +of the user\&. +.IP +See also the \fBuser\fP parameter\&. +.IP +\fBDefault:\fP +\f(CW only user = False\fP +.IP +\fBExample:\fP +\f(CW only user = True\fP +.IP +.IP "\fBoplocks (S)\fP" +.IP +This boolean option tells smbd whether to issue oplocks (opportunistic +locks) to file open requests on this share\&. The oplock code can +dramatically (approx 30% or more) improve the speed of access to files +on Samba servers\&. It allows the clients to agressively cache files +locally and you may want to disable this option for unreliable network +environments (it is turned on by default in Windows NT Servers)\&. For +more information see the file Speed\&.txt in the Samba docs/ directory\&. +.IP +Oplocks may be selectively turned off on certain files on a per share basis\&. +See the \'veto oplock files\' parameter\&. On some systems oplocks are recognised +by the underlying operating system\&. This allows data synchronisation between +all access to oplocked files, whether it be via Samba or NFS or a local +UNIX process\&. See the \fBkernel oplocks\fP parameter +for details\&. +.IP +\fBDefault:\fP +\f(CW oplocks = True\fP +.IP +\fBExample:\fP +\f(CW oplocks = False\fP +.IP +.IP "\fBos level (G)\fP" +.IP +This integer value controls what level Samba advertises itself as for +browse elections\&. The value of this parameter determines whether +\fBnmbd\fP has a chance of becoming a local master +browser for the \fBWORKGROUP\fP in the local broadcast +area\&. The default is zero, which means \fBnmbd\fP will +lose elections to Windows machines\&. See BROWSING\&.txt in the Samba +docs/ directory for details\&. +.IP +\fBDefault:\fP +\f(CW os level = 0\fP +.IP +\fBExample:\fP +\f(CW os level = 65 ; This will win against any NT Server\fP +.IP +.IP "\fBpacket size (G)\fP" +.IP +This is a deprecated parameter that how no effect on the current +Samba code\&. It is left in the parameter list to prevent breaking +old \fBsmb\&.conf\fP files\&. +.IP +.IP "\fBpanic action (G)\fP" +.IP +This is a Samba developer option that allows a system command to be +called when either \fBsmbd\fP or +\fBnmbd\fP crashes\&. This is usually used to draw +attention to the fact that a problem occured\&. +.IP +\fBDefault:\fP +\f(CW panic action = \fP +.IP +.IP "\fBpasswd chat (G)\fP" +.IP +This string controls the \fI"chat"\fP conversation that takes places +between \fBsmbd\fP and the local password changing +program to change the users password\&. The string describes a sequence +of response-receive pairs that \fBsmbd\fP uses to +determine what to send to the \fBpasswd\fP program +and what to expect back\&. If the expected output is not received then +the password is not changed\&. +.IP +This chat sequence is often quite site specific, depending on what +local methods are used for password control (such as NIS etc)\&. +.IP +The string can contain the macros \f(CW"%o"\fP and \f(CW"%n"\fP which are +substituted for the old and new passwords respectively\&. It can also +contain the standard macros \f(CW"\en"\fP, \f(CW"\er"\fP, \f(CW"\et"\fP and \f(CW"\es"\fP +to give line-feed, carriage-return, tab and space\&. +.IP +The string can also contain a \f(CW\'*\'\fP which matches any sequence of +characters\&. +.IP +Double quotes can be used to collect strings with spaces in them into +a single string\&. +.IP +If the send string in any part of the chat sequence is a fullstop +\f(CW"\&."\fP then no string is sent\&. Similarly, is the expect string is a +fullstop then no string is expected\&. +.IP +Note that if the \fB"unix password sync"\fP +parameter is set to true, then this sequence is called \fI*AS ROOT*\fP +when the SMB password in the smbpasswd file is being changed, without +access to the old password cleartext\&. In this case the old password +cleartext is set to \f(CW""\fP (the empty string)\&. +.IP +See also \fB"unix password sync"\fP, +\fB"passwd program"\fP and \fB"passwd chat +debug"\fP\&. +.IP +\fBExample:\fP + +.DS + + passwd chat = "*Enter OLD password*" %o\en "*Enter NEW password*" %n\en "*Reenter NEW password*" %n\en "*Password changed*" -printcap name +.DE + -printer driver file +.IP +\fBDefault:\fP -protocol - -read bmpx - -read prediction - -read raw - -read size - -remote announce - -remote browse sync - -root - -root dir - -root directory - -security - -server string - -shared file entries - -shared mem size - -smb passwd file - -smbrun - -socket address - -socket options - -status - -strip dot - -syslog - -syslog only - -time offset - -time server - -unix password sync - -unix realname - -update encrypted - -username level - -username map - -use rhosts - -valid chars - -wins proxy - -wins server - -wins support - -workgroup - -write raw - -.SS COMPLETE LIST OF SERVICE PARAMETERS - -Here is a list of all service parameters. See the section of each -parameter for details. Note that some are synonyms. - -admin users - -allow hosts - -alternate permissions - -available - -browseable - -case sensitive - -case sig names - -copy - -create mask - -create mode - -comment - -default case - -delete readonly - -delete veto files - -deny hosts - -directory - -directory mask - -directory mode - -dont descend - -dos filetimes - -dos filetime resolution - -exec - -fake directory create times - -fake oplocks - -follow symlinks - -force create mode - -force directory mode - -force group - -force user - -guest account - -guest ok - -guest only - -hide dot files - -hosts allow - -hosts deny - -invalid users - -locking - -lppause command - -lpq command - -lpresume command - -lprm command - -magic output - -magic script - -mangle case - -mangled names - -mangling char - -map archive - -map hidden - -map system - -max connections - -min print space - -only guest - -only user - -oplocks - -path - -postexec - -postscript - -preserve case - -print command - -printer driver - -printer driver location - -printing - -print ok - -printable - -printer - -printer name - -public - -queuepause command - -queueresume command - -read only - -read list - -revalidate - -root postexec - -root preexec - -set directory - -share modes - -short preserve case - -strict locking - -strict sync - -sync always - -user - -username - -users - -valid users - -veto files - -veto oplock files - -volume - -wide links - -writable - -write ok - -writeable - -write list - -.SS EXPLANATION OF EACH PARAMETER -.RS 3 - -.SS admin users (S) - -This is a list of users who will be granted administrative privileges -on the share. This means that they will do all file operations as the -super-user (root). - -You should use this option very carefully, as any user in this list -will be able to do anything they like on the share, irrespective of -file permissions. - -.B Default: - no admin users - -.B Example: - admin users = jason - -.SS announce as (G) - -This specifies what type of server nmbd will announce itself as in -browse lists. By default this is set to Windows NT. The valid options -are "NT", "Win95" or "WfW" meaining Windows NT, Windows 95 and -Windows for Workgroups respectively. Do not change this parameter -unless you have a specific need to stop Samba appearing as an NT -server as this may prevent Samba servers from participating as -browser servers correctly. - -.B Default: - announce as = NT - -.B Example - announce as = Win95 - -.SS announce version (G) - -This specifies the major and minor version numbers that nmbd -will use when announcing itself as a server. The default is 4.2. -Do not change this parameter unless you have a specific need to -set a Samba server to be a downlevel server. - -.B Default: - announce version = 4.2 - -.B Example: - announce version = 2.0 - -.SS auto services (G) -This is a list of services that you want to be automatically added to -the browse lists. This is most useful for homes and printers services -that would otherwise not be visible. - -Note that if you just want all printers in your printcap file loaded -then the "load printers" option is easier. - -.B Default: - no auto services - -.B Example: - auto services = fred lp colorlp - -.SS allow hosts (S) -A synonym for this parameter is 'hosts allow'. - -This parameter is a comma delimited set of hosts which are permitted to access -a service. - -If specified in the [global] section then it will apply to all -services, regardless of whether the individual service has a different -setting. - -You can specify the hosts by name or IP number. For example, you could -restrict access to only the hosts on a Class C subnet with something like -"allow hosts = 150.203.5.". The full syntax of the list is described in -the man page -.BR hosts_access (5). - -You can also specify hosts by network/netmask pairs and by netgroup -names if your system supports netgroups. The EXCEPT keyword can also -be used to limit a wildcard list. The following examples may provide -some help: - -Example 1: allow all IPs in 150.203.*.* except one - - hosts allow = 150.203. EXCEPT 150.203.6.66 - -Example 2: allow hosts that match the given network/netmask - - hosts allow = 150.203.15.0/255.255.255.0 - -Example 3: allow a couple of hosts - - hosts allow = lapland, arvidsjaur - -Example 4: allow only hosts in netgroup "foonet" or localhost, but -deny access from one particular host - - hosts allow = @foonet, localhost - hosts deny = pirate - -Note that access still requires suitable user-level passwords. - -See -.BR testparm (1) -for a way of testing your host access to see if it -does what you expect. - -.B Default: - none (i.e., all hosts permitted access) - -.B Example: - allow hosts = 150.203.5. myhost.mynet.edu.au - -.SS alternate permissions (S) - -This option affects the way the "read only" DOS attribute is produced -for UNIX files. If this is false then the read only bit is set for -files on writeable shares which the user cannot write to. - -If this is true then it is set for files whos user write bit is not set. - -The latter behaviour is useful for when users copy files from each -others directories, and use a file manager that preserves -permissions. Without this option they may get annoyed as all copied -files will have the "read only" bit set. - -.B Default: - alternate permissions = no - -.B Example: - alternate permissions = yes - -.SS available (S) -This parameter lets you 'turn off' a service. If 'available = no', then -ALL attempts to connect to the service will fail. Such failures are logged. - -.B Default: - available = yes - -.B Example: - available = no - -.SS bind interfaces only (G) -This global parameter (new for 1.9.18) allows the Samba admin to limit -what interfaces on a machine will serve smb requests. If affects file service -(smbd) and name service (nmbd) in slightly different ways. - -For name service it causes nmbd to bind to ports 137 and 138 on -the interfaces listed in the 'interfaces' parameter. nmbd also binds -to the 'all addresses' interface (0.0.0.0) on ports 137 and 138 -for the purposes of reading broadcast messages. If this option is -not set then nmbd will service name requests on all of these -sockets. If "bind interfaces only" is set then nmbd will check -the source address of any packets coming in on the broadcast -sockets and discard any that don't match the broadcast addresses -of the interfaces in the 'interfaces' parameter list. As unicast -packets are received on the other sockets it allows nmbd to -refuse to serve names to machines that send packets that arrive -through any interfaces not listed in the 'interfaces' list. -IP Source address spoofing does defeat this simple check, however -so it must not be used seriously as a security feature for nmbd. - -For file service it causes smbd to bind only to the interface -list given in the 'interfaces' parameter. This restricts the -networks that smbd will serve to packets coming in those interfaces. -Note that you should not use this parameter for machines that -are serving ppp or other intermittant or non-broadcast network -interfaces as it will not cope with non-permanent interfaces. - -.B Default: - bind interfaces only = False - -.B Example: - bind interfaces only = True - -.SS browseable (S) -This controls whether this share is seen in the list of available -shares in a net view and in the browse list. - -.B Default: - browseable = Yes - -.B Example: - browseable = No -.SS browse list(G) -This controls whether the smbd will serve a browse list to a client -doing a NetServerEnum call. Normally set to true. You should never -need to change this. - -.B Default: - browse list = Yes - -.SS case sensitive (G) -See the discussion on NAME MANGLING. - -.SS case sig names (G) -See "case sensitive" - -.SS character set (G) -This allows a smbd to map incoming characters from a DOS 850 Code page -to either a Western European (ISO8859-1) or Easter European (ISO8859-2) -code page. Normally not set, meaning no filename translation is done. - -.B Default - - character set = - -.B Example - - character set = iso8859-1 - -.SS client code page (G) -Currently (Samba 1.9.17 and above) this may be set to one of two -values, 850 or 437. It specifies the base DOS code page that the -clients accessing Samba are using. To determine this, open a DOS -command prompt and type the command "chcp". This will output the -code page. The default for USA MS-DOS, Windows 95, and Windows NT -releases is code page 437. The default for western european -releases of the above operating systems is code page 850. - -This parameter co-operates with the "valid chars" parameter in -determining what characters are valid in filenames and how -capitalization is done. It has been added as a convenience for -clients whose code page is either 437 or 850 so a convoluted -"valid chars" string does not have to be determined. If you -set both this parameter and the "valid chars" parameter the -"client code page" parameter MUST be set before the "valid chars" -in the smb.conf file. The "valid chars" string will then augment -the character settings in the "client code page" parameter. - -If "client code page" is set to a value other than 850 or 437 -it will default to 850. - -See also : "valid chars". - -.B Default - - client code page = 850 - -.B Example - - client code page = 437 - -.SS comment (S) -This is a text field that is seen next to a share when a client does a -net view to list what shares are available. - -If you want to set the string that is displayed next to the machine -name then see the server string command. - -.B Default: - No comment string - -.B Example: - comment = Fred's Files - -.SS config file (G) - -This allows you to override the config file to use, instead of the -default (usually smb.conf). There is a chicken and egg problem here as -this option is set in the config file! - -For this reason, if the name of the config file has changed when the -parameters are loaded then it will reload them from the new config -file. - -This option takes the usual substitutions, which can be very useful. - -If the config file doesn't exist then it won't be loaded (allowing -you to special case the config files of just a few clients). - -.B Example: - config file = /usr/local/samba/lib/smb.conf.%m - -.SS copy (S) -This parameter allows you to 'clone' service entries. The specified -service is simply duplicated under the current service's name. Any -parameters specified in the current section will override those in the -section being copied. - -This feature lets you set up a 'template' service and create similar -services easily. Note that the service being copied must occur earlier -in the configuration file than the service doing the copying. - -.B Default: - none - -.B Example: - copy = otherservice -.SS create mask (S) -A synonym for this parameter is 'create mode'. - -When a file is created, the neccessary permissions are calculated -according to the mapping from DOS modes to UNIX permissions, and -the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. -This parameter may be thought of as a bit-wise MASK for the UNIX -modes of a file. Any bit *not* set here will be removed from the -modes set on a file when it is created. - -The default value of this parameter removes the 'group' and 'other' -write and execute bits from the UNIX modes. - -Following this Samba will bit-wise 'OR' the UNIX mode created from -this parameter with the value of the "force create mode" parameter -which is set to 000 by default. - -For Samba 1.9.17 and above this parameter no longer affects directory -modes. See the parameter 'directory mode' for details. - -See also the "force create mode" parameter for forcing particular -mode bits to be set on created files. -See also the "directory mode" parameter for masking mode bits on created -directories. - -.B Default: - create mask = 0744 - -.B Example: - create mask = 0775 -.SS create mode (S) -See -.B create mask. - -.SS deadtime (G) -The value of the parameter (a decimal integer) represents the number of -minutes of inactivity before a connection is considered dead, and it -is disconnected. The deadtime only takes effect if the number of open files -is zero. - -This is useful to stop a server's resources being exhausted by a large -number of inactive connections. - -Most clients have an auto-reconnect feature when a connection is broken so -in most cases this parameter should be transparent to users. - -Using this parameter with a timeout of a few minutes is recommended -for most systems. - -A deadtime of zero indicates that no auto-disconnection should be performed. - -.B Default: - deadtime = 0 - -.B Example: - deadtime = 15 -.SS debug level (G) -The value of the parameter (an integer) allows the debug level -(logging level) to be specified in the -.B smb.conf -file. This is to give -greater flexibility in the configuration of the system. - -The default will be the debug level specified on the command line. - -.B Example: - debug level = 3 -.SS default (G) -See -.B default service. -.SS default case (S) - -See the section on "NAME MANGLING" Also note the addition of "short -preserve case" - -.SS default service (G) -A synonym for this parameter is 'default'. - -This parameter specifies the name of a service which will be connected to -if the service actually requested cannot be found. Note that the square -brackets are NOT given in the parameter value (see example below). - -There is no default value for this parameter. If this parameter is not given, -attempting to connect to a nonexistent service results in an error. - -Typically the default service would be a public, read-only service. - -Also note that as of 1.9.14 the apparent service name will be changed to -equal that of the requested service, this is very useful as it allows -you to use macros like %S to make a wildcard service. - -Note also that any _ characters in the name of the service used in the -default service will get mapped to a /. This allows for interesting -things. - - -.B Example: - default service = pub - - [pub] - path = /%S - - -.SS delete readonly (S) -This parameter allows readonly files to be deleted. This is not normal DOS -semantics, but is allowed by UNIX. - -This option may be useful for running applications such as rcs, where UNIX -file ownership prevents changing file permissions, and DOS semantics prevent -deletion of a read only file. - -.B Default: - delete readonly = No - -.B Example: - delete readonly = Yes -.SS deny hosts (S) -A synonym for this parameter is 'hosts deny'. - -The opposite of 'allow hosts' - hosts listed here are NOT permitted -access to services unless the specific services have their own lists to -override this one. Where the lists conflict, the 'allow' list takes precedence. - -.B Default: - none (i.e., no hosts specifically excluded) - -.B Example: - deny hosts = 150.203.4. badhost.mynet.edu.au - -.SS delete veto files (S) - -This option is used when Samba is attempting to delete a directory -that contains one or more vetoed directories (see the 'veto files' option). -If this option is set to False (the default) then if a vetoed directory -contains any non-vetoed files or directories then the directory delete -will fail. This is usually what you want. - -If this option is set to True, then Samba will attempt -to recursively delete any files and directories within the vetoed -directory. This can be useful for integration with file serving -systems such as Netatalk, which create meta-files within directories -you might normally veto DOS/Windows users from seeing (eg. .AppleDouble) - -Setting 'delete veto files = True' allows these directories to be -transparently deleted when the parent directory is deleted (so long -as the user has permissions to do so). - -.B Default: - delete veto files = False - -.B Example: - delete veto files = True - -See -.B veto files - -.SS dfree command (G) -The dfree command setting should only be used on systems where a -problem occurs with the internal disk space calculations. This has -been known to happen with Ultrix, but may occur with other operating -systems. The symptom that was seen was an error of "Abort Retry -Ignore" at the end of each directory listing. - -This setting allows the replacement of the internal routines to -calculate the total disk space and amount available with an external -routine. The example below gives a possible script that might fulfill -this function. - -The external program will be passed a single parameter indicating a -directory in the filesystem being queried. This will typically consist -of the string "./". The script should return two integers in ascii. The -first should be the total disk space in blocks, and the second should -be the number of available blocks. An optional third return value -can give the block size in bytes. The default blocksize is 1024 bytes. - -Note: Your script should NOT be setuid or setgid and should be owned by -(and writable only by) root! - -.B Default: - By default internal routines for determining the disk capacity -and remaining space will be used. - -.B Example: - dfree command = /usr/local/samba/bin/dfree - - Where the script dfree (which must be made executable) could be - -.nf - #!/bin/sh - df $1 | tail -1 | awk '{print $2" "$4}' -.fi - - or perhaps (on Sys V) - -.nf - #!/bin/sh - /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' -.fi - - Note that you may have to replace the command names with full -path names on some systems. -.SS directory (S) -See -.B path. - -.SS directory mask (S) -A synonym for this parameter is 'directory mode'. - -This parameter is the octal modes which are used when converting DOS modes -to UNIX modes when creating UNIX directories. - -When a directory is created, the neccessary permissions are calculated -according to the mapping from DOS modes to UNIX permissions, and -the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. -This parameter may be thought of as a bit-wise MASK for the UNIX -modes of a directory. Any bit *not* set here will be removed from the -modes set on a directory when it is created. - -The default value of this parameter removes the 'group' and 'other' -write bits from the UNIX mode, allowing only the user who owns the -directory to modify it. - -Following this Samba will bit-wise 'OR' the UNIX mode created from -this parameter with the value of the "force directory mode" parameter. -This parameter is set to 000 by default (ie. no extra mode bits are added). - -See the "force directory mode" parameter to cause particular mode -bits to always be set on created directories. - -See also the "create mode" parameter for masking mode bits on created -files. - -.B Default: - directory mask = 0755 - -.B Example: - directory mask = 0775 - -.SS directory mode (S) -See -.B directory mask. - -.SS dns proxy (G) - -Specifies that nmbd should (as a WINS server), on finding that a NetBIOS -name has not been registered, treat the NetBIOS name word-for-word as -a DNS name. - -Note that the maximum length for a NetBIOS name is 15 -characters, so the DNS name (or DNS alias) can likewise only be 15 -characters, maximum. - -Note also that nmbd will block completely until the DNS name is resolved. -This will result in temporary loss of browsing and WINS services. -Enable this option only if you are certain that DNS resolution is fast, -or you can live with the consequences of periodic pauses in nmbd service. - -.B Default: - dns proxy = yes - -.SS domain controller (G) - -The meaning of this parameter changed from a string to a boolean (yes/no) -value. It is currently not used within the Samba source and should be removed -from all current smb.conf files. It is left behind for compatibility reasons. - -.B Default: - domain controller = no - -.SS domain logons (G) - -If set to true, the Samba server will serve Windows 95 domain logons -for the workgroup it is in. For more details on setting up this feature -see the file DOMAINS.txt in the Samba source documentation directory. - -.B Default: - domain logons = no - -.SS domain master (G) - -Enable WAN-wide browse list collation. Local master browsers on -broadcast-isolated subnets will give samba their local browse lists, and -ask for a complete copy of the browse list for the whole wide area network. -Browser clients will then contact their local master browser, and will -receive the domain-wide browse list, instead of just the list for their -broadcast-isolated subnet. - -.B Default: - domain master = no - -.SS dont descend (S) -There are certain directories on some systems (eg., the /proc tree under -Linux) that are either not of interest to clients or are infinitely deep -(recursive). This parameter allows you to specify a comma-delimited list -of directories that the server should always show as empty. - -Note that Samba can be very fussy about the exact format of the "dont -descend" entries. For example you may need "./proc" instead of just -"/proc". Experimentation is the best policy :-) - -.B Default: - none (i.e., all directories are OK to descend) - -.B Example: - dont descend = /proc,/dev - -.SS dos filetimes (S) -Under DOS and Windows, if a user can write to a file they can change -the timestamp on it. Under POSIX semantics, only the owner of the file -or root may change the timestamp. By default, Samba runs with POSIX -semantics and refuses to change the timestamp on a file if the user -smbd is acting on behalf of is not the file owner. Setting this option -to True allows DOS semantics and smbd will change the file timstamp as -DOS requires. This is a correct implementation of a previous compile-time -options (UTIME_WORKAROUND) which was broken and is now removed. - -.B Default: - dos filetimes = False - -.B Example: - dos filetimes = True - -.SS dos filetime resolution (S) -Under the DOS and Windows FAT filesystem, the finest granulatity on -time resolution is two seconds. Setting this parameter for a share -causes Samba to round the reported time down to the nearest two -second boundary when a query call that requires one second resolution -is made to smbd. - -This option is mainly used as a compatibility option for Visual C++ -when used against Samba shares. If oplocks are enabled on a share, -Visual C++ uses two different time reading calls to check if a file -has changed since it was last read. One of these calls uses a one-second -granularity, the other uses a two second granularity. As the two second -call rounds any odd second down, then if the file has a timestamp of an -odd number of seconds then the two timestamps will not match and Visual -C++ will keep reporting the file has changed. Setting this option causes -the two timestamps to match, and Visual C++ is happy. - -.B Default: - dos filetime resolution = False - -.B Example: - dos filetime resolution = True - -.SS encrypt passwords (G) - -This boolean controls whether encrypted passwords will be negotiated -with the client. Note that Windows NT 4.0 SP3 and above will by default -expect encrypted passwords unless a registry entry is changed. To use -encrypted passwords in Samba see the file docs/ENCRYPTION.txt. - -.SS exec (S) - -This is an alias for preexec - -.SS fake directory create times (S) -NTFS and Windows VFAT file systems keep a create time for all files -and directories. This is not the same as the ctime - status change -time - that Unix keeps, so Samba by default reports the earliest -of the various times Unix does keep. Setting this parameter for a -share causes Samba to always report midnight 1-1-1980 as -the create time for directories. - -This option is mainly used as a compatibility option for Visual C++ -when used against Samba shares. Visual C++ generated makefiles -have the object directory as a dependency for each object file, -and a make rule to create the directory. Also, when NMAKE -compares timestamps it uses the creation time when examining -a directory. Thus the object directory will be created if it does -not exist, but once it does exist it will always have an earlier -timestamp than the object files it contains. - -However, Unix time semantics mean that the create time reported -by Samba will be updated whenever a file is created or deleted -in the directory. NMAKE therefore finds all object files in the -object directory bar the last one built are out of date compared -to the directory and rebuilds them. Enabling this option ensures -directories always predate their contents and an NMAKE build will -proceed as expected. - -.B Default: - fake directory create times = False - -.B Example: - fake directory create times = True - -.SS fake oplocks (S) - -Oplocks are the way that SMB clients get permission from a server to -locally cache file operations. If a server grants an oplock -(opportunistic lock) then the client is free to assume that it is the -only one accessing the file and it will aggressively cache file -data. With some oplock types the client may even cache file open/close -operations. This can give enormous performance benefits. - -When you set "fake oplocks = yes" Samba will always grant oplock -requests no matter how many clients are using the file. - -By enabling this option on all read-only shares or shares that you know -will only be accessed from one client at a time you will see a big -performance improvement on many operations. If you enable this option -on shares where multiple clients may be accessing the files read-write -at the same time you can get data corruption. Use this option -carefully! - -It is generally much better to use the real oplock support except for -physically read-only media such as CDROMs. - -This option is disabled by default. - -.SS follow symlinks (S) - -This parameter allows the Samba administrator to stop smbd from -following symbolic links in a particular share. Setting this -parameter to "No" prevents any file or directory that is a -symbolic link from being followed (the user will get an error). -This option is very useful to stop users from adding a symbolic -link to /etc/pasword in their home directory for instance. -However it will slow filename lookups down slightly. - -This option is enabled (ie. smbd will follow symbolic links) -by default. - -.SS force create mode (S) -This parameter specifies a set of UNIX mode bit permissions that -will *always* be set on a file created by Samba. This is done -by bitwise 'OR'ing these bits onto the mode bits of a file that -is being created. The default for this parameter is (in octel) -000. The modes in this parameter are bitwise 'OR'ed onto the -file mode after the mask set in the "create mask" parameter -is applied. - -See also the parameter "create mask" for details on masking mode -bits on created files. - -.B Default: - force create mode = 000 - -.B Example: - force create mode = 0755 - -would force all created files to have read and execute permissions -set for 'group' and 'other' as well as the read/write/execute bits -set for the 'user'. - -.SS force directory mode (S) -This parameter specifies a set of UNIX mode bit permissions that -will *always* be set on a directory created by Samba. This is done -by bitwise 'OR'ing these bits onto the mode bits of a directory that -is being created. The default for this parameter is (in octel) -0000 which will not add any extra permission bits to a created -directory. This operation is done after the mode mask in the parameter -"directory mask" is applied. - -See also the parameter "directory mask" for details on masking mode -bits on created directories. - -.B Default: - force directory mode = 000 - -.B Example: - force directory mode = 0755 - -would force all created directories to have read and execute permissions -set for 'group' and 'other' as well as the read/write/execute bits -set for the 'user'. - -.SS force group (S) -This specifies a group name that all connections to this service -should be made as. This may be useful for sharing files. - -.B Default: - no forced group - -.B Example: - force group = agroup - -.SS force user (S) -This specifies a user name that all connections to this service -should be made as. This may be useful for sharing files. You should -also use it carefully as using it incorrectly can cause security -problems. - -This user name only gets used once a connection is established. Thus -clients still need to connect as a valid user and supply a valid -password. Once connected, all file operations will be performed as the -"forced user", not matter what username the client connected as. - -.B Default: - no forced user - -.B Example: - force user = auser - -.SS getwd cache (G) -This is a tuning option. When this is enabled a cacheing algorithm will -be used to reduce the time taken for getwd() calls. This can have a -significant impact on performance, especially when widelinks is False. - -.B Default: - getwd cache = No - -.B Example: - getwd cache = Yes - -.SS group (S) -This is an alias for "force group" and is only kept for compatibility -with old versions of Samba. It may be removed in future versions. - -.SS guest account (S) -This is a username which will be used for access to services which are -specified as 'guest ok' (see below). Whatever privileges this user has -will be available to any client connecting to the guest -service. Typically this user will exist in the password file, but will -not have a valid login. If a username is specified in a given service, -the specified username overrides this one. - -One some systems the account "nobody" may not be able to print. Use -another account in this case. You should test this by trying to log in -as your guest user (perhaps by using the "su \-" command) and trying to -print using -.BR lpr . - -Note that as of version 1.9 of Samba this option may be set -differently for each service. - -.B Default: - specified at compile time - -.B Example: - guest account = nobody -.SS guest ok (S) -See -.B public. -.SS guest only (S) -If this parameter is 'yes' for a service, then only guest connections to the -service are permitted. This parameter will have no affect if "guest ok" or -"public" is not set for the service. - -See the section below on user/password validation for more information about -this option. - -.B Default: - guest only = no - -.B Example: - guest only = yes -.SS hide dot files (S) -This is a boolean parameter that controls whether files starting with -a dot appear as hidden files. - -.B Default: - hide dot files = yes - -.B Example: - hide dot files = no - - -.SS hide files(S) -This is a list of files or directories that are not visible but are -accessible. The DOS 'hidden' attribute is applied to any files or -directories that match. - -Each entry in the list must be separated by a "/", which allows spaces -to be included in the entry. '*' and '?' can be used to specify multiple -files or directories as in DOS wildcards. - -Each entry must be a unix path, not a DOS path and must not include the -unix directory separator "/". - -Note that the case sensitivity option is applicable in hiding files. - -Setting this parameter will affect the performance of Samba, as -it will be forced to check all files and directories for a match -as they are scanned. - -See also "hide dot files", "veto files" and "case sensitive" - -.B Default - No files or directories are hidden by this option (dot files are - hidden by default because of the "hide dot files" option). - -.B Example - hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/ - -The above example is based on files that the Macintosh client (DAVE) -creates for internal use, and also still hides all files beginning with -a dot. - -.SS homedir map (G) -If "nis homedir" is true, this parameter specifies the NIS (or YP) map -from which the server for the user's home directory should be extracted. -At present, only the Sun auto.home map format is understood. The form of -the map is: - -username server:/some/file/system - -and the program will extract the servername from before the first ':'. -There should probably be a better parsing system that copes with different -map formats and also Amd (another automounter) maps. - -NB: The -DNETGROUP option is required in the Makefile for option to work -and on some architectures the line -lrpcsvc needs to be added to the -LIBSM variable. This is required for Solaris 2, FreeBSD and HPUX. - -See also "nis homedir" - -.B Default: - homedir map = auto.home - -.B Example: - homedir map = amd.homedir -.SS hosts allow (S) -See -.B allow hosts. -.SS hosts deny (S) -See -.B deny hosts. - -.SS hosts equiv (G) -If this global parameter is a non-null string, it specifies the name of -a file to read for the names of hosts and users who will be allowed access -without specifying a password. - -This is not be confused with -.B allow hosts -which is about hosts access to services and is more useful for guest services. -.B hosts equiv -may be useful for NT clients which will not supply passwords to samba. - -NOTE: The use of hosts.equiv can be a major security hole. This is -because you are trusting the PC to supply the correct username. It is -very easy to get a PC to supply a false username. I recommend that the -hosts.equiv option be only used if you really know what you are doing, -or perhaps on a home network where you trust your wife and kids :-) - -.B Default - No host equivalences - -.B Example - hosts equiv = /etc/hosts.equiv - -.SS include (G) - -This allows you to include one config file inside another. The file is -included literally, as though typed in place. - -It takes the standard substitutions, except %u, %P and %S - -.SS interfaces (G) - -This option allows you to setup multiple network interfaces, so that -Samba can properly handle browsing on all interfaces. - -The option takes a list of ip/netmask pairs. The netmask may either be -a bitmask, or a bitlength. - -For example, the following line: - -interfaces = 192.168.2.10/24 192.168.3.10/24 - -would configure two network interfaces with IP addresses 192.168.2.10 -and 192.168.3.10. The netmasks of both interfaces would be set to -255.255.255.0. - -You could produce an equivalent result by using: - -interfaces = 192.168.2.10/255.255.255.0 192.168.3.10/255.255.255.0 - -if you prefer that format. - -If this option is not set then Samba will attempt to find a primary -interface, but won't attempt to configure more than one interface. - -.SS invalid users (S) -This is a list of users that should not be allowed to login to this -service. This is really a "paranoid" check to absolutely ensure an -improper setting does not breach your security. - -A name starting with @ is interpreted as a yp netgroup first (if this -has been compiled into Samba), and then as a UNIX group if the name -was not found in the yp netgroup database. - -A name starting with + is interpreted only by looking in the UNIX -group database. A name starting with & is interpreted only by looking -in the yp netgroup database (this has no effect if Samba is compiled -without netgroup support). - -The current servicename is substituted for %S. This is useful in the -[homes] section. - -See also "valid users" - -.B Default - No invalid users - -.B Example - invalid users = root fred admin @wheel - -.SS keepalive (G) -The value of the parameter (an integer) represents the number of seconds -between 'keepalive' packets. If this parameter is zero, no keepalive packets -will be sent. Keepalive packets, if sent, allow the server to tell whether a -client is still present and responding. - -Keepalives should, in general, not be needed if the socket being used -has the SO_KEEPALIVE attribute set on it (see "socket -options"). Basically you should only use this option if you strike -difficulties. - -.B Default: - keep alive = 0 - -.B Example: - keep alive = 60 - -.SS lm announce (G) - -This parameter determines if Samba will produce Lanman announce -broadcasts that are needed by OS/2 clients in order for them to -see the Samba server in their browse list. This parameter can -have three values, true, false, or auto. The default is auto. -If set to False Samba will never produce these broadcasts. If -set to true Samba will produce Lanman announce broadcasts at -a frequency set by the parameter 'lm interval'. If set to auto -Samba will not send Lanman announce broadcasts by default but -will listen for them. If it hears such a broadcast on the wire -it will then start sending them at a frequency set by the parameter -'lm interval'. - -See also "lm interval". - -.B Default: - lm announce = auto - -.B Example: - lm announce = true - -.SS lm interval (G) - -If Samba is set to produce Lanman announce broadcasts needed -by OS/2 clients (see the "lm announce" parameter) this parameter -defines the frequency in seconds with which they will be made. -If this is set to zero then no Lanman announcements will be -made despite the setting of the "lm announce" parameter. - -See also "lm announce". - -.B Default: - lm interval = 60 - -.B Example: - lm interval = 120 - -.SS load printers (G) -A boolean variable that controls whether all printers in the printcap -will be loaded for browsing by default. - -.B Default: - load printers = yes - -.B Example: - load printers = no - -.SS local master (G) -This option allows the nmbd to become a local master browser on a -subnet. If set to False then nmbd will not attempt to become a local -master browser on a subnet and will also lose in all browsing elections. -By default this value is set to true. Setting this value to true doesn't -mean that Samba will become the local master browser on a subnet, just -that the nmbd will participate in elections for local master browser. - -.B Default: - local master = yes - -.SS lock directory (G) -This option specifies the directory where lock files will be placed. -The lock files are used to implement the "max connections" option. - -.B Default: - lock directory = /tmp/samba - -.B Example: - lock directory = /usr/local/samba/var/locks - -.SS locking (S) -This controls whether or not locking will be performed by the server in -response to lock requests from the client. - -If "locking = no", all lock and unlock requests will appear to succeed and -all lock queries will indicate that the queried lock is clear. - -If "locking = yes", real locking will be performed by the server. - -This option may be particularly useful for read-only filesystems which -do not need locking (such as cdrom drives). - -Be careful about disabling locking either globally or in a specific -service, as lack of locking may result in data corruption. - -.B Default: - locking = yes - -.B Example: - locking = no - -.SS log file (G) - -This options allows you to override the name of the Samba log file -(also known as the debug file). - -This option takes the standard substitutions, allowing you to have -separate log files for each user or machine. - -.B Example: - log file = /usr/local/samba/var/log.%m - -.SS log level (G) -see "debug level" - -.SS logon drive (G) - -This parameter specifies the local path to which the home directory -will be connected (see "logon home") and is only used by NT Workstations. - -.B Example: - logon drive = h: - -.SS logon home (G) - -This parameter specifies the home directory location when a Win95 or -NT Workstation logs into a Samba PDC. It allows you to do "NET USE -H: /HOME" from a command prompt, for example. - -.B -This option takes the standard substitutions, allowing you to have -separate logon scripts for each user or machine. - -.B Example: - logon home = "\\\\remote_smb_server\\%U" - -.B Default: - logon home = "\\\\%N\\%U" - -.SS logon path (G) - -This parameter specifies the home directory where roaming profiles -(USER.DAT / USER.MAN files for Windows 95) are stored. - -This option takes the standard substitutions, allowing you to have -separate logon scripts for each user or machine. It also specifies -the directory from which the "desktop", "start menu", "nethood" and -"programs" folders, and their contents, are loaded and displayed -on your Windows 95 client. - -The share and the path must be readable by the user for the preferences -and directories to be loaded onto the Windows 95 client. The share -must be writeable when the logs in for the first time, in order that -the Windows 95 client can create the user.dat and other directories. - -Thereafter, the directories and any of contents can, if required, -be made read-only. It is not adviseable that the USER.DAT file be made -read-only - rename it to USER.MAN to achieve the desired effect -(a MANdatory profile). - -Windows clients can sometimes maintain a connection to the [homes] -share, even though there is no user logged in. Therefore, it is -vital that the logon path does not include a reference to the -homes share (i.e \\\\%N\\HOMES\profile_path will cause problems). - -.B -This option takes the standard substitutions, allowing you to have -separate logon scripts for each user or machine. - -.B Default: - logon path = \\\\%N\\%U\\profile - -.B Example: - logon path = \\\\PROFILESERVER\\HOME_DIR\\%U\\PROFILE - -.SS logon script (G) - -This parameter specifies the batch file (.bat) or NT command file (.cmd) -to be downloaded and run on a machine when a user successfully logs in. -The file must contain the DOS style cr/lf line endings. Using a DOS-style -editor to create the file is recommended. - -The script must be a relative path to the [netlogon] service. If the -[netlogon] service specifies a path of /usr/local/samba/netlogon, and -logon script = STARTUP.BAT, then file that will be downloaded is: - -.B /usr/local/samba/netlogon/STARTUP.BAT - -The contents of the batch file is entirely your choice. A suggested -command would be to add NET TIME \\\\SERVER /SET /YES, to force every -machine to synchronise clocks with the same time server. Another use -would be to add NET USE U: \\\\SERVER\\UTILS for commonly used utilities, -or NET USE Q: \\\\SERVER\\ISO9001_QA. - -Note that it is particularly important not to allow write access to -the [netlogon] share, or to grant users write permission on the -batch files in a secure environment, as this would allow the batch -files to be arbitrarily modified. - -.B -This option takes the standard substitutions, allowing you to have -separate logon scripts for each user or machine. - -.B Example: - logon script = scripts\\%U.bat - -.SS lppause command (S) -This parameter specifies the command to be executed on the server host in -order to stop printing or spooling a specific print job. - -This command should be a program or script which takes a printer name and -job number to pause the print job. Currently I don't know of any print -spooler system that can do this with a simple option, except for the PPR -system from Trinity College (ppr\-dist.trincoll.edu/pub/ppr). One way -of implementing this is by using job priorities, where jobs having a too -low priority won't be sent to the printer. See also the -.B lppause -command. - -If a %p is given then the printername is put in its place. A %j is -replaced with the job number (an integer). -On HPUX (see printing=hpux), if the -p%p option is added to the lpq -command, the job will show up with the correct status, i.e. if the job -priority is lower than the set fence priority it will have the PAUSED -status, whereas if the priority is equal or higher it will have the -SPOOLED or PRINTING status. - -Note that it is good practice to include the absolute path in the lppause -command as the PATH may not be available to the server. - -.B Default: - Currently no default value is given to this string - -.B Example for HPUX: - lppause command = /usr/bin/lpalt %p-%j -p0 - -.SS lpq cache time (G) - -This controls how long lpq info will be cached for to prevent the lpq -command being called too often. A separate cache is kept for each -variation of the lpq command used by the system, so if you use -different lpq commands for different users then they won't share cache -information. - -The cache files are stored in /tmp/lpq.xxxx where xxxx is a hash -of the lpq command in use. - -The default is 10 seconds, meaning that the cached results of a -previous identical lpq command will be used if the cached data is less -than 10 seconds old. A large value may be advisable if your lpq -command is very slow. - -A value of 0 will disable cacheing completely. - -.B Default: - lpq cache time = 10 - -.B Example: - lpq cache time = 30 - -.SS lpq command (S) -This parameter specifies the command to be executed on the server host in -order to obtain "lpq"-style printer status information. - -This command should be a program or script which takes a printer name -as its only parameter and outputs printer status information. - -Currently six styles of printer status information are supported; BSD, -SYSV, AIX, HPUX, QNX, LPRNG and PLP. This covers most UNIX systems. You -control which type is expected using the "printing =" option. - -Some clients (notably Windows for Workgroups) may not correctly send the -connection number for the printer they are requesting status information -about. To get around this, the server reports on the first printer service -connected to by the client. This only happens if the connection number sent -is invalid. - -If a %p is given then the printername is put in its place. Otherwise -it is placed at the end of the command. - -Note that it is good practice to include the absolute path in the lpq -command as the PATH may not be available to the server. - -.B Default: - depends on the setting of "printing =" - -.B Example: - lpq command = /usr/bin/lpq %p - -.SS lpresume command (S) -This parameter specifies the command to be executed on the server host in -order to restart or continue printing or spooling a specific print job. - -This command should be a program or script which takes a printer name and -job number to resume the print job. See also the lppause command. - -If a %p is given then the printername is put in its place. A %j is -replaced with the job number (an integer). - -Note that it is good practice to include the absolute path in the lpresume -command as the PATH may not be available to the server. - -.B Default: - Currently no default value is given to this string - -.B Example for HPUX: - lpresume command = /usr/bin/lpalt %p-%j -p2 - -.SS lprm command (S) -This parameter specifies the command to be executed on the server host in -order to delete a print job. - -This command should be a program or script which takes a printer name -and job number, and deletes the print job. - -Currently seven styles of printer control are supported; BSD, SYSV, AIX -HPUX, QNX, LPRNG and PLP. This covers most UNIX systems. You control -which type is expected using the "printing =" option. - -If a %p is given then the printername is put in its place. A %j is -replaced with the job number (an integer). - -Note that it is good practice to include the absolute path in the lprm -command as the PATH may not be available to the server. - -.B Default: - depends on the setting of "printing =" - -.B Example 1: - lprm command = /usr/bin/lprm -P%p %j - -.B Example 2: - lprm command = /usr/bin/cancel %p-%j - -.SS magic output (S) -This parameter specifies the name of a file which will contain output -created by a magic script (see -.I magic script -below). - -Warning: If two clients use the same magic script in the same directory the -output file content is undefined. -.B Default: - magic output = .out - -.B Example: - magic output = myfile.txt -.SS magic script (S) -This parameter specifies the name of a file which, if opened, will be -executed by the server when the file is closed. This allows a UNIX script -to be sent to the Samba host and executed on behalf of the connected user. - -Scripts executed in this way will be deleted upon completion, permissions -permitting. - -If the script generates output, output will be sent to the file specified by -the -.I magic output -parameter (see above). - -Note that some shells are unable to interpret scripts containing -carriage-return-linefeed instead of linefeed as the end-of-line -marker. Magic scripts must be executable "as is" on the host, which -for some hosts and some shells will require filtering at the DOS end. - -Magic scripts are EXPERIMENTAL and should NOT be relied upon. - -.B Default: - None. Magic scripts disabled. - -.B Example: - magic script = user.csh - -.SS mangle case (S) - -See the section on "NAME MANGLING" - -.SS mangled map (S) -This is for those who want to directly map UNIX file names which are -not representable on DOS. The mangling of names is not always what is -needed. In particular you may have documents with file extensions -that differ between DOS and UNIX. For example, under UNIX it is common -to use .html for HTML files, whereas under DOS .htm is more commonly -used. - -So to map 'html' to 'htm' you put: - - mangled map = (*.html *.htm) - -One very useful case is to remove the annoying ;1 off the ends of -filenames on some CDROMS (only visible under some UNIXes). To do this -use a map of (*;1 *) - -.B default: - no mangled map - -.B Example: - mangled map = (*;1 *) - -.SS mangled names (S) -This controls whether non-DOS names under UNIX should be mapped to -DOS-compatible names ("mangled") and made visible, or whether non-DOS names -should simply be ignored. - -See the section on "NAME MANGLING" for details on how to control the -mangling process. - -If mangling is used then the mangling algorithm is as follows: -.RS -- the first (up to) five alphanumeric characters before the rightmost dot of -the filename are preserved, forced to upper case, and appear as the first (up -to) five characters of the mangled name. - -- a tilde ("~") is appended to the first part of the mangled name, followed -by a two-character unique sequence, based on the original root name -(i.e., the original filename minus its final extension). The final -extension is included in the hash calculation only if it contains any upper -case characters or is longer than three characters. - -Note that the character to use may be specified using the "mangling -char" option, if you don't like ~. - -- the first three alphanumeric characters of the final extension are preserved, -forced to upper case and appear as the extension of the mangled name. The -final extension is defined as that part of the original filename after the -rightmost dot. If there are no dots in the filename, the mangled name will -have no extension (except in the case of hidden files - see below). - -- files whose UNIX name begins with a dot will be presented as DOS hidden -files. The mangled name will be created as for other filenames, but with the -leading dot removed and "___" as its extension regardless of actual original -extension (that's three underscores). -.RE - -The two-digit hash value consists of upper case alphanumeric characters. - -This algorithm can cause name collisions only if files in a directory share -the same first five alphanumeric characters. The probability of such a clash -is 1/1300. - -The name mangling (if enabled) allows a file to be copied between UNIX -directories from DOS while retaining the long UNIX filename. UNIX files can -be renamed to a new extension from DOS and will retain the same basename. -Mangled names do not change between sessions. - -.B Default: - mangled names = yes - -.B Example: - mangled names = no -.SS mangling char (S) -This controls what character is used as the "magic" character in name -mangling. The default is a ~ but this may interfere with some -software. Use this option to set it to whatever you prefer. - -.B Default: - mangling char = ~ - -.B Example: - mangling char = ^ - -.SS mangled stack (G) -This parameter controls the number of mangled names that should be cached in -the Samba server. - -This stack is a list of recently mangled base names (extensions are only -maintained if they are longer than 3 characters or contains upper case -characters). - -The larger this value, the more likely it is that mangled names can be -successfully converted to correct long UNIX names. However, large stack -sizes will slow most directory access. Smaller stacks save memory in the -server (each stack element costs 256 bytes). - -It is not possible to absolutely guarantee correct long file names, so -be prepared for some surprises! - -.B Default: - mangled stack = 50 - -.B Example: - mangled stack = 100 - -.SS map archive (S) -This controls whether the DOS archive attribute should be mapped to the -UNIX owner execute bit. The DOS archive bit is set when a file has been modified -since its last backup. One motivation for this option it to keep Samba/your -PC from making any file it touches from becoming executable under UNIX. -This can be quite annoying for shared source code, documents, etc... - -Note that this requires the 'create mask' to be set such that owner -execute bit is not masked out (ie. it must include 100). See the -parameter "create mask" for details. - -.B Default: - map archive = yes - -.B Example: - map archive = no - -.SS map hidden (S) -This controls whether DOS style hidden files should be mapped to the -UNIX world execute bit. - -Note that this requires the 'create mask' to be set such that the world -execute bit is not masked out (ie. it must include 001). -See the parameter "create mask" for details. - -.B Default: - map hidden = no - -.B Example: - map hidden = yes -.SS map system (S) -This controls whether DOS style system files should be mapped to the -UNIX group execute bit. - -Note that this requires the 'create mask' to be set such that the group -execute bit is not masked out (ie. it must include 010). See the parameter -"create mask" for details. - -.B Default: - map system = no - -.B Example: - map system = yes -.SS max connections (S) -This option allows the number of simultaneous connections to a -service to be limited. If "max connections" is greater than 0 then -connections will be refused if this number of connections to the -service are already open. A value of zero mean an unlimited number of -connections may be made. - -Record lock files are used to implement this feature. The lock files -will be stored in the directory specified by the "lock directory" option. - -.B Default: - max connections = 0 - -.B Example: - max connections = 10 - -.SS max disk size (G) -This option allows you to put an upper limit on the apparent size of -disks. If you set this option to 100 then all shares will appear to be -not larger than 100 MB in size. - -Note that this option does not limit the amount of data you can put on -the disk. In the above case you could still store much more than 100 -MB on the disk, but if a client ever asks for the amount of free disk -space or the total disk size then the result will be bounded by the -amount specified in "max disk size". - -This option is primarily useful to work around bugs in some pieces of -software that can't handle very large disks, particularly disks over -1GB in size. - -A "max disk size" of 0 means no limit. - -.B Default: - max disk size = 0 - -.B Example: - max disk size = 1000 - -.SS max log size (G) - -This option (an integer in kilobytes) specifies the max size the log -file should grow to. Samba periodically checks the size and if it is -exceeded it will rename the file, adding a .old extension. - -A size of 0 means no limit. - -.B Default: - max log size = 5000 - -.B Example: - max log size = 1000 - -.SS max mux (G) - -This option controls the maximum number of outstanding simultaneous SMB -operations that samba tells the client it will allow. You should never need -to set this parameter. - -.B Default: - max mux = 50 - -.SS max packet (G) - -A synonym for this parameter is 'packet size'. - -.SS max ttl (G) - -This option tells nmbd what the default 'time to live' of NetBIOS -names should be (in seconds) when nmbd is requesting a name using -either a broadcast or from a WINS server. You should never need to -change this parameter. - -.B Default: - max ttl = 14400 - -.SS max wins ttl (G) - -This option tells nmbd when acting as a WINS server (wins support = true) -what the maximum 'time to live' of NetBIOS names that nmbd will grant will -be (in seconds). You should never need to change this parameter. -The default is 3 days (259200 seconds). - -.B Default: - max wins ttl = 259200 - -.SS max xmit (G) - -This option controls the maximum packet size that will be negotiated -by Samba. The default is 65535, which is the maximum. In some cases -you may find you get better performance with a smaller value. A value -below 2048 is likely to cause problems. - -.B Default: - max xmit = 65535 - -.B Example: - max xmit = 8192 - -.SS message command (G) - -This specifies what command to run when the server receives a WinPopup -style message. - -This would normally be a command that would deliver the message -somehow. How this is to be done is up to your imagination. - -What I use is: - - message command = csh -c 'xedit %s;rm %s' & - -This delivers the message using xedit, then removes it -afterwards. NOTE THAT IT IS VERY IMPORTANT THAT THIS COMMAND RETURN -IMMEDIATELY. That's why I have the & on the end. If it doesn't return -immediately then your PCs may freeze when sending messages (they -should recover after 30secs, hopefully). - -All messages are delivered as the global guest user. The command takes -the standard substitutions, although %u won't work (%U may be better -in this case). - -Apart from the standard substitutions, some additional ones apply. In -particular: - -%s = the filename containing the message - -%t = the destination that the message was sent to (probably the server -name) - -%f = who the message is from - -You could make this command send mail, or whatever else takes your -fancy. Please let me know of any really interesting ideas you have. - -Here's a way of sending the messages as mail to root: - -message command = /bin/mail -s 'message from %f on %m' root < %s; rm %s - -If you don't have a message command then the message won't be -delivered and Samba will tell the sender there was an -error. Unfortunately WfWg totally ignores the error code and carries -on regardless, saying that the message was delivered. - -If you want to silently delete it then try "message command = rm %s". - -For the really adventurous, try something like this: - -message command = csh -c 'csh < %s |& /usr/local/samba/bin/smbclient \e - -M %m; rm %s' & - -this would execute the command as a script on the server, then give -them the result in a WinPopup message. Note that this could cause a -loop if you send a message from the server using smbclient! You better -wrap the above in a script that checks for this :-) - -.B Default: - no message command - -.B Example: - message command = csh -c 'xedit %s;rm %s' & - -.SS min print space (S) - -This sets the minimum amount of free disk space that must be available -before a user will be able to spool a print job. It is specified in -kilobytes. The default is 0, which means no limit. - -.B Default: - min print space = 0 - -.B Example: - min print space = 2000 - -.SS min wins ttl (G) - -This option tells nmbd when acting as a WINS server (wins support = true) -what the minimum 'time to live' of NetBIOS names that nmbd will grant will -be (in seconds). You should never need to change this parameter. -The default is 6 hours (21600 seconds). - -.B Default: - min wins ttl = 21600 - -.SS name resolve order (G) - -This option is used by the programs smbd, nmbd and smbclient to determine -what naming services and in what order to resolve host names to IP addresses. -This option is most useful in smbclient. The option takes a space separated -string of different name resolution options. These are "lmhosts", "host", -"wins" and "bcast". They cause names to be resolved as follows : - -lmhosts : Lookup an IP address in the Samba lmhosts file. -host : Do a standard host name to IP address resolution, using the - system /etc/hosts, NIS, or DNS lookups. This method of name - resolution is operating system depended (for instance on Solaris - this may be controlled by the /etc/nsswitch.conf file). -wins : Query a name with the IP address listed in the "wins server =" - parameter. If no WINS server has been specified this method will - be ignored. -bcast : Do a broadcast on each of the known local interfaces listed in - the "interfaces =" parameter. This is the least reliable of the - name resolution methods as it depends on the target host being - on a locally connected subnet. - -The default order is lmhosts, host, wins, bcast and these name resolution -methods will be attempted in this order. - -This option was first introduced in Samba 1.9.18p4. - -.B Default: - name resolve order = lmhosts host wins bcast - -.Example: - name resolve order = lmhosts bcast host - -This will cause the local lmhosts file to be examined first, followed -by a broadcast attempt, followed by a normal system hostname lookup. - -.SS netbios aliases (G) - -This is a list of names that nmbd will advertise as additional -names by which the Samba server is known. This allows one machine -to appear in browse lists under multiple names. If a machine is -acting as a browse server or logon server none of these names -will be advertised as either browse server or logon servers, only -the primary name of the machine will be advertised with these -capabilities. - -See also 'netbios name'. - -.B Example: - netbios aliases = TEST TEST1 TEST2 - -.SS netbios name (G) - -This sets the NetBIOS name by which a Samba server is known. By -default it is the same as the first component of the host's DNS name. -If a machine is a browse server or logon server this name (or the -first component of the hosts DNS name) will be the name that these -services are advertised under. - -See also 'netbios aliases'. - -.B Example: - netbios name = MYNAME - -.SS nis homedir (G) -Get the home share server from a NIS (or YP) map. For unix systems that -use an automounter, the user's home directory will often be mounted on -a workstation on demand from a remote server. When the Samba logon server -is not the actual home directory server, two network hops are required -to access the home directory and this can be very slow especially with -writing via Samba to an NFS mounted directory. This option allows samba -to return the home share as being on a different server to the logon -server and as long as a samba daemon is running on the home directory -server, it will be mounted on the Samba client directly from the directory -server. When Samba is returning the home share to the client, it will -consult the NIS (or YP) map specified in "homedir map" and return the -server listed there. - -.B Default: - nis homedir = false - -.B Example: - nis homedir = true - -.SS networkstation user login (G) -This global parameter (new for 1.9.18p3) affects server level security. -With this set (recommended) samba will do a full NetWkstaUserLogon to -confirm that the client really should have login rights. This can cause -problems with machines in trust relationships in which case you can -disable it here, but be warned, we have heard that some NT machines -will then allow anyone in with any password! Make sure you test it. - -In Samba 1.9.18p5 this parameter is of limited use, as smbd now -explicitly tests for this NT bug and will refuse to use a password -server that has the problem. The parameter now defaults to off, -and it should not be neccessary to set this parameter to on. It will -be removed in a future Samba release. - -.B Default: - networkstation user login = no - -.B Example: - networkstation user login = yes - -.SS null passwords (G) -Allow or disallow access to accounts that have null passwords. - -.B Default: - null passwords = no - -.B Example: - null passwords = yes - -.SS ole locking compatibility (G) - -This parameter allows an administrator to turn off the byte range -lock manipulation that is done within Samba to give compatibility -for OLE applications. Windows OLE applications use byte range locking -as a form of inter-process communication, by locking ranges of bytes -around the 2^32 region of a file range. This can cause certain UNIX -lock managers to crash or otherwise cause problems. Setting this -parameter to "no" means you trust your UNIX lock manager to handle -such cases correctly. - -.B Default: - ole locking compatibility = yes - -.B Example: - ole locking compatibility = no - - -.SS only guest (S) -A synonym for this command is 'guest only'. - -.SS only user (S) -This is a boolean option that controls whether connections with -usernames not in the user= list will be allowed. By default this -option is disabled so a client can supply a username to be used by -the server. - -Note that this also means Samba won't try to deduce usernames from the -service name. This can be annoying for the [homes] section. To get -around this you could use "user = %S" which means your "user" list -will be just the service name, which for home directories is the name -of the user. - -.B Default: - only user = False - -.B Example: - only user = True - -.SS oplocks (S) -This boolean option tells smbd whether to issue oplocks (opportunistic -locks) to file open requests on this share. The oplock code was introduced in -Samba 1.9.18 and can dramatically (approx 30% or more) improve the speed -of access to files on Samba servers. It allows the clients to agressively -cache files locally and you may want to disable this option for unreliable -network environments (it is turned on by default in Windows NT Servers). -For more information see the file Speed.txt in the Samba docs/ directory. - -Oplocks may be selectively turned off on certain files on a per share basis. -See the 'veto oplock files' parameter. - -.B Default: - oplocks = True - -.B Example: - oplocks = False - - -.SS os level (G) -This integer value controls what level Samba advertises itself as for -browse elections. See BROWSING.txt for details. - -.SS packet size (G) -The maximum transmit packet size during a raw read. This option is no -longer implemented as of version 1.7.00, and is kept only so old -configuration files do not become invalid. - -.SS passwd chat (G) -This string controls the "chat" conversation that takes places -between smbd and the local password changing program to change the -users password. The string describes a sequence of response-receive -pairs that smbd uses to determine what to send to the passwd program -and what to expect back. If the expected output is not received then -the password is not changed. - -This chat sequence is often quite site specific, depending on what -local methods are used for password control (such as NIS+ etc). - -The string can contain the macros %o and %n which are substituted for -the old and new passwords respectively. It can also contain the -standard macros \en \er \et and \es to give line-feed, carriage-return, -tab and space. - -The string can also contain a * which matches any sequence of -characters. - -Double quotes can be used to collect strings with spaces in them into -a single string. - -If the send string in any part of the chat sequence is a fullstop "." -then no string is sent. Similarly, is the expect string is a fullstop -then no string is expected. - -Note that if the 'unix password sync' parameter is set to true, -then this sequence is called *AS ROOT* when the SMB password in the -smbpasswd file is being changed, without access to the old password -cleartext. In this case the old password cleartext is set to "" -(the empty string). - -See also 'unix password sync' and 'passwd chat debug' - -.B Example: - passwd chat = "*Enter OLD password*" %o\en "*Enter NEW password*" %n\en \e - "*Reenter NEW password*" %n\en "*Password changed*" - - -.B Default: - passwd chat = *old*password* %o\en *new*password* %n\en *new*password* %n\en *changed* - -.SS passwd chat debug (G) - -This boolean specifies if the passwd chat script parameter is run -in 'debug' mode. In this mode the strings passed to and received -from the passwd chat are printed in the smbd log with a debug level -of 100. This is a dangerous option as it will allow plaintext passwords -to be seen in the smbd log. It is available to help Samba admins -debug their passwd chat scripts and should be turned off after -this has been done. This parameter is off by default. - -.B Example: - passwd chat debug = True - -.B Default: - passwd chat debug = False - -.SS passwd program (G) -The name of a program that can be used to set user passwords. - -This is only available if you have enabled remote password changing at -compile time (see the comments in the Makefile for details). Any occurrences -of %u will be replaced with the user name. The user name is checked -for existance before calling the password changing program. - -Also note that many passwd programs insist in "reasonable" passwords, -such as a minimum length, or the inclusion of mixed case chars and -digits. This can pose a problem as some clients (such as Windows for -Workgroups) uppercase the password before sending it. - -Note that if the 'unix password sync' parameter is set to true, -then this sequence is called *AS ROOT* when the SMB password in the -smbpasswd file is being changed. If the 'unix passwd sync' parameter -is set this parameter MUST USE ABSOLUTE PATHS for ALL programs called, -and must be examined for security implications. Note that by default -'unix password sync' is set to False. - -See also 'unix password sync' - -.B Default: - passwd program = /bin/passwd - -.B Example: - passwd program = /sbin/passwd %u - -.SS password level (G) -Some client/server combinations have difficulty with mixed-case passwords. -One offending client is Windows for Workgroups, which for some reason forces -passwords to upper case when using the LANMAN1 protocol, but leaves them alone -when using COREPLUS! - -This parameter defines the maximum number of characters that may be upper case -in passwords. - -For example, say the password given was "FRED". If -.B password level -is set to 1 (one), the following combinations would be tried if "FRED" failed: -"Fred", "fred", "fRed", "frEd", "freD". If -.B password level was set to 2 (two), the following combinations would also be -tried: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED". And so on. - -The higher value this parameter is set to the more likely it is that a mixed -case password will be matched against a single case password. However, you -should be aware that use of this parameter reduces security and increases the -time taken to process a new connection. - -A value of zero will cause only two attempts to be made - the password as is -and the password in all-lower case. - -If you find the connections are taking too long with this option then -you probably have a slow crypt() routine. Samba now comes with a fast -"ufc crypt" that you can select in the Makefile. You should also make -sure the PASSWORD_LENGTH option is correct for your system in local.h -and includes.h. On most systems only the first 8 chars of a password -are significant so PASSWORD_LENGTH should be 8, but on some longer -passwords are significant. The includes.h file tries to select the -right length for your system. - -.B Default: - password level = 0 - -.B Example: - password level = 4 - -.SS password server (G) +.DS + + passwd chat = *old*password* %o\en *new*password* %n\en *new*password* %n\en *changed* +.DE + +.IP +.IP "\fBpasswd chat debug (G)\fP" +.IP +This boolean specifies if the passwd chat script parameter is run in +\f(CW"debug"\fP mode\&. In this mode the strings passed to and received from +the passwd chat are printed in the \fBsmbd\fP log with +a \fB"debug level"\fP of 100\&. This is a dangerous +option as it will allow plaintext passwords to be seen in the +\fBsmbd\fP log\&. It is available to help Samba admins +debug their \fB"passwd chat"\fP scripts when calling +the \fB"passwd program"\fP and should be turned off +after this has been done\&. This parameter is off by default\&. +.IP +See also \fB"passwd chat"\fP, \fB"passwd +program"\fP\&. +.IP +\fBExample:\fP +\f(CW passwd chat debug = True\fP +.IP +\fBDefault:\fP +\f(CW passwd chat debug = False\fP +.IP +.IP "\fBpasswd program (G)\fP" +.IP +The name of a program that can be used to set UNIX user passwords\&. +Any occurrences of \fB%u\fP will be replaced with the +user name\&. The user name is checked for existance before calling the +password changing program\&. +.IP +Also note that many passwd programs insist in \fI"reasonable"\fP +passwords, such as a minimum length, or the inclusion of mixed case +chars and digits\&. This can pose a problem as some clients (such as +Windows for Workgroups) uppercase the password before sending it\&. +.IP +\fINote\fP that if the \fB"unix password sync"\fP +parameter is set to \f(CW"True"\fP then this program is called \fI*AS +ROOT*\fP before the SMB password in the +\fBsmbpassswd\fP file is changed\&. If this UNIX +password change fails, then \fBsmbd\fP will fail to +change the SMB password also (this is by design)\&. +.IP +If the \fB"unix password sync"\fP parameter is +set this parameter \fIMUST USE ABSOLUTE PATHS\fP for \fIALL\fP programs +called, and must be examined for security implications\&. Note that by +default \fB"unix password sync"\fP is set to +\f(CW"False"\fP\&. +.IP +See also \fB"unix password sync"\fP\&. +.IP +\fBDefault:\fP +\f(CW passwd program = /bin/passwd\fP +.IP +\fBExample:\fP +\f(CW passwd program = /sbin/passwd %u\fP +.IP +.IP "\fBpassword level (G)\fP" +.IP +Some client/server combinations have difficulty with mixed-case +passwords\&. One offending client is Windows for Workgroups, which for +some reason forces passwords to upper case when using the LANMAN1 +protocol, but leaves them alone when using COREPLUS! +.IP +This parameter defines the maximum number of characters that may be +upper case in passwords\&. +.IP +For example, say the password given was \f(CW"FRED"\fP\&. If \fBpassword +level\fP is set to 1, the following combinations would be tried if +\f(CW"FRED"\fP failed: +.IP +\f(CW"Fred"\fP, \f(CW"fred"\fP, \f(CW"fRed"\fP, \f(CW"frEd"\fP, \f(CW"freD"\fP +.IP +If \fBpassword level\fP was set to 2, the following combinations would +also be tried: +.IP +\f(CW"FRed"\fP, \f(CW"FrEd"\fP, \f(CW"FreD"\fP, \f(CW"fREd"\fP, \f(CW"fReD"\fP, +\f(CW"frED"\fP, \f(CW\&.\&.\fP +.IP +And so on\&. +.IP +The higher value this parameter is set to the more likely it is that a +mixed case password will be matched against a single case +password\&. However, you should be aware that use of this parameter +reduces security and increases the time taken to process a new +connection\&. +.IP +A value of zero will cause only two attempts to be made - the password +as is and the password in all-lower case\&. +.IP +\fBDefault:\fP +\f(CW password level = 0\fP +.IP +\fBExample:\fP +\f(CW password level = 4\fP +.IP +.IP "\fBpassword server (G)\fP" +.IP By specifying the name of another SMB server (such as a WinNT box) -with this option, and using "security = server" you can get Samba to -do all its username/password validation via a remote server. - -This options sets the name of the password server to use. It must be a -netbios name, so if the machine's netbios name is different from its -internet name then you may have to add its netbios name to -/etc/hosts. - -Note that with Samba 1.9.18p4 and above the name of the password -server is looked up using the parameter "name resolve order=" and -so may resolved by any method and order described in that parameter. - -The password server much be a machine capable of using the "LM1.2X002" -or the "LM NT 0.12" protocol, and it must be in user level security -mode. - +with this option, and using \fB"security = domain"\fP or +\fB"security = server"\fP you can get Samba to do all +its username/password validation via a remote server\&. +.IP +This options sets the name of the password server to use\&. It must be a +NetBIOS name, so if the machine\'s NetBIOS name is different from its +internet name then you may have to add its NetBIOS name to the lmhosts +file which is stored in the same directory as the \fBsmb\&.conf\fP file\&. +.IP +The name of the password server is looked up using the parameter +\fB"name resolve order="\fP and so may resolved +by any method and order described in that parameter\&. +.IP +The password server much be a machine capable of using the "LM1\&.2X002" +or the "LM NT 0\&.12" protocol, and it must be in user level security +mode\&. +.IP NOTE: Using a password server means your UNIX box (running Samba) is -only as secure as your password server. DO NOT CHOOSE A PASSWORD -SERVER THAT YOU DON'T COMPLETELY TRUST. - -Never point a Samba server at itself for password serving. This will +only as secure as your password server\&. \fIDO NOT CHOOSE A PASSWORD +SERVER THAT YOU DON\'T COMPLETELY TRUST\fP\&. +.IP +Never point a Samba server at itself for password serving\&. This will cause a loop and could lock up your Samba server! - +.IP The name of the password server takes the standard substitutions, but -probably the only useful one is %m, which means the Samba server will -use the incoming client as the password server. If you use this then -you better trust your clients, and you better restrict them with hosts -allow! - -If you list several hosts in the "password server" option then smbd -will try each in turn till it finds one that responds. This is useful -in case your primary server goes down. - -If you are using a WindowsNT server as your password server then you -will have to ensure that your users are able to login from the Samba -server, as the network logon will appear to come from there rather -than from the users workstation. - -.SS path (S) -A synonym for this parameter is 'directory'. - -This parameter specifies a directory to which the user of the service is to -be given access. In the case of printable services, this is where print data -will spool prior to being submitted to the host for printing. - -For a printable service offering guest access, the service should be readonly -and the path should be world-writable and have the sticky bit set. This is not -mandatory of course, but you probably won't get the results you expect if you -do otherwise. - -Any occurrences of %u in the path will be replaced with the username -that the client is connecting as. Any occurrences of %m will be -replaced by the name of the machine they are connecting from. These +probably the only useful one is \fB%m\fP, which means +the Samba server will use the incoming client as the password +server\&. If you use this then you better trust your clients, and you +better restrict them with hosts allow! +.IP +If the \fB"security"\fP parameter is set to +\fB"domain"\fP, then the list of machines in this option must be a list +of Primary or Backup Domain controllers for the +\fBDomain\fP, as the Samba server is cryptographically +in that domain, and will use crpytographically authenticated RPC calls +to authenticate the user logging on\&. The advantage of using +\fB"security=domain"\fP is that if you list +several hosts in the \fB"password server"\fP option then +\fBsmbd\fP will try each in turn till it finds one +that responds\&. This is useful in case your primary server goes down\&. +.IP +If the \fB"security"\fP parameter is set to +\fB"server"\fP, then there are different +restrictions that \fB"security=domain"\fP +doesn\'t suffer from: +.IP +.IP +.IP o +You may list several password servers in the \fB"password server" +parameter, however if an \fBsmbd\fP makes a connection +to a password server, and then the password server fails, no more +users will be able to be authenticated from this +\fBsmbd\fP\&. This is a restriction of the SMB/CIFS +protocol when in \fB"security=server"\fP mode +and cannot be fixed in Samba\&. +.IP +.IP o +If you are using a Windows NT server as your password server then +you will have to ensure that your users are able to login from the +Samba server, as when in +\fB"security=server"\fP mode the network +logon will appear to come from there rather than from the users +workstation\&. +.IP +.IP +See also the \fB"security"\fP parameter\&. +.IP +\fBDefault:\fP +\f(CW password server = \fP +.IP +\fBExample:\fP +\f(CW password server = NT-PDC, NT-BDC1, NT-BDC2\fP +.IP +.IP "\fBpath (S)\fP" +.IP +This parameter specifies a directory to which the user of the service +is to be given access\&. In the case of printable services, this is +where print data will spool prior to being submitted to the host for +printing\&. +.IP +For a printable service offering guest access, the service should be +readonly and the path should be world-writable and have the sticky bit +set\&. This is not mandatory of course, but you probably won\'t get the +results you expect if you do otherwise\&. +.IP +Any occurrences of \fB%u\fP in the path will be replaced +with the UNIX username that the client is using on this +connection\&. Any occurrences of \fB%m\fP will be replaced +by the NetBIOS name of the machine they are connecting from\&. These replacements are very useful for setting up pseudo home directories -for users. - -Note that this path will be based on 'root dir' if one was specified. -.B Default: - none - -.B Example: - path = /home/fred+ - -.SS postexec (S) - +for users\&. +.IP +Note that this path will be based on \fB"root dir"\fP if +one was specified\&. +.IP +\fBDefault:\fP +\f(CW none\fP +.IP +\fBExample:\fP +\f(CW path = /home/fred\fP +.IP +.IP "\fBpostexec (S)\fP" +.IP This option specifies a command to be run whenever the service is -disconnected. It takes the usual substitutions. The command may be run -as the root on some systems. - +disconnected\&. It takes the usual substitutions\&. The command may be run +as the root on some systems\&. +.IP An interesting example may be do unmount server resources: - -postexec = /etc/umount /cdrom - -See also preexec - -.B Default: - none (no command executed) - -.B Example: - postexec = echo \e"%u disconnected from %S from %m (%I)\e" >> /tmp/log - -.SS postscript (S) +.IP +\f(CWpostexec = /etc/umount /cdrom\fP +.IP +See also \fBpreexec\fP\&. +.IP +\fBDefault:\fP +\f(CW none (no command executed)\fP +.IP +\fBExample:\fP +\f(CW postexec = echo "%u disconnected from %S from %m (%I)" >> /tmp/log\fP +.IP +.IP "\fBpostscript (S)\fP" +.IP This parameter forces a printer to interpret the print files as -postscript. This is done by adding a %! to the start of print output. - +postscript\&. This is done by adding a \f(CW%!\fP to the start of print output\&. +.IP This is most useful when you have lots of PCs that persist in putting a control-D at the start of print jobs, which then confuses your -printer. - -.B Default: - postscript = False - -.B Example: - postscript = True - -.SS preexec (S) - +printer\&. +.IP +\fBDefault:\fP +\f(CW postscript = False\fP +.IP +\fBExample:\fP +\f(CW postscript = True\fP +.IP +.IP "\fBpreexec (S)\fP" +.IP This option specifies a command to be run whenever the service is -connected to. It takes the usual substitutions. - -An interesting example is to send the users a welcome message every -time they log in. Maybe a message of the day? Here is an example: - -preexec = csh -c 'echo \e"Welcome to %S!\e" | \e - /usr/local/samba/bin/smbclient -M %m -I %I' & - -Of course, this could get annoying after a while :-) - -See also postexec - -.B Default: - none (no command executed) - -.B Example: - preexec = echo \e"%u connected to %S from %m (%I)\e" >> /tmp/log - -.SS preferred master (G) -This boolean parameter controls if Samba is a preferred master browser -for its workgroup. -If this is set to true, on startup, samba will force an election, -and it will have a slight advantage in winning the election. -It is recommended that this parameter is used in conjunction -with domain master = yes, so that samba can guarantee becoming -a domain master. - -Use this option with caution, because if there are several hosts -(whether samba servers, Windows 95 or NT) that are preferred master -browsers on the same subnet, they will each periodically and continuously -attempt to become the local master browser. This will result in -unnecessary broadcast traffic and reduced browsing capabilities. - -See -.B os level = nn - -.B Default: - preferred master = no - -.SS preload -This is an alias for "auto services" - -.SS preserve case (S) - -This controls if new filenames are created with the case that the -client passes, or if they are forced to be the "default" case. - -.B Default: - preserve case = no - -See the section on "NAME MANGLING" for a fuller discussion. - -.SS print command (S) -After a print job has finished spooling to a service, this command will be -used via a system() call to process the spool file. Typically the command -specified will submit the spool file to the host's printing subsystem, but -there is no requirement that this be the case. The server will not remove the -spool file, so whatever command you specify should remove the spool file when -it has been processed, otherwise you will need to manually remove old spool -files. - -The print command is simply a text string. It will be used verbatim, -with two exceptions: All occurrences of "%s" will be replaced by the -appropriate spool file name, and all occurrences of "%p" will be -replaced by the appropriate printer name. The spool file name is -generated automatically by the server, the printer name is discussed -below. - -The full path name will be used for the filename if %s is not preceded -by a /. If you don't like this (it can stuff up some lpq output) then -use %f instead. Any occurrences of %f get replaced by the spool -filename without the full path at the front. - -The print command MUST contain at least one occurrence of "%s" or %f - -the "%p" is optional. At the time a job is submitted, if no printer -name is supplied the "%p" will be silently removed from the printer -command. - -If specified in the [global] section, the print command given will be used -for any printable service that does not have its own print command specified. - -If there is neither a specified print command for a printable service nor a -global print command, spool files will be created but not processed and (most -importantly) not removed. - -Note that printing may fail on some UNIXes from the "nobody" -account. If this happens then create an alternative guest account that -can print and set the "guest account" in the [global] section. - -You can form quite complex print commands by realising that they are -just passed to a shell. For example the following will log a print -job, print the file, then remove it. Note that ; is the usual -separator for command in shell scripts. - -print command = echo Printing %s >> /tmp/print.log; lpr -P %p %s; rm %s - -You may have to vary this command considerably depending on how you -normally print files on your system. - -.B Default: - print command = lpr -r -P %p %s - -.B Example: - print command = /usr/local/samba/bin/myprintscript %p %s -.SS print ok (S) -See -.B printable. -.SS printable (S) -A synonym for this parameter is 'print ok'. - -If this parameter is 'yes', then clients may open, write to and submit spool -files on the directory specified for the service. - -Note that a printable service will ALWAYS allow writing to the service path -(user privileges permitting) via the spooling of print data. The 'read only' -parameter controls only non-printing access to the resource. - -.B Default: - printable = no - -.B Example: - printable = yes - -.SS printcap name (G) -This parameter may be used to override the compiled-in default printcap -name used by the server (usually /etc/printcap). See the discussion of the -[printers] section above for reasons why you might want to do this. - -On SystemV systems that use lpstat to list available printers you -can use "printcap name = lpstat" to automatically obtain lists of -available printers. This is the default for systems that define -SYSV at compile time in Samba (this includes most SystemV based -systems). If "printcap name" is set to lpstat on these systems then -Samba will launch "lpstat -v" and attempt to parse the output to -obtain a printer list. - -A minimal printcap file would look something like this: - -print1|My Printer 1 -.br -print2|My Printer 2 -.br -print3|My Printer 3 -.br -print4|My Printer 4 -.br -print5|My Printer 5 - -where the | separates aliases of a printer. The fact that the second -alias has a space in it gives a hint to Samba that it's a comment. - -NOTE: Under AIX the default printcap name is "/etc/qconfig". Samba -will assume the file is in AIX "qconfig" format if the string -"/qconfig" appears in the printcap filename. - -.B Default: - printcap name = /etc/printcap - -.B Example: - printcap name = /etc/myprintcap - -.SS printer (S) -A synonym for this parameter is 'printer name'. - -This parameter specifies the name of the printer to which print jobs spooled -through a printable service will be sent. - -If specified in the [global] section, the printer name given will be used -for any printable service that does not have its own printer name specified. - -.B Default: - none (but may be 'lp' on many systems) - -.B Example: - printer name = laserwriter - -.SS printer driver (S) -This option allows you to control the string that clients receive when -they ask the server for the printer driver associated with a -printer. If you are using Windows95 or WindowsNT then you can use this -to automate the setup of printers on your system. - -You need to set this parameter to the exact string (case sensitive) -that describes the appropriate printer driver for your system. -If you don't know the exact string to use then you should first try -with no "printer driver" option set and the client will give you a -list of printer drivers. The appropriate strings are shown in a -scrollbox after you have chosen the printer manufacturer. - -.B Example: - printer driver = HP LaserJet 4L - -.SS printer name (S) -See -.B printer. - -.SS printer driver file (G) -This parameter tells Samba where the printer driver definition file, -used when serving drivers to Windows 95 clients, is to be found. If -this is not set, the default is : - -SAMBA_INSTALL_DIRECTORY/lib/printers.def - -This file is created from Windows 95 'msprint.def' files found on the -Windows 95 client system. For more details on setting up serving of -printer drivers to Windows 95 clients, see the documentation file -docs/PRINTER_DRIVER.txt. - -.B Default: - None (set in compile). - -.B Example: - printer driver file = /usr/local/samba/printers/drivers.def - -Related parameters. -.B printer driver location - -.SS printer driver location (S) -This parameter tells clients of a particular printer share where -to find the printer driver files for the automatic installation -of drivers for Windows 95 machines. If Samba is set up to serve -printer drivers to Windows 95 machines, this should be set to - -\e\eMACHINE\ePRINTER$ - -Where MACHINE is the NetBIOS name of your Samba server, and PRINTER$ -is a share you set up for serving printer driver files. For more -details on setting this up see the documentation file -docs/PRINTER_DRIVER.txt. - -.B Default: - None - -.B Example: - printer driver location = \e\eMACHINE\ePRINTER$ - -Related paramerers. -.B printer driver file - - -.SS printing (S) -This parameters controls how printer status information is interpreted -on your system, and also affects the default values for the "print -command", "lpq command" and "lprm command". - -Currently six printing styles are supported. They are "printing = -bsd", "printing = sysv", "printing = hpux", "printing = aix", -"printing = qnx" and "printing = plp". - -To see what the defaults are for the other print commands when using -these three options use the "testparm" program. - -As of version 1.9.18 of Samba this option can be set on a per printer basis - -.SS protocol (G) -The value of the parameter (a string) is the highest protocol level that will -be supported by the server. - -Possible values are CORE, COREPLUS, LANMAN1, LANMAN2 and NT1. The relative -merits of each are discussed in the README file. - -Normally this option should not be set as the automatic negotiation -phase in the SMB protocol takes care of choosing the appropriate protocol. - -.B Default: - protocol = NT1 - -.B Example: - protocol = LANMAN1 - -.SS public (S) -A synonym for this parameter is 'guest ok'. - -If this parameter is 'yes' for a service, then no password is required -to connect to the service. Privileges will be those of the guest -account. - -See the section below on user/password validation for more information about -this option. - -.B Default: - public = no - -.B Example: - public = yes - -.SS queuepause command (S) -This parameter specifies the command to be executed on the server host in -order to pause the printerqueue. - -This command should be a program or script which takes a printer name -as its only parameter and stops the printerqueue, such that no longer -jobs are submitted to the printer. - -This command is not supported by Windows for Workgroups, but can be -issued from the Printer's window under Windows 95 & NT. - -If a %p is given then the printername is put in its place. Otherwise -it is placed at the end of the command. - -Note that it is good practice to include the absolute path in the -command as the PATH may not be available to the server. - -.B Default: - depends on the setting of "printing =" - -.B Example: - queuepause command = disable %p - -.SS queueresume command (S) -This parameter specifies the command to be executed on the server host in -order to resume the printerqueue. It is the command to undo the behaviour -that is caused by the previous parameter (queuepause command). - -This command should be a program or script which takes a printer name -as its only parameter and resumes the printerqueue, such that queued -jobs are resubmitted to the printer. - -This command is not supported by Windows for Workgroups, but can be -issued from the Printer's window under Windows 95 & NT. - -If a %p is given then the printername is put in its place. Otherwise -it is placed at the end of the command. - -Note that it is good practice to include the absolute path in the -command as the PATH may not be available to the server. - -.B Default: - depends on the setting of "printing =" - -.B Example: - queuepause command = enable %p - -.SS read list (S) -This is a list of users that are given read-only access to a -service. If the connecting user is in this list then they will -not be given write access, no matter what the "read only" option -is set to. The list can include group names using the @group syntax. - -See also the "write list" option - -.B Default: - read list = - -.B Example: - read list = mary, @students - -.SS read only (S) -See -.B writable -and -.B write ok. -Note that this is an inverted synonym for writable and write ok. -.SS read prediction (G) -This options enables or disables the read prediction code used to -speed up reads from the server. When enabled the server will try to -pre-read data from the last accessed file that was opened read-only -while waiting for packets. - -.SS Default: - read prediction = False - -.SS Example: - read prediction = True -.SS read raw (G) -This parameter controls whether or not the server will support raw reads when -transferring data to clients. - -If enabled, raw reads allow reads of 65535 bytes in one packet. This -typically provides a major performance benefit. - -However, some clients either negotiate the allowable block size incorrectly -or are incapable of supporting larger block sizes, and for these clients you -may need to disable raw reads. - -In general this parameter should be viewed as a system tuning tool and left -severely alone. See also -.B write raw. - -.B Default: - read raw = yes - -.B Example: - read raw = no -.SS read size (G) - -The option "read size" affects the overlap of disk reads/writes with -network reads/writes. If the amount of data being transferred in -several of the SMB commands (currently SMBwrite, SMBwriteX and -SMBreadbraw) is larger than this value then the server begins writing -the data before it has received the whole packet from the network, or -in the case of SMBreadbraw, it begins writing to the network before -all the data has been read from disk. - -This overlapping works best when the speeds of disk and network access -are similar, having very little effect when the speed of one is much -greater than the other. - -The default value is 2048, but very little experimentation has been -done yet to determine the optimal value, and it is likely that the best -value will vary greatly between systems anyway. A value over 65536 is -pointless and will cause you to allocate memory unnecessarily. - -.B Default: - read size = 2048 - -.B Example: - read size = 8192 - -.SS remote announce (G) - -This option allows you to setup nmbd to periodically announce itself -to arbitrary IP addresses with an arbitrary workgroup name. - -This is useful if you want your Samba server to appear in a remote -workgroup for which the normal browse propagation rules don't -work. The remote workgroup can be anywhere that you can send IP -packets to. - -For example: - - remote announce = 192.168.2.255/SERVERS 192.168.4.255/STAFF - -the above line would cause nmbd to announce itself to the two given IP -addresses using the given workgroup names. If you leave out the -workgroup name then the one given in the "workgroup" option is used -instead. - -The IP addresses you choose would normally be the broadcast addresses -of the remote networks, but can also be the IP addresses of known -browse masters if your network config is that stable. - -This option replaces similar functionality from the nmbd lmhosts file. - -.SS remote browse sync (G) - -This option allows you to setup nmbd to periodically request synchronisation -of browse lists with the master browser of a samba server that is on a remote -segment. This option will allow you to gain browse lists for multiple -workgroups across routed networks. This is done in a manner that does not work -with any non-samba servers. - -This is useful if you want your Samba server and all local clients -to appear in a remote workgroup for which the normal browse propagation -rules don't work. The remote workgroup can be anywhere that you can send IP -packets to. - -For example: - - remote browse sync = 192.168.2.255 192.168.4.255 - -the above line would cause nmbd to request the master browser on the -specified subnets or addresses to synchronise their browse lists with -the local server. - -The IP addresses you choose would normally be the broadcast addresses -of the remote networks, but can also be the IP addresses of known -browse masters if your network config is that stable. If a machine IP -address is given Samba makes NO attempt to validate that the remote -machine is available, is listening, nor that it is in fact the browse -master on it's segment. - - -.SS revalidate (S) - -This option controls whether Samba will allow a previously validated -username/password pair to be used to attach to a share. Thus if you -connect to \e\eserver\eshare1 then to \e\eserver\eshare2 it won't -automatically allow the client to request connection to the second -share as the same username as the first without a password. - -Note that this option only works with security=share and will -be ignored if this is not the case. - -If "revalidate" is True then the client will be denied automatic -access as the same username. - -.B Default: - revalidate = False - -.B Example: - revalidate = True - -.SS root (G) -See -.B root directory. -.SS root dir (G) -See -.B root directory. -.SS root directory (G) -Synonyms for this parameter are 'root dir' and 'root'. - -The server will chroot() to this directory on startup. This is not -strictly necessary for secure operation. Even without it the server -will deny access to files not in one of the service entries. It may -also check for, and deny access to, soft links to other parts of the -filesystem, or attempts to use .. in file names to access other -directories (depending on the setting of the "wide links" parameter). - -Adding a "root dir" entry other than "/" adds an extra level of security, -but at a price. It absolutely ensures that no access is given to files not -in the sub-tree specified in the "root dir" option, *including* some files -needed for complete operation of the server. To maintain full operability -of the server you will need to mirror some system files into the "root dir" -tree. In particular you will need to mirror /etc/passwd (or a subset of it), -and any binaries or configuration files needed for printing (if required). -The set of files that must be mirrored is operating system dependent. - -.B Default: - root directory = / - -.B Example: - root directory = /homes/smb -.SS root postexec (S) - -This is the same as postexec except that the command is run as -root. This is useful for unmounting filesystems (such as cdroms) after -a connection is closed. - -.SS root preexec (S) - -This is the same as preexec except that the command is run as -root. This is useful for mounting filesystems (such as cdroms) before -a connection is finalised. - -.SS security (G) -This option affects how clients respond to Samba. - -The option sets the "security mode bit" in replies to protocol negotiations -to turn share level security on or off. Clients decide based on this bit -whether (and how) to transfer user and password information to the server. - -The default is "security=SHARE", mainly because that was the only -option at one stage. - -The alternatives are "security = user" or "security = server". - -If your PCs use usernames that are the same as their usernames on the -UNIX machine then you will want to use "security = user". If you -mostly use usernames that don't exist on the UNIX box then use -"security = share". - -There is a bug in WfWg that may affect your decision. When in user -level security a WfWg client will totally ignore the password you type -in the "connect drive" dialog box. This makes it very difficult (if -not impossible) to connect to a Samba service as anyone except the -user that you are logged into WfWg as. - -If you use "security = server" then Samba will try to validate the -username/password by passing it to another SMB server, such as an NT -box. If this fails it will revert to "security = USER", but note that -if encrypted passwords have been negotiated then Samba cannot revert -back to checking the UNIX password file, it must have a valid -smbpasswd file to check users against. See the documentation -docs/ENCRYPTION.txt for details on how to set this up. - -See the "password server" option for more details. - -.B Default: - security = SHARE - -.B Example: - security = USER -.SS server string (G) -This controls what string will show up in the printer comment box in -print manager and next to the IPC connection in "net view". It can be -any string that you wish to show to your users. - -It also sets what will appear in browse lists next to the machine name. - -A %v will be replaced with the Samba version number. - -A %h will be replaced with the hostname. - -.B Default: - server string = Samba %v - -.B Example: - server string = University of GNUs Samba Server - -.SS set directory (S) -If 'set directory = no', then users of the service may not use the setdir -command to change directory. - -The setdir command is only implemented in the Digital Pathworks client. See the -Pathworks documentation for details. - -.B Default: - set directory = no - -.B Example: - set directory = yes - -.SS shared file entries (G) -This parameter has been removed (as of Samba 1.9.18 and above). The new -System V shared memory code prohibits the user from allocating the -share hash bucket size directly. - -.SS shared mem size (G) -This parameter is only useful when Samba has been compiled with FAST_SHARE_MODES. -It specifies the size of the shared memory (in bytes) to use between smbd -processes. You should never change this parameter unless you have studied -the source and know what you are doing. This parameter defaults to 1024 -multiplied by the setting of the maximum number of open files in the -file local.h in the Samba source code. MAX_OPEN_FILES is normally set -to 100, so this parameter defaults to 102400 bytes. - -.B Default - shared mem size = 102400 - -.SS smb passwd file (G) -This option sets the path to the encrypted smbpasswd file. This is a *VERY -DANGEROUS OPTION* if the smb.conf is user writable. By default the path -to the smbpasswd file is compiled into Samba. - -.SS smbrun (G) -This sets the full path to the smbrun binary. This defaults to the -value in the Makefile. - -You must get this path right for many services to work correctly. - -.B Default: -taken from Makefile - -.B Example: - smbrun = /usr/local/samba/bin/smbrun - -.SS share modes (S) - -This enables or disables the honouring of the "share modes" during a -file open. These modes are used by clients to gain exclusive read or -write access to a file. - -These open modes are not directly supported by UNIX, so they are -simulated using lock files in the "lock directory". The "lock -directory" specified in smb.conf must be readable by all users. - -The share modes that are enabled by this option are DENY_DOS, -DENY_ALL, DENY_READ, DENY_WRITE, DENY_NONE and DENY_FCB. - -Enabling this option gives full share compatibility but may cost a bit -of processing time on the UNIX server. They are enabled by default. - -.B Default: - share modes = yes - -.B Example: - share modes = no - -.SS short preserve case (S) - -This controls if new short filenames are created with the case that -the client passes, or if they are forced to be the "default" case. +connected to\&. It takes the usual substitutions\&. +.IP +An interesting example is to send the users a welcome message every +time they log in\&. Maybe a message of the day? Here is an example: +.IP -.B Default: - short preserve case = no +.DS + -See the section on "NAME MANGLING" for a fuller discussion. + preexec = csh -c \'echo \e"Welcome to %S!\e" | /usr/local/samba/bin/smbclient -M %m -I %I\' & -.SS socket address (G) +.DE + -This option allows you to control what address Samba will listen for -connections on. This is used to support multiple virtual interfaces on -the one server, each with a different configuration. +.IP +Of course, this could get annoying after a while :-\fP +.IP +See also \fBpostexec\fP\&. +.IP +\fBDefault:\fP +\f(CW none (no command executed)\fP +.IP +\fBExample:\fP +\f(CW preexec = echo \e"%u connected to %S from %m (%I)\e" >> /tmp/log\fP +.IP +.IP "\fBpreferred master (G)\fP" +.IP +This boolean parameter controls if \fBnmbd\fP is a +preferred master browser for its workgroup\&. +.IP +If this is set to true, on startup, \fBnmbd\fP will +force an election, and it will have a slight advantage in winning the +election\&. It is recommended that this parameter is used in +conjunction with \fB"domain master = yes"\fP, so +that \fBnmbd\fP can guarantee becoming a domain +master\&. +.IP +Use this option with caution, because if there are several hosts +(whether Samba servers, Windows 95 or NT) that are preferred master +browsers on the same subnet, they will each periodically and +continuously attempt to become the local master browser\&. This will +result in unnecessary broadcast traffic and reduced browsing +capabilities\&. +.IP +See also \fBos level\fP\&. +.IP +\fBDefault:\fP +\f(CW preferred master = no\fP +.IP +\fBExample:\fP +\f(CW preferred master = yes\fP +.IP +.IP "\fBprefered master (G)\fP" +.IP +Synonym for \fB"preferred master"\fP for people +who cannot spell :-)\&. +.IP +.IP "\fBpreload\fP" +Synonym for \fB"auto services"\fP\&. +.IP +.IP "\fBpreserve case (S)\fP" +.IP +This controls if new filenames are created with the case that the +client passes, or if they are forced to be the \f(CW"default"\fP case\&. +.IP +\fBDefault:\fP +\f(CW preserve case = yes\fP +.IP +See the section on \fB"NAME MANGLING"\fP for a +fuller discussion\&. +.IP +.IP "\fBprint command (S)\fP" +.IP +After a print job has finished spooling to a service, this command +will be used via a \f(CWsystem()\fP call to process the spool +file\&. Typically the command specified will submit the spool file to +the host\'s printing subsystem, but there is no requirement that this +be the case\&. The server will not remove the spool file, so whatever +command you specify should remove the spool file when it has been +processed, otherwise you will need to manually remove old spool files\&. +.IP +The print command is simply a text string\&. It will be used verbatim, +with two exceptions: All occurrences of \f(CW"%s"\fP will be replaced by +the appropriate spool file name, and all occurrences of \f(CW"%p"\fP will +be replaced by the appropriate printer name\&. The spool file name is +generated automatically by the server, the printer name is discussed +below\&. +.IP +The full path name will be used for the filename if \f(CW"%s"\fP is not +preceded by a \f(CW\'/\'\fP\&. If you don\'t like this (it can stuff up some +lpq output) then use \f(CW"%f"\fP instead\&. Any occurrences of \f(CW"%f"\fP get +replaced by the spool filename without the full path at the front\&. +.IP +The print command \fIMUST\fP contain at least one occurrence of \f(CW"%s"\fP +or \f(CW"%f"\fP - the \f(CW"%p"\fP is optional\&. At the time a job is +submitted, if no printer name is supplied the \f(CW"%p"\fP will be +silently removed from the printer command\&. +.IP +If specified in the \fB"[global]"\fP section, the print +command given will be used for any printable service that does not +have its own print command specified\&. +.IP +If there is neither a specified print command for a printable service +nor a global print command, spool files will be created but not +processed and (most importantly) not removed\&. +.IP +Note that printing may fail on some UNIXes from the \f(CW"nobody"\fP +account\&. If this happens then create an alternative guest account that +can print and set the \fB"guest account"\fP in the +\fB"[global]"\fP section\&. +.IP +You can form quite complex print commands by realising that they are +just passed to a shell\&. For example the following will log a print +job, print the file, then remove it\&. Note that \f(CW\';\'\fP is the usual +separator for command in shell scripts\&. +.IP +\f(CWprint command = echo Printing %s >> /tmp/print\&.log; lpr -P %p %s; rm %s\fP +.IP +You may have to vary this command considerably depending on how you +normally print files on your system\&. The default for the parameter +varies depending on the setting of the \fB"printing="\fP +parameter\&. +.IP +\fBDefault:\fP +For \fB"printing="\fP BSD, AIX, QNX, LPRNG or PLP : +\f(CW print command = lpr -r -P%p %s\fP +.IP +For \fB"printing="\fP SYS or HPUX : +\f(CW print command = lp -c -d%p %s; rm %s\fP +.IP +For \fB"printing="\fP SOFTQ : +\f(CW print command = lp -d%p -s %s; rm %s\fP +.IP +\fBExample:\fP +\f(CW print command = /usr/local/samba/bin/myprintscript %p %s\fP +.IP +.IP "\fBprint ok (S)\fP" +.IP +Synonym for \fBprintable\fP\&. +.IP +.IP "\fBprintable (S)\fP" +.IP +If this parameter is \f(CW"yes"\fP, then clients may open, write to and +submit spool files on the directory specified for the service\&. +.IP +Note that a printable service will ALWAYS allow writing to the service +path (user privileges permitting) via the spooling of print data\&. The +\fB"read only"\fP parameter controls only non-printing +access to the resource\&. +.IP +\fBDefault:\fP +\f(CW printable = no\fP +.IP +\fBExample:\fP +\f(CW printable = yes\fP +.IP +.IP "\fBprintcap (G)\fP" +.IP +Synonym for \fBprintcapname\fP\&. +.IP +.IP "\fBprintcap name (G)\fP" +.IP +This parameter may be used to override the compiled-in default +printcap name used by the server (usually /etc/printcap)\&. See the +discussion of the \fB[printers]\fP section above for +reasons why you might want to do this\&. +.IP +On System V systems that use \fBlpstat\fP to list available printers you +can use \f(CW"printcap name = lpstat"\fP to automatically obtain lists of +available printers\&. This is the default for systems that define SYSV +at configure time in Samba (this includes most System V based +systems)\&. If \fB"printcap name"\fP is set to \fBlpstat\fP on these systems +then Samba will launch \f(CW"lpstat -v"\fP and attempt to parse the output +to obtain a printer list\&. +.IP +A minimal printcap file would look something like this: +.IP -By default samba will accept connections on any address. +.DS + -.B Example: - socket address = 192.168.2.20 + print1|My Printer 1 + print2|My Printer 2 + print3|My Printer 3 + print4|My Printer 4 + print5|My Printer 5 -.SS socket options (G) -This option (which can also be invoked with the -O command line -option) allows you to set socket options to be used when talking with -the client. +.DE + +.IP +where the \f(CW\'|\'\fP separates aliases of a printer\&. The fact that the +second alias has a space in it gives a hint to Samba that it\'s a +comment\&. +.IP +\fINOTE\fP: Under AIX the default printcap name is +\f(CW"/etc/qconfig"\fP\&. Samba will assume the file is in AIX \f(CW"qconfig"\fP +format if the string \f(CW"/qconfig"\fP appears in the printcap filename\&. +.IP +\fBDefault:\fP +\f(CW printcap name = /etc/printcap\fP +.IP +\fBExample:\fP +\f(CW printcap name = /etc/myprintcap\fP +.IP +.IP "\fBprinter (S)\fP" +.IP +This parameter specifies the name of the printer to which print jobs +spooled through a printable service will be sent\&. +.IP +If specified in the \fB[global]\fP section, the printer +name given will be used for any printable service that does not have +its own printer name specified\&. +.IP +\fBDefault:\fP +none (but may be \f(CW"lp"\fP on many systems) +.IP +\fBExample:\fP +printer name = laserwriter +.IP +.IP "\fBprinter driver (S)\fP" +.IP +This option allows you to control the string that clients receive when +they ask the server for the printer driver associated with a +printer\&. If you are using Windows95 or WindowsNT then you can use this +to automate the setup of printers on your system\&. +.IP +You need to set this parameter to the exact string (case sensitive) +that describes the appropriate printer driver for your system\&. If you +don\'t know the exact string to use then you should first try with no +\fB"printer driver"\fP option set and the client will give you a list of +printer drivers\&. The appropriate strings are shown in a scrollbox +after you have chosen the printer manufacturer\&. +.IP +See also \fB"printer driver file"\fP\&. +.IP +\fBExample:\fP +printer driver = HP LaserJet 4L +.IP +.IP "\fBprinter driver file (G)\fP" +.IP +This parameter tells Samba where the printer driver definition file, +used when serving drivers to Windows 95 clients, is to be found\&. If +this is not set, the default is : +.IP +\f(CWSAMBA_INSTALL_DIRECTORY/lib/printers\&.def\fP +.IP +This file is created from Windows 95 \f(CW"msprint\&.def"\fP files found on +the Windows 95 client system\&. For more details on setting up serving +of printer drivers to Windows 95 clients, see the documentation file +in the docs/ directory, PRINTER_DRIVER\&.txt\&. +.IP +\fBDefault:\fP +\f(CW None (set in compile)\&.\fP +.IP +\fBExample:\fP +\f(CW printer driver file = /usr/local/samba/printers/drivers\&.def\fP +.IP +See also \fB"printer driver location"\fP\&. +.IP +.IP "\fBprinter driver location (S)\fP" +.IP +This parameter tells clients of a particular printer share where to +find the printer driver files for the automatic installation of +drivers for Windows 95 machines\&. If Samba is set up to serve printer +drivers to Windows 95 machines, this should be set to +.IP +\f(CW\e\eMACHINE\eaPRINTER$\fP +.IP +Where MACHINE is the NetBIOS name of your Samba server, and PRINTER$ +is a share you set up for serving printer driver files\&. For more +details on setting this up see the documentation file in the docs/ +directory, PRINTER_DRIVER\&.txt\&. +.IP +\fBDefault:\fP +\f(CW None\fP +.IP +\fBExample:\fP +\f(CW printer driver location = \e\eMACHINE\ePRINTER$\fP +.IP +See also \fB"printer driver file"\fP\&. +.IP +.IP "\fBprinter name (S)\fP" +.IP +Synonym for \fBprinter\fP\&. +.IP +.IP "\fBprinting (S)\fP" +.IP +This parameters controls how printer status information is interpreted +on your system, and also affects the default values for the +\fB"print command"\fP, \fB"lpq +command"\fP \fB"lppause command"\fP, +\fB"lpresume command"\fP, and \fB"lprm +command"\fP\&. +.IP +Currently eight printing styles are supported\&. They are +\fB"printing=BSD"\fP, \fB"printing=AIX"\fP, \fB"printing=LPRNG"\fP, +\fB"printing=PLP"\fP, +\fB"printing=SYSV"\fP,\fB"printing="HPUX"\fP,\fB"printing=QNX"\fP and +\fB"printing=SOFTQ"\fP\&. +.IP +To see what the defaults are for the other print commands when using +these three options use the \fB"testparm"\fP program\&. +.IP +This option can be set on a per printer basis +.IP +See also the discussion in the \fB[printers]\fP section\&. +.IP +.IP "\fBprotocol (G)\fP" +.IP +The value of the parameter (a string) is the highest protocol level +that will be supported by the server\&. +.IP +Possible values are : +.IP +.IP +.IP o +CORE: Earliest version\&. No concept of user names\&. +.IP +.IP o +COREPLUS: Slight improvements on CORE for efficiency\&. +.IP +.IP o +LANMAN1: First \fI"modern"\fP version of the protocol\&. Long +filename support\&. +.IP +.IP o +LANMAN2: Updates to Lanman1 protocol\&. +.IP +.IP o +NT1: Current up to date version of the protocol\&. Used by Windows +NT\&. Known as CIFS\&. +.IP +.IP +Normally this option should not be set as the automatic negotiation +phase in the SMB protocol takes care of choosing the appropriate +protocol\&. +.IP +\fBDefault:\fP +\f(CW protocol = NT1\fP +.IP +\fBExample:\fP +\f(CW protocol = LANMAN1\fP +.IP +.IP "\fBpublic (S)\fP" +.IP +Synonym for \fB"guest ok"\fP\&. +.IP +.IP "\fBqueuepause command (S)\fP" +.IP +This parameter specifies the command to be executed on the server host +in order to pause the printerqueue\&. +.IP +This command should be a program or script which takes a printer name +as its only parameter and stops the printerqueue, such that no longer +jobs are submitted to the printer\&. +.IP +This command is not supported by Windows for Workgroups, but can be +issued from the Printer\'s window under Windows 95 & NT\&. +.IP +If a \f(CW"%p"\fP is given then the printername is put in its +place\&. Otherwise it is placed at the end of the command\&. +.IP +Note that it is good practice to include the absolute path in the +command as the PATH may not be available to the server\&. +.IP +\fBDefault:\fP +\f(CW depends on the setting of "printing ="\fP +.IP +\fBExample:\fP +\f(CW queuepause command = disable %p\fP +.IP +.IP "\fBqueueresume command (S)\fP" +.IP +This parameter specifies the command to be executed on the server host +in order to resume the printerqueue\&. It is the command to undo the +behaviour that is caused by the previous parameter +(\fB"queuepause command\fP)\&. +.IP +This command should be a program or script which takes a printer name +as its only parameter and resumes the printerqueue, such that queued +jobs are resubmitted to the printer\&. +.IP +This command is not supported by Windows for Workgroups, but can be +issued from the Printer\'s window under Windows 95 & NT\&. +.IP +If a \f(CW"%p"\fP is given then the printername is put in its +place\&. Otherwise it is placed at the end of the command\&. +.IP +Note that it is good practice to include the absolute path in the +command as the PATH may not be available to the server\&. +.IP +\fBDefault:\fP +\f(CW depends on the setting of "printing ="\fP +.IP +\fBExample:\fP +\f(CW queuepause command = enable %p\fP +.IP +.IP "\fBread bmpx (G)\fP" +.IP +This boolean parameter controls whether \fBsmbd\fP +will support the "Read Block Multiplex" SMB\&. This is now rarely used +and defaults to off\&. You should never need to set this parameter\&. +.IP +\fBDefault:\fP +read bmpx = No +.IP +.IP "\fBread list (S)\fP" +.IP +This is a list of users that are given read-only access to a +service\&. If the connecting user is in this list then they will not be +given write access, no matter what the \fB"read only"\fP +option is set to\&. The list can include group names using the syntax +described in the \fB"invalid users"\fP parameter\&. +.IP +See also the \fB"write list"\fP parameter and +the \fB"invalid users"\fP parameter\&. +.IP +\fBDefault:\fP +\f(CW read list = \fP +.IP +\fBExample:\fP +\f(CW read list = mary, @students\fP +.IP +.IP "\fBread only (S)\fP" +.IP +Note that this is an inverted synonym for +\fB"writable"\fP and \fB"write ok"\fP\&. +.IP +See also \fB"writable"\fP and \fB"write +ok"\fP\&. +.IP +.IP "\fBread prediction (G)\fP" +.IP +\fINOTE\fP: This code is currently disabled in Samba2\&.0 and +may be removed at a later date\&. Hence this parameter has +no effect\&. +.IP +This options enables or disables the read prediction code used to +speed up reads from the server\&. When enabled the server will try to +pre-read data from the last accessed file that was opened read-only +while waiting for packets\&. +.IP +\fBDefault:\fP +\f(CW read prediction = False\fP +.IP +.IP "\fBread raw (G)\fP" +.IP +This parameter controls whether or not the server will support the raw +read SMB requests when transferring data to clients\&. +.IP +If enabled, raw reads allow reads of 65535 bytes in one packet\&. This +typically provides a major performance benefit\&. +.IP +However, some clients either negotiate the allowable block size +incorrectly or are incapable of supporting larger block sizes, and for +these clients you may need to disable raw reads\&. +.IP +In general this parameter should be viewed as a system tuning tool and left +severely alone\&. See also \fB"write raw"\fP\&. +.IP +\fBDefault:\fP +\f(CW read raw = yes\fP +.IP +.IP "\fBread size (G)\fP" +.IP +The option \fB"read size"\fP affects the overlap of disk reads/writes +with network reads/writes\&. If the amount of data being transferred in +several of the SMB commands (currently SMBwrite, SMBwriteX and +SMBreadbraw) is larger than this value then the server begins writing +the data before it has received the whole packet from the network, or +in the case of SMBreadbraw, it begins writing to the network before +all the data has been read from disk\&. +.IP +This overlapping works best when the speeds of disk and network access +are similar, having very little effect when the speed of one is much +greater than the other\&. +.IP +The default value is 2048, but very little experimentation has been +done yet to determine the optimal value, and it is likely that the +best value will vary greatly between systems anyway\&. A value over +65536 is pointless and will cause you to allocate memory +unnecessarily\&. +.IP +\fBDefault:\fP +\f(CW read size = 2048\fP +.IP +\fBExample:\fP +\f(CW read size = 8192\fP +.IP +.IP "\fBremote announce (G)\fP" +.IP +This option allows you to setup \fBnmbd\fP to +periodically announce itself to arbitrary IP addresses with an +arbitrary workgroup name\&. +.IP +This is useful if you want your Samba server to appear in a remote +workgroup for which the normal browse propagation rules don\'t +work\&. The remote workgroup can be anywhere that you can send IP +packets to\&. +.IP +For example: +.IP +\f(CW remote announce = 192\&.168\&.2\&.255/SERVERS 192\&.168\&.4\&.255/STAFF\fP +.IP +the above line would cause nmbd to announce itself to the two given IP +addresses using the given workgroup names\&. If you leave out the +workgroup name then the one given in the +\fB"workgroup"\fP parameter is used instead\&. +.IP +The IP addresses you choose would normally be the broadcast addresses +of the remote networks, but can also be the IP addresses of known +browse masters if your network config is that stable\&. +.IP +See the documentation file BROWSING\&.txt in the docs/ directory\&. +.IP +\fBDefault:\fP +\f(CW remote announce = \fP +.IP +\fBExample:\fP +\f(CW remote announce = 192\&.168\&.2\&.255/SERVERS 192\&.168\&.4\&.255/STAFF\fP +.IP +.IP "\fBremote browse sync (G)\fP" +.IP +This option allows you to setup \fBnmbd\fP to +periodically request synchronisation of browse lists with the master +browser of a samba server that is on a remote segment\&. This option +will allow you to gain browse lists for multiple workgroups across +routed networks\&. This is done in a manner that does not work with any +non-samba servers\&. +.IP +This is useful if you want your Samba server and all local clients to +appear in a remote workgroup for which the normal browse propagation +rules don\'t work\&. The remote workgroup can be anywhere that you can +send IP packets to\&. +.IP +For example: +.IP +\f(CW remote browse sync = 192\&.168\&.2\&.255 192\&.168\&.4\&.255\fP +.IP +the above line would cause \fBnmbd\fP to request the +master browser on the specified subnets or addresses to synchronise +their browse lists with the local server\&. +.IP +The IP addresses you choose would normally be the broadcast addresses +of the remote networks, but can also be the IP addresses of known +browse masters if your network config is that stable\&. If a machine IP +address is given Samba makes NO attempt to validate that the remote +machine is available, is listening, nor that it is in fact the browse +master on it\'s segment\&. +.IP +\fBDefault:\fP +\f(CW remote browse sync = \fP +.IP +\fBExample:\fP +\f(CW remote browse sync = 192\&.168\&.2\&.255 192\&.168\&.4\&.255\fP +.IP +.IP "\fBrevalidate (S)\fP" +.IP +Note that this option only works with +\fB"security=share"\fP and will be ignored if +this is not the case\&. +.IP +This option controls whether Samba will allow a previously validated +username/password pair to be used to attach to a share\&. Thus if you +connect to \f(CW\e\eserver\eshare1\fP then to \f(CW\e\eserver\eshare2\fP it won\'t +automatically allow the client to request connection to the second +share as the same username as the first without a password\&. +.IP +If \fB"revalidate"\fP is \f(CW"True"\fP then the client will be denied +automatic access as the same username\&. +.IP +\fBDefault:\fP +\f(CW revalidate = False\fP +.IP +\fBExample:\fP +\f(CW revalidate = True\fP +.IP +.IP "\fBroot (G)\fP" +.IP +Synonym for \fB"root directory"\fP\&. +.IP +.IP "\fBroot dir (G)\fP" +.IP +Synonym for \fB"root directory"\fP\&. +.IP +.IP "\fBroot directory (G)\fP" +.IP +The server will \f(CW"chroot()"\fP (ie\&. Change it\'s root directory) to +this directory on startup\&. This is not strictly necessary for secure +operation\&. Even without it the server will deny access to files not in +one of the service entries\&. It may also check for, and deny access to, +soft links to other parts of the filesystem, or attempts to use +\f(CW"\&.\&."\fP in file names to access other directories (depending on the +setting of the \fB"wide links"\fP parameter)\&. +.IP +Adding a \fB"root directory"\fP entry other than \f(CW"/"\fP adds an extra +level of security, but at a price\&. It absolutely ensures that no +access is given to files not in the sub-tree specified in the \fB"root +directory"\fP option, \fI*including*\fP some files needed for complete +operation of the server\&. To maintain full operability of the server +you will need to mirror some system files into the \fB"root +directory"\fP tree\&. In particular you will need to mirror /etc/passwd +(or a subset of it), and any binaries or configuration files needed +for printing (if required)\&. The set of files that must be mirrored is +operating system dependent\&. +.IP +\fBDefault:\fP +\f(CW root directory = /\fP +.IP +\fBExample:\fP +\f(CW root directory = /homes/smb\fP +.IP +.IP "\fBroot postexec (S)\fP" +.IP +This is the same as the \fB"postexec"\fP parameter +except that the command is run as root\&. This is useful for unmounting +filesystems (such as cdroms) after a connection is closed\&. +.IP +See also \fB"postexec"\fP\&. +.IP +.IP "\fBroot preexec (S)\fP" +.IP +This is the same as the \fB"preexec"\fP parameter except +that the command is run as root\&. This is useful for mounting +filesystems (such as cdroms) before a connection is finalised\&. +.IP +See also \fB"preexec"\fP\&. +.IP +.IP "\fBsecurity (G)\fP" +.IP +This option affects how clients respond to Samba and is one of the most +important settings in the \fBsmb\&.conf\fP file\&. +.IP +The option sets the \f(CW"security mode bit"\fP in replies to protocol +negotiations with \fBsmbd\fP to turn share level +security on or off\&. Clients decide based on this bit whether (and how) +to transfer user and password information to the server\&. +.IP +The default is "security=user", as this is +the most common setting needed when talking to Windows 98 and Windows +NT\&. +.IP +The alternatives are \fB"security = share"\fP, +\fB"security = server"\fP or +\fB"security=domain"\fP\&. +.IP +\fI*****NOTE THAT THIS DEFAULT IS DIFFERENT IN SAMBA2\&.0 THAN FOR +PREVIOUS VERSIONS OF SAMBA *******\fP\&. +.IP +In previous versions of Samba the default was +\fB"security=share"\fP mainly because that was +the only option at one stage\&. +.IP +There is a bug in WfWg that has relevence to this setting\&. When in +user or server level security a WfWg client will totally ignore the +password you type in the "connect drive" dialog box\&. This makes it +very difficult (if not impossible) to connect to a Samba service as +anyone except the user that you are logged into WfWg as\&. +.IP +If your PCs use usernames that are the same as their usernames on the +UNIX machine then you will want to use \fB"security = user"\fP\&. If you +mostly use usernames that don\'t exist on the UNIX box then use +\fB"security = share"\fP\&. +.IP +You should also use \fBsecurity=share\fP if +you want to mainly setup shares without a password (guest +shares)\&. This is commonly used for a shared printer server\&. It is more +difficult to setup guest shares with +\fBsecurity=user\fP, see the \fB"map to +guest"\fPparameter for details\&. +.IP +It is possible to use \fBsmbd\fP in a \fI"hybred +mode"\fP where it is offers both user and share level security under +different \fBNetBIOS aliases\fP\&. See the +\fBNetBIOS aliases\fP and the +\fBinclude\fP parameters for more information\&. +.IP +The different settings will now be explained\&. +.IP +.IP +.IP "\fB"security=share"\fP" +When clients connect to a share level +security server then need not log onto the server with a valid +username and password before attempting to connect to a shared +resource (although modern clients such as Windows 95/98 and Windows NT +will send a logon request with a username but no password when talking +to a \fBsecurity=share\fP server)\&. Instead, the clients send +authentication information (passwords) on a per-share basis, at the +time they attempt to connect to that share\&. +.IP +Note that \fBsmbd\fP \fI*ALWAYS*\fP uses a valid UNIX +user to act on behalf of the client, even in \fB"security=share"\fP +level security\&. +.IP +As clients are not required to send a username to the server +in share level security, \fBsmbd\fP uses several +techniques to determine the correct UNIX user to use on behalf +of the client\&. +.IP +A list of possible UNIX usernames to match with the given +client password is constructed using the following methods : +.IP +.IP +.IP o +If the \fB"guest only"\fP parameter is set, then +all the other stages are missed and only the \fB"guest +account"\fP username is checked\&. +.IP +.IP o +Is a username is sent with the share connection request, then +this username (after mapping - see \fB"username +map"\fP), is added as a potential username\&. +.IP +.IP o +If the client did a previous \fI"logon"\fP request (the +SessionSetup SMB call) then the username sent in this SMB +will be added as a potential username\&. +.IP +.IP o +The name of the service the client requested is added +as a potential username\&. +.IP +.IP o +The NetBIOS name of the client is added to the list as a +potential username\&. +.IP +.IP o +Any users on the \fB"user"\fP list are added +as potential usernames\&. +.IP +.IP +If the \fB"guest only"\fP parameter is not set, then +this list is then tried with the supplied password\&. The first user for +whom the password matches will be used as the UNIX user\&. +.IP +If the \fB"guest only"\fP parameter is set, or no +username can be determined then if the share is marked as available to +the \fB"guest account"\fP, then this guest user will +be used, otherwise access is denied\&. +.IP +Note that it can be \fI*very*\fP confusing in share-level security as to +which UNIX username will eventually be used in granting access\&. +.IP +See also the section \fB"NOTE ABOUT USERNAME/PASSWORD +VALIDATION"\fP\&. +.IP +.IP "\fB"security=user"\fP" +.IP +This is the default security setting in Samba2\&.0\&. With user-level +security a client must first \f(CW"log-on"\fP with a valid username and +password (which can be mapped using the \fB"username +map"\fP parameter)\&. Encrypted passwords (see the +\fB"encrypted passwords"\fP parameter) can also +be used in this security mode\&. Parameters such as +\fB"user"\fP and \fB"guest only"\fP, if set +are then applied and may change the UNIX user to use on this +connection, but only after the user has been successfully +authenticated\&. +.IP +\fINote\fP that the the name of the resource being requested is +\fI*not*\fP sent to the server until after the server has successfully +authenticated the client\&. This is why guest shares don\'t work in user +level security without allowing the server to automatically map unknown +users into the \fB"guest account"\fP\&. See the +\fB"map to guest"\fP parameter for details on +doing this\&. +.IP +See also the section \fB"NOTE ABOUT USERNAME/PASSWORD +VALIDATION"\fP\&. +.IP +.IP "\fB"security=server"\fP" +.IP +In this mode Samba will try to validate the username/password by +passing it to another SMB server, such as an NT box\&. If this fails it +will revert to \fB"security = user"\fP, but note that if encrypted +passwords have been negotiated then Samba cannot revert back to +checking the UNIX password file, it must have a valid smbpasswd file +to check users against\&. See the documentation file in the docs/ +directory ENCRYPTION\&.txt for details on how to set this up\&. +.IP +\fINote\fP that from the clients point of view \fB"security=server"\fP is +the same as \fB"security=user"\fP\&. It only +affects how the server deals with the authentication, it does not in +any way affect what the client sees\&. +.IP +\fINote\fP that the the name of the resource being requested is +\fI*not*\fP sent to the server until after the server has successfully +authenticated the client\&. This is why guest shares don\'t work in server +level security without allowing the server to automatically map unknown +users into the \fB"guest account"\fP\&. See the +\fB"map to guest"\fP parameter for details on +doing this\&. +.IP +See also the section \fB"NOTE ABOUT USERNAME/PASSWORD +VALIDATION"\fP\&. +.IP +See also the \fB"password server"\fP parameter\&. +and the \fB"encrypted passwords"\fP parameter\&. +.IP +.IP "\fB"security=domain"\fP" +.IP +This mode will only work correctly if +\fBsmbpasswd\fP has been used to add this machine +into a Windows NT Domain\&. It expects the \fB"encrypted +passwords"\fP parameter to be set to \f(CW"true"\fP\&. In +this mode Samba will try to validate the username/password by passing +it to a Windows NT Primary or Backup Domain Controller, in exactly the +same way that a Windows NT Server would do\&. +.IP +\fINote\fP that a valid UNIX user must still exist as well as the +account on the Domain Controller to allow Samba to have a valid +UNIX account to map file access to\&. +.IP +\fINote\fP that from the clients point of view \fB"security=domain"\fP is +the same as \fB"security=user"\fP\&. It only +affects how the server deals with the authentication, it does not in +any way affect what the client sees\&. +.IP +\fINote\fP that the the name of the resource being requested is +\fI*not*\fP sent to the server until after the server has successfully +authenticated the client\&. This is why guest shares don\'t work in domain +level security without allowing the server to automatically map unknown +users into the \fB"guest account"\fP\&. See the +\fB"map to guest"\fP parameter for details on +doing this\&. +.IP +e,(BUG:) There is currently a bug in the implementation of +\fB"security=domain\fP with respect to multi-byte character +set usernames\&. The communication with a Domain Controller +must be done in UNICODE and Samba currently does not widen +multi-byte user names to UNICODE correctly, thus a multi-byte +username will not be recognised correctly at the Domain Controller\&. +This issue will be addressed in a future release\&. +.IP +See also the section \fB"NOTE ABOUT USERNAME/PASSWORD +VALIDATION"\fP\&. +.IP +See also the \fB"password server"\fP parameter\&. +and the \fB"encrypted passwords"\fP parameter\&. +.IP +.IP +\fBDefault:\fP +\f(CW security = USER\fP +.IP +\fBExample:\fP +\f(CW security = DOMAIN\fP +.IP +.IP "\fBserver string (G)\fP" +.IP +This controls what string will show up in the printer comment box in +print manager and next to the IPC connection in \f(CW"net view"\fP\&. It can be +any string that you wish to show to your users\&. +.IP +It also sets what will appear in browse lists next to the machine +name\&. +.IP +A \f(CW"%v"\fP will be replaced with the Samba version number\&. +.IP +A \f(CW"%h"\fP will be replaced with the hostname\&. +.IP +\fBDefault:\fP +\f(CW server string = Samba %v\fP +.IP +\fBExample:\fP +\f(CW server string = University of GNUs Samba Server\fP +.IP +.IP "\fBset directory (S)\fP" +.IP +If \f(CW"set directory = no"\fP, then users of the service may not use the +setdir command to change directory\&. +.IP +The setdir command is only implemented in the Digital Pathworks +client\&. See the Pathworks documentation for details\&. +.IP +\fBDefault:\fP +\f(CW set directory = no\fP +.IP +\fBExample:\fP +\f(CW set directory = yes\fP +.IP +.IP "\fBshare modes (S)\fP" +.IP +This enables or disables the honouring of the \f(CW"share modes"\fP during a +file open\&. These modes are used by clients to gain exclusive read or +write access to a file\&. +.IP +These open modes are not directly supported by UNIX, so they are +simulated using shared memory, or lock files if your UNIX doesn\'t +support shared memory (almost all do)\&. +.IP +The share modes that are enabled by this option are DENY_DOS, +DENY_ALL, DENY_READ, DENY_WRITE, DENY_NONE and DENY_FCB\&. +.IP +This option gives full share compatibility and enabled by default\&. +.IP +You should \fI*NEVER*\fP turn this parameter off as many Windows +applications will break if you do so\&. +.IP +\fBDefault:\fP +\f(CW share modes = yes\fP +.IP +.IP "\fBshared mem size (G)\fP" +.IP +It specifies the size of the shared memory (in bytes) to use between +\fBsmbd\fP processes\&. This parameter defaults to one +megabyte of shared memory\&. It is possible that if you have a large +server with many files open simultaneously that you may need to +increase this parameter\&. Signs that this parameter is set too low are +users reporting strange problems trying to save files (locking errors) +and error messages in the smbd log looking like \f(CW"ERROR +smb_shm_alloc : alloc of XX bytes failed"\fP\&. +.IP +\fBDefault:\fP +\f(CW shared mem size = 1048576\fP +.IP +\fBExample:\fP +\f(CW shared mem size = 5242880 ; Set to 5mb for a large number of files\&.\fP +.IP +.IP "\fBshort preserve case (G)\fP" +.IP +This boolean parameter controls if new files which conform to 8\&.3 +syntax, that is all in upper case and of suitable length, are created +upper case, or if they are forced to be the \f(CW"default"\fP case\&. This +option can be use with \fB"preserve case +=yes"\fP to permit long filenames to retain their +case, while short names are lowered\&. Default \fIYes\fP\&. +.IP +See the section on \fBNAME MANGLING\fP\&. +.IP +\fBDefault:\fP +\f(CW short preserve case = yes\fP +.IP +.IP "\fBsmb passwd file (G)\fP" +.IP +This option sets the path to the encrypted smbpasswd file\&. By default +the path to the smbpasswd file is compiled into Samba\&. +.IP +\fBDefault:\fP +\f(CW smb passwd file= \fP +.IP +\fBExample:\fP +\f(CW smb passwd file = /usr/samba/private/smbpasswd\fP +.IP +.IP "\fBsmbrun (G)\fP" +.IP +This sets the full path to the \fBsmbrun\fP binary\&. This defaults to the +value in the Makefile\&. +.IP +You must get this path right for many services to work correctly\&. +.IP +You should not need to change this parameter so long as Samba +is installed correctly\&. +.IP +\fBDefault:\fP +\f(CW smbrun=\fP +.IP +\fBExample:\fP +\f(CW smbrun = /usr/local/samba/bin/smbrun\fP +.IP +.IP "\fBsocket address (G)\fP" +.IP +This option allows you to control what address Samba will listen for +connections on\&. This is used to support multiple virtual interfaces on +the one server, each with a different configuration\&. +.IP +By default samba will accept connections on any address\&. +.IP +\fBExample:\fP +\f(CW socket address = 192\&.168\&.2\&.20\fP +.IP +.IP "\fBsocket options (G)\fP" +.IP +This option allows you to set socket options to be used when talking +with the client\&. +.IP Socket options are controls on the networking layer of the operating -systems which allow the connection to be tuned. - +systems which allow the connection to be tuned\&. +.IP This option will typically be used to tune your Samba server for -optimal performance for your local network. There is no way that Samba +optimal performance for your local network\&. There is no way that Samba can know what the optimal parameters are for your net, so you must -experiment and choose them yourself. I strongly suggest you read the +experiment and choose them yourself\&. We strongly suggest you read the appropriate documentation for your operating system first (perhaps -"man setsockopt" will help). - +\fB"man setsockopt"\fP will help)\&. +.IP You may find that on some systems Samba will say "Unknown socket -option" when you supply an option. This means you either mis-typed it -or you need to add an include file to includes.h for your OS. If the -latter is the case please send the patch to me -(samba-bugs@samba.anu.edu.au). - +option" when you supply an option\&. This means you either mis-typed it +or you need to add an include file to includes\&.h for your OS\&. If the +latter is the case please send the patch to +\fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.IP Any of the supported socket options may be combined in any way you -like, as long as your OS allows it. - +like, as long as your OS allows it\&. +.IP This is the list of socket options currently settable using this option: - - SO_KEEPALIVE - - SO_REUSEADDR - - SO_BROADCAST - - TCP_NODELAY - - IPTOS_LOWDELAY - - IPTOS_THROUGHPUT - - SO_SNDBUF * - - SO_RCVBUF * - - SO_SNDLOWAT * - - SO_RCVLOWAT * - -Those marked with a * take an integer argument. The others can +.IP +.IP +.IP o +SO_KEEPALIVE +.IP +.IP o +SO_REUSEADDR +.IP +.IP o +SO_BROADCAST +.IP +.IP o +TCP_NODELAY +.IP +.IP o +IPTOS_LOWDELAY +.IP +.IP o +IPTOS_THROUGHPUT +.IP +.IP o +SO_SNDBUF * +.IP +.IP o +SO_RCVBUF * +.IP +.IP o +SO_SNDLOWAT * +.IP +.IP o +SO_RCVLOWAT * +.IP +.IP +Those marked with a \f(CW*\fP take an integer argument\&. The others can optionally take a 1 or 0 argument to enable or disable the option, by -default they will be enabled if you don't specify 1 or 0. - +default they will be enabled if you don\'t specify 1 or 0\&. +.IP To specify an argument use the syntax SOME_OPTION=VALUE for example -SO_SNDBUF=8192. Note that you must not have any spaces before or after -the = sign. - +\f(CWSO_SNDBUF=8192\fP\&. Note that you must not have any spaces before or after +the = sign\&. +.IP If you are on a local network then a sensible option might be - -socket options = IPTOS_LOWDELAY - -If you have an almost unloaded local network and you don't mind a lot -of extra CPU usage in the server then you could try - -socket options = IPTOS_LOWDELAY TCP_NODELAY - +.IP +\f(CWsocket options = IPTOS_LOWDELAY\fP +.IP +If you have a local network then you could try: +.IP +\f(CWsocket options = IPTOS_LOWDELAY TCP_NODELAY\fP +.IP If you are on a wide area network then perhaps try setting -IPTOS_THROUGHPUT. - +IPTOS_THROUGHPUT\&. +.IP Note that several of the options may cause your Samba server to fail -completely. Use these options with caution! - -.B Default: - no socket options - -.B Example: - socket options = IPTOS_LOWDELAY - - - - -.SS status (G) +completely\&. Use these options with caution! +.IP +\fBDefault:\fP +\f(CW socket options = TCP_NODELAY\fP +.IP +\fBExample:\fP +\f(CW socket options = IPTOS_LOWDELAY\fP +.IP +.IP "\fBssl (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +This variable enables or disables the entire SSL mode\&. If it is set to +"no", the SSL enabled samba behaves exactly like the non-SSL samba\&. If +set to "yes", it depends on the variables \fB"ssl +hosts"\fP and \fB"ssl hosts resign"\fP +whether an SSL connection will be required\&. +.IP +\fBDefault:\fP +\f(CW ssl=no\fP +\fBExample:\fP +\f(CW ssl=yes\fP +.IP +.IP "\fBssl CA certDir (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +This variable defines where to look up the Certification +Autorities\&. The given directory should contain one file for each CA +that samba will trust\&. The file name must be the hash value over the +"Distinguished Name" of the CA\&. How this directory is set up is +explained later in this document\&. All files within the directory that +don\'t fit into this naming scheme are ignored\&. You don\'t need this +variable if you don\'t verify client certificates\&. +.IP +\fBDefault:\fP +\f(CW ssl CA certDir = /usr/local/ssl/certs\fP +.IP +.IP "\fBssl CA certFile (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +This variable is a second way to define the trusted CAs\&. The +certificates of the trusted CAs are collected in one big file and this +variable points to the file\&. You will probably only use one of the two +ways to define your CAs\&. The first choice is preferable if you have +many CAs or want to be flexible, the second is perferable if you only +have one CA and want to keep things simple (you won\'t need to create +the hashed file names)\&. You don\'t need this variable if you don\'t +verify client certificates\&. +.IP +\fBDefault:\fP +\f(CW ssl CA certFile = /usr/local/ssl/certs/trustedCAs\&.pem\fP +.IP +.IP "\fBssl ciphers (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +This variable defines the ciphers that should be offered during SSL +negotiation\&. You should not set this variable unless you know what you +are doing\&. +.IP +.IP "\fBssl client cert (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +The certificate in this file is used by +\fBsmbclient\fP if it exists\&. It\'s needed if the +server requires a client certificate\&. +.IP +\fBDefault:\fP +\f(CW ssl client cert = /usr/local/ssl/certs/smbclient\&.pem\fP +.IP +.IP "\fBssl client key (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +This is the private key for \fBsmbclient\fP\&. It\'s +only needed if the client should have a certificate\&. +.IP +\fBDefault:\fP +\f(CW ssl client key = /usr/local/ssl/private/smbclient\&.pem\fP +.IP +.IP "\fBssl compatibility (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +This variable defines whether SSLeay should be configured for bug +compatibility with other SSL implementations\&. This is probably not +desirable because currently no clients with SSL implementations other +than SSLeay exist\&. +.IP +\fBDefault:\fP +\f(CW ssl compatibility = no\fP +.IP +.IP "\fBssl hosts (G)\fP" +.IP +See \fB"ssl hosts resign"\fP\&. +.IP +.IP "\fBssl hosts resign (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +These two variables define whether samba will go into SSL mode or +not\&. If none of them is defined, samba will allow only SSL +connections\&. If the \fB"ssl hosts"\fP variable lists +hosts (by IP-address, IP-address range, net group or name), only these +hosts will be forced into SSL mode\&. If the \fB"ssl hosts resign"\fP +variable lists hosts, only these hosts will NOT be forced into SSL +mode\&. The syntax for these two variables is the same as for the +\fB"hosts allow"\fP and \fB"hosts +deny"\fP pair of variables, only that the subject of the +decision is different: It\'s not the access right but whether SSL is +used or not\&. See the \fB"allow hosts"\fP parameter for +details\&. The example below requires SSL connections from all hosts +outside the local net (which is 192\&.168\&.*\&.*)\&. +.IP +\fBDefault:\fP +\f(CW ssl hosts = \fP +\f(CW ssl hosts resign = \fP +.IP +\fBExample:\fP +\f(CW ssl hosts resign = 192\&.168\&.\fP +.IP +.IP "\fBssl require clientcert (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +If this variable is set to \f(CW"yes"\fP, the server will not tolerate +connections from clients that don\'t have a valid certificate\&. The +directory/file given in \fB"ssl CA certDir"\fP and +\fB"ssl CA certFile"\fP will be used to look up the +CAs that issued the client\'s certificate\&. If the certificate can\'t be +verified positively, the connection will be terminated\&. If this +variable is set to \f(CW"no"\fP, clients don\'t need certificates\&. Contrary +to web applications you really \fI*should*\fP require client +certificates\&. In the web environment the client\'s data is sensitive +(credit card numbers) and the server must prove to be trustworthy\&. In +a file server environment the server\'s data will be sensitive and the +clients must prove to be trustworthy\&. +.IP +\fBDefault:\fP +\f(CW ssl require clientcert = no\fP +.IP +.IP "\fBssl require servercert (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +If this variable is set to \f(CW"yes"\fP, the +\fBsmbclient\fP will request a certificate from +the server\&. Same as \fB"ssl require +clientcert"\fP for the server\&. +.IP +\fBDefault:\fP +\f(CW ssl require servercert = no\fP +.IP +.IP "\fBssl server cert (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +This is the file containing the server\'s certificate\&. The server _must_ +have a certificate\&. The file may also contain the server\'s private key\&. +See later for how certificates and private keys are created\&. +.IP +\fBDefault:\fP +\f(CW ssl server cert = \fP +.IP +.IP "\fBssl server key (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +This file contains the private key of the server\&. If this variable is +not defined, the key is looked up in the certificate file (it may be +appended to the certificate)\&. The server \fI*must*\fP have a private key +and the certificate \fI*must*\fP match this private key\&. +.IP +\fBDefault:\fP +\f(CW ssl server key = \fP +.IP +.IP "\fBssl version (G)\fP" +.IP +This variable is part of SSL-enabled Samba\&. This is only available if +the SSL libraries have been compiled on your system and the configure +option \f(CW"--with-ssl"\fP was given at configure time\&. +.IP +\fINote\fP that for export control reasons this code is \fI**NOT**\fP +enabled by default in any current binary version of Samba\&. +.IP +This enumeration variable defines the versions of the SSL protocol +that will be used\&. \f(CW"ssl2or3"\fP allows dynamic negotiation of SSL v2 +or v3, \f(CW"ssl2"\fP results in SSL v2, \f(CW"ssl3"\fP results in SSL v3 and +"tls1" results in TLS v1\&. TLS (Transport Layer Security) is the +(proposed?) new standard for SSL\&. +.IP +\fBDefault:\fP +\f(CW ssl version = "ssl2or3"\fP +.IP +.IP "\fBstat cache (G)\fP" +.IP +This parameter determines if \fBsmbd\fP will use a +cache in order to speed up case insensitive name mappings\&. You should +never need to change this parameter\&. +.IP +\fBDefault:\fP +\f(CW stat cache = yes\fP +.IP +.IP "\fBstat cache size (G)\fP" +.IP +This parameter determines the number of entries in the \fBstat +cache\fP\&. You should never need to change this parameter\&. +.IP +\fBDefault:\fP +\f(CW stat cache size = 50\fP +.IP +.IP "\fBstatus (G)\fP" +.IP This enables or disables logging of connections to a status file that -.B smbstatus -can read. - -With this disabled -.B smbstatus -won't be able to tell you what -connections are active. - -.B Default: - status = yes - -.B Example: - status = no - -.SS strict locking (S) +\fBsmbstatus\fP can read\&. +.IP +With this disabled \fBsmbstatus\fP won\'t be able +to tell you what connections are active\&. You should never need to +change this parameter\&. +.IP +\fBDefault:\fP +status = yes +.IP +dir(\fBstrict locking (S)\fP) +.IP This is a boolean that controls the handling of file locking in the -server. When this is set to yes the server will check every read and -write access for file locks, and deny access if locks exist. This can -be slow on some systems. - -When strict locking is "no" the server does file lock checks only when -the client explicitly asks for them. - +server\&. When this is set to \f(CW"yes"\fP the server will check every read and +write access for file locks, and deny access if locks exist\&. This can +be slow on some systems\&. +.IP +When strict locking is \f(CW"no"\fP the server does file lock checks only +when the client explicitly asks for them\&. +.IP Well behaved clients always ask for lock checks when it is important, -so in the vast majority of cases "strict locking = no" is preferable. - -.B Default: - strict locking = no - -.B Example: - strict locking = yes - -.SS strict sync (S) -Many Windows applications (including the Windows 98 explorer -shell) seem to confuse flushing buffer contents to disk with -doing a sync to disk. Under UNIX, a sync call forces the process -to be suspended until the kernel has ensured that all outstanding -data in kernel disk buffers has been safely stored onto stable -storate. This is very slow and should only be done rarely. Setting -this parameter to "no" (the default) means that smbd ignores the -Windows applications requests for a sync call. There is only a -possibility of losing data if the operating system itself that -Samba is running on crashes, so there is little danger in this -default setting. In addition, this fixes many performace problems -that people have reported with the new Windows98 explorer shell -file copies. - -See also the "sync always" parameter. - -.B Default: - strict sync = no - -.B Example: - strict sync = yes - - -.SS strip dot (G) +so in the vast majority of cases \fB"strict locking = no"\fP is +preferable\&. +.IP +\fBDefault:\fP +\f(CW strict locking = no\fP +.IP +\fBExample:\fP +\f(CW strict locking = yes\fP +.IP +.IP "\fBstrict sync (S)\fP" +.IP +Many Windows applications (including the Windows 98 explorer shell) +seem to confuse flushing buffer contents to disk with doing a sync to +disk\&. Under UNIX, a sync call forces the process to be suspended until +the kernel has ensured that all outstanding data in kernel disk +buffers has been safely stored onto stable storate\&. This is very slow +and should only be done rarely\&. Setting this parameter to "no" (the +default) means that smbd ignores the Windows applications requests for +a sync call\&. There is only a possibility of losing data if the +operating system itself that Samba is running on crashes, so there is +little danger in this default setting\&. In addition, this fixes many +performance problems that people have reported with the new Windows98 +explorer shell file copies\&. +.IP +See also the \fB"sync always"\fP parameter\&. +.IP +\fBDefault:\fP +\f(CW strict sync = no\fP +.IP +\fBExample:\fP +\f(CW strict sync = yes\fP +.IP +.IP "\fBstrip dot (G)\fP" +.IP This is a boolean that controls whether to strip trailing dots off -UNIX filenames. This helps with some CDROMs that have filenames ending in a -single dot. - -.B Default: - strip dot = no - -.B Example: - strip dot = yes - -.SS syslog (G) -This parameter maps how Samba debug messages are logged onto the -system syslog logging levels. Samba debug level zero maps onto -syslog LOG_ERR, debug level one maps onto LOG_WARNING, debug -level two maps to LOG_NOTICE, debug level three maps onto LOG_INFO. -The paramter sets the threshold for doing the mapping, all Samba -debug messages above this threashold are mapped to syslog LOG_DEBUG -messages. - -.B Default: - - syslog = 1 - -.SS syslog only (G) -If this parameter is set then Samba debug messages are logged into -the system syslog only, and not to the debug log files. - -.B Default: - syslog only = no - -.SS sync always (S) - +UNIX filenames\&. This helps with some CDROMs that have filenames ending +in a single dot\&. +.IP +\fBDefault:\fP +\f(CW strip dot = no\fP +.IP +\fBExample:\fP +\f(CW strip dot = yes\fP +.IP +.IP "\fBsync always (S)\fP" +.IP This is a boolean parameter that controls whether writes will always -be written to stable storage before the write call returns. If this is -false then the server will be guided by the client's request in each +be written to stable storage before the write call returns\&. If this is +false then the server will be guided by the client\'s request in each write call (clients can set a bit indicating that a particular write -should be synchronous). If this is true then every write will be -followed by a fsync() call to ensure the data is written to disk. -Note that the "strict sync" parameter must be set to "yes" in -order for this parameter to have any affect. - -See also the "strict sync" parameter. - -.B Default: - sync always = no - -.B Example: - sync always = yes - -.SS time offset (G) +should be synchronous)\&. If this is true then every write will be +followed by a fsync() call to ensure the data is written to disk\&. +Note that the \fB"strict sync"\fP parameter must be +set to \f(CW"yes"\fP in order for this parameter to have any affect\&. +.IP +See also the \fB"strict sync"\fP parameter\&. +.IP +\fBDefault:\fP +\f(CW sync always = no\fP +.IP +\fBxample:\fP +\f(CW sync always = yes\fP +.IP +.IP "\fBsyslog (G)\fP" +.IP +This parameter maps how Samba debug messages are logged onto the +system syslog logging levels\&. Samba debug level zero maps onto syslog +LOG_ERR, debug level one maps onto LOG_WARNING, debug level two maps +to LOG_NOTICE, debug level three maps onto LOG_INFO\&. The paramter +sets the threshold for doing the mapping, all Samba debug messages +above this threashold are mapped to syslog LOG_DEBUG messages\&. +.IP +\fBDefault:\fP +\f(CW syslog = 1\fP +.IP +.IP "\fBsyslog only (G)\fP" +.IP +If this parameter is set then Samba debug messages are logged into the +system syslog only, and not to the debug log files\&. +.IP +\fBDefault:\fP +\f(CW syslog only = no\fP +.IP +.IP "\fBtime offset (G)\fP" +.IP This parameter is a setting in minutes to add to the normal GMT to -local time conversion. This is useful if you are serving a lot of PCs -that have incorrect daylight saving time handling. - -.B Default: - time offset = 0 - -.B Example: - time offset = 60 - -.SS time server (G) -This parameter determines if nmbd advertises itself as a time server -to Windows clients. The default is False. - -.B Default: - time server = False - -.B Example: - time server = True - -.SS unix password sync (G) +local time conversion\&. This is useful if you are serving a lot of PCs +that have incorrect daylight saving time handling\&. +.IP +\fBDefault:\fP +\f(CW time offset = 0\fP +.IP +\fBExample:\fP +\f(CW time offset = 60\fP +.IP +.IP +.IP "\fBtime server (G)\fP" +.IP +This parameter determines if \fBnmbd\fP advertises +itself as a time server to Windows clients\&. The default is False\&. +.IP +\fBDefault:\fP +\f(CW time server = False\fP +.IP +\fBExample:\fP +\f(CW time server = True\fP +.IP +.IP "\fBtimestamp logs (G)\fP" +.IP +Samba2\&.0 will a timestamps to all log entries by default\&. This +can be distracting if you are attempting to debug a problem\&. This +parameter allows the timestamping to be turned off\&. +.IP +\fBDefault:\fP +\f(CW timestamp logs = True\fP +.IP +\fBExample:\fP +\f(CW timestamp logs = False\fP +.IP +.IP "\fBunix password sync (G)\fP" +.IP This boolean parameter controlls whether Samba attempts to synchronise -the UNIX password with the SMB password when the encrypted SMB password -in the smbpasswd file is changed. If this is set to true the 'passwd program' -program is called *AS ROOT* - to allow the new UNIX password to be set -without access to the old UNIX password (as the SMB password has change -code has no access to the old password cleartext, only the new). By -default this is set to false. - -See also 'passwd program', 'passwd chat' - -.B Default: - unix password sync = False - -.B Example: - unix password sync = True - -.SS unix realname (G) -This boolean parameter when set causes samba to supply the real name field -from the unix password file to the client. This is useful for setting up -mail clients and WWW browsers on systems used by more than one person. - -.B Default: - unix realname = no - -.B Example: - unix realname = yes - -.SS update encrypted (G) +the UNIX password with the SMB password when the encrypted SMB +password in the smbpasswd file is changed\&. If this is set to true the +program specified in the \fB"passwd program"\fP +parameter is called \fI*AS ROOT*\fP - to allow the new UNIX password to be +set without access to the old UNIX password (as the SMB password has +change code has no access to the old password cleartext, only the +new)\&. By default this is set to \f(CW"false"\fP\&. +.IP +See also \fB"passwd program"\fP, \fB"passwd +chat"\fP\&. +.IP +\fBDefault:\fP +\f(CW unix password sync = False\fP +.IP +\fBExample:\fP +\f(CW unix password sync = True\fP +.IP +.IP "\fBunix realname (G)\fP" +.IP +This boolean parameter when set causes samba to supply the real name +field from the unix password file to the client\&. This is useful for +setting up mail clients and WWW browsers on systems used by more than +one person\&. +.IP +\fBDefault:\fP +\f(CW unix realname = no\fP +.IP +\fBExample:\fP +\f(CW unix realname = yes\fP +.IP +.IP "\fBupdate encrypted (G)\fP" +.IP This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) password in the smbpasswd -file to be updated automatically as they log on. This option allows -a site to migrate from plaintext password authentication (users +file to be updated automatically as they log on\&. This option allows a +site to migrate from plaintext password authentication (users authenticate with plaintext password over the wire, and are checked against a UNIX account database) to encrypted password authentication (the SMB challenge/response authentication mechanism) without forcing -all users to re-enter their passwords via smbpasswd at the time the change -is made. This is a convenience option to allow the change over to -encrypted passwords to be made over a longer period. Once all users +all users to re-enter their passwords via smbpasswd at the time the +change is made\&. This is a convenience option to allow the change over +to encrypted passwords to be made over a longer period\&. Once all users have encrypted representations of their passwords in the smbpasswd -file this parameter should be set to "off". - -In order for this parameter to work correctly the "encrypt passwords" -must be set to "no" when this parameter is set to "yes". - +file this parameter should be set to \f(CW"off"\fP\&. +.IP +In order for this parameter to work correctly the \fB"encrypt +passwords"\fP parameter must be set to \f(CW"no"\fP when +this parameter is set to \f(CW"yes"\fP\&. +.IP Note that even when this parameter is set a user authenticating to smbd must still enter a valid password in order to connect correctly, -and to update their hashed (smbpasswd) passwords. - -.B Default: - update encrypted = no - -.B Example: - update encrypted = yes - -.SS user (S) -See -.B username. -.SS username (S) -A synonym for this parameter is 'user'. - -Multiple users may be specified in a comma-delimited list, in which case the -supplied password will be tested against each username in turn (left to right). - -The username= line is needed only when the PC is unable to supply its own -username. This is the case for the coreplus protocol or where your -users have different WfWg usernames to UNIX usernames. In both these -cases you may also be better using the \e\eserver\eshare%user syntax -instead. - -The username= line is not a great solution in many cases as it means Samba -will try to validate the supplied password against each of the -usernames in the username= line in turn. This is slow and a bad idea for -lots of users in case of duplicate passwords. You may get timeouts or -security breaches using this parameter unwisely. - -Samba relies on the underlying UNIX security. This parameter does not +and to update their hashed (smbpasswd) passwords\&. +.IP +\fBDefault:\fP +\f(CW update encrypted = no\fP +.IP +\fBExample:\fP +\f(CW update encrypted = yes\fP +.IP +.IP "\fBuse rhosts (G)\fP" +.IP +If this global parameter is a true, it specifies that the UNIX users +\f(CW"\&.rhosts"\fP file in their home directory will be read to find the +names of hosts and users who will be allowed access without specifying +a password\&. +.IP +NOTE: The use of \fBuse rhosts\fP can be a major security hole\&. This is +because you are trusting the PC to supply the correct username\&. It is +very easy to get a PC to supply a false username\&. I recommend that the +\fBuse rhosts\fP option be only used if you really know what you are +doing\&. +.IP +\fBDefault:\fP +\f(CW use rhosts = no\fP +.IP +\fBExample:\fP +\f(CW use rhosts = yes\fP +.IP +.IP "\fBuser (S)\fP" +.IP +Synonym for \fB"username"\fP\&. +.IP +.IP "\fBusers (S)\fP" +.IP +Synonym for \fB"username"\fP\&. +.IP +.IP "\fBusername (S)\fP" +.IP +Multiple users may be specified in a comma-delimited list, in which +case the supplied password will be tested against each username in +turn (left to right)\&. +.IP +The \fBusername=\fP line is needed only when the PC is unable to supply +its own username\&. This is the case for the COREPLUS protocol or where +your users have different WfWg usernames to UNIX usernames\&. In both +these cases you may also be better using the \f(CW\e\eserver\eshare%user\fP +syntax instead\&. +.IP +The \fBusername=\fP line is not a great solution in many cases as it +means Samba will try to validate the supplied password against each of +the usernames in the username= line in turn\&. This is slow and a bad +idea for lots of users in case of duplicate passwords\&. You may get +timeouts or security breaches using this parameter unwisely\&. +.IP +Samba relies on the underlying UNIX security\&. This parameter does not restrict who can login, it just offers hints to the Samba server as to -what usernames might correspond to the supplied password. Users can +what usernames might correspond to the supplied password\&. Users can login as whoever they please and they will be able to do no more -damage than if they started a telnet session. The daemon runs as the +damage than if they started a telnet session\&. The daemon runs as the user that they log in as, so they cannot do anything that user cannot -do. - +do\&. +.IP To restrict a service to a particular set of users you can use the -"valid users=" line. - -If any of the usernames begin with a @ then the name will be looked up -first in the yp netgroups list (if Samba is compiled with netgroup support), -followed by a lookup in the UNIX groups database and will expand to a list of -all users in the group of that name. - -If any of the usernames begin with a + then the name will be looked up only -in the UNIX groups database and will expand to a list of all users in the -group of that name. - -If any of the usernames begin with a & then the name will be looked up only -in the yp netgroups database (if Samba is compiled with netgroup support) and -will expand to a list of all users in the netgroup group of that name. - -Note that searching though a groups database can take quite -some time, and some clients may time out during the search. - -See the section below on username/password validation for more information -on how this parameter determines access to the services. - -.B Default: - The guest account if a guest service, else the name of the service. +\fB"valid users="\fP parameter\&. +.IP +If any of the usernames begin with a \f(CW\'@\'\fP then the name will be +looked up first in the yp netgroups list (if Samba is compiled with +netgroup support), followed by a lookup in the UNIX groups database +and will expand to a list of all users in the group of that name\&. +.IP +If any of the usernames begin with a \f(CW\'+\'\fP then the name will be +looked up only in the UNIX groups database and will expand to a list +of all users in the group of that name\&. +.IP +If any of the usernames begin with a \f(CW\'&\'\fP then the name will be +looked up only in the yp netgroups database (if Samba is compiled with +netgroup support) and will expand to a list of all users in the +netgroup group of that name\&. +.IP +Note that searching though a groups database can take quite some time, +and some clients may time out during the search\&. +.IP +See the section \fB"NOTE ABOUT USERNAME/PASSWORD +VALIDATION"\fP for more +information on how this parameter determines access to the services\&. +.IP +\fBDefault:\fP +\f(CW The guest account if a guest service, else the name of the service\&.\fP +.IP +\fBExamples:\fP + +.DS + -.B Examples: username = fred username = fred, mary, jack, jane, @users, @pcgroup -.SS username level (G) +.DE + -This option helps Samba to try and 'guess' at the real UNIX username, -as many DOS clients send an all-uppercase username. By default Samba +.IP +.IP "\fBusername level (G)\fP" +.IP +This option helps Samba to try and \'guess\' at the real UNIX username, +as many DOS clients send an all-uppercase username\&. By default Samba tries all lowercase, followed by the username with the first letter -capitalized, and fails if the username is not found on the UNIX machine. - -If this parameter is set to non-zero the behaviour changes. This -parameter is a number that specifies the number of uppercase combinations -to try whilst trying to determine the UNIX user name. The higher the number -the more combinations will be tried, but the slower the discovery -of usernames will be. Use this parameter when you have strange -usernames on your UNIX machine, such as 'AstrangeUser'. - -.B Default: - username level = 0 - -.B Example: - username level = 5 - -.SS username map (G) - +capitalized, and fails if the username is not found on the UNIX +machine\&. +.IP +If this parameter is set to non-zero the behaviour changes\&. This +parameter is a number that specifies the number of uppercase +combinations to try whilst trying to determine the UNIX user name\&. The +higher the number the more combinations will be tried, but the slower +the discovery of usernames will be\&. Use this parameter when you have +strange usernames on your UNIX machine, such as \f(CW"AstrangeUser"\fP\&. +.IP +\fBDefault:\fP +\f(CW username level = 0\fP +.IP +\fBExample:\fP +\f(CW username level = 5\fP +.IP +.IP "\fBusername map (G)\fP" +.IP This option allows you to to specify a file containing a mapping of -usernames from the clients to the server. This can be used for several -purposes. The most common is to map usernames that users use on DOS or -Windows machines to those that the UNIX box uses. The other is to map +usernames from the clients to the server\&. This can be used for several +purposes\&. The most common is to map usernames that users use on DOS or +Windows machines to those that the UNIX box uses\&. The other is to map multiple users to a single username so that they can more easily share -files. - -The map file is parsed line by line. Each line should contain a single -UNIX username on the left then a '=' followed by a list of usernames -on the right. The list of usernames on the right may contain names of -the form @group in which case they will match any UNIX username in -that group. The special client name '*' is a wildcard and matches any -name. Each line of the map file may be up to 1023 characters long. - +files\&. +.IP +The map file is parsed line by line\&. Each line should contain a single +UNIX username on the left then a \f(CW\'=\'\fP followed by a list of +usernames on the right\&. The list of usernames on the right may contain +names of the form @group in which case they will match any UNIX +username in that group\&. The special client name \f(CW\'*\'\fP is a wildcard +and matches any name\&. Each line of the map file may be up to 1023 +characters long\&. +.IP The file is processed on each line by taking the supplied username and -comparing it with each username on the right hand side of the '=' -signs. If the supplied name matches any of the names on the right -hand side then it is replaced with the name on the left. Processing -then continues with the next line. - -If any line begins with a '#' or a ';' then it is ignored - -If any line begins with an ! then the processing will stop after that -line if a mapping was done by the line. Otherwise mapping continues -with every line being processed. Using ! is most useful when you have -a wildcard mapping line later in the file. - -For example to map from the name "admin" or "administrator" to the UNIX -name "root" you would use - - root = admin administrator - -Or to map anyone in the UNIX group "system" to the UNIX name "sys" you -would use - - sys = @system - -You can have as many mappings as you like in a username map file. - -If Samba has been compiled with the -DNETGROUP compile option -then the netgroup database is checked before the /etc/group -database for matching groups. - +comparing it with each username on the right hand side of the \f(CW\'=\'\fP +signs\&. If the supplied name matches any of the names on the right hand +side then it is replaced with the name on the left\&. Processing then +continues with the next line\&. +.IP +If any line begins with a \f(CW\'#\'\fP or a \f(CW\';\'\fP then it is ignored +.IP +If any line begins with an \f(CW\'!\'\fP then the processing will stop after +that line if a mapping was done by the line\&. Otherwise mapping +continues with every line being processed\&. Using \f(CW\'!\'\fP is most +useful when you have a wildcard mapping line later in the file\&. +.IP +For example to map from the name \f(CW"admin"\fP or \f(CW"administrator"\fP to +the UNIX name \f(CW"root"\fP you would use: +.IP +\f(CW root = admin administrator\fP +.IP +Or to map anyone in the UNIX group \f(CW"system"\fP to the UNIX name +\f(CW"sys"\fP you would use: +.IP +\f(CW sys = @system\fP +.IP +You can have as many mappings as you like in a username map file\&. +.IP +If your system supports the NIS NETGROUP option then the netgroup +database is checked before the \f(CW/etc/group\fP database for matching +groups\&. +.IP You can map Windows usernames that have spaces in them by using double -quotes around the name. For example: - - tridge = "Andrew Tridgell" - -would map the windows username "Andrew Tridgell" to the unix username -tridge. - +quotes around the name\&. For example: +.IP +\f(CW tridge = "Andrew Tridgell"\fP +.IP +would map the windows username \f(CW"Andrew Tridgell"\fP to the unix +username tridge\&. +.IP The following example would map mary and fred to the unix user sys, -and map the rest to guest. Note the use of the ! to tell Samba to stop -processing if it gets a match on that line. +and map the rest to guest\&. Note the use of the \f(CW\'!\'\fP to tell Samba +to stop processing if it gets a match on that line\&. +.IP + +.DS + !sys = mary fred guest = * +.DE + +.IP Note that the remapping is applied to all occurrences of -usernames. Thus if you connect to "\e\eserver\efred" and "fred" is -remapped to "mary" then you will actually be connecting to -"\e\eserver\emary" and will need to supply a password suitable for -"mary" not "fred". The only exception to this is the username passed -to the "password server" (if you have one). The password server will -receive whatever username the client supplies without modification. - -Also note that no reverse mapping is done. The main effect this has is -with printing. Users who have been mapped may have trouble deleting -print jobs as PrintManager under WfWg will think they don't own the -print job. - -.B Default - no username map - -.B Example - username map = /usr/local/samba/lib/users.map - -.SS valid chars (S) - +usernames\&. Thus if you connect to \f(CW"\e\eserver\efred"\fP and \f(CW"fred"\fP +is remapped to \f(CW"mary"\fP then you will actually be connecting to +\f(CW"\e\eserver\emary"\fP and will need to supply a password suitable for +\f(CW"mary"\fP not \f(CW"fred"\fP\&. The only exception to this is the username +passed to the \fB"password server"\fP (if you have +one)\&. The password server will receive whatever username the client +supplies without modification\&. +.IP +Also note that no reverse mapping is done\&. The main effect this has is +with printing\&. Users who have been mapped may have trouble deleting +print jobs as PrintManager under WfWg will think they don\'t own the +print job\&. +.IP +\fBDefault:\fP +\f(CW no username map\fP +.IP +\fBExample:\fP +\f(CW username map = /usr/local/samba/lib/users\&.map\fP +.IP +.IP "\fBvalid chars (S)\fP" +.IP The option allows you to specify additional characters that should be -considered valid by the server in filenames. This is particularly -useful for national character sets, such as adding u-umlaut or a-ring. - +considered valid by the server in filenames\&. This is particularly +useful for national character sets, such as adding u-umlaut or a-ring\&. +.IP The option takes a list of characters in either integer or character -form with spaces between them. If you give two characters with a colon -between them then it will be taken as an lowercase:uppercase pair. - +form with spaces between them\&. If you give two characters with a colon +between them then it will be taken as an lowercase:uppercase pair\&. +.IP If you have an editor capable of entering the characters into the -config file then it is probably easiest to use this method. Otherwise +config file then it is probably easiest to use this method\&. Otherwise you can specify the characters in octal, decimal or hexadecimal form -using the usual C notation. - -For example to add the single character 'Z' to the charset (which is a -pointless thing to do as it's already there) you could do one of the -following - -valid chars = Z -valid chars = z:Z -valid chars = 0132:0172 +using the usual C notation\&. +.IP +For example to add the single character \f(CW\'Z\'\fP to the charset (which +is a pointless thing to do as it\'s already there) you could do one of +the following +.IP + +.DS + -The last two examples above actually add two characters, and alter -the uppercase and lowercase mappings appropriately. + valid chars = Z + valid chars = z:Z + valid chars = 0132:0172 -Note that you MUST specify this parameter after the "client code page" -parameter if you have both set. If "client code page" is set after -the "valid chars" parameter the "valid chars" settings will be -overwritten. +.DE + -See also the "client code page" parameter. +.IP +The last two examples above actually add two characters, and alter the +uppercase and lowercase mappings appropriately\&. +.IP +Note that you MUST specify this parameter after the \fB"client +code page"\fP parameter if you have both set\&. If +\fB"client code page"\fP is set after the +\fB"valid chars"\fP parameter the \fB"valid chars"\fP settings will be +overwritten\&. +.IP +See also the \fB"client code page"\fP parameter\&. +.IP +\fBDefault:\fP + +.DS + -.B Default -.br Samba defaults to using a reasonable set of valid characters -.br for english systems -.B Example - valid chars = 0345:0305 0366:0326 0344:0304 +.DE + +.IP +\fBExample\fP +\f(CW valid chars = 0345:0305 0366:0326 0344:0304\fP +.IP The above example allows filenames to have the swedish characters in -them. - -NOTE: It is actually quite difficult to correctly produce a "valid -chars" line for a particular system. To automate the process -tino@augsburg.net has written a package called "validchars" which will -automatically produce a complete "valid chars" line for a given client -system. Look in the examples subdirectory for this package. - -.SS valid users (S) +them\&. +.IP +NOTE: It is actually quite difficult to correctly produce a \fB"valid +chars"\fP line for a particular system\&. To automate the process +\fItino@augsburg\&.net\fP has written a package called \fB"validchars"\fP +which will automatically produce a complete \fB"valid chars"\fP line for +a given client system\&. Look in the examples/validchars/ subdirectory +of your Samba source code distribution for this package\&. +.IP +.IP "\fBvalid users (S)\fP" +.IP This is a list of users that should be allowed to login to this -service. A name starting with @ is interpreted as a UNIX group. - -If this is empty (the default) then any user can login. If a username -is in both this list and the "invalid users" list then access is -denied for that user. - -The current servicename is substituted for %S. This is useful in the -[homes] section. - -See also "invalid users" - -.B Default - No valid users list. (anyone can login) - -.B Example - valid users = greg, @pcusers - - -.SS veto files(S) +service\&. Names starting with \f(CW\'@\'\fP, \f(CW\'+\'\fP and \f(CW\'&\'\fP are +interpreted using the same rules as described in the \fB"invalid +users"\fP parameter\&. +.IP +If this is empty (the default) then any user can login\&. If a username +is in both this list and the \fB"invalid users"\fP +list then access is denied for that user\&. +.IP +The current servicename is substituted for +\fB"%S"\fP\&. This is useful in the +\fB[homes]\fP section\&. +.IP +See also \fB"invalid users"\fP\&. +.IP +\fBDefault:\fP +\f(CW No valid users list\&. (anyone can login)\fP +.IP +\fBExample:\fP +\f(CW valid users = greg, @pcusers\fP +.IP +.IP "\fBveto files(S)\fP" +.IP This is a list of files and directories that are neither visible nor -accessible. Each entry in the list must be separated by a "/", which -allows spaces to be included in the entry. '*' and '?' can be used to -specify multiple files or directories as in DOS wildcards. - -Each entry must be a unix path, not a DOS path and must not include the -unix directory separator "/". - -Note that the case sensitivity option is applicable in vetoing files. - +accessible\&. Each entry in the list must be separated by a \f(CW\'/\'\fP, +which allows spaces to be included in the entry\&. \f(CW\'*\'\fP and \f(CW\'?\'\fP +can be used to specify multiple files or directories as in DOS +wildcards\&. +.IP +Each entry must be a unix path, not a DOS path and must \fI*not*\fP include the +unix directory separator \f(CW\'/\'\fP\&. +.IP +Note that the \fB"case sensitive"\fP option is +applicable in vetoing files\&. +.IP One feature of the veto files parameter that it is important to be -aware of, is that if a directory contains nothing but files that -match the veto files parameter (which means that Windows/DOS clients -cannot ever see them) is deleted, the veto files within that directory -*are automatically deleted* along with it, if the user has UNIX permissions -to do so. +aware of, is that if a directory contains nothing but files that match +the veto files parameter (which means that Windows/DOS clients cannot +ever see them) is deleted, the veto files within that directory *are +automatically deleted* along with it, if the user has UNIX permissions +to do so\&. +.IP +Setting this parameter will affect the performance of Samba, as it +will be forced to check all files and directories for a match as they +are scanned\&. +.IP +See also \fB"hide files"\fP and \fB"case +sensitive"\fP\&. +.IP +\fBDefault:\fP +\f(CW No files or directories are vetoed\&.\fP +.IP +\fBExamples:\fP +.IP +Example 1\&. +.IP + +.DS -Setting this parameter will affect the performance of Samba, as -it will be forced to check all files and directories for a match -as they are scanned. -See also "hide files" and "case sensitive" -.B Default - No files or directories are vetoed. - -.B Examples - Example 1. Veto any files containing the word Security, - any ending in .tmp, and any directory containing the - word root. + any ending in \&.tmp, and any directory containing the + word root\&. - veto files = /*Security*/*.tmp/*root*/ + veto files = /*Security*/*\&.tmp/*root*/ - Example 2. - Veto the Apple specific files that a NetAtalk server - creates. +.DE + - veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ +.IP +Example 2\&. +.IP -.SS veto oplock files (S) -This parameter is only valid when the 'oplocks' parameter is turned on -for a share. It allows the Samba administrator to selectively turn off -the granting of oplocks on selected files that match a wildcarded list, -similar to the wildcarded list used in the 'veto files' parameter. +.DS + -.B Default - No files are vetoed for oplock grants. + Veto the Apple specific files that a NetAtalk server + creates\&. -.B Examples -You might want to do this on files that you know will be heavily -contended for by clients. A good example of this is in the NetBench -SMB benchmark program, which causes heavy client contention for files -ending in .SEM. To cause Samba not to grant oplocks on these files -you would use the line (either in the [global] section or in the section -for the particular NetBench share : + veto files = /\&.AppleDouble/\&.bin/\&.AppleDesktop/Network Trash Folder/ - veto oplock files = /*.SEM/ +.DE + -.SS volume (S) +.IP +.IP "\fBveto oplock files (S)\fP" +.IP +This parameter is only valid when the \fB"oplocks"\fP +parameter is turned on for a share\&. It allows the Samba administrator +to selectively turn off the granting of oplocks on selected files that +match a wildcarded list, similar to the wildcarded list used in the +\fB"veto files"\fP parameter\&. +.IP +\fBDefault:\fP +\f(CW No files are vetoed for oplock grants\&.\fP +.IP +\fBExamples:\fP +.IP +You might want to do this on files that you know will be heavily +contended for by clients\&. A good example of this is in the NetBench +SMB benchmark program, which causes heavy client contention for files +ending in \f(CW"\&.SEM"\fP\&. To cause Samba not to grant oplocks on these +files you would use the line (either in the \fB[global]\fP +section or in the section for the particular NetBench share : +.IP +\f(CW veto oplock files = /*\&.SEM/\fP +.IP +.IP "\fBvolume (S)\fP" +.IP This allows you to override the volume label returned for a -share. Useful for CDROMs with installation programs that insist on a -particular volume label. - -The default is the name of the share - -.SS wide links (S) -This parameter controls whether or not links in the UNIX file system may be -followed by the server. Links that point to areas within the directory tree -exported by the server are always allowed; this parameter controls access -only to areas that are outside the directory tree being exported. - -.B Default: - wide links = yes - -.B Example: - wide links = no - -.SS wins proxy (G) - -This is a boolean that controls if nmbd will respond to broadcast name -queries on behalf of other hosts. You may need to set this to no for -some older clients. - -.B Default: - wins proxy = no -.SS wins server (G) - -This specifies the DNS name (or IP address) of the WINS server that Samba -should register with. If you have a WINS server on your network then you -should set this to the WINS servers name. - -You should point this at your WINS server if you have a multi-subnetted -network. -.B Default: - wins server = - -.SS wins support (G) - -This boolean controls if the nmbd process in Samba will act as a WINS server. -You should not set this to true unless you have a multi-subnetted network and -you wish a particular nmbd to be your WINS server. Note that you -should *NEVER* set this to true on more than one machine in your -network. - -.B Default: - wins support = no - -.SS workgroup (G) - +share\&. Useful for CDROMs with installation programs that insist on a +particular volume label\&. +.IP +The default is the name of the share\&. +.IP +.IP "\fBwide links (S)\fP" +.IP +This parameter controls whether or not links in the UNIX file system +may be followed by the server\&. Links that point to areas within the +directory tree exported by the server are always allowed; this +parameter controls access only to areas that are outside the directory +tree being exported\&. +.IP +\fBDefault:\fP +\f(CW wide links = yes\fP +.IP +\fBExample:\fP +\f(CW wide links = no\fP +.IP +.IP "\fBwins proxy (G)\fP" +.IP +This is a boolean that controls if \fBnmbd\fP will +respond to broadcast name queries on behalf of other hosts\&. You may +need to set this to \f(CW"yes"\fP for some older clients\&. +.IP +\fBDefault:\fP +\f(CW wins proxy = no\fP +.IP +.IP "\fBwins server (G)\fP" +.IP +This specifies the DNS name (or IP address) of the WINS server that +\fBnmbd\fP should register with\&. If you have a WINS +server on your network then you should set this to the WINS servers +name\&. +.IP +You should point this at your WINS server if you have a +multi-subnetted network\&. +.IP +\fINOTE\fP\&. You need to set up Samba to point to a WINS server if you +have multiple subnets and wish cross-subnet browsing to work correctly\&. +.IP +See the documentation file BROWSING\&.txt in the docs/ directory of your +Samba source distribution\&. +.IP +\fBDefault:\fP +\f(CW wins server = \fP +.IP +\fBExample:\fP +\f(CW wins server = 192\&.9\&.200\&.1\fP +.IP +.IP "\fBwins support (G)\fP" +.IP +This boolean controls if the \fBnmbd\fP process in +Samba will act as a WINS server\&. You should not set this to true +unless you have a multi-subnetted network and you wish a particular +\fBnmbd\fP to be your WINS server\&. Note that you +should \fI*NEVER*\fP set this to true on more than one machine in your +network\&. +.IP +\fBDefault:\fP +\f(CW wins support = no\fP +.IP +.IP "\fBworkgroup (G)\fP" +.IP This controls what workgroup your server will appear to be in when -queried by clients. - -.B Default: - set in the Makefile - -.B Example: - workgroup = MYGROUP - -.SS writable (S) -A synonym for this parameter is 'write ok'. An inverted synonym is 'read only'. - -If this parameter is 'no', then users of a service may not create or modify -files in the service's directory. - -Note that a printable service ('printable = yes') will ALWAYS allow -writing to the directory (user privileges permitting), but only via -spooling operations. - -.B Default: - writable = no +queried by clients\&. Note that this parameter also controlls the Domain +name used with the \fB"security=domain"\fP +setting\&. +.IP +\fBDefault:\fP +\f(CW set at compile time to WORKGROUP\fP +.IP +\&.B Example: +workgroup = MYGROUP +.IP +.IP "\fBwritable (S)\fP" +.IP +An inverted synonym is \fB"read only"\fP\&. +.IP +If this parameter is \f(CW"no"\fP, then users of a service may not create +or modify files in the service\'s directory\&. +.IP +Note that a printable service \fB("printable = yes")\fP +will \fI*ALWAYS*\fP allow writing to the directory (user privileges +permitting), but only via spooling operations\&. +.IP +\fBDefault:\fP +\f(CW writable = no\fP +.IP +\fBExamples:\fP + +.DS + -.B Examples: read only = no writable = yes write ok = yes -.SS write list (S) -This is a list of users that are given read-write access to a -service. If the connecting user is in this list then they will be -given write access, no matter what the "read only" option is set -to. The list can include group names using the @group syntax. - -Note that if a user is in both the read list and the write list then -they will be given write access. -See also the "read list" option - -.B Default: - write list = - -.B Example: - write list = admin, root, @staff - -.SS write ok (S) -See -.B writable -and -.B read only. -.SS write raw (G) -This parameter controls whether or not the server will support raw writes when -transferring data from clients. - -.B Default: - write raw = yes - -.B Example: - write raw = no - -.SH NOTE ABOUT USERNAME/PASSWORD VALIDATION -There are a number of ways in which a user can connect to a -service. The server follows the following steps in determining if it -will allow a connection to a specified service. If all the steps fail -then the connection request is rejected. If one of the steps pass then -the following steps are not checked. - -If the service is marked "guest only = yes" then steps 1 to 5 are skipped - -Step 1: If the client has passed a username/password pair and that -username/password pair is validated by the UNIX system's password -programs then the connection is made as that username. Note that this -includes the \e\eserver\eservice%username method of passing a username. - -Step 2: If the client has previously registered a username with the -system and now supplies a correct password for that username then the -connection is allowed. - -Step 3: The client's netbios name and any previously used user names -are checked against the supplied password, if they match then the -connection is allowed as the corresponding user. - -Step 4: If the client has previously validated a username/password -pair with the server and the client has passed the validation token -then that username is used. This step is skipped if "revalidate = yes" -for this service. - -Step 5: If a "user = " field is given in the smb.conf file for the -service and the client has supplied a password, and that password -matches (according to the UNIX system's password checking) with one of -the usernames from the user= field then the connection is made as the -username in the "user=" line. If one of the username in the user= list -begins with a @ then that name expands to a list of names in the group -of the same name. - -Step 6: If the service is a guest service then a connection is made as -the username given in the "guest account =" for the service, -irrespective of the supplied password. -.SH WARNINGS -Although the configuration file permits service names to contain spaces, -your client software may not. Spaces will be ignored in comparisons anyway, -so it shouldn't be a problem - but be aware of the possibility. - -On a similar note, many clients - especially DOS clients - limit service -names to eight characters. Smbd has no such limitation, but attempts -to connect from such clients will fail if they truncate the service names. -For this reason you should probably keep your service names down to eight -characters in length. - -Use of the [homes] and [printers] special sections make life for an -administrator easy, but the various combinations of default attributes can be -tricky. Take extreme care when designing these sections. In particular, -ensure that the permissions on spool directories are correct. -.SH VERSION -This man page is (mostly) correct for version 1.9.18 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the server has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. - -Prior to version 1.5.21 of the Samba suite, the configuration file was -radically different (more primitive). If you are using a version earlier than -1.8.05, it is STRONGLY recommended that you upgrade. -.SH OPTIONS -Not applicable. -.SH FILES -Not applicable. -.SH ENVIRONMENT VARIABLES -Not applicable. -.SH SEE ALSO -.BR smbd (8), -.BR smbclient (1), -.BR nmbd (8), -.BR testparm (1), -.BR testprns (1), -.BR lpq (1), -.BR hosts_access (5) -.SH DIAGNOSTICS -[This section under construction] - -Most diagnostics issued by the server are logged in a specified log file. The -log file name is specified at compile time, but may be overridden on the -smbd command line (see -.BR smbd (8)). - -The number and nature of diagnostics available depends on the debug level used -by the server. If you have problems, set the debug level to 3 and peruse the -log files. - -Most messages are reasonably self-explanatory. Unfortunately, at time of -creation of this man page the source code is still too fluid to warrant -describing each and every diagnostic. At this stage your best bet is still -to grep the source code and inspect the conditions that gave rise to the -diagnostics you are seeing. -.SH BUGS -None known. - -Please send bug reports, comments and so on to: - -.RS 3 -.B samba-bugs@samba.anu.edu.au (Andrew Tridgell) - -.RS 3 -or to the mailing list: -.RE - -.B samba@listproc.anu.edu.au - -.RE -You may also like to subscribe to the announcement channel: - -.RS 3 -.B samba-announce@listproc.anu.edu.au -.RE - -To subscribe to these lists send a message to -listproc@listproc.anu.edu.au with a body of "subscribe samba Your -Name" or "subscribe samba-announce Your Name". - -Errors or suggestions for improvements to the Samba man pages should be -mailed to: - -.RS 3 -.B samba-bugs@samba.anu.edu.au (Andrew Tridgell) -.RE +.DE + +.IP +.IP "\fBwrite list (S)\fP" +.IP +This is a list of users that are given read-write access to a +service\&. If the connecting user is in this list then they will be +given write access, no matter what the \fB"read only"\fP +option is set to\&. The list can include group names using the @group +syntax\&. +.IP +Note that if a user is in both the read list and the write list then +they will be given write access\&. +.IP +See also the \fB"read list"\fP option\&. +.IP +\fBDefault:\fP +\f(CW write list = \fP +.IP +\fBExample:\fP +\f(CW write list = admin, root, @staff\fP +.IP +.IP "\fBwrite ok (S)\fP" +.IP +Synonym for \fBwritable\fP\&. +.IP +.IP "\fBwrite raw (G)\fP" +.IP +This parameter controls whether or not the server will support raw +writes SMB\'s when transferring data from clients\&. You should never +need to change this parameter\&. +.IP +\fBDefault:\fP +\f(CW write raw = yes\fP +.IP +.IP "\fBwriteable\fP" +.IP +Synonym for \fB"writable"\fP for people who can\'t spell :-)\&. +.IP +.SH "WARNINGS" +.IP +Although the configuration file permits service names to contain +spaces, your client software may not\&. Spaces will be ignored in +comparisons anyway, so it shouldn\'t be a problem - but be aware of the +possibility\&. +.IP +On a similar note, many clients - especially DOS clients - limit +service names to eight characters\&. \fBSmbd\fP has no +such limitation, but attempts to connect from such clients will fail +if they truncate the service names\&. For this reason you should +probably keep your service names down to eight characters in length\&. +.IP +Use of the \fB[homes]\fP and \fB[printers]\fP +special sections make life for an administrator easy, but the various +combinations of default attributes can be tricky\&. Take extreme care +when designing these sections\&. In particular, ensure that the +permissions on spool directories are correct\&. +.IP +.SH "VERSION" +.IP +This man page is correct for version 2\&.0 of the Samba suite\&. +.IP +.SH "SEE ALSO" +.IP +\fBsmbd (8)\fP, \fBsmbclient (1)\fP, +\fBnmbd (8)\fP, \fBtestparm (1)\fP, +\fBtestprns (1)\fP, \fBSamba\fP, +\fBnmblookup (1)\fP, \fBsmbpasswd (5)\fP, +\fBsmbpasswd (8)\fP\&. +.IP +.SH "AUTHOR" +.IP +The original Samba software and related utilities were created by +Andrew Tridgell \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.IP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1 index f4f3bbb944..cccdd66e72 100644 --- a/docs/manpages/smbclient.1 +++ b/docs/manpages/smbclient.1 @@ -1,1255 +1,759 @@ -.TH SMBCLIENT 1 "09 Oct 1998" "smbclient 2.0.0-alpha11" -.SH NAME -smbclient \- ftp-like Lan Manager client program -.SH SYNOPSIS -.B smbclient -.B servicename -[ -.B password -] [ -.B \-A -] [ -.B \-E -] [ -.B \-L -.I host -] [ -.B \-M -.I host -] [ -.B \-I -.I IP number -] [ -.B \-R -.I name resolve order -] [ -.B \-N -] [ -.B \-P -] [ -.B \-U -.I username -] [ -.B \-d -.I debuglevel -] [ -.B \-l -.I log basename -] [ -.B \-n -.I netbios name -] [ -.B \-W -.I workgroup -] [ -.B \-O -.I socket options -] [ -.B \-p -.I port number -] [ -.B \-c -.I command string -] [ -.B \-T -.I tar options -] [ -.B \-D -.I initial directory -] -.SH DESCRIPTION -This program is part of the Samba suite. - -.B smbclient -is a client that can 'talk' to a Lan Manager server. It offers -an interface similar to that of the -.B ftp -program (see -.BR ftp (1)). -Operations include things like getting files from the -server to the local machine, putting files from the local machine to -the server, retrieving directory information from the server and so on. -.SH OPTIONS -.B servicename -.RS 3 -.B servicename -is the name of the service you want to use on the server. A service -name takes the form -.B "\e\eserver\eservice" -where -.B server -is the netbios name of the Lan Manager server offering the desired service and -.B service -is the name of the service offered. Thus to connect to the service "printer" -on the Lan Manager server "lanman", you would use the servicename - -.RS 10 -.B "\e\elanman\eprinter" -.RE - -Note that the server name required is NOT necessarily the host name of the -server! The name required is a Lan Manager server name, which may or may not -be the same as the hostname of the machine running the server. - -With Samba 1.9.18p4 the server name is looked up according to the -"name resolve order=" parameter in the smb.conf file, allowing an -administrator to change the order and methods by which server names -are looked up. -.RE - -.B password -.RS 3 -.B -password -is the password required to access the specified service on the -specified server. If supplied, the -.B \-N -option (suppress password prompt) is assumed. - -There is no default password. If no password is supplied on the command line -(either here or using the -.B \-U -option (see below)) and -.B \-N -is not specified, the client will prompt for a password, even if the desired -service does not require one. (If no password is -required, simply press ENTER to provide a null password.) - +.TH "smbclient" "1" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +smbclient \- ftp-like client to access SMB/CIFS resources on servers +.PP +.SH "SYNOPSIS" +.PP +\fBsmbclient\fP servicename [password] [-s smb\&.conf] [-B IP addr] [-O socket options][-R name resolve order] [-M NetBIOS name] [-i scope] [-N] [-n NetBIOS name] [-d debuglevel] [-P] [-p port] [-l log basename] [-h] [-I dest IP] [-E] [-U username] [-L NetBIOS name] [-t terminal code] [-m max protocol] [-W workgroup] [-TIXFqgbNan] [-D directory] [-c command string] +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite\&. +.PP +\fBsmbclient\fP is a client that can \'talk\' to an SMB/CIFS server\&. It +offers an interface similar to that of the ftp program (see \fBftp +(1)\fP)\&. Operations include things like getting files from the server +to the local machine, putting files from the local machine to the +server, retrieving directory information from the server and so on\&. +.PP +.SH "OPTIONS" +.PP +.IP +.IP "\fBservicename\fP" +servicename is the name of the service you want +to use on the server\&. A service name takes the form +\f(CW//server/service\fP where \fIserver\fP is the NetBIOS name of the SMB/CIFS +server offering the desired service and \fIservice\fP is the name +of the service offered\&. Thus to connect to the service \fIprinter\fP on +the SMB/CIFS server \fIsmbserver\fP, you would use the servicename +.IP +\f(CW//smbserver/printer\fP +.IP +Note that the server name required is NOT necessarily the IP (DNS) +host name of the server ! The name required is a NetBIOS server name, +which may or may not be the same as the IP hostname of the machine +running the server\&. +.IP +The server name is looked up according to either the +\fB-R\fP parameter to \fBsmbclient\fP or using the +\fBname resolve order\fP +parameter in the smb\&.conf file, allowing an administrator to change +the order and methods by which server names are looked up\&. +.IP +.IP "\fBpassword\fP" +password is the password required to access the +specified service on the specified server\&. If this parameter is +supplied, the \fB-N\fP option (suppress password prompt) is assumed\&. +.IP +There is no default password\&. If no password is supplied on the +command line (either by using this parameter or adding a password to +the \fB-U\fP option (see below)) and the \fB-N\fP option is not specified, +the client will prompt for a password, even if the desired service +does not require one\&. (If no password is required, simply press ENTER +to provide a null password\&.) +.IP Note: Some servers (including OS/2 and Windows for Workgroups) insist -on an uppercase password. Lowercase or mixed case passwords may be -rejected by these servers. - -Be cautious about including passwords in scripts. -.RE - -.B \-R name resolve order - -.RS 3 -This parameter will override the default name resolution order of the -server listed in the "name resolve order" parameter in smb.conf. This -is useful to force name resolution to take place by a particular method. -This command line parameter only exists in Samba 1.9.18p4 and above. -.RE - -.B \-A - -.RS 3 -This parameter, if specified, causes the maximum debug level to be selected. -Be warned that this generates prodigious amounts of debug data. There is also -a security issue involved, as at the maximum debug level cleartext passwords -may be written to some log files. -.RE - -.B \-L - -.RS 3 -This option allows you to look at what services are available on a -server. You use it as "smbclient -L host" and a list should appear. -The -.B \-I -option may be useful if your netbios names don't match your -tcp/ip host names or if you are trying to reach a host on another -network. For example: - -smbclient -L ftp -I ftp.microsoft.com - -will list the shares available on Microsoft's public server. -.RE - -.B \-M - -.RS 3 -This options allows you to send messages, using the "WinPopup" -protocol, to another computer. Once a connection is established you -then type your message, pressing ^D (control-D) to end. - +on an uppercase password\&. Lowercase or mixed case passwords may be +rejected by these servers\&. +.IP +Be cautious about including passwords in scripts\&. +.IP +.IP "\fB-s smb\&.conf\fP" +This parameter specifies the pathname to the +Samba configuration file, smb\&.conf\&. This file controls all aspects of +the Samba setup on the machine and smbclient also needs to read this +file\&. +.IP +.IP "\fB-B IP addr\fP" +The IP address to use when sending a broadcast packet\&. +.IP +.IP "\fB-O socket options\fP" +TCP socket options to set on the client +socket\&. See the socket options +parameter in the \fBsmb\&.conf (5)\fP manpage for +the list of valid options\&. +.IP +.IP "\fB-R name resolve order\fP" +This option allows the user of +smbclient to determine what name resolution services to use when +looking up the NetBIOS name of the host being connected to\&. +.IP +The options are :"lmhosts", "host", "wins" and "bcast"\&. They cause +names to be resolved as follows : +.IP +.IP +.IP o +\fBlmhosts\fP : Lookup an IP address in the Samba lmhosts file\&. +The lmhosts file is stored in the same directory as the +\fBsmb\&.conf\fP file\&. +.IP +.IP o +\fBhost\fP : Do a standard host name to IP address resolution, +using the system /etc/hosts, NIS, or DNS lookups\&. This method of name +resolution is operating system depended for instance on IRIX or +Solaris this may be controlled by the \fI/etc/nsswitch\&.conf\fP file)\&. +.IP +.IP o +\fBwins\fP : Query a name with the IP address listed in the \fBwins +server\fP parameter in the smb\&.conf file\&. If +no WINS server has been specified this method will be ignored\&. +.IP +.IP o +\fBbcast\fP : Do a broadcast on each of the known local interfaces +listed in the \fBinterfaces\fP parameter +in the smb\&.conf file\&. This is the least reliable of the name resolution +methods as it depends on the target host being on a locally connected +subnet\&. To specify a particular broadcast address the \fB-B\fP option +may be used\&. +.IP +.IP +If this parameter is not set then the name resolver order defined +in the \fBsmb\&.conf\fP file parameter +(\fBname resolve order\fP) +will be used\&. +.IP +The default order is lmhosts, host, wins, bcast and without this +parameter or any entry in the \fB"name resolve +order"\fP parameter of the +\fBsmb\&.conf\fP file the name resolution methods +will be attempted in this order\&. +.IP +.IP "\fB-M NetBIOS name\fP" +This options allows you to send messages, +using the "WinPopup" protocol, to another computer\&. Once a connection +is established you then type your message, pressing ^D (control-D) to +end\&. +.IP If the receiving computer is running WinPopup the user will receive -the message and probably a beep. If they are not running WinPopup the -message will be lost, and no error message will occur. - +the message and probably a beep\&. If they are not running WinPopup the +message will be lost, and no error message will occur\&. +.IP The message is also automatically truncated if the message is over -1600 bytes, as this is the limit of the protocol. - -One useful trick is to cat the message through -.BR smbclient . +1600 bytes, as this is the limit of the protocol\&. +.IP +One useful trick is to cat the message through \fBsmbclient\fP\&. For example: - -cat mymessage.txt | smbclient -M FRED - -will send the message in the file "mymessage.txt" to the machine FRED. - -You may also find the -.B \-U -and -.B \-I -options useful, as they allow you to -control the FROM and TO parts of the message. - -See the message command section of -.BR smb.conf (5) -for a description of how to handle incoming WinPopup messages in Samba. - +.IP +\f(CWcat mymessage\&.txt | smbclient -M FRED\fP +.IP +will send the message in the file \fImymessage\&.txt\fP to the machine FRED\&. +.IP +You may also find the \fB-U\fP and \fB-I\fP options useful, as they allow +you to control the FROM and TO parts of the message\&. +.IP +See the \fBmessage command\fP +parameter in the \fBsmb\&.conf (5)\fP for a description of how to handle +incoming WinPopup messages in Samba\&. +.IP Note: Copy WinPopup into the startup group on your WfWg PCs if you -want them to always be able to receive messages. -.RE - -.B \-E - -.RS 3 -This parameter, if specified, causes the client to write messages to the -standard error stream (stderr) rather than to the standard output stream. - -By default, the client writes messages to standard output - typically the -user's tty. -.RE - -.B \-I -.I IP number - -.RS 3 -.I IP number -represents the IP number of the server to connect to. It should -be specified in standard "a.b.c.d" notation. - -Normally the client will attempt to locate the specified Lan Manager server -by looking it up - that is, broadcasting a request for the given server to -identify itself. Using this parameter will force the client to assume that -the server is on the machine with the specified IP number. - -There is no default for this parameter. If not supplied, it will be determined -automatically by the client as described above. -.RE - -.B \-N - -.RS 3 -If specified, this parameter suppresses the normal password prompt from the -client to the user. This is useful when accessing a service that does not -require a password. - -Unless a password is specified on the command line or this parameter is -specified, the client will request a password. -.RE - -.B \-O -.I socket options - -.RS 3 -See the socket options section of -.BR smb.conf (5) -for details. -.RE - -.B \-P - -.RS 3 -If specified, the service requested will be connected to as a printer service -rather than as a normal filespace service. Operations such as put and get -will not be applicable for such a connection. - -By default, services will be connected to as NON-printer services. -.RE - -.B \-U -.I username - -.RS 3 -.I username -is the user name that will be used by the client to make a connection, -assuming your server is running a protocol that allows for usernames. - +want them to always be able to receive messages\&. +.IP +.IP "\fB-i scope\fP" +This specifies a NetBIOS scope that smbclient will use +to communicate with when generating NetBIOS names\&. For details on the +use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes +are \fIvery\fP rarely used, only set this parameter if you are the +system administrator in charge of all the NetBIOS systems you +communicate with\&. +.IP +.IP "\fB-N\fP" +If specified, this parameter suppresses the normal +password prompt from the client to the user\&. This is useful when +accessing a service that does not require a password\&. +.IP +Unless a password is specified on the command line or this parameter +is specified, the client will request a password\&. +.IP +.IP "\fB-n NetBIOS name\fP" +By default, the client will use the local +machine\'s hostname (in uppercase) as its NetBIOS name\&. This parameter +allows you to override the host name and use whatever NetBIOS name you +wish\&. +.IP +.IP "\fB-d debuglevel\fP" +debuglevel is an integer from 0 to 10, or the +letter \'A\'\&. +.IP +The default value if this parameter is not specified is zero\&. +.IP +The higher this value, the more detail will be logged to the log files +about the activities of the client\&. At level 0, only critical errors +and serious warnings will be logged\&. Level 1 is a reasonable level for +day to day running - it generates a small amount of information about +operations carried out\&. +.IP +Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem\&. Levels above 3 are +designed for use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic\&. If debuglevel is set to the +letter \'A\', then \fIall\fP debug messages will be printed\&. This setting +is for developers only (and people who \fIreally\fP want to know how the +code works internally)\&. +.IP +Note that specifying this parameter here will override the \fBlog +level\fP parameter in the \fBsmb\&.conf +(5)\fP file\&. +.IP +.IP "\fB-P\fP" +This option is no longer used\&. The code in Samba2\&.0 +now lets the server decide the device type, so no printer specific +flag is needed\&. +.IP +.IP "\fB-p port\fP" +This number is the TCP port number that will be used +when making connections to the server\&. The standard (well-known) TCP +port number for an SMB/CIFS server is 139, which is the default\&. +.IP +.IP "\fB-l logfilename\fP" +If specified, logfilename specifies a base +filename into which operational data from the running client will be +logged\&. +.IP +The default base name is specified at compile time\&. +.IP +The base name is used to generate actual log file names\&. For example, +if the name specified was "log", the debug file would be +\f(CWlog\&.client\fP\&. +.IP +The log file generated is never removed by the client\&. +.IP +.IP "\fB-h\fP" +Print the usage message for the client\&. +.IP +.IP "\fB-I IP address\fP" +IP address is the address of the server to +connect to\&. It should be specified in standard "a\&.b\&.c\&.d" notation\&. +.IP +Normally the client would attempt to locate a named SMB/CIFS server by +looking it up via the NetBIOS name resolution mechanism described +above in the \fBname resolve order\fP parameter +above\&. Using this parameter will force the client to assume that the +server is on the machine with the specified IP address and the NetBIOS +name component of the resource being connected to will be ignored\&. +.IP +There is no default for this parameter\&. If not supplied, it will be +determined automatically by the client as described above\&. +.IP +.IP "\fB-E\fP" +This parameter causes the client to write messages to the +standard error stream (stderr) rather than to the standard output +stream\&. +.IP +By default, the client writes messages to standard output - typically +the user\'s tty\&. +.IP +.IP "\fB-U username\fP" +This specifies the user name that will be used by +the client to make a connection, assuming your server is not a downlevel +server that is running a protocol level that uses passwords on shares, +not on usernames\&. +.IP Some servers are fussy about the case of this name, and some insist -that it must be a valid netbios name. - -If no -.I username -is supplied, it will default to an uppercase version of the -environment variable -.B USER -or -.B LOGNAME -in that order. -If no -.I username -is supplied and neither environment variable exists the user name will -be empty. - -If the USER environment variable containts a '%' character, everything -after that will be treated as a password. This allows you to set the -environment variable to be -.B USER=username%password -so that a password is not passed on the command line (where it may -be seen by the ps command). - -If the service you are connecting to requires a password, it can be supplied -using the -.B \-U -option, by appending a percent symbol ("%") then the password to -.I username. -For example, to attach to a service as user "fred" with password "secret", you -would specify -.B \-U -.I fred%secret -on the command line. Note that there are no spaces around the percent symbol. - -If you specify the password as part of -.I username -then the -.B \-N -option (suppress password prompt) is assumed. - -If you specify the password as a parameter AND as part of -.I username -then the password as part of -.I username -will take precedence. Putting nothing before or nothing after the percent -symbol will cause an empty username or an empty password to be used, -respectively. - +that it must be a valid NetBIOS name\&. +.IP +If no username is supplied, it will default to an uppercase version of +the environment variable \f(CWUSER\fP or \f(CWLOGNAME\fP in that order\&. If no +username is supplied and neither environment variable exists the +username "GUEST" will be used\&. +.IP +If the \f(CWUSER\fP environment variable containts a \'%\' character, +everything after that will be treated as a password\&. This allows you +to set the environment variable to be \f(CWUSER=username%password\fP so +that a password is not passed on the command line (where it may be +seen by the ps command)\&. +.IP +If the service you are connecting to requires a password, it can be +supplied using the \fB-U\fP option, by appending a percent symbol ("%") +then the password to username\&. For example, to attach to a service as +user \f(CW"fred"\fP with password \f(CW"secret"\fP, you would specify\&. +.br +.IP +\f(CW-U fred%secret\fP +.br +.IP +on the command line\&. Note that there are no spaces around the percent +symbol\&. +.IP +If you specify the password as part of username then the \fB-N\fP option +(suppress password prompt) is assumed\&. +.IP +If you specify the password as a parameter \fIAND\fP as part of username +then the password as part of username will take precedence\&. Putting +nothing before or nothing after the percent symbol will cause an empty +username or an empty password to be used, respectively\&. +.IP +The password may also be specified by setting up an environment +variable called \f(CWPASSWORD\fP that contains the users password\&. Note +that this may be very insecure on some systems but on others allows +users to script smbclient commands without having a password appear in +the command line of a process listing\&. +.IP Note: Some servers (including OS/2 and Windows for Workgroups) insist -on an uppercase password. Lowercase or mixed case passwords may be -rejected by these servers. - -Be cautious about including passwords in scripts. -.RE - -.B \-d -.I debuglevel - -.RS 3 -debuglevel is an integer from 0 to 5. - -The default value if this parameter is not specified is zero. - -The higher this value, the more detail will be logged to the log files about -the activities of the client. At level 0, only critical errors and serious -warnings will be logged. Level 1 is a reasonable level for day to day running -- it generates a small amount of information about operations carried out. - -Levels above 1 will generate considerable amounts of log data, and should -only be used when investigating a problem. Levels above 3 are designed for -use only by developers and generate HUGE amounts of log data, most of which -is extremely cryptic. -.RE - -.B \-l -.I log basename - -.RS 3 -If specified, -.I log basename -specifies a base filename into which operational data from the running client -will be logged. - -The default base name is specified at compile time. - -The base name is used to generate actual log file names. For example, if the -name specified was "log", the following files would be used for log data: - -.RS 3 -log.client.debug (containing debugging information) - -log.client.in (containing inbound transaction data) - -log.client.out (containing outbound transaction data) -.RE - -The log files generated are never removed by the client. -.RE - -.B \-n -.I netbios name - -.RS 3 -By default, the client will use the local machine's hostname (in -uppercase) as its netbios name. This parameter allows you to override -the host name and use whatever netbios name you wish. -.RE - -.B \-W -.I workgroup - -.RS 3 -Override what workgroup is used for the connection. This may be needed -to connect to some servers. -.RE - -.B \-p -.I port number - -.RS 3 -port number is a positive integer value. - -The default value if this parameter is not specified is 139. - -This number is the port number that will be used when making connections to -the server. The standard (well-known) port number for the server is 139, -hence the default. - -This parameter is not normally specified. -.RE - -.B \-T -.I tar options - -.RS 3 -where -.I tar options -consists of one or more of -.BR c , -.BR x , -.BR I , -.BR X , -.BR b , -.BR g , -.BR q , -.BR N -or -.BR a ; -used as: -.LP -smbclient -.B "\e\eserver\eshare" -\-TcxIXbgNa -[ -.IR blocksize -] -[ -.IR newer-file -] -.IR tarfile -[ -.IR filenames ... -] - -.RS 3 -.B c -Create a tar file on UNIX. Must be followed by the name of a tar file, -tape device or "\-" for standard output. (May be useful to set debugging -low -.RB ( -d0 )) -to avoid corrupting your tar file if using "\-"). Mutually -exclusive with the -.B x -flag. - -.B x -Extract (restore) a local tar file back to a share. Unless the -.B \-D -option is given, the tar files will be restored from the top level of -the share. Must be followed by the name of the tar file, device or "\-" -for standard input. Mutually exclusive with the -.B c -flag. Restored files have theuir creation times (mtime) set to the date saved in -the tar file. Directories currently do not get their creation dates restored -properly. - -.B I -Include files and directories. Is the default behaviour when -.IR filenames -are specified above. Causes tar files to be included in an extract or create -(and therefore everything else to be excluded). See example below. -Filename globbing does not work for included files for extractions (yet). - -.B X -Exclude files and directories. Causes tar files to be excluded from -an extract or create. See example below. -Filename globbing does not work for excluded files (yet). - -.B b -Blocksize. Must be followed by a valid (greater than zero) blocksize. -Causes tar file to be written out in blocksize*TBLOCK (usually 512 byte) -blocks. - -.B g -Incremental. Only back up files that have the archive bit set. Useful -only with the -.B c -flag. - -.B q -Quiet. Keeps tar from printing diagnostics as it works. This is the -same as tarmode quiet. - -.B N -Newer than. Must be followed by the name of a file whose date is -compared against files found on the share during a create. Only files -newer than the file specified are backed up to the tar file. Useful -only with the -.B c -flag. - -.B a -Set archive bit. Causes the archive bit to be reset when a file is backed -up. Useful with the -.B g -(and -.BR c ) -flags. -.LP - -.B Long File Names - -smbclient's tar option now supports long file names both on backup and -restore. However, the full path name of the file must be less than 1024 bytes. -Also, when a tar archive is created, smbclient's tar option places all files -in the archive with relative names, not absolute names. - -.B Filenames ... - -All file names can be given as DOS path names (with \e as the component -separator) or as UNIX path names (with / as the component separator). - -.B Examples - -smbclient \e\emypc\emyshare "" -N -Tx backup.tar - -Restore from tar file backup.tar into myshare on mypc (no password on share). - -smbclient \e\emypc\emyshare "" -N -TXx backup.tar users/docs - +on an uppercase password\&. Lowercase or mixed case passwords may be +rejected by these servers\&. +.IP +Be cautious about including passwords in scripts or in the +\f(CWPASSWORD\fP environment variable\&. Also, on many systems the command +line of a running process may be seen via the \f(CWps\fP command to be +safe always allow smbclient to prompt for a password and type it in +directly\&. +.IP +.IP "\fB-L\fP" +This option allows you to look at what services are +available on a server\&. You use it as \f(CW"smbclient -L host"\fP and a +list should appear\&. The \fB-I\fP option may be useful if your NetBIOS +names don\'t match your tcp/ip dns host names or if you are trying to +reach a host on another network\&. +.IP +.IP "\fB-t terminal code\fP" +This option tells smbclient how to interpret +filenames coming from the remote server\&. Usually Asian language +multibyte UNIX implementations use different character sets than +SMB/CIFS servers (\fIEUC\fP instead of \fISJIS\fP for example)\&. Setting +this parameter will let smbclient convert between the UNIX filenames +and the SMB filenames correctly\&. This option has not been seriously +tested and may have some problems\&. +.IP +The terminal codes include \f(CWsjis\fP, \f(CWeuc\fP, \f(CWjis7\fP, \f(CWjis8\fP, +\f(CWjunet\fP, \f(CWhex\fP, \f(CWcap\fP\&. This is not a complete list, check the +Samba source code for the complete list\&. +.IP +.IP "\fB-m max protocol level\fP" +With the new code in Samba2\&.0, +\fBsmbclient\fP allways attempts to connect at the maximum +protocols level the server supports\&. This parameter is +preserved for backwards compatibility, but any string +following the \fB-m\fP will be ignored\&. +.IP +.IP "\fB-W WORKGROUP\fP" +Override the default workgroup specified in the +\fBworkgroup\fP parameter of the +\fBsmb\&.conf\fP file for this connection\&. This may +be needed to connect to some servers\&. +.IP +.IP "\fB-T tar options\fP" +smbclient may be used to create +\fBtar (1)\fP compatible backups of all the files on an SMB/CIFS +share\&. The secondary tar flags that can be given to this option are : +.IP +.IP +.IP "\fBc\fP" +Create a tar file on UNIX\&. Must be followed by the +name of a tar file, tape device or \f(CW"-"\fP for standard output\&. If +using standard output you must turn the log level to its lowest value +\f(CW-d0\fP to avoid corrupting your tar file\&. This flag is +mutually exclusive with the \fBx\fP flag\&. +.IP +.IP "\fBx\fP" +Extract (restore) a local tar file back to a +share\&. Unless the \fB-D\fP option is given, the tar files will be +restored from the top level of the share\&. Must be followed by the name +of the tar file, device or \f(CW"-"\fP for standard input\&. Mutually exclusive +with the \fBc\fP flag\&. Restored files have theuir creation times (mtime) +set to the date saved in the tar file\&. Directories currently do not +get their creation dates restored properly\&. +.IP +.IP "\fBI\fP" +Include files and directories\&. Is the default +behaviour when filenames are specified above\&. Causes tar files to +be included in an extract or create (and therefore everything else to +be excluded)\&. See example below\&. Filename globbing does not work for +included files for extractions (yet)\&. +.IP +.IP "\fBX\fP" +Exclude files and directories\&. Causes tar files to +be excluded from an extract or create\&. See example below\&. Filename +globbing does not work for excluded files (yet)\&. +.IP +.IP "\fBb\fP" +Blocksize\&. Must be followed by a valid (greater than +zero) blocksize\&. Causes tar file to be written out in +blocksize*TBLOCK (usually 512 byte) blocks\&. +.IP +.IP "\fBg\fP" +Incremental\&. Only back up files that have the +archive bit set\&. Useful only with the \fBc\fP flag\&. +.IP +.IP "\fBq\fP" +Quiet\&. Keeps tar from printing diagnostics as it +works\&. This is the same as tarmode quiet\&. +.IP +.IP "\fBN\fP" +Newer than\&. Must be followed by the name of a file +whose date is compared against files found on the share during a +create\&. Only files newer than the file specified are backed up to the +tar file\&. Useful only with the \fBc\fP flag\&. +.IP +.IP "\fBa\fP" +Set archive bit\&. Causes the archive bit to be reset +when a file is backed up\&. Useful with the \fBg\fP and \fBc\fP flags\&. +.IP +.IP +\fITar Long File Names\fP +.IP +smbclient\'s tar option now supports long file names both on backup and +restore\&. However, the full path name of the file must be less than +1024 bytes\&. Also, when a tar archive is created, smbclient\'s tar +option places all files in the archive with relative names, not +absolute names\&. +.IP +\fITar Filenames\fP +.IP +All file names can be given as DOS path names (with \f(CW\e\fP as the +component separator) or as UNIX path names (with \f(CW/\fP as the +component separator)\&. +.IP +\fIExamples\fP +.IP +.IP +.IP o +Restore from tar file backup\&.tar into myshare on mypc (no password on share)\&. +.IP +\f(CWsmbclient //mypc/myshare "" -N -Tx backup\&.tar\fP +.IP +.IP o Restore everything except users/docs - -smbclient \e\emypc\emyshare "" -N -Tc backup.tar users/docs - -Create a tar file of the files beneath users/docs. - -smbclient \e\emypc\emyshare "" -N -tc backup.tar users\edocs - -Create the same tar file as above, but now use a DOS path name. - -smbclient \e\emypc\emyshare "" -N -Tc backup.tar \e* - -Create a tar file of all the files and directories in the share. -.RE -.RE - -.B \-D -.I initial directory - -.RS 3 -Change to initial directory before starting. Probably only of any use -with the tar -.RB ( \-T ) -option. -.RE - -.B \-c -.I command string - -.RS 3 -command string is a semicolon separated list of commands to be -executed instead of prompting from stdin. -.B \-N -is implied by -.BR \-c . - -This is particularly useful in scripts and for printing stdin to -the server, e.g. \-c 'print \-'. -.RE -.SH OPERATIONS -Once the client is running, the user is presented with a prompt, "smb: \e>". -The backslash ("\e") indicates the current working directory on the server, -and will change if the current working directory is changed. - -The prompt indicates that the client is ready and waiting to carry out a user -command. Each command is a single word, optionally followed by parameters -specific to that command. Command and parameters are space-delimited unless -these notes specifically state otherwise. All commands are case-insensitive. -Parameters to commands may or may not be case sensitive, depending on the -command. - +.IP +\f(CWsmbclient //mypc/myshare "" -N -TXx backup\&.tar users/docs\fP +.IP +.IP o +Create a tar file of the files beneath users/docs\&. +.IP +\f(CWsmbclient //mypc/myshare "" -N -Tc backup\&.tar users/docs\fP +.IP +.IP o +Create the same tar file as above, but now use a DOS path name\&. +.IP +\f(CWsmbclient //mypc/myshare "" -N -tc backup\&.tar users\eedocs\fP +.IP +.IP o +Create a tar file of all the files and directories in the share\&. +.IP +\f(CWsmbclient //mypc/myshare "" -N -Tc backup\&.tar *\fP +.IP +.IP +.IP "\fB-D initial directory\fP" +Change to initial directory before +starting\&. Probably only of any use with the tar \fB-T\fP option\&. +.IP +.IP "\fB-c command string\fP" +command string is a semicolon separated +list of commands to be executed instead of prompting from stdin\&. +\fB-N\fP is implied by \fB-c\fP\&. +.IP +This is particularly useful in scripts and for printing stdin to the +server, e\&.g\&. \f(CW-c \'print -\'\fP\&. +.IP +.PP +.SH "OPERATIONS" +.PP +Once the client is running, the user is presented with a prompt : +.PP +\f(CWsmb:\e>\fP +.PP +The backslash ("\e") indicates the current working directory on the +server, and will change if the current working directory is changed\&. +.PP +The prompt indicates that the client is ready and waiting to carry out +a user command\&. Each command is a single word, optionally followed by +parameters specific to that command\&. Command and parameters are +space-delimited unless these notes specifically state otherwise\&. All +commands are case-insensitive\&. Parameters to commands may or may not +be case sensitive, depending on the command\&. +.PP You can specify file names which have spaces in them by quoting the -name with double quotes, for example "a long file name". - -Parameters shown in square brackets (eg., "[parameter]") are optional. If not -given, the command will use suitable defaults. Parameters shown in angle -brackets (eg., "") are required. - -Note that all commands operating on the server are actually performed by -issuing a request to the server. Thus the behaviour may vary from server to -server, depending on how the server was implemented. - -The commands available are given here in alphabetical order. - -.B ? -.RS 3 -.B Parameters: -.RS 3 -.I [command] - -.RE -.B Description: -.RS 3 -If -.I command -is specified, the -.B ? -command will display a brief informative message about the specified command. - -If no command is specified, a list of available commands will be displayed. -.RE -.RE - -.B ! -.RS 3 -.B Parameters: -.RS 3 -.I [shell command] - -.RE -.B Description: -.RS 3 -If -.I shell command -is specified, the -.B ! -command will execute a shell locally and run the specified shell command. If -no command is specified, a shell will be run. -.RE -.RE - -.B cd -.RS 3 -.B Parameters: -.RS 3 -.I [directory name] - -.RE -.B Description: -.RS 3 -If -.I directory name -is specified, the current working directory -.B on the server -will be changed to the directory specified. This operation will fail if for -any reason the specified directory is inaccessible. - -If no directory name is specified, the current working directory -.B on the server -will be reported. -.RE -.RE - -.B del -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -The client will request that the server attempt to delete all files matching -.I mask -from the current working directory -.B on the server. -.RE -.RE - -.B dir -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -A list of the files matching -.I mask -in the current working directory -.B on the server -will be retrieved from the server and displayed. -.RE -.RE - -.B exit -.RS 3 -.B Parameters: -.RS 3 -None. - -.RE -.B Description: -.RS 3 -Terminate the connection with the server and exit from the program. -.RE -.RE - -.B get -.RS 3 -.B Parameters: -.RS 3 -.I [local file name] - -.RE -.B Description: -.RS 3 -Copy the file called -.I remote file name -from the server to the machine running the client. If specified, name the -local copy -.I local file name. -Note that all transfers in -.B smbclient -are binary. See also the -.B lowercase -command. -.RE -.RE - -.B help -.RS 3 -.B Parameters: -.RS 3 -.I [command] - -.RE -.B Description: -.RS 3 -See the -.B ? -command above. -.RE -.RE - -.B lcd -.RS 3 -.B Parameters: -.RS 3 -.I [directory name] - -.RE -.B Description: -.RS 3 -If -.I directory name -is specified, the current working directory -.B on the local machine -will be changed to the directory specified. This operation will fail if for -any reason the specified directory is inaccessible. - -If no directory name is specified, the name of the current working directory -.B on the local machine -will be reported. -.RE -.RE - -.B lowercase -.RS 3 -.B Parameters: -.RS 3 -None. - -.RE -.B Description: -.RS 3 -Toggle lowercasing of filenames for the -.B get -and -.B mget -commands. - -When lowercasing is toggled ON, local filenames are converted to lowercase -when using the -.B get -and -.B mget -commands. This is often useful when copying (say) MSDOS files from a server, -because lowercase filenames are the norm on UNIX systems. -.RE -.RE - -.B ls -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -See the -.B dir -command above. -.RE -.RE - -.B mask -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -This command allows the user to set up a mask which will be used during -recursive operation of the -.B mget -and -.B mput -commands. - -The masks specified to the -.B mget -and -.B mput -commands act as filters for directories -rather than files when recursion is toggled ON. - -The mask specified with the -.B mask -command is necessary to filter files within those directories. For example, -if the mask specified in an -.B mget -command is "source*" -.I and -the mask specified with the -.B mask -command is "*.c" -.I and -recursion is toggled ON, the -.B mget -command will retrieve all files matching "*.c" in all directories below -and including all directories matching "source*" in the current working -directory. - -Note that the value for -.I mask -defaults to blank (equivalent to "*") and remains so until the -.B mask -command is used to change it. It retains the most recently specified value -indefinitely. To avoid unexpected results it would be wise to change the -value of -.I mask -back to "*" after using the -.B mget -or -.B mput -commands. -.RE -.RE - -.B md -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -See the -.B mkdir -command. -.RE -.RE - -.B mget -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Copy all files matching -.I mask -from the server to the machine running the client. - -Note that -.I mask -is interpreted differently during recursive operation and non-recursive -operation - refer to the -.B recurse -and -.B mask -commands for more information. Note that all transfers in -.B smbclient -are binary. See also the -.B lowercase -command. -.RE -.RE - -.B mkdir -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Create a new directory -.B on the server -(user access privileges permitting) with the specified name. -.RE -.RE - -.B mput -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Copy all files matching -.I mask -in the current working directory -.B on the local machine -to the current working directory on the server. - -Note that -.I mask -is interpreted differently during recursive operation and non-recursive -operation - refer to the -.B recurse -and -.B mask -commands for more information. Note that all transfers in -.B smbclient -are binary. -.RE -.RE - -.B print -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 +name with double quotes, for example "a long file name"\&. +.PP +Parameters shown in square brackets (eg\&., "[parameter]") are +optional\&. If not given, the command will use suitable +defaults\&. Parameters shown in angle brackets (eg\&., "") are +required\&. +.PP +Note that all commands operating on the server are actually performed +by issuing a request to the server\&. Thus the behaviour may vary from +server to server, depending on how the server was implemented\&. +.PP +The commands available are given here in alphabetical order\&. +.PP +.IP +.IP "\fB? [command]\fP" +If "command" is specified, +the \fB?\fP command will display a brief informative message about the +specified command\&. If no command is specified, a list of available +commands will be displayed\&. +.IP +.IP "\fB! [shell command]\fP" +If "shell command" +is specified, the \fB!\fP command will execute a shell locally and run +the specified shell command\&. If no command is specified, a local shell +will be run\&. +.IP +.IP "\fBcd [directory name]\fP" +If "directory name" is +specified, the current working directory on the server will be changed +to the directory specified\&. This operation will fail if for any reason +the specified directory is inaccessible\&. +.IP +If no directory name is specified, the current working directory on +the server will be reported\&. +.IP +.IP "\fBdel \fP" +The client will request that the server +attempt to delete all files matching "mask" from the current working +directory on the server\&. +.IP +.IP "\fBdir \fP" +A list of the files matching "mask" in +the current working directory on the server will be retrieved from the +server and displayed\&. +.IP +.IP "\fBexit\fP" +Terminate the connection with the server and +exit from the program\&. +.IP +.IP "\fBget [local file name]\fP" +Copy the +file called "remote file name" from the server to the machine running +the client\&. If specified, name the local copy "local file name"\&. Note +that all transfers in smbclient are binary\&. See also the +\fBlowercase\fP command\&. +.IP +.IP "\fBhelp [command]\fP" +See the \fB?\fP +command above\&. +.IP +.IP "\fBlcd [directory name]\fP" +If "directory name" is +specified, the current working directory on the local machine will +be changed to the directory specified\&. This operation will fail if for +any reason the specified directory is inaccessible\&. +.IP +If no directory name is specified, the name of the current working +directory on the local machine will be reported\&. +.IP +.IP "\fBlowercase\fP" +Toggle lowercasing of filenames +for the \fBget\fP and \fBmget\fP commands\&. +.IP +When lowercasing is toggled ON, local filenames are converted to +lowercase when using the \fBget\fP and \fBmget\fP +commands\&. This is often useful when copying (say) MSDOS files from a +server, because lowercase filenames are the norm on UNIX systems\&. +.IP +.IP "\fBls \fP" +See the \fBdir\fP command above\&. +.IP +.IP "\fBmask \fP" +This command allows the user to set +up a mask which will be used during recursive operation of the +\fBmget\fP and \fBmput\fP commands\&. +.IP +The masks specified to the \fBmget\fP and +\fBmput\fP commands act as filters for directories rather +than files when recursion is toggled ON\&. +.IP +The mask specified with the \&.B mask command is necessary to filter +files within those directories\&. For example, if the mask specified in +an \fBmget\fP command is "source*" and the mask specified +with the mask command is "*\&.c" and recursion is toggled ON, the +\fBmget\fP command will retrieve all files matching "*\&.c" in +all directories below and including all directories matching "source*" +in the current working directory\&. +.IP +Note that the value for mask defaults to blank (equivalent to "*") and +remains so until the mask command is used to change it\&. It retains the +most recently specified value indefinitely\&. To avoid unexpected +results it would be wise to change the value of \&.I mask back to "*" +after using the \fBmget\fP or \fBmput\fP commands\&. +.IP +.IP "\fBmd \fP" +See the \fBmkdir\fP +command\&. +.IP +.IP "\fBmget \fP" +Copy all files matching mask from the +server to the machine running the client\&. +.IP +Note that mask is interpreted differently during recursive operation +and non-recursive operation - refer to the \fBrecurse\fP +and \fBmask\fP commands for more information\&. Note that all +transfers in \&.B smbclient are binary\&. See also the +\fBlowercase\fP command\&. +.IP +.IP "\fBmkdir \fP" +Create a new directory on +the server (user access privileges permitting) with the specified +name\&. +.IP +.IP "\fBmput \fP" +Copy all files matching mask in +the current working directory on the local machine to the current +working directory on the server\&. +.IP +Note that mask is interpreted differently during recursive operation +and non-recursive operation - refer to the \fBrecurse\fP +and \fBmask\fP commands for more information\&. Note that all +transfers in \&.B smbclient are binary\&. +.IP +.IP "\fBprint \fP" Print the specified file -.B from the local machine -through a printable service on the server. - -See also the -.B printmode -command. -.RE -.RE - -.B printmode -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Set the print mode to suit either binary data (such as graphical information) -or text. Subsequent -.B print -commands will use the currently set print mode. -.RE -.RE - -.B prompt -.RS 3 -.B Parameters: -.RS 3 -None. - -.RE -.B Description: -.RS 3 -Toggle prompting for filenames during operation of the -.B mget -and -.B mput -commands. - -When toggled ON, the user will be prompted to confirm the transfer of each -file during these commands. When toggled OFF, all specified files will be -transferred without prompting. -.RE -.RE - -.B put -.RS 3 -.B Parameters: -.RS 3 -.I [remote file name] - -.RE -.B Description: -.RS 3 -Copy the file called -.I local file name -from the machine running the client to the server. If specified, name the -remote copy -.I remote file name. -Note that all transfers in -.B smbclient -are binary. See also the -.B lowercase -command. -.RE -.RE - -.B queue -.RS 3 -.B Parameters: -.RS 3 -None. - -.RE -.B Description: -.RS 3 -Displays the print queue, showing the job id, name, size and current status. -.RE -.RE - -.B quit -.RS 3 -.B Parameters: -.RS 3 -None. - -.RE -.B Description: -.RS 3 -See the -.B exit -command. -.RE -.RE - -.B rd -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -See the -.B rmdir -command. -.RE -.RE - -.B recurse -.RS 3 -.B Parameters: -.RS 3 -None. - -.RE -.B Description: -.RS 3 -Toggle directory recursion for the commands -.B mget -and -.BR mput . - -When toggled ON, these commands will process all directories in the source -directory (i.e., the directory they are copying -.IR from ) -and will recurse into any that match the mask specified to the command. Only -files that match the mask specified using the -.B mask -command will be retrieved. See also the -.B mask -command. - +from the local machine through a printable service on the server\&. +.IP +See also the \fBprintmode\fP command\&. +.IP +.IP "\fBprintmode \fP" +Set the print +mode to suit either binary data (such as graphical information) or +text\&. Subsequent print commands will use the currently set print +mode\&. +.IP +dir(\fBprompt\fP) Toggle prompting for filenames during +operation of the \fBmget\fP and \fBmput\fP +commands\&. +.IP +When toggled ON, the user will be prompted to confirm the transfer of +each file during these commands\&. When toggled OFF, all specified files +will be transferred without prompting\&. +.IP +.IP "\fBput [remote file name]\fP" +Copy the +file called "local file name" from the machine running the client to +the server\&. If specified, name the remote copy "remote file name"\&. +Note that all transfers in smbclient are binary\&. See also the +\fBlowercase\fP command\&. +.IP +dir(\fBqueue\fP) Displays the print queue, showing the job +id, name, size and current status\&. +.IP +.IP "\fBquit\fP" +See the \fBexit\fP command\&. +.IP +dir(\fBrd \fP) See the \fBrmdir\fP +command\&. +.IP +dir(\fBrecurse\fP) Toggle directory recursion for the +commands \fBmget\fP and \fBmput\fP\&. +.IP +When toggled ON, these commands will process all directories in the +source directory (i\&.e\&., the directory they are copying \&.IR from ) and +will recurse into any that match the mask specified to the +command\&. Only files that match the mask specified using the +\fBmask\fP command will be retrieved\&. See also the +\fBmask\fP command\&. +.IP When recursion is toggled OFF, only files from the current working directory on the source machine that match the mask specified to the -.B mget -or -.B mput -commands will be copied, and any mask specified using the -.B mask -command will be ignored. -.RE -.RE - -.B rm -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Remove all files matching -.I mask -from the current working directory -.B on the server. -.RE -.RE - -.B rmdir -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Remove the specified directory (user access privileges permitting) -.B from the server. -.RE -.RE - -.B tar -.RS 3 -.B Parameters: -.RS 3 -.I [IXbgNa] - -.RE -.B Description: -.RS 3 -Performs a tar operation - see the -.B \-T -command line option above. Behaviour -may be affected by the -.B tarmode -command (see below). Using g (incremental) and N (newer) will affect -tarmode settings. Note that using the "\-" option with tar x may not -work - use the command line option instead. -.RE -.RE - -.B blocksize -.RS 3 -.B Parameters -.RS 3 -.I - -.RE -.B Description -.RS 3 -Blocksize. Must be followed by a valid (greater than zero) blocksize. -Causes tar file to be written out in blocksize*TBLOCK (usually 512 byte) -blocks. -.RE -.RE - -.B tarmode -.RS 3 -.B Parameters -.RS 3 -.I - -.RE -.B Description -.RS 3 -Changes tar's behaviour with regard to archive bits. In full mode, -tar will back up everything regardless of the archive bit setting (this -is the default mode). In incremental mode, tar will only back up files -with the archive bit set. In reset mode, tar will reset the archive bit -on all files it backs up (implies read/write share). -.RE -.RE - -.B setmode -.RS 3 -.B Parameters -.RS 3 -.I - -.RE -.B Description -.RS 3 -A version of the DOS attrib command to set file permissions. For example, - -setmode myfile +r - -would make myfile read only. -.RE -.RE -.SH NOTES -Some servers are fussy about the case of supplied usernames, passwords, share -names (aka service names) and machine names. If you fail to connect try -giving all parameters in uppercase. - -It is often necessary to use the -.B \-n -option when connecting to some types -of servers. For example OS/2 LanManager insists on a valid netbios name -being used, so you need to supply a valid name that would be known to -the server. - -.B smbclient -supports long file names where the server supports the LANMAN2 -protocol. -.SH FILES -Not applicable. -.SH ENVIRONMENT VARIABLES -.B USER -.RS 3 -The variable USER may contain the username of the person using the client. -This information is used only if the protocol level is high enough to support -session-level passwords. -.RE -.SH INSTALLATION -The location of the client program is a matter for individual system -administrators. The following are thus suggestions only. - -It is recommended that the client software be installed under the -/usr/local/samba -hierarchy, in a directory readable by all, writeable only by root. The client -program itself should be executable by all. The client should NOT be setuid -or setgid! - -The client log files should be put in a directory readable and writable only -by the user. - -To test the client, you will need to know the name of a running Lan manager -server. It is possible to run -.B smbd -(see -.BR smbd (8)) -as an ordinary user - running that server as a daemon on a +\fBmget\fP or \fBmput\fP commands will be copied, +and any mask specified using the \fBmask\fP command will be +ignored\&. +.IP +dir(\fBrm \fP) Remove all files matching mask from +the current working directory on the server\&. +.IP +.IP "\fBrmdir \fP" +Remove the specified +directory (user access privileges permitting) from the server\&. +.IP +.IP "\fBtar [IXbgNa]\fP" +Performs a tar operation - see +the \fB-T\fP command line option above\&. Behaviour may be +affected by the \fBtarmode\fP command (see below)\&. Using +g (incremental) and N (newer) will affect tarmode settings\&. Note that +using the "-" option with tar x may not work - use the command line +option instead\&. +.IP +.IP "\fBblocksize \fP" +Blocksize\&. Must be +followed by a valid (greater than zero) blocksize\&. Causes tar file to +be written out in blocksize*TBLOCK (usually 512 byte) blocks\&. +.IP +dir(\fBtarmode \fP) Changes tar\'s +behaviour with regard to archive bits\&. In full mode, tar will back up +everything regardless of the archive bit setting (this is the default +mode)\&. In incremental mode, tar will only back up files with the +archive bit set\&. In reset mode, tar will reset the archive bit on all +files it backs up (implies read/write share)\&. +.IP +.IP "\fBsetmode \fP" +A version +of the DOS attrib command to set file permissions\&. For example: +.IP +\f(CWsetmode myfile +r\fP +.IP +would make myfile read only\&. +.IP +.PP +.SH "NOTES" +.PP +Some servers are fussy about the case of supplied usernames, +passwords, share names (aka service names) and machine names\&. If you +fail to connect try giving all parameters in uppercase\&. +.PP +It is often necessary to use the \fB-n\fP option when connecting to some +types of servers\&. For example OS/2 LanManager insists on a valid +NetBIOS name being used, so you need to supply a valid name that would +be known to the server\&. +.PP +smbclient supports long file names where the server supports the +LANMAN2 protocol or above\&. +.PP +.SH "ENVIRONMENT VARIABLES" +.PP +The variable \fBUSER\fP may contain the username of the person using the +client\&. This information is used only if the protocol level is high +enough to support session-level passwords\&. +.PP +The variable \fBPASSWORD\fP may contain the password of the person using +the client\&. This information is used only if the protocol level is +high enough to support session-level passwords\&. +.PP +.SH "INSTALLATION" +.PP +The location of the client program is a matter for individual system +administrators\&. The following are thus suggestions only\&. +.PP +It is recommended that the smbclient software be installed in the +/usr/local/samba/bin or /usr/samba/bin directory, this directory +readable by all, writeable only by root\&. The client program itself +should be executable by all\&. The client should \fINOT\fP be setuid or +setgid! +.PP +The client log files should be put in a directory readable and +writable only by the user\&. +.PP +To test the client, you will need to know the name of a running +SMB/CIFS server\&. It is possible to run \fBsmbd (8)\fP +an ordinary user - running that server as a daemon on a user-accessible port (typically any port number over 1024) would -provide a suitable test server. -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the client software, so it is possible that your version of -the client has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.BR smbd (8) -.SH DIAGNOSTICS -[This section under construction] - -Most diagnostics issued by the client are logged in a specified log file. The -log file name is specified at compile time, but may be overridden on the -command line. - -The number and nature of diagnostics available depends on the debug level used -by the client. If you have problems, set the debug level to 3 and peruse the -log files. - -Most messages are reasonably self-explanatory. Unfortunately, at time of -creation of this man page the source code is still too fluid to warrant -describing each and every diagnostic. At this stage your best bet is still -to grep the source code and inspect the conditions that gave rise to the -diagnostics you are seeing. -.SH BUGS -None known. -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@samba.anu.edu.au). Andrew is also the Keeper -of the Source for this project. - -See -.BR smb.conf (5) -for a full list of contributors and details on how to -submit bug reports, comments etc. +provide a suitable test server\&. +.PP +.SH "DIAGNOSTICS" +.PP +Most diagnostics issued by the client are logged in a specified log +file\&. The log file name is specified at compile time, but may be +overridden on the command line\&. +.PP +The number and nature of diagnostics available depends on the debug +level used by the client\&. If you have problems, set the debug level to +3 and peruse the log files\&. +.PP +.SH "VERSION" +.PP +This man page is correct for version 2\&.0 of the Samba suite\&. +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +See \fBsamba (7)\fP to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc\&. diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8 index fbc4b6e8c1..e8c8e4564d 100644 --- a/docs/manpages/smbd.8 +++ b/docs/manpages/smbd.8 @@ -1,452 +1,430 @@ -.TH SMBD 8 "09 Oct 1998" "smbd 2.0.0-alpha11" -.SH NAME -smbd \- provide SMB (aka LanManager) services to clients -.SH SYNOPSIS -.B smbd -[ -.B \-D -] [ -.B \-a -] [ -.B \-o -] [ -.B \-d -.I debuglevel -] [ -.B \-l -.I log file -] [ -.B \-p -.I port number -] [ -.B \-O -.I socket options -] [ -.B \-s -.I configuration file -] -.SH DESCRIPTION -This program is part of the Samba suite. - -.B smbd -is a server that can provide most SMB services. The server provides -filespace and printer services to clients using the SMB protocol. This -is compatible with the LanManager protocol, and can service LanManager -clients. These include MSCLIENT 3.0 for DOS, Windows for Workgroups, -Windows 95, Windows NT, OS/2, DAVE for Macintosh, and smbfs for Linux. - -An extensive description of the services that the server can provide is given -in the man page for the configuration file controlling the attributes of those -services (see -.BR smb.conf (5)). -This man page will not describe the services, but -will concentrate on the administrative aspects of running the server. - -Please note that there are significant security implications to running this -server, and -.BR smb.conf (5) -should be regarded as mandatory reading before proceeding with -installation. - -A session is created whenever a client requests one. Each client gets a copy -of the server for each session. This copy then services all connections made -by the client during that session. When all connections from its client are -are closed, the copy of the server for that client terminates. - -The configuration file, and any files that it includes, are automatically -reloaded every minute, if they change. You can force a reload by sending a -SIGHUP to the server. Reloading the configuration file will not affect -connections to any service that is already established. Either the user -will have to disconnect from the service, or smbd killed and restarted. -.SH OPTIONS -.B \-D - -.RS 3 -If specified, this parameter causes the server to operate as a daemon. That is, -it detaches itself and runs in the background, fielding requests on the -appropriate port. - -By default, the server will NOT operate as a daemon. -.RE - -.B \-a - -.RS 3 -If this parameter is specified, each new connection will append log messages -to the log file. This is the default. -.RE - -.B \-o - -.RS 3 -If this parameter is specified, the log files will be overwritten when opened. -By default, the log files will be appended to. -.RE - -.B \-d -.I debuglevel -.RS 3 - -debuglevel is an integer from 0 to 10. - -The default value if this parameter is not specified is zero. - -The higher this value, the more detail will be logged to the log files about -the activities of the server. At level 0, only critical errors and serious -warnings will be logged. Level 1 is a reasonable level for day to day running -- it generates a small amount of information about operations carried out. - -Levels above 1 will generate considerable amounts of log data, and should -only be used when investigating a problem. Levels above 3 are designed for -use only by developers and generate HUGE amounts of log data, most of which -is extremely cryptic. -.RE - -.B \-l -.I log file - -.RS 3 -If specified, -.I logfile -specifies a base filename into which operational data from the running server -will be logged. - -The default base name is specified at compile time. - -The base name is used to generate actual log file names. For example, if the -name specified was "log", the following files would be used for log data: - -.RS 3 -log.debug (containing debugging information) - -log.in (containing inbound transaction data) - -log.out (containing outbound transaction data) -.RE - -The log files generated are never removed by the server. -.RE - -.B \-O -.I socket options -.RS 3 - -See the socket options section of -.BR smb.conf (5) -for details - -.RE -.B \-p -.I port number -.RS 3 - -port number is a positive integer value. - -The default value if this parameter is not specified is 139. - -This number is the port number that will be used when making connections to -the server from client software. The standard (well-known) port number for the -server is 139, hence the default. If you wish to run the server as an ordinary -user rather than as root, most systems will require you to use a port number -greater than 1024 - ask your system administrator for help if you are in this -situation. - -In order for the server to be useful by most clients, should you configure -it on a port other than 139, you will require port redirection services -on port 139, details of which are outlined in rfc1002.txt section 4.3.5. - -This parameter is not normally specified except in the above situation. -.RE - -.B \-s -.I configuration file - -.RS 3 -The default configuration file name is determined at compile time. - -The file specified contains the configuration details required by the server. -The information in this file includes server-specific information such as -what printcap file to use, as well as descriptions of all the services that the -server is to provide. See -.BR smb.conf (5) -for more information. -.RE -.SH FILES - -.B /etc/inetd.conf - -.RS 3 -If the server is to be run by the inetd meta-daemon, this file must contain -suitable startup information for the meta-daemon. See the section -"INSTALLATION" below. -.RE - -.B /etc/rc - -.RS 3 -(or whatever initialisation script your system uses) - -If running the server as a daemon at startup, this file will need to contain -an appropriate startup sequence for the server. See the section "INSTALLATION" -below. -.RE - -.B /etc/services - -.RS 3 -If running the server via the meta-daemon inetd, this file must contain a -mapping of service name (eg., netbios-ssn) to service port (eg., 139) and -protocol type (eg., tcp). See the section "INSTALLATION" below. -.RE - -.B /usr/local/samba/lib/smb.conf - -.RS 3 -This file describes all the services the server is to make available to -clients. See -.BR smb.conf (5) -for more information. -.RE -.SH LIMITATIONS - -On some systems -.B smbd -cannot change uid back to root after a setuid() call. -Such systems are called "trapdoor" uid systems. If you have such a system, -you will be unable to connect from a client (such as a PC) as two different -users at once. Attempts to connect the second user will result in "access -denied" or similar. -.SH ENVIRONMENT VARIABLES - -.B PRINTER - -.RS 3 -If no printer name is specified to printable services, most systems will -use the value of this variable (or "lp" if this variable is not defined) -as the name of the printer to use. This is not specific to the server, -however. -.RE -.SH INSTALLATION -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - +.TH "smbd" "8" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +smbd \- server to provide SMB/CIFS services to clients +.PP +.SH "SYNOPSIS" +.PP +\fBsmbd\fP [-D] [-a] [-o] [-d debuglevel] [-l log file] [-p port number] [-O socket options] [-s configuration file] [-i scope] [-P] [-h] +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite\&. +.PP +\fBsmbd\fP is the server daemon that provides filesharing services to +Windows clients\&. The server provides filespace and printer services to +clients using the SMB (or CIFS) protocol\&. This is compatible with the +LanManager protocol, and can service LanManager clients\&. These +include MSCLIENT 3\&.0 for DOS, Windows for Workgroups, Windows 95, +Windows NT, OS/2, DAVE for Macintosh, and smbfs for Linux\&. +.PP +An extensive description of the services that the server can provide +is given in the man page for the configuration file controlling the +attributes of those services (see \fBsmb\&.conf (5)\fP)\&. This man page +will not describe the services, but will concentrate on the +administrative aspects of running the server\&. +.PP +Please note that there are significant security implications to +running this server, and the \fBsmb\&.conf (5)\fP manpage should be +regarded as mandatory reading before proceeding with installation\&. +.PP +A session is created whenever a client requests one\&. Each client gets +a copy of the server for each session\&. This copy then services all +connections made by the client during that session\&. When all +connections from its client are are closed, the copy of the server for +that client terminates\&. +.PP +The configuration file, and any files that it includes, are +automatically reloaded every minute, if they change\&. You can force a +reload by sending a SIGHUP to the server\&. Reloading the configuration +file will not affect connections to any service that is already +established\&. Either the user will have to disconnect from the +service, or smbd killed and restarted\&. +.PP +.SH "OPTIONS" +.PP +.IP +.IP "\fB-D\fP" +If specified, this parameter causes the server to operate as a +daemon\&. That is, it detaches itself and runs in the background, +fielding requests on the appropriate port\&. Operating the server as a +daemon is the recommended way of running smbd for servers that provide +more than casual use file and print services\&. +.IP +By default, the server will NOT operate as a daemon\&. +.IP +.IP "\fB-a\fP" +If this parameter is specified, each new connection will +append log messages to the log file\&. This is the default\&. +.IP +.IP "\fB-o\fP" +If this parameter is specified, the log files will be +overwritten when opened\&. By default, the log files will be appended +to\&. +.IP +.IP "\fB-d debuglevel\fP" +debuglevel is an integer from 0 to 10\&. +.IP +The default value if this parameter is not specified is zero\&. +.IP +The higher this value, the more detail will be logged to the log files +about the activities of the server\&. At level 0, only critical errors +and serious warnings will be logged\&. Level 1 is a reasonable level for +day to day running - it generates a small amount of information about +operations carried out\&. +.IP +Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem\&. Levels above 3 are +designed for use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic\&. +.IP +Note that specifying this parameter here will override the \fBlog +level\fP parameter in the \fBsmb\&.conf +(5)\fP file\&. +.IP +.IP "\fB-l log file\fP" +If specified, \fIlog file\fP specifies +a log filename into which informational and debug messages from the +running server will be logged\&. The log file generated is never removed +by the server although its size may be controlled by the \fBmax +log size\fP option in the \fBsmb\&.conf +(5)\fP file\&. The default log file name is specified +at compile time\&. +.IP +.IP "\fB-O socket options\fP" +See the \fBsocket +options\fP parameter in the +\fBsmb\&.conf (5)\fP file for details\&. +.IP +.IP "\fB-p port number\fP" +port number is a positive integer value\&. The +default value if this parameter is not specified is 139\&. +.IP +This number is the port number that will be used when making +connections to the server from client software\&. The standard +(well-known) port number for the SMB over TCP is 139, hence the +default\&. If you wish to run the server as an ordinary user rather than +as root, most systems will require you to use a port number greater +than 1024 - ask your system administrator for help if you are in this +situation\&. +.IP +In order for the server to be useful by most clients, should you +configure it on a port other than 139, you will require port +redirection services on port 139, details of which are outlined in +rfc1002\&.txt section 4\&.3\&.5\&. +.IP +This parameter is not normally specified except in the above +situation\&. +.IP +.IP "\fB-s configuration file\fP" +The default configuration file name is +determined at compile time\&. +.IP +The file specified contains the configuration details required by the +server\&. The information in this file includes server-specific +information such as what printcap file to use, as well as descriptions +of all the services that the server is to provide\&. See \fBsmb\&.conf +(5)\fP for more information\&. +.IP +.IP "\fB-i scope\fP" +This specifies a NetBIOS scope that the server will use +to communicate with when generating NetBIOS names\&. For details on the +use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes +are \fIvery\fP rarely used, only set this parameter if you are the +system administrator in charge of all the NetBIOS systems you +communicate with\&. +.IP +.IP "\fB-h\fP" +Prints the help information (usage) for smbd\&. +.IP +.IP "\fB-P\fP" +Passive option\&. Causes smbd not to send any network traffic +out\&. Used for debugging by the developers only\&. +.IP +.PP +.SH "FILES" +.PP +\fB/etc/inetd\&.conf\fP +.PP +If the server is to be run by the inetd meta-daemon, this file must +contain suitable startup information for the meta-daemon\&. See the +section \fIINSTALLATION\fP below\&. +.PP +\fB/etc/rc\fP +.PP +(or whatever initialisation script your system uses)\&. +.PP +If running the server as a daemon at startup, this file will need to +contain an appropriate startup sequence for the server\&. See the +section \fIINSTALLATION\fP below\&. +.PP +\fB/etc/services\fP +.PP +If running the server via the meta-daemon inetd, this file must +contain a mapping of service name (eg\&., netbios-ssn) to service port +(eg\&., 139) and protocol type (eg\&., tcp)\&. See the section +\fIINSTALLATION\fP below\&. +.PP +\fB/usr/local/samba/lib/smb\&.conf\fP +.PP +This is the default location of the \fIsmb\&.conf\fP server configuration +file\&. Other common places that systems install this file are +\fI/usr/samba/lib/smb\&.conf\fP and \fI/etc/smb\&.conf\fP\&. +.PP +This file describes all the services the server is to make available +to clients\&. See \fBsmb\&.conf (5)\fP for more information\&. +.PP +.SH "LIMITATIONS" +.PP +On some systems \fBsmbd\fP cannot change uid back to root after a +setuid() call\&. Such systems are called "trapdoor" uid systems\&. If you +have such a system, you will be unable to connect from a client (such +as a PC) as two different users at once\&. Attempts to connect the +second user will result in "access denied" or similar\&. +.PP +.SH "ENVIRONMENT VARIABLES" +.PP +\fBPRINTER\fP +.PP +If no printer name is specified to printable services, most systems +will use the value of this variable (or "lp" if this variable is not +defined) as the name of the printer to use\&. This is not specific to +the server, however\&. +.PP +.SH "INSTALLATION" +.PP +The location of the server and its support files is a matter for +individual system administrators\&. The following are thus suggestions +only\&. +.PP It is recommended that the server software be installed under the -/usr/local/samba hierarchy, in a directory readable by all, writeable only -by root. The server program itself should be executable by all, as -users may wish to run the server themselves (in which case it will of -course run with their privileges). The server should NOT be -setuid. On some systems it may be worthwhile to make smbd setgid to an -empty group. This is because some systems may have a security hole where -daemon processes that become a user can be attached to with a -debugger. Making the smbd file setgid to an empty group may prevent -this hole from being exploited. This security hole and the suggested -fix has only been confirmed on Linux at the time this was written. It -is possible that this hole only exists in Linux, as testing on other -systems has thus far shown them to be immune. - -The server log files should be put in a directory readable and writable only -by root, as the log files may contain sensitive information. - -The configuration file should be placed in a directory readable and writable -only by root, as the configuration file controls security for the services -offered by the server. The configuration file can be made readable by all if -desired, but this is not necessary for correct operation of the server and -is not recommended. A sample configuration file "smb.conf.sample" is supplied -with the source to the server - this may be renamed to "smb.conf" and -modified to suit your needs. - +/usr/local/samba hierarchy, in a directory readable by all, writeable +only by root\&. The server program itself should be executable by all, +as users may wish to run the server themselves (in which case it will +of course run with their privileges)\&. The server should NOT be +setuid\&. On some systems it may be worthwhile to make smbd setgid to an +empty group\&. This is because some systems may have a security hole +where daemon processes that become a user can be attached to with a +debugger\&. Making the smbd file setgid to an empty group may prevent +this hole from being exploited\&. This security hole and the suggested +fix has only been confirmed on old versions (pre-kernel 2\&.0) of Linux +at the time this was written\&. It is possible that this hole only +exists in Linux, as testing on other systems has thus far shown them +to be immune\&. +.PP +The server log files should be put in a directory readable and +writable only by root, as the log files may contain sensitive +information\&. +.PP +The configuration file should be placed in a directory readable and +writable only by root, as the configuration file controls security for +the services offered by the server\&. The configuration file can be made +readable by all if desired, but this is not necessary for correct +operation of the server and is not recommended\&. A sample configuration +file "smb\&.conf\&.sample" is supplied with the source to the server - +this may be renamed to "smb\&.conf" and modified to suit your needs\&. +.PP The remaining notes will assume the following: - -.RS 3 -.B smbd -(the server program) installed in /usr/local/samba/bin - -smb.conf (the configuration file) installed in /usr/local/samba/lib - +.PP +.IP +.IP o +\fBsmbd\fP (the server program) installed in /usr/local/samba/bin +.IP +.IP o +\fBsmb\&.conf\fP (the configuration file) installed in /usr/local/samba/lib +.IP +.IP o log files stored in /var/adm/smblogs -.RE - -The server may be run either as a daemon by users or at startup, or it may -be run from a meta-daemon such as inetd upon request. If run as a daemon, the -server will always be ready, so starting sessions will be faster. If run from -a meta-daemon some memory will be saved and utilities such as the tcpd -TCP-wrapper may be used for extra security. - -When you've decided, continue with either "RUNNING THE SERVER AS A DAEMON" or -"RUNNING THE SERVER ON REQUEST". -.SH RUNNING THE SERVER AS A DAEMON +.IP +.PP +The server may be run either as a daemon by users or at startup, or it +may be run from a meta-daemon such as inetd upon request\&. If run as a +daemon, the server will always be ready, so starting sessions will be +faster\&. If run from a meta-daemon some memory will be saved and +utilities such as the tcpd TCP-wrapper may be used for extra security\&. +For serious use as file server it is recommended that \fBsmbd\fP be run +as a daemon\&. +.PP +When you\'ve decided, continue with either \fIRUNNING THE SERVER AS A +DAEMON\fP or \fIRUNNING THE SERVER ON REQUEST\fP\&. +.PP +.SH "RUNNING THE SERVER AS A DAEMON" +.PP To run the server as a daemon from the command line, simply put the -.B \-D -option -on the command line. There is no need to place an ampersand at the end of the -command line - the -.B \-D -option causes the server to detach itself from the -tty anyway. - -Any user can run the server as a daemon (execute permissions permitting, of -course). This is useful for testing purposes, and may even be useful as a -temporary substitute for something like ftp. When run this way, however, the -server will only have the privileges of the user who ran it. - -To ensure that the server is run as a daemon whenever the machine is started, -and to ensure that it runs as root so that it can serve multiple clients, you -will need to modify the system startup files. Wherever appropriate (for -example, in /etc/rc), insert the following line, substituting -port number, log file location, configuration file location and debug level as -desired: - -.RS 3 -/usr/local/samba/bin/smbd -D -l /var/adm/smblogs/log -s /usr/local/samba/lib/smb.conf -.RE - -(The above should appear in your initialisation script as a single line. +\fB-D\fP option on the command line\&. There is no need to place an +ampersand at the end of the command line - the \fB-D\fP option causes +the server to detach itself from the tty anyway\&. +.PP +Any user can run the server as a daemon (execute permissions +permitting, of course)\&. This is useful for testing purposes, and may +even be useful as a temporary substitute for something like ftp\&. When +run this way, however, the server will only have the privileges of the +user who ran it\&. +.PP +To ensure that the server is run as a daemon whenever the machine is +started, and to ensure that it runs as root so that it can serve +multiple clients, you will need to modify the system startup +files\&. Wherever appropriate (for example, in /etc/rc), insert the +following line, substituting port number, log file location, +configuration file location and debug level as desired: +.PP +\f(CW/usr/local/samba/bin/smbd -D -l /var/adm/smblogs/log -s /usr/local/samba/lib/smb\&.conf\fP +.PP +(The above should appear in your initialisation script as a single line\&. Depending on your terminal characteristics, it may not appear that way in -this man page. If the above appears as more than one line, please treat any -newlines or indentation as a single space or TAB character.) - -If the options used at compile time are appropriate for your system, all -parameters except the desired debug level and -.B \-D -may be omitted. See the -section "OPTIONS" above. -.SH RUNNING THE SERVER ON REQUEST -If your system uses a meta-daemon such as inetd, you can arrange to have the -smbd server started whenever a process attempts to connect to it. This requires -several changes to the startup files on the host machine. If you are -experimenting as an ordinary user rather than as root, you will need the -assistance of your system administrator to modify the system files. - -You will probably want to set up the name server -.B nmbd -at the same time as -.B smbd -- refer to the man page -.BR nmbd (8). - -First, ensure that a port is configured in the file /etc/services. The -well-known port 139 should be used if possible, though any port may be used. - +this man page\&. If the above appears as more than one line, please treat any +newlines or indentation as a single space or TAB character\&.) +.PP +If the options used at compile time are appropriate for your system, +all parameters except the desired debug level and \fB-D\fP may be +omitted\&. See the section \fIOPTIONS\fP above\&. +.PP +.SH "RUNNING THE SERVER ON REQUEST" +.PP +If your system uses a meta-daemon such as inetd, you can arrange to +have the smbd server started whenever a process attempts to connect to +it\&. This requires several changes to the startup files on the host +machine\&. If you are experimenting as an ordinary user rather than as +root, you will need the assistance of your system administrator to +modify the system files\&. +.PP +You will probably want to set up the NetBIOS name server \fBnmbd\fP at +the same time as \fBsmbd\fP\&. To do this refer to the man page for +\fBnmbd (8)\fP\&. +.PP +First, ensure that a port is configured in the file /etc/services\&. The +well-known port 139 should be used if possible, though any port may be +used\&. +.PP Ensure that a line similar to the following is in /etc/services: +.PP +\f(CWnetbios-ssn 139/tcp\fP +.PP +Note for NIS/YP users - you may need to rebuild the NIS service maps +rather than alter your local /etc/services file\&. +.PP +Next, put a suitable line in the file /etc/inetd\&.conf (in the unlikely +event that you are using a meta-daemon other than inetd, you are on +your own)\&. Note that the first item in this line matches the service +name in /etc/services\&. Substitute appropriate values for your system +in this line (see \fBinetd (8)\fP): +.PP +\f(CWnetbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd -d1 -l/var/adm/smblogs/log -s/usr/local/samba/lib/smb\&.conf\fP +.PP +(The above should appear in /etc/inetd\&.conf as a single +line\&. Depending on your terminal characteristics, it may not appear +that way in this man page\&. If the above appears as more than one +line, please treat any newlines or indentation as a single space or +TAB character\&.) +.PP +Note that there is no need to specify a port number here, even if you +are using a non-standard port number\&. +.PP +Lastly, edit the configuration file to provide suitable services\&. To +start with, the following two services should be all you need: +.PP + +.DS + -.RS 3 -netbios-ssn 139/tcp -.RE - -Note for NIS/YP users - you may need to rebuild the NIS service maps rather -than alter your local /etc/services file. - -Next, put a suitable line in the file /etc/inetd.conf (in the unlikely event -that you are using a meta-daemon other than inetd, you are on your own). Note -that the first item in this line matches the service name in /etc/services. -Substitute appropriate values for your system in this line (see -.BR inetd (8)): - -.RS 3 -.\" turn off right adjustment -.ad l -netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd -d1 --l/var/adm/smblogs/log -s/usr/local/samba/lib/smb.conf -.ad -.RE - -(The above should appear in /etc/inetd.conf as a single line. Depending on -your terminal characteristics, it may not appear that way in this man page. -If the above appears as more than one line, please treat any newlines or -indentation as a single space or TAB character.) - -Note that there is no need to specify a port number here, even if you are -using a non-standard port number. - -Lastly, edit the configuration file to provide suitable services. To start -with, the following two services should be all you need: -.RS 3 [homes] -.RS 3 - writable = yes -.RE + writable = yes [printers] -.RS 3 writable = no printable = yes path = /tmp public = yes -.RE -.RE -This will allow you to connect to your home directory and print to any printer -supported by the host (user privileges permitting). -.SH TESTING THE INSTALLATION -If running the server as a daemon, execute it before proceeding. If -using a meta-daemon, either restart the system or kill and restart the -meta-daemon. Some versions of inetd will reread their configuration tables if -they receive a HUP signal. - -If your machine's name is "fred" and your name is "mary", you should now be -able to connect to the service "\e\efred\emary". - -To properly test and experiment with the server, we recommend using the -smbclient program (see -.BR smbclient (1)). -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, -plus some of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the server has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.BR hosts_access (5), -.BR inetd (8), -.BR nmbd (8), -.BR smb.conf (5), -.BR smbclient (1), -.BR testparm (1), -.BR testprns (1) -.BR rfc1001.txt -.BR rfc1002.txt -.SH DIAGNOSTICS -[This section under construction] - -Most diagnostics issued by the server are logged in a specified log file. The -log file name is specified at compile time, but may be overridden on the -command line. - -The number and nature of diagnostics available depends on the debug level used -by the server. If you have problems, set the debug level to 3 and peruse the -log files. - -Most messages are reasonably self-explanatory. Unfortunately, at time of -creation of this man page the source code is still too fluid to warrant -describing each and every diagnostic. At this stage your best bet is still -to grep the source code and inspect the conditions that gave rise to the -diagnostics you are seeing. - -.SH SIGNALS - -In version 1.9.18 and above the debug log level of smbd may be raised -by sending it a SIGUSR1 (kill -USR1 ) and lowered by sending -it a SIGUSR2 (kill -USR2 ). This is to allow transient problems -to be diagnosed, whilst still running at a normally low log level. +.DE + + +.PP +This will allow you to connect to your home directory and print to any +printer supported by the host (user privileges permitting)\&. +.PP +.SH "TESTING THE INSTALLATION" +.PP +If running the server as a daemon, execute it before proceeding\&. If +using a meta-daemon, either restart the system or kill and restart the +meta-daemon\&. Some versions of inetd will reread their configuration +tables if they receive a HUP signal\&. +.PP +If your machine\'s name is "fred" and your name is "mary", you should +now be able to connect to the service \f(CW\e\efred\emary\fP\&. +.PP +To properly test and experiment with the server, we recommend using +the smbclient program (see \fBsmbclient (1)\fP) and also going through +the steps outlined in the file \fIDIAGNOSIS\&.txt\fP in the \fIdocs/\fP +directory of your Samba installation\&. +.PP +.SH "VERSION" +.PP +This man page is correct for version 2\&.0 of the Samba suite\&. +.PP +.SH "DIAGNOSTICS" +.PP +Most diagnostics issued by the server are logged in a specified log +file\&. The log file name is specified at compile time, but may be +overridden on the command line\&. +.PP +The number and nature of diagnostics available depends on the debug +level used by the server\&. If you have problems, set the debug level to +3 and peruse the log files\&. +.PP +Most messages are reasonably self-explanatory\&. Unfortunately, at time +of creation of this man page there are too many diagnostics available +in the source code to warrant describing each and every diagnostic\&. At +this stage your best bet is still to grep the source code and inspect +the conditions that gave rise to the diagnostics you are seeing\&. +.PP +.SH "SIGNALS" +.PP +Sending the smbd a SIGHUP will cause it to re-load its smb\&.conf +configuration file within a short period of time\&. +.PP +To shut down a users smbd process it is recommended that SIGKILL (-9) +\fINOT\fP be used, except as a last resort, as this may leave the shared +memory area in an inconsistant state\&. The safe way to terminate an +smbd is to send it a SIGTERM (-15) signal and wait for it to die on +its own\&. +.PP +The debug log level of smbd may be raised +by sending it a SIGUSR1 \f(CW(kill -USR1 )\fP and lowered by +sending it a SIGUSR2 \f(CW(kill -USR2 )\fP\&. This is to allow +transient problems to be diagnosed, whilst still running at a normally +low log level\&. +.PP Note that as the signal handlers send a debug write, they are not -re-entrant in smbd. This you should wait until smbd is in a state of -waiting for an incoming smb before issuing them. It is possible to +re-entrant in smbd\&. This you should wait until smbd is in a state of +waiting for an incoming smb before issuing them\&. It is possible to make the signal handlers safe by un-blocking the signals before the select call and re-blocking them after, however this would affect -performance. - -.SH BUGS -None known. -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@samba.anu.edu.au). Andrew is also the Keeper -of the Source for this project. - - -See -.BR smb.conf (5) -for a full list of contributors and details on how to -submit bug reports, comments etc. +performance\&. +.PP +.SH "SEE ALSO" +.PP +\fBhosts_access (5)\fP, \fBinetd (8)\fP, \fBnmbd (8)\fP, +\fBsmb\&.conf (5)\fP, \fBsmbclient +(1)\fP, \fBtestparm (1)\fP, +\fBtestprns (1)\fP, and the Internet RFC\'s +\fBrfc1001\&.txt\fP, \fBrfc1002\&.txt\fP\&. In addition the CIFS (formerly SMB) +specification is available as a link from the Web page : +http://samba\&.anu\&.edu\&.au/cifs/\&. +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba\&.anu\&.edu\&.au)\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +See \fBsamba (7)\fP to find out how to get a full list of contributors +and details on how to submit bug reports, comments etc\&. diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8 index 4f2658736f..e958266560 100644 --- a/docs/manpages/smbpasswd.8 +++ b/docs/manpages/smbpasswd.8 @@ -1,138 +1,293 @@ -.TH SMBPASSWD 8 "09 Oct 1998" "smbpasswd 2.0.0-alpha11" -.SH NAME -smbpasswd \- change a users smb password in the smbpasswd file. -.SH SYNOPSIS -.B smbpasswd -[ -.B \-a -] [ -.B \-r -remote_machine -] [ -.B username -] -.SH DESCRIPTION - -This program is part of the Samba suite. - -.B smbpasswd -allows a user to change their encrypted smb password which -is stored in the smbpasswd file (usually kept in the -.I private -directory under the -.I Samba -directory hierarchy. Ordinary users can only run the command -with no options. It will prompt them for their old smb password -and then ask them for their new password twice, to ensure that -the new password was typed correctly. No passwords will -be echoed on the screen whilst being typed. If you have a blank -smb password (specified by the string "NO PASSWORD" in the -smbpasswd file) then just press the key when asked -for your old password. - -.B New for 1.9.18p4. -smbpasswd will now allow a user to change their password -on a Windows NT server. To use this add the -.I \-r -.I \ -paramter to the smbpasswd command. The machine name is looked -up using the "name resolve order" parameter defined in the -smb.conf [global] section. Note that when changing a Windows -NT password for a domain user, -.I \ -must be the name of the Primary domain controller. - -To allow users to change their passwords from "NO PASSWORD" -in the smbpasswd file to a valid password the administrator -must set the following parameter in the [global] section of -the smb.conf : - +.TH "smbpasswd" "8" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +smbpasswd \- change a users SMB password +.PP +.SH "SYNOPSIS" +.PP +\fBsmbpasswd\fP [-a] [-d] [-e] [-D debug level] [-n] [-r remote_machine] [-R name resolve order] [-m] [-j DOMAIN] [-U username] [-h] [-s] username +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite\&. +.PP +The \fBsmbpasswd\fP program has several different functions, depending +on whether it is run by the \fIroot\fP user or not\&. When run as a normal +user it allows the user to change the password used for their SMB +sessions on any machines that store SMB passwords\&. +.PP +By default (when run with no arguments) it will attempt to change the +current users SMB password on the local machine\&. This is similar to +the way the \fBpasswd (1)\fP program works\&. \fBsmbpasswd\fP differs from +the \fBpasswd\fP program works however in that it is not \fIsetuid root\fP +but works in a client-server mode and communicates with a locally +running \fBsmbd\fP\&. As a consequence in order for this +to succeed the \fBsmbd\fP daemon must be running on +the local machine\&. On a UNIX machine the encrypted SMB passwords are +usually stored in the \fBsmbpasswd (5)\fP file\&. +.PP +When run by an ordinary user with no options\&. \fBsmbpasswd\fP will +prompt them for their old smb password and then ask them for their new +password twice, to ensure that the new password was typed +correctly\&. No passwords will be echoed on the screen whilst being +typed\&. If you have a blank smb password (specified by the string "NO +PASSWORD" in the \fBsmbpasswd\fP file) then just +press the key when asked for your old password\&. +.PP +\fBsmbpasswd\fP also can be used by a normal user to change their SMB +password on remote machines, such as Windows NT Primary Domain +Controllers\&. See the (\fB-r\fP) and +\fB-U\fP options below\&. +.PP +When run by root, \fBsmbpasswd\fP allows new users to be added and +deleted in the \fBsmbpasswd\fP file, as well as +changes to the attributes of the user in this file to be made\&. When +run by root, \fBsmbpasswd\fP accesses the local +\fBsmbpasswd\fP file directly, thus enabling +changes to be made even if \fBsmbd\fP is not running\&. +.PP +.SH "OPTIONS" +.PP +.IP +.IP "\fB-a\fP" +This option specifies that the username following should +be added to the local \fBsmbpasswd\fP file, with +the new password typed (type for the old password)\&. This +option is ignored if the username following already exists in the +\fBsmbpasswd\fP file and it is treated like a +regular change password command\&. Note that the user to be added \&.B +must already exist in the system password file (usually /etc/passwd) +else the request to add the user will fail\&. +.IP +This option is only available when running \fBsmbpasswd\fP as +root\&. +.IP +.IP "\fB-d\fP" +This option specifies that the username following should be +\fIdisabled\fP in the local \fBsmbpasswd\fP file\&. +This is done by writing a \fI\'D\'\fP flag into the account control space +in the \fBsmbpasswd\fP file\&. Once this is done +all attempts to authenticate via SMB using this username will fail\&. +.IP +If the \fBsmbpasswd\fP file is in the \'old\' +format (pre-Samba 2\&.0 format) there is no space in the users password +entry to write this information and so the user is disabled by writing +\'X\' characters into the password space in the +\fBsmbpasswd\fP file\&. See \fBsmbpasswd +(5)\fP for details on the \'old\' and new password file +formats\&. +.IP +This option is only available when running \fBsmbpasswd\fP as root\&. +.IP +.IP "\fB-e\fP" +This option specifies that the username following should be +\fIenabled\fP in the local \fBsmbpasswd\fP file, +if the account was previously disabled\&. If the account was not +disabled this option has no effect\&. Once the account is enabled +then the user will be able to authenticate via SMB once again\&. +.IP +If the smbpasswd file is in the \'old\' format then \fBsmbpasswd\fP will +prompt for a new password for this user, otherwise the account will be +enabled by removing the \fI\'D\'\fP flag from account control space in the +\fBsmbpasswd\fP file\&. See \fBsmbpasswd +(5)\fP for details on the \'old\' and new password file +formats\&. +.IP +This option is only available when running \fBsmbpasswd\fP as root\&. +.IP +.IP "\fB-D debuglevel\fP" +debuglevel is an integer from 0 +to 10\&. The default value if this parameter is not specified is zero\&. +.IP +The higher this value, the more detail will be logged to the log files +about the activities of smbpasswd\&. At level 0, only critical errors +and serious warnings will be logged\&. +.IP +Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem\&. Levels above 3 are +designed for use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic\&. +.IP +.IP "\fB-n\fP" +This option specifies that the username following should +have their password set to null (i\&.e\&. a blank password) in the local +\fBsmbpasswd\fP file\&. This is done by writing the +string "NO PASSWORD" as the first part of the first password stored in +the \fBsmbpasswd\fP file\&. +.IP +Note that to allow users to logon to a Samba server once the password +has been set to "NO PASSWORD" in the +\fBsmbpasswd\fP file the administrator must set +the following parameter in the [global] section of the +\fBsmb\&.conf\fP file : +.IP null passwords = true - -This is -.B NOT -recommended as a general policy, it is recommended that -new users be assigned a default password instead. - -The -.I \-a -and -.I username -options can only be used by a user running as root. - -.SH OPTIONS -.I \-a - -.RS 3 -Specifies that the username following should be added to -the -.I smbpasswd -file, with the new password typed (type for the -old password). This option is ignored if the username -following already exists in the -.I smbpasswd -file and it is treated like a regular change password -command. Note that the user to be added -.B must -already exist in the system password file (usually /etc/passwd) -else the request to add the user will fail. - -.RE -.I username - -.RS 3 -You may only specify a username to the smbpasswd command -if you are running as root. Only root should have the -permission to modify other users smb passwords. - -.RE -.RE -.SH INSTALLATION - -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the -.B smbpasswd -program be installed in the /usr/local/samba/bin directory. This should be -a directory readable by all, writeable only by root. The program should be -executable by all. The program -.B must not -be setuid root. - -.SH VERSION - -This man page is correct for version 1.9.18p4 of the Samba suite. -These notes will necessarily lag behind -development of the software, so it is possible that your version of -the program has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.BR smbd (8), -.BR smb.conf (5) -.SH -.B BUGS - -.RE -The -.B smbpasswd -command is only useful if -.I Samba -has been set up to use encrypted passwords. See the file -.I ENCRYPTION.txt -in the docs directory for details on how to do this. - -.SH CREDITS -.RE -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@samba.anu.edu.au). Andrew is also the Keeper -of the Source for this project. smbpasswd and the encrypted password -file code was written by Jeremy Allison (samba-bugs@samba.anu.edu.au). - -This man page was written by Jeremy Allison. Bug reports to samba-bugs@samba.anu.edu.au. - -See -.BR smb.conf (5) -for a full list of contributors and details of how to -submit bug reports, comments etc. +.IP +This option is only available when running \fBsmbpasswd\fP as root\&. +.IP +.IP "\fB-r remote machine name\fP" +This option allows a +user to specify what machine they wish to change their password +on\&. Without this parameter \fBsmbpasswd\fP defaults to the local +host\&. The \fI"remote machine name"\fP is the NetBIOS name of the +SMB/CIFS server to contact to attempt the password change\&. This name +is resolved into an IP address using the standard name resolution +mechanism in all programs of the \fBSamba\fP +suite\&. See the \fB-R name resolve order\fP parameter for details on changing this resolving +mechanism\&. +.IP +The username whose password is changed is that of the current UNIX +logged on user\&. See the \fB-U username\fP +parameter for details on changing the password for a different +username\&. +.IP +Note that if changing a Windows NT Domain password the remote machine +specified must be the Primary Domain Controller for the domain (Backup +Domain Controllers only have a read-only copy of the user account +database and will not allow the password change)\&. +.IP +.IP "\fB-R name resolve order\fP" +This option allows the user of +smbclient to determine what name resolution services to use when +looking up the NetBIOS name of the host being connected to\&. +.IP +The options are :"lmhosts", "host", +"wins" and "bcast"\&. They cause names to be +resolved as follows : +.IP +.IP +.IP o +\fBlmhosts\fP : Lookup an IP address in the Samba lmhosts file\&. +.IP +.IP o +\fBhost\fP : Do a standard host name to IP address resolution, +using the system /etc/hosts, NIS, or DNS lookups\&. This method of name +resolution is operating system depended for instance on IRIX or +Solaris this may be controlled by the \fI/etc/nsswitch\&.conf\fP file)\&. +.IP +.IP o +\fBwins\fP : Query a name with the IP address listed in the \fBwins +server\fP parameter in the smb\&.conf file\&. If +no WINS server has been specified this method will be ignored\&. +.IP +.IP o +\fBbcast\fP : Do a broadcast on each of the known local interfaces +listed in the \fBinterfaces\fP parameter +in the smb\&.conf file\&. This is the least reliable of the name resolution +methods as it depends on the target host being on a locally connected +subnet\&. +.IP +.IP +If this parameter is not set then the name resolver order defined +in the \fBsmb\&.conf\fP file parameter +\fBname resolve order\fP +will be used\&. +.IP +The default order is lmhosts, host, wins, bcast and without this +parameter or any entry in the \fBsmb\&.conf\fP +file the name resolution methods will be attempted in this order\&. +.IP +.IP "\fB-m\fP" +This option tells \fBsmbpasswd\fP that the account being +changed is a \fIMACHINE\fP account\&. Currently this is used when Samba is +being used as an NT Primary Domain Controller\&. PDC support is not a +supported feature in Samba2\&.0 but will become supported in a later +release\&. If you wish to know more about using Samba as an NT PDC then +please subscribe to the mailing list +\fIsamba-ntdom@samba\&.anu\&.edu\&.au\fP\&. +.IP +This option is only available when running \fBsmbpasswd\fP as root\&. +.IP +.IP "\fB-j DOMAIN\fP" +This option is used to add a Samba server into a +Windows NT Domain, as a Domain member capable of authenticating user +accounts to any Domain Controller in the same way as a Windows NT +Server\&. See the \fBsecurity=domain\fP +option in the \fBsmb\&.conf (5)\fP man page\&. +.IP +In order to be used in this way, the Administrator for the Windows +NT Domain must have used the program \fI"Server Manager for Domains"\fP +to add the primary NetBIOS name of +the Samba server as a member of the Domain\&. +.IP +After this has been done, to join the Domain invoke \fBsmbpasswd\fP with +this parameter\&. \fBsmbpasswd\fP will then look up the Primary Domain +Controller for the Domain (found in the +\fBsmb\&.conf\fP file in the parameter +\fBpassword server\fP and change +the machine account password used to create the secure Domain +communication\&. This password is then stored by \fBsmbpasswd\fP in a +file, read only by root, called \f(CW\&.\&.mac\fP where +\f(CW\fP is the name of the Domain we are joining and tt +is the primary NetBIOS name of the machine we are running on\&. +.IP +Once this operation has been performed the +\fBsmb\&.conf\fP file may be updated to set the +\fBsecurity=domain\fP option and all +future logins to the Samba server will be authenticated to the Windows +NT PDC\&. +.IP +Note that even though the authentication is being done to the PDC all +users accessing the Samba server must still have a valid UNIX account +on that machine\&. +.IP +This option is only available when running \fBsmbpasswd\fP as root\&. +.IP +.IP "\fB-U username\fP" +This option may only be used in +conjunction with the \fB-r\fP +option\&. When changing a password on a remote machine it allows the +user to specify the user name on that machine whose password will be +changed\&. It is present to allow users who have different user names on +different systems to change these passwords\&. +.IP +.IP "\fB-h\fP" +This option prints the help string for \fBsmbpasswd\fP, +selecting the correct one for running as root or as an ordinary user\&. +.IP +.IP "\fB-s\fP" +This option causes \fBsmbpasswd\fP to be silent (ie\&. not +issue prompts) and to read it\'s old and new passwords from standard +input, rather than from \f(CW/dev/tty\fP (like the \fBpasswd (1)\fP program +does)\&. This option is to aid people writing scripts to drive \fBsmbpasswd\fP +.IP +dir(\fBusername\fP) This specifies the username for all of the \fIroot +only\fP options to operate on\&. Only root can specify this parameter as +only root has the permission needed to modify attributes directly +in the local \fBsmbpasswd\fP file\&. +.IP +.SH "NOTES" +.IP +As \fBsmbpasswd\fP works in client-server mode communicating with a +local \fBsmbd\fP for a non-root user then the \fBsmbd\fP +daemon must be running for this to work\&. A common problem is to add a +restriction to the hosts that may access the \fBsmbd\fP running on the +local machine by specifying a \fB"allow +hosts"\fP or \fB"deny +hosts"\fP entry in the +\fBsmb\&.conf\fP file and neglecting to allow +\fI"localhost"\fP access to the \fBsmbd\fP\&. +.IP +In addition, the \fBsmbpasswd\fP command is only useful if \fBSamba\fP has +been set up to use encrypted passwords\&. See the file \fBENCRYPTION\&.txt\fP +in the docs directory for details on how to do this\&. +.IP +.SH "VERSION" +.IP +This man page is correct for version 2\&.0 of the Samba suite\&. +.IP +.SH "AUTHOR" +.IP +The original Samba software and related utilities were created by +Andrew Tridgell \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.IP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.IP +See \fBsamba (7)\fP to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc\&. diff --git a/docs/manpages/smbrun.1 b/docs/manpages/smbrun.1 index a1ee7e43ba..d822344164 100644 --- a/docs/manpages/smbrun.1 +++ b/docs/manpages/smbrun.1 @@ -1,74 +1,67 @@ -.TH SMBRUN 1 "09 Oct 1998" "smbrun 2.0.0-alpha11" -.SH NAME +.TH "smbrun" "1" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" smbrun \- interface program between smbd and external programs -.SH SYNOPSIS -.B smbrun -.I shell-command -.SH DESCRIPTION -This program is part of the Samba suite. - -.B smbrun -is a very small 'glue' program, which runs shell commands for -the -.B smbd -daemon (see -.BR smbd (8)). - -It first changes to the highest effective user and group ID that it can, -then runs the command line provided using the system() call. This program is -necessary to allow some operating systems to run external programs as non-root. -.SH OPTIONS -.I shell-command - -.RS 3 -The shell command to execute. - -The command should have a fully-qualified path. -.RE -.SH ENVIRONMENT VARIABLES -The PATH variable set for the environment in which -.B smbrun -is executed will affect what executables are located and executed if a -fully-qualified path is not given in the command. -.SH INSTALLATION -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the -.B smbrun -program be installed under the /usr/local/samba hierarchy, in a directory readable -by all, writeable only by root. The program should be executable by all. -The program should NOT be setuid or setgid! -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the program has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.BR smbd (8), -.BR smb.conf (8) -.SH DIAGNOSTICS -If -.B smbrun -cannot be located or cannot be executed by -.B smbd -then appropriate messages will be found in the -.B smbd -logs. Other diagnostics are -dependent on the shell-command being run. It is advisable for your shell -commands to issue suitable diagnostics to aid trouble-shooting. -.SH BUGS -None known. -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@samba.anu.edu.au). Andrew is also the Keeper -of the Source for this project. - -This man page was written by Karl Auer. Bug reports to samba-bugs@samba.anu.edu.au. - -See -.BR smb.conf (5) -for a full list of contributors and details of how to -submit bug reports, comments etc. +.PP +.SH "SYNOPSIS" +.PP +\fBsmbrun\fP shell-command +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite\&. +.PP +\fBsmbrun\fP is a very small \'glue\' program, which runs shell commands +for the \fBsmbd\fP daemon \fBsmbd +(8)\fP\&. +.PP +It first changes to the highest effective user and group ID that it +can, then runs the command line provided using the system() call\&. This +program is necessary to allow some operating systems to run external +programs as non-root\&. +.PP +.SH "OPTIONS" +.PP +.IP +.IP "\fBshell-command\fP" +The shell command to execute\&. The command +should have a fully-qualified path\&. +.IP +.PP +.SH "ENVIRONMENT VARIABLES" +.PP +The \fIPATH\fP variable set for the environment in which \fBsmbrun\fP is +executed will affect what executables are located and executed if a +fully-qualified path is not given in the command\&. +.PP +.SH "DIAGNOSTICS" +.PP +If \fBsmbrun\fP cannot be located or cannot be executed by +\fBsmbd\fP then appropriate messages will be found in +the \fBsmbd\fP logs\&. Other diagnostics are dependent +on the shell-command being run\&. It is advisable for your shell +commands to issue suitable diagnostics to aid trouble-shooting\&. +.PP +.SH "VERSION" +.PP +This man page is correct for version 2\&.0 of the Samba suite\&. +.PP +.SH "SEE ALSO" +.PP +\fBsmb\&.conf (5)\fP, \fBsmbd (8)\fP +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +See \fBsamba (7)\fP to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc\&. diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1 index acb3340d27..0a43b09a8a 100644 --- a/docs/manpages/smbstatus.1 +++ b/docs/manpages/smbstatus.1 @@ -1,86 +1,69 @@ -.TH SMBSTATUS 1 "09 Oct 1998" "smbstatus 2.0.0-alpha11" -.SH NAME +.TH "smbstatus" "1" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" smbstatus \- report on current Samba connections -.SH SYNOPSIS -.B smbstatus -[ -.B \-b -] [ -.B \-d -] [ -.B \-L -] [ -.B \-p -] [ -.B \-S -] [ -.B \-s -.I configuration file -] [ -.b \-u -.i username -] -.SH DESCRIPTION -This program is part of the Samba suite. - -.B smbstatus -is a very simple program to list the current Samba connections. - -Just run the program and the output is self explanatory. -.SH OPTIONS -.B \-b -gives brief output. - -.B \-d -gives verbose output. - -.B \-L -causes smbstatus to only list locks. - -.B \-p -print a list of -.B smbd -processes and exit. Useful for scripting. - -.B \-S -causes smbstatus to only list shares. - -.B \-s -.I configuration file -.RS 3 -The default configuration file name is determined at compile time. -The file specified contains the configuration details required by the server. -See -.BR smb.conf (5) -for more information. - -.B \-u -.I username -selects information relevant to .B username only. - -.RE -.SH ENVIRONMENT VARIABLES -Not applicable. -.SH INSTALLATION -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the -.B smbstatus -program be installed under the /usr/local/samba hierarchy, in a directory readable -by all, writeable only by root. The program itself should be executable by all. -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the program has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.BR smb.conf (5), -.BR smbd (8) - -See -.BR smb.conf (5) -for a full list of contributors and details on how to -submit bug reports, comments etc. +.PP +.SH "SYNOPSIS" +.PP +\fBsmbstatus\fP [-b] [-d] [-L] [-p] [-S] [-s configuration file] [-u username] +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite\&. +.PP +\fBsmbstatus\fP is a very simple program to list the current Samba +connections\&. +.PP +.SH "OPTIONS" +.PP +.IP +.IP "\fB-b\fP" +gives brief output\&. +.IP +.IP "\fB-d\fP" +gives verbose output\&. +.IP +.IP "\fB-L\fP" +causes smbstatus to only list locks\&. +.IP +.IP "\fB-p\fP" +print a list of \fBsmbd\fP +processes and exit\&. Useful for scripting\&. +.IP +.IP "\fB-S\fP" +causes smbstatus to only list shares\&. +.IP +.IP "\fB-s configuration file\fP" +The default configuration file name is +determined at compile time\&. The file specified contains the +configuration details required by the server\&. See \fBsmb\&.conf +(5)\fP for more information\&. +.IP +.IP "\fB-u username\fP" +selects information relevant to \fIusername\fP +only\&. +.IP +.PP +.SH "VERSION" +.PP +This man page is correct for version 2\&.0 of the Samba suite\&. +.PP +.SH "SEE ALSO" +.PP +\fBsmb\&.conf (5)\fP, \fBsmbd (8)\fP +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +See \fBsamba (7)\fP to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc\&. diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1 index fc80eed9a6..4ef244dac4 100644 --- a/docs/manpages/smbtar.1 +++ b/docs/manpages/smbtar.1 @@ -1,179 +1,123 @@ -.TH SMBTAR 1 "09 Oct 1998" "smbtar 2.0.0-alpha11" -.SH NAME -smbtar \- shell script for backing up SMB shares directly to UNIX tape drive -.SH SYNOPSIS -.B smbtar -.B \-s -.I server -[ -.B \-p -.I password -] [ -.B \-x -.I service -] [ -.B \-X -] [ -.B \-d -.I directory -] [ -.B \-u -.I user -] [ -.B \-t -.I tape -] [ -.B \-b -.I blocksize -] [ -.B \-N -.I filename -] [ -.B \-i -] [ -.B \-r -] [ -.B \-l -.I log level -] [ -.B \-v -] -.I filenames... -.SH DESCRIPTION -This program is an extension to the Samba suite. - -.B smbtar -is a very small shell script on top of -.BR smbclient , -which dumps SMB shares directly to tape. -.SH OPTIONS -.B \-s -.I server -.RS 3 -The PC that the share resides upon. -.RE - -.B \-x -.I service -.RS 3 -The share name on the PC to connect to. Default: -.I backup. -.RE - -.B \-X -.RS 3 -Exclude mode. Exclude -.I filenames... -from tar create or restore. -.RE - -.B \-d -.I directory -.RS 3 -Change to initial -.I directory -before restoring / backing up files. -.RE - -.B \-v -.RS 3 -Verbose mode. -.RE - -.B \-p -.I password - -.RS 3 -The password to use to access a share. Default: none -.RE - -.B \-u -.I user -.RS 3 -The user id to connect as. Default: UNIX login name. -.RE - -.B \-t -.I tape -.RS 3 -Tape device. May be regular file or tape device. Default: Tape environmental -variable; if not set, a file called -.IR tar.out . -.RE - -.B \-b -.I blocksize -.RS 3 -Blocking factor. Defaults to 20. See -.BR tar (1) -for a fuller explanation. -.RE - -.B \-N -.I filename -.RS 3 -Backup only files newer than filename. Could be used (for example) on a log -file to implement incremental backups. -.RE - -.B \-i -.RS 3 -Incremental mode; tar files are only backed up if they have the -archive bit set. The archive bit is reset after each file is read. -.RE - -.B \-r -.RS 3 -Restore. Files are restored to the share from the tar file. -.RE - -.B \-l -.I log level -.RS 3 -Log (debug) level. Corresponds to -.B \-d -flag of -.BR smbclient (1). -.RE -.SH ENVIRONMENT VARIABLES -The TAPE variable specifies the default tape device to write to. May -be overridden with the -.B \-t -option. -.SH BUGS -The -.B smbtar -script has different options from ordinary tar and tar -called from -.BR smbclient . -.SH CAVEATS -Sites that are more careful about security may not like the way -the script handles PC passwords. Backup and restore work on entire shares, -should work on file lists. smbtar works best with GNU tar and may -not work well with other versions. -.SH VERSION -This man page is correct for version 1.9.15p8 of the Samba suite. -.SH SEE ALSO -.BR smbclient (8), -.BR smb.conf (8) -.SH DIAGNOSTICS -See diagnostics for -.B smbclient -command. -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@samba.anu.edu.au). Andrew is also the Keeper -of the Source for this project. - -Ricky Poulten (poultenr@logica.co.uk) wrote the tar extension and this -man page. The -.B smbtar -script was heavily rewritten and improved by -Martin Kraemer . Many thanks to everyone -who suggested extensions, improvements, bug fixes, etc. - -See -.BR smb.conf (5) -for a full list of contributors and details of how to submit bug reports, -comments etc. - +.TH "smbtar" "1" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives +.PP +.SH "SYNOPSIS" +.PP +\fBsmbtar\fP -s server [-p password] [-x service] [-X] [-d directory] [-u user] [-t tape] [-b blocksize] [-N filename] [-i] [-r] [-l log level] [-v] filenames +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite\&. +.PP +\fBsmbtar\fP is a very small shell script on top of +\fBsmbclient\fP which dumps SMB shares directly +to tape\&. +.PP +.SH "OPTIONS" +.PP +.IP +.IP "\fB-s server\fP" +The SMB/CIFS server that the share resides upon\&. +.IP +.IP "\fB-x service\fP" +The share name on the server to connect +to\&. The default is \f(CWbackup\fP\&. +.IP +.IP "\fB-X\fP" +Exclude mode\&. Exclude filenames\&.\&.\&. from tar create or +restore\&. +.IP +.IP "\fB-d directory\fP" +Change to initial \fIdirectory\fP before restoring +/ backing up files\&. +.IP +.IP "\fB-v\fP" +Verbose mode\&. +.IP +.IP "\fB-p password\fP" +The password to use to access a share\&. Default: +none +.IP +.IP "\fB-u user\fP" +The user id to connect as\&. Default: UNIX login name\&. +.IP +.IP "\fB-t tape\fP" +Tape device\&. May be regular file or tape +device\&. Default: \fITAPE\fP environmental variable; if not set, a file +called \f(CWtar\&.out\fP\&. +.IP +.IP "\fB-b blocksize\fP" +Blocking factor\&. Defaults to 20\&. See \fBtar (1)\fP +for a fuller explanation\&. +.IP +.IP "\fB-N filename\fP" +Backup only files newer than filename\&. Could be +used (for example) on a log file to implement incremental backups\&. +.IP +.IP "\fB-i\fP" +Incremental mode; tar files are only backed up if they +have the archive bit set\&. The archive bit is reset after each file is +read\&. +.IP +.IP "\fB-r\fP" +Restore\&. Files are restored to the share from the tar +file\&. +.IP +.IP "\fB-l log level\fP" +Log (debug) level\&. Corresponds to the +\fB-d\fP flag of \fBsmbclient +(1)\fP\&. +.IP +.PP +.SH "ENVIRONMENT VARIABLES" +.PP +The TAPE variable specifies the default tape device to write to\&. May +be overridden with the \fB-t\fP option\&. +.PP +.SH "BUGS" +.PP +The \fBsmbtar\fP script has different options from ordinary tar and tar +called from \fBsmbclient\fP\&. +.PP +.SH "CAVEATS" +.PP +Sites that are more careful about security may not like the way the +script handles PC passwords\&. Backup and restore work on entire shares, +should work on file lists\&. \fBsmbtar\fP works best with GNU tar and may +not work well with other versions\&. +.PP +.SH "VERSION" +.PP +This man page is correct for version 2\&.0 of the Samba suite\&. +.PP +.SH "SEE ALSO" +.PP +\fBsmbclient (1)\fP, \fBsmb\&.conf +(5)\fP +.PP +.SH "DIAGNOSTICS" +.PP +See the \fBDIAGNOSTICS\fP section for +the \fBsmbclient\fP command\&. +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +Ricky Poulten \fIpoultenr@logica\&.co\&.uk\fP wrote the tar extension and +this man page\&. The \fBsmbtar\fP script was heavily rewritten and +improved by Martin Kraemer \fIMartin\&.Kraemer@mch\&.sni\&.de\fP\&. Many +thanks to everyone who suggested extensions, improvements, bug fixes, +etc\&. The man page sources were converted to YODL format (another +excellent piece of Open Source software) and updated for the Samba2\&.0 +release by Jeremy Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +See \fBsamba (7)\fP to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc\&. +.PP diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1 index 8681d0328d..30d4449d94 100644 --- a/docs/manpages/testparm.1 +++ b/docs/manpages/testparm.1 @@ -1,109 +1,85 @@ -.TH TESTPARM 1 "09 Oct 1998" "testparm 2.0.0-alpha11" -.SH NAME -testparm \- check an smbd configuration file for internal correctness -.SH SYNOPSIS -.B testparm -[ -.I configfilename -[ -.I hostname -.I hostIP -] -] -.SH DESCRIPTION -This program is part of the Samba suite. - -.B testparm -is a very simple test program to check an -.B smbd -configuration -file for internal correctness. If this program reports no problems, you can use -the configuration file with confidence that -.B smbd -will successfully -load the configuration file. - -Note that this is NOT a guarantee that the services specified in the -configuration file will be available or will operate as expected. - +.TH "testparm" "1" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +testparm \- check an smb\&.conf configuration file for internal correctness +.PP +.SH "SYNOPSIS" +.PP +\fBtestparm\fP [configfilename [hostname hostIP] ] +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite\&. +.PP +\fBtestparm\fP is a very simple test program to check an +\fBsmbd\fP configuration file for internal +correctness\&. If this program reports no problems, you can use the +configuration file with confidence that \fBsmbd\fP +will successfully load the configuration file\&. +.PP +Note that this is \fINOT\fP a guarantee that the services specified in the +configuration file will be available or will operate as expected\&. +.PP If the optional host name and host IP address are specified on the command line, this test program will run through the service entries -reporting whether the specified host has access to each service. -.SH OPTIONS -.I configfilename - -.RS 3 -This is the name of the configuration file to check. -.RE - -.I hostname - -.RS 3 -This is the name of the host to check access on. - -If this parameter is supplied, the -.I hostIP -parameter must also be supplied, or strange things may happen. -.RE - -.I hostIP - -.RS 3 -This is the IP number of the host specified in the previous parameter. - -This number must be supplied if the -.I hostname -parameter is supplied, or strange things may happen. -.RE -.SH FILES -.B smb.conf -.RS 3 -This is usually the name of the configuration file used by -.BR smbd . -.RE -.SH ENVIRONMENT VARIABLES -Not applicable. -.SH INSTALLATION -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the -.B testparm -program be installed under the /usr/local/samba hierarchy, in a directory readable -by all, writeable only by root. The program itself should be executable by all. -The program should NOT be setuid or setgid! -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the program has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.BR smb.conf (5), -.BR smbd (8) -.SH DIAGNOSTICS -The program will issue a message saying whether the configuration file loaded -OK or not. This message may be preceded by errors and warnings if the file -did not load. If the file was loaded OK, the program then dumps all known -service details to stdout. - -If a host name is specified but no host IP number, all bets are off. - -Other messages are self-explanatory. -.SH BUGS -None known. -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@samba.anu.edu.au). Andrew is also the Keeper -of the Source for this project. - -The -.B testparm -program and this man page were written by Karl Auer. Bug reports to -samba-bugs@samba.anu.edu.au. - -See -.BR samba (7) -for a full list of contributors and details on how to -submit bug reports, comments etc. +reporting whether the specified host has access to each service\&. +.PP +.SH "OPTIONS" +.PP +.IP +.IP "\fBconfigfilename\fP" +This is the name of the configuration file to +check\&. If this parameter is not present then the default +\fBsmb\&.conf\fP file will be checked\&. +.IP +.IP "\fBhostname\fP" +If this parameter and the following are specified, +then testparm will examine the \fB"hosts +allow"\fP and \fB"hosts +deny"\fP parameters in the +\fBsmb\&.conf\fP file to determine if the hostname +with this IP address would be allowed acces to the +\fBsmbd\fP server\&. If this parameter is supplied, the +hostIP parameter must also be supplied\&. +.IP +.IP "\fBhostIP\fP" +This is the IP address of the host specified in the +previous parameter\&. This address must be supplied if the hostname +parameter is supplied\&. +.IP +.PP +.SH "FILES" +.PP +\fBsmb\&.conf\fP\&. This is usually the name of the +configuration file used by \fBsmbd\fP\&. +.PP +.SH "DIAGNOSTICS" +.PP +The program will issue a message saying whether the configuration file +loaded OK or not\&. This message may be preceded by errors and warnings +if the file did not load\&. If the file was loaded OK, the program then +dumps all known service details to stdout\&. +.PP +.SH "VERSION" +.PP +This man page is correct for version 2\&.0 of the Samba suite\&. +.PP +.SH "SEE ALSO" +.PP +\fBsmb\&.conf (5)\fP, \fBsmbd (8)\fP +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +See \fBsamba (7)\fP to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc\&. diff --git a/docs/manpages/testprns.1 b/docs/manpages/testprns.1 index 7cabadd81e..0bea5a42f4 100644 --- a/docs/manpages/testprns.1 +++ b/docs/manpages/testprns.1 @@ -1,112 +1,85 @@ -.TH TESTPRNS 1 "09 Oct 1998" "testprns 2.0.0-alpha11" -.SH NAME -testprns \- check printer name for validity with smbd -.SH SYNOPSIS -.B testprns -.I printername -[ -.I printcapname -] -.SH DESCRIPTION -This program is part of the Samba suite. - -.B testprns -is a very simple test program to determine whether a given -printer name is valid for use in a service to be provided by -.B smbd. - -"Valid" in this context means "can be found in the printcap specified". This -program is very stupid - so stupid in fact that it would be wisest to always -specify the printcap file to use. -.SH OPTIONS -.I printername - -.RS 3 -The printer name to validate. - -Printer names are taken from the first field in each record in the printcap -file, single printer names and sets of aliases separated by vertical bars -("|") are recognised. Note that no validation or checking of the printcap -syntax is done beyond that required to extract the printer name. It may -be that the print spooling system is more forgiving or less forgiving -than -.BR testprns . -However, if -.B testprns -finds the printer then -.B smbd -should do so as well. -.RE - -.I printcapname - -.RS 3 -This is the name of the printcap file to search for the given printer name -in. - -If no printcap name is specified, -.B testprns -will attempt to scan the printcap file specified at compile time -(PRINTCAP_NAME). -.RE -.SH FILES -.B /etc/printcap -.RS 3 -This is usually the default printcap file to scan. See -.BR printcap (5)). -.RE -.SH ENVIRONMENT VARIABLES -Not applicable. -.SH INSTALLATION -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the -.B testprns -program be installed under the /usr/local/samba hierarchy, in a directory readable -by all, writeable only by root. The program should be executable by all. -The program should NOT be setuid or setgid! -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the program has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.BR printcap (5), -.BR smbd (8), -.BR smbclient (1) -.SH DIAGNOSTICS -If a printer is found to be valid, the message "Printer name is -valid" will be displayed. - -If a printer is found to be invalid, the message "Printer name -is not valid" will be displayed. - -All messages that would normally be logged during operation of -.B smbd -are -logged by this program to the file -.I test.log -in the current directory. The program runs at debuglevel 3, so quite extensive -logging information is written. The log should be checked carefully for errors -and warnings. - -Other messages are self-explanatory. -.SH BUGS -None known. -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@samba.anu.edu.au). Andrew is also the Keeper -of the Source for this project. - -The -.B testprns -program and this man page were written by Karl Auer. Bug reports to -samba-bugs@samba.anu.edu.au. - -See -.BR samba (7) -for a full list of contributors and details of how to -submit bug reports, comments etc. +.TH "testparm" "1" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +testparm \- check printer name for validity with smbd +.PP +.SH "SYNOPSIS" +.PP +\fBtestprns\fP printername [printcapname] +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite\&. +.PP +\fBtestprns\fP is a very simple test program to determine whether a +given printer name is valid for use in a service to be provided by +\fBsmbd\fP\&. +.PP +"Valid" in this context means "can be found in the printcap +specified"\&. This program is very stupid - so stupid in fact that it +would be wisest to always specify the printcap file to use\&. +.PP +.SH "OPTIONS" +.PP +.IP +.IP "\fBprintername\fP" +The printer name to validate\&. +.IP +Printer names are taken from the first field in each record in the +printcap file, single printer names and sets of aliases separated by +vertical bars ("|") are recognised\&. Note that no validation or +checking of the printcap syntax is done beyond that required to +extract the printer name\&. It may be that the print spooling system is +more forgiving or less forgiving than \fBtestprns\fP\&. However, if +\fBtestprns\fP finds the printer then \fBsmbd\fP should +do so as well\&. +.IP +.IP "\fBprintcapname\fP" +This is the name of the printcap file within +which to search for the given printer name\&. +.IP +If no printcap name is specified \fBtestprns\fP will attempt to scan the +printcap file name specified at compile time\&. +.IP +.PP +.SH "FILES" +.PP +\fB/etc/printcap\fP This is usually the default printcap file to +scan\&. See \fBprintcap (5)\fP\&. +.PP +.SH "DIAGNOSTICS" +.PP +If a printer is found to be valid, the message "Printer name + is valid" will be displayed\&. +.PP +If a printer is found to be invalid, the message "Printer name + is not valid" will be displayed\&. +.PP +All messages that would normally be logged during operation of the +\fBSamba\fP daemons are logged by this program to the +file \f(CWtest\&.log\fP in the current directory\&. The program runs at +debuglevel 3, so quite extensive logging information is written\&. The +log should be checked carefully for errors and warnings\&. +.PP +Other messages are self-explanatory\&. +.PP +.SH "SEE ALSO" +.PP +\fBprintcap (5)\fP, \fBsmbd (8)\fP, \fBsmbclient +(1)\fP +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +See \fBsamba (7)\fP to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc\&. -- cgit